Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/OYgV3QAWHU4GWUfzC9Bnm6QjDT0.roa
File:                     OYgV3QAWHU4GWUfzC9Bnm6QjDT0.roa (raw, json)
Hash identifier:          pL1NCt5CDg+G76DjBkegu8oQwNDR2VFD1/OjgVI0dxA=
Subject key identifier:   39:88:15:DD:00:16:1D:4E:06:59:47:F3:0B:D0:67:9B:A4:23:0D:3D
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018D3B0702C674A1F6D0A5631B896A12EA70
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/OYgV3QAWHU4GWUfzC9Bnm6QjDT0.roa
Signing time:             Wed 24 Jan 2024 10:32:11 +0000
ROA not before:           Wed 24 Jan 2024 10:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215779
IP address blocks:        5.160.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:07:02:c6:74:a1:f6:d0:a5:63:1b:89:6a:12:ea:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan 24 10:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=398815dd00161d4e065947f30bd0679ba4230d3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b8:23:6c:95:68:a3:f5:0a:01:58:06:97:4d:
                    bc:10:00:88:98:da:13:12:2b:80:c3:a5:56:23:a0:
                    9b:06:c3:07:f1:c1:97:f1:01:fa:54:13:df:06:3c:
                    81:a7:46:68:92:3a:b1:3e:72:35:0e:c7:0b:80:7a:
                    0d:00:9b:ed:dd:ae:e4:92:80:fa:3f:e0:6f:a8:88:
                    08:d7:e6:6d:1f:db:5e:41:80:84:66:9b:15:76:05:
                    39:93:ac:a1:20:81:19:b1:90:f8:06:55:62:54:03:
                    86:af:a5:a7:1f:4b:b8:c5:d2:6a:f1:64:16:39:17:
                    03:90:76:88:86:38:db:8c:83:91:77:c7:8f:c1:a0:
                    49:74:7d:e1:88:e8:83:4a:e6:33:3d:ee:b5:d7:f1:
                    b1:ad:f8:13:25:7d:21:5c:ac:50:38:89:50:78:e0:
                    18:4d:04:a0:61:32:5b:d2:12:14:93:c2:1b:a2:35:
                    15:3b:90:8a:90:07:d0:6d:1f:fe:c8:a0:e5:2c:f7:
                    39:3c:17:23:e5:2f:92:e2:91:64:6b:f6:01:79:67:
                    12:f7:28:3d:b4:3f:ee:83:f8:8b:08:26:f9:d1:4a:
                    68:9e:39:62:59:94:c1:c5:4b:68:c7:8b:3a:cd:c0:
                    ce:1b:b5:60:16:3d:c8:bc:2c:62:73:6e:ee:72:e7:
                    ee:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:88:15:DD:00:16:1D:4E:06:59:47:F3:0B:D0:67:9B:A4:23:0D:3D
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/OYgV3QAWHU4GWUfzC9Bnm6QjDT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d0:81:55:a4:e8:ef:b3:99:a2:9d:2d:aa:22:e9:bd:58:35:
         51:ae:e0:0f:bd:94:21:3a:d3:04:32:9f:a6:30:ad:70:b7:6b:
         3e:27:f9:7b:93:13:e8:55:74:3f:24:7a:59:31:50:14:dd:e4:
         ed:6e:64:45:48:b0:5b:bf:3b:91:da:f7:37:08:eb:76:92:85:
         fb:23:3f:03:d4:8a:d4:2d:29:3a:37:9d:b6:e9:78:d7:b9:11:
         b8:3d:7e:f7:20:61:cf:77:81:c3:5d:e7:72:ac:06:99:e0:4f:
         6a:50:71:d9:4b:f5:68:22:bb:ee:4b:55:3f:0e:28:cd:ac:b1:
         50:aa:39:6d:57:9d:8f:3c:b1:fd:57:34:a5:82:c9:27:1a:d1:
         10:6b:8d:f4:e3:c7:25:78:66:ad:14:7d:fa:51:f7:30:0d:5a:
         8d:af:7e:d7:c1:f1:26:2c:21:25:80:ac:65:f5:f3:41:50:82:
         aa:10:37:60:ad:76:c8:2a:fa:5f:c7:16:41:25:ee:b8:dc:5d:
         32:0d:6a:f6:08:e1:7a:40:2f:0d:99:c8:45:67:45:c8:af:8d:
         e4:f5:7c:fe:19:19:3e:05:1d:72:d9:d1:94:aa:90:0e:94:37:
         18:f3:92:1a:50:f0:9a:99:34:92:fb:c6:7d:4c:a4:97:13:c5:
         d6:05:c3:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY07BwLGdKH20KVjG4lqEupwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTI0MTAzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTg4MTVkZDAwMTYxZDRlMDY1OTQ3ZjMwYmQwNjc5YmE0MjMwZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7gjbJVoo/UKAVgGl028EACImNoT
EiuAw6VWI6CbBsMH8cGX8QH6VBPfBjyBp0ZokjqxPnI1DscLgHoNAJvt3a7kkoD6
P+BvqIgI1+ZtH9teQYCEZpsVdgU5k6yhIIEZsZD4BlViVAOGr6WnH0u4xdJq8WQW
ORcDkHaIhjjbjIORd8ePwaBJdH3hiOiDSuYzPe611/GxrfgTJX0hXKxQOIlQeOAY
TQSgYTJb0hIUk8IbojUVO5CKkAfQbR/+yKDlLPc5PBcj5S+S4pFka/YBeWcS9yg9
tD/ug/iLCCb50UponjliWZTBxUtox4s6zcDOG7VgFj3IvCxic27ucufueQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmIFd0AFh1OBllH8wvQZ5ukIw09MB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvT1lnVjNRQVdIVTRHV1VmekM5Qm5tNlFqRFQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaCcMA0G
CSqGSIb3DQEBCwUAA4IBAQAK0IFVpOjvs5minS2qIum9WDVRruAPvZQhOtMEMp+m
MK1wt2s+J/l7kxPoVXQ/JHpZMVAU3eTtbmRFSLBbvzuR2vc3COt2koX7Iz8D1IrU
LSk6N5226XjXuRG4PX73IGHPd4HDXedyrAaZ4E9qUHHZS/VoIrvuS1U/DijNrLFQ
qjltV52PPLH9VzSlgsknGtEQa43048cleGatFH36UfcwDVqNr37XwfEmLCElgKxl
9fNBUIKqEDdgrXbIKvpfxxZBJe643F0yDWr2COF6QC8NmchFZ0XIr43k9Xz+GRk+
BR1y2dGUqpAOlDcY85IaUPCamTSS+8Z9TKSXE8XWBcNo
-----END CERTIFICATE-----