Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/Mj_7ckpefRGmetTBZVLwVnaTmks.roa
File:                     Mj_7ckpefRGmetTBZVLwVnaTmks.roa (raw, json)
Hash identifier:          tXG8wVx0O9Rc6DutjD1UgD8fm/WEso1163fnMFQgmP0=
Subject key identifier:   32:3F:FB:72:4A:5E:7D:11:A6:7A:D4:C1:65:52:F0:56:76:93:9A:4B
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492D9681C5E640387CD45688547AD28
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/Mj_7ckpefRGmetTBZVLwVnaTmks.roa
Signing time:             Mon 01 Jan 2024 10:30:07 +0000
ROA not before:           Mon 01 Jan 2024 10:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50692
IP address blocks:        5.160.220.0/23 maxlen: 23
                          5.160.221.0/24 maxlen: 24
                          5.160.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d9:68:1c:5e:64:03:87:cd:45:68:85:47:ad:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=323ffb724a5e7d11a67ad4c16552f05676939a4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:26:ab:91:18:1e:37:6c:de:90:69:46:62:48:
                    74:18:d0:bd:04:bf:40:ed:64:c1:ec:6d:73:79:3d:
                    81:37:2d:41:d8:8c:09:0b:07:af:bb:df:f1:46:d8:
                    69:b4:60:b0:7a:f9:3f:b7:00:b8:32:46:b8:44:55:
                    00:db:35:bb:f1:93:2f:97:5a:e7:1a:c3:ce:3d:27:
                    59:d6:92:2a:a2:c0:d4:16:c7:cf:0a:04:21:84:a7:
                    85:3f:b2:75:9b:a7:c4:aa:ff:2c:7b:7b:c5:88:f8:
                    ce:88:5c:2d:06:77:f3:0d:bd:1f:95:d3:9c:7d:bd:
                    fe:f7:22:69:4f:67:14:2d:86:c5:9a:11:a7:74:2e:
                    31:8d:3b:78:72:46:62:b1:e2:dd:11:2f:cf:5e:c1:
                    26:67:c2:f5:2e:6b:f4:9c:30:df:90:2a:9f:25:ec:
                    e2:80:56:75:eb:50:d6:0f:e2:51:97:3b:25:1b:9f:
                    00:f7:d9:f5:a5:bb:6e:a8:96:ac:df:68:5d:2c:c2:
                    7f:d6:97:5d:6e:96:02:42:58:d8:c4:ef:04:8a:22:
                    dd:8d:24:2b:b9:be:f8:fe:f7:60:95:dd:37:4c:9a:
                    b4:bf:57:98:f6:cb:b6:0c:d2:77:95:84:36:2f:6e:
                    48:d6:99:21:e0:44:f7:d6:75:52:32:dc:56:cd:55:
                    a8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:3F:FB:72:4A:5E:7D:11:A6:7A:D4:C1:65:52:F0:56:76:93:9A:4B
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/Mj_7ckpefRGmetTBZVLwVnaTmks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:4c:dc:82:97:c8:2c:b3:f6:10:db:29:1c:00:96:b6:67:6a:
         06:7a:23:b5:38:93:f1:a8:97:2d:ab:df:5a:1f:c3:d9:9c:08:
         24:b9:42:6d:f8:70:2e:d0:f6:06:84:3b:42:f3:c6:71:6c:5d:
         9d:38:b4:f5:5d:de:e9:57:f2:7b:c2:f9:97:4a:76:d7:51:ea:
         be:13:94:34:d9:2e:39:4e:5b:8a:ca:73:e0:da:79:61:e4:c2:
         c3:bd:b7:b8:cc:9b:ab:18:0d:2d:8e:a4:07:04:bf:91:18:4e:
         b5:74:6f:2b:be:26:0a:9a:2c:fc:9e:96:4e:85:7c:29:a3:c4:
         18:e4:79:65:68:24:98:06:53:3d:c1:1a:f0:65:09:33:88:e6:
         cc:14:b5:f7:cf:29:a2:06:95:4e:cd:f4:d4:43:c9:15:ec:1c:
         26:9f:8e:0b:78:35:47:2b:84:c9:67:e6:05:34:4b:69:73:3e:
         1b:6b:c4:fc:74:92:0d:88:c8:fe:ed:65:be:5c:bb:87:bd:56:
         8a:b0:5e:8f:40:e2:10:a1:e8:36:52:d6:f1:b9:cd:7a:3c:3c:
         39:44:24:a4:e5:65:ca:ac:c6:42:2b:d3:c3:07:b7:c6:83:e6:
         c8:3d:05:64:83:a8:9b:04:4d:a2:dd:49:74:56:a9:9d:68:a0:
         fd:be:1c:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktloHF5kA4fNRWiFR60oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjNmZmI3MjRhNWU3ZDExYTY3YWQ0YzE2NTUyZjA1Njc2OTM5YTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCarkRgeN2zekGlGYkh0GNC9BL9A
7WTB7G1zeT2BNy1B2IwJCwevu9/xRthptGCwevk/twC4Mka4RFUA2zW78ZMvl1rn
GsPOPSdZ1pIqosDUFsfPCgQhhKeFP7J1m6fEqv8se3vFiPjOiFwtBnfzDb0fldOc
fb3+9yJpT2cULYbFmhGndC4xjTt4ckZiseLdES/PXsEmZ8L1Lmv0nDDfkCqfJezi
gFZ161DWD+JRlzslG58A99n1pbtuqJas32hdLMJ/1pddbpYCQljYxO8EiiLdjSQr
ub74/vdgld03TJq0v1eY9su2DNJ3lYQ2L25I1pkh4ET31nVSMtxWzVWolQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDI/+3JKXn0RpnrUwWVS8FZ2k5pLMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvTWpfN2NrcGVmUkdtZXRUQlpWTHdWbmFUbWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBaDcMA0G
CSqGSIb3DQEBCwUAA4IBAQCNTNyCl8gss/YQ2ykcAJa2Z2oGeiO1OJPxqJctq99a
H8PZnAgkuUJt+HAu0PYGhDtC88ZxbF2dOLT1Xd7pV/J7wvmXSnbXUeq+E5Q02S45
TluKynPg2nlh5MLDvbe4zJurGA0tjqQHBL+RGE61dG8rviYKmiz8npZOhXwpo8QY
5HllaCSYBlM9wRrwZQkziObMFLX3zymiBpVOzfTUQ8kV7Bwmn44LeDVHK4TJZ+YF
NEtpcz4ba8T8dJINiMj+7WW+XLuHvVaKsF6PQOIQoeg2Utbxuc16PDw5RCSk5WXK
rMZCK9PDB7fGg+bIPQVkg6ibBE2i3Ul0VqmdaKD9vhxb
-----END CERTIFICATE-----