Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/M-RPIzsUgczoavR92NNb8G6n4k4.roa
File:                     M-RPIzsUgczoavR92NNb8G6n4k4.roa (raw, json)
Hash identifier:          Z4DCPv3w2ZO4r2/3qS+FR0SaNHTCJ1OVF3doUjeHbbA=
Subject key identifier:   33:E4:4F:23:3B:14:81:CC:E8:6A:F4:7D:D8:D3:5B:F0:6E:A7:E2:4E
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492D23DF391786827C9EEB96E925860
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/M-RPIzsUgczoavR92NNb8G6n4k4.roa
Signing time:             Mon 01 Jan 2024 10:30:05 +0000
ROA not before:           Mon 01 Jan 2024 10:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35615
IP address blocks:        5.160.244.0/24 maxlen: 24
                          5.160.245.0/24 maxlen: 24
                          5.160.244.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 14:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d2:3d:f3:91:78:68:27:c9:ee:b9:6e:92:58:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33e44f233b1481cce86af47dd8d35bf06ea7e24e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:55:8a:5c:5c:b1:ae:d6:c6:67:f7:35:92:87:
                    17:7f:65:30:fa:91:de:25:28:a9:0e:43:c8:72:c1:
                    a4:a9:7e:d9:eb:a5:31:83:c1:eb:d1:c0:f3:b5:a4:
                    62:5d:ff:18:58:d3:cd:23:6d:a2:07:72:32:ec:e5:
                    ed:e7:b8:56:96:df:f8:75:8a:64:b9:f2:30:c2:e9:
                    43:2b:87:76:4a:b3:09:12:bc:b4:ac:63:c4:3f:01:
                    64:1d:44:00:77:31:b3:76:d8:a0:88:04:36:df:6f:
                    f7:39:2d:aa:e8:8c:ca:d7:7c:fc:10:52:38:5a:97:
                    b5:69:26:7e:59:c4:13:f0:f5:a6:94:34:12:41:d1:
                    57:4c:ee:3a:17:68:e8:fd:7d:e9:ad:27:d1:f3:63:
                    97:cb:b8:49:56:7b:f0:e0:56:15:50:fd:b2:9f:79:
                    5a:24:56:5b:e2:b1:3b:da:51:5a:7d:48:4e:de:14:
                    b2:9a:92:56:70:9c:e1:6c:ad:4a:1a:30:3a:f2:0f:
                    7b:ae:89:8e:da:ed:56:50:2a:1a:20:c8:50:68:95:
                    e9:5d:48:f5:67:c1:96:17:88:c6:c2:d9:ef:a3:36:
                    46:17:d3:85:38:db:d0:1d:08:b1:15:28:d4:af:51:
                    be:56:d0:e7:72:cf:0b:5e:6a:48:72:d8:63:0a:3d:
                    5c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E4:4F:23:3B:14:81:CC:E8:6A:F4:7D:D8:D3:5B:F0:6E:A7:E2:4E
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/M-RPIzsUgczoavR92NNb8G6n4k4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:54:7d:e9:f4:e1:11:5a:bc:68:4c:04:ee:61:3e:ed:a2:45:
         81:dd:d7:7e:ac:d2:77:1b:d7:e8:93:dc:a9:6a:54:48:21:3b:
         90:b6:50:29:f6:4e:dd:11:0c:5c:a0:26:b8:81:0a:97:cb:ec:
         db:9a:59:b5:d1:b3:8b:f7:c9:95:3e:99:7d:76:0b:d7:4a:97:
         8e:b9:ef:27:c6:81:85:16:19:16:3f:e8:35:1e:27:8f:be:e1:
         1e:25:f5:34:3a:21:f7:eb:7f:52:dd:7c:87:5e:b0:b3:57:cf:
         fe:08:eb:57:83:1e:07:18:ca:dd:02:c9:25:39:62:a3:fc:89:
         2b:bf:ab:82:3c:e5:45:de:04:d5:bc:5b:02:40:23:93:5c:a1:
         c9:2d:3c:0e:79:69:64:f6:42:90:a3:6f:47:27:8d:65:63:68:
         99:f7:ce:5c:71:b0:17:63:69:99:ec:c4:9c:d4:49:8d:65:0f:
         be:6c:ca:7a:3e:46:09:c5:42:12:2b:21:d5:81:96:19:ff:78:
         6a:7a:73:3f:4c:8d:56:65:19:85:50:b7:af:6b:b4:ca:be:d7:
         c9:ef:c6:11:b3:8b:81:36:55:90:9b:83:0f:07:87:5d:57:8c:
         a4:7b:e3:57:9c:23:7f:4e:03:b2:b2:9d:a5:e7:8b:3d:52:42:
         84:5d:a1:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktI985F4aCfJ7rluklhgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2U0NGYyMzNiMTQ4MWNjZTg2YWY0N2RkOGQzNWJmMDZlYTdlMjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlWKXFyxrtbGZ/c1kocXf2Uw+pHe
JSipDkPIcsGkqX7Z66Uxg8Hr0cDztaRiXf8YWNPNI22iB3Iy7OXt57hWlt/4dYpk
ufIwwulDK4d2SrMJEry0rGPEPwFkHUQAdzGzdtigiAQ232/3OS2q6IzK13z8EFI4
Wpe1aSZ+WcQT8PWmlDQSQdFXTO46F2jo/X3prSfR82OXy7hJVnvw4FYVUP2yn3la
JFZb4rE72lFafUhO3hSympJWcJzhbK1KGjA68g97romO2u1WUCoaIMhQaJXpXUj1
Z8GWF4jGwtnvozZGF9OFONvQHQixFSjUr1G+VtDncs8LXmpIcthjCj1cKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPkTyM7FIHM6Gr0fdjTW/Bup+JOMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvTS1SUEl6c1VnY3pvYXZSOTJOTmI4RzZuNGs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBaD0MA0G
CSqGSIb3DQEBCwUAA4IBAQCTVH3p9OERWrxoTATuYT7tokWB3dd+rNJ3G9fok9yp
alRIITuQtlAp9k7dEQxcoCa4gQqXy+zbmlm10bOL98mVPpl9dgvXSpeOue8nxoGF
FhkWP+g1HiePvuEeJfU0OiH3639S3XyHXrCzV8/+COtXgx4HGMrdAsklOWKj/Ikr
v6uCPOVF3gTVvFsCQCOTXKHJLTwOeWlk9kKQo29HJ41lY2iZ985ccbAXY2mZ7MSc
1EmNZQ++bMp6PkYJxUISKyHVgZYZ/3hqenM/TI1WZRmFULeva7TKvtfJ78YRs4uB
NlWQm4MPB4ddV4yke+NXnCN/TgOysp2l54s9UkKEXaEx
-----END CERTIFICATE-----