Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/S-_IlT7qoXenilSVvo09zTuXCpY.roa
File:                     S-_IlT7qoXenilSVvo09zTuXCpY.roa (raw, json)
Hash identifier:          rCHuTNHDapPoNwFrt5U5716fICKsMl3YCodibUuqMGQ=
Subject key identifier:   4B:EF:C8:95:3E:EA:A1:77:A7:8A:54:95:BE:8D:3D:CD:3B:97:0A:96
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E29526B59CB72536539415A4A70C
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/S-_IlT7qoXenilSVvo09zTuXCpY.roa
Signing time:             Mon 01 Jan 2024 10:30:09 +0000
ROA not before:           Mon 01 Jan 2024 10:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62157
IP address blocks:        5.160.54.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e2:95:26:b5:9c:b7:25:36:53:94:15:a4:a7:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4befc8953eeaa177a78a5495be8d3dcd3b970a96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e8:cd:f3:fa:9a:9a:62:1f:63:df:9f:51:0a:
                    b8:a4:0c:55:39:2d:a7:18:76:b7:57:55:14:b3:ce:
                    c5:90:ea:e8:f0:53:19:2f:f5:f5:ec:89:3c:34:c5:
                    22:19:41:27:09:5b:34:8f:6a:35:3a:48:d7:a8:53:
                    04:e0:eb:a8:37:6b:6a:02:ed:43:10:2c:5f:8a:63:
                    35:00:ff:aa:5c:27:43:c7:25:9b:37:64:43:92:3e:
                    f6:ec:d5:a9:74:c9:26:bf:58:b8:08:be:96:30:22:
                    18:e2:c1:47:6a:84:af:fc:5b:ae:11:dc:fe:76:ce:
                    03:7d:04:77:0f:e3:9d:7d:60:4a:bc:96:75:8b:9f:
                    32:36:21:bf:b8:d8:c7:94:9f:c5:2f:55:38:0d:40:
                    15:e4:5f:bd:19:e7:b5:9b:fd:0f:94:ea:3e:53:a0:
                    f7:f1:17:20:d4:02:74:ad:4c:db:c6:1b:e7:15:ef:
                    0f:73:f0:e9:13:e6:13:8b:bf:88:16:11:73:ae:78:
                    9e:21:ab:67:cb:3a:e3:49:6a:de:0f:db:f7:82:c1:
                    b6:a0:70:cd:6a:bb:3e:c5:71:c7:bf:18:f6:d4:9d:
                    af:c1:7d:0d:c2:72:92:d4:be:8a:65:af:48:dc:8e:
                    05:b5:7a:27:2e:b0:98:98:80:b5:69:c3:2a:be:45:
                    51:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:EF:C8:95:3E:EA:A1:77:A7:8A:54:95:BE:8D:3D:CD:3B:97:0A:96
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/S-_IlT7qoXenilSVvo09zTuXCpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:a8:6b:25:5a:42:06:97:ee:66:21:45:e3:4c:f4:c7:55:e6:
         fa:0d:ec:3d:e8:b3:77:17:44:24:f4:31:6a:4c:7b:ad:94:54:
         dc:25:17:da:d8:f5:06:3e:ab:1c:cc:63:99:e4:0d:9f:01:c6:
         e8:a5:4b:65:67:73:b5:c9:6e:7e:b6:29:15:35:5e:25:91:76:
         a3:80:1c:06:d7:88:25:01:af:d4:3e:63:3e:9b:9c:b1:0e:be:
         1f:56:04:06:0d:b9:b9:e1:16:34:f1:8e:0a:71:02:05:9c:ab:
         59:33:00:f9:ef:5e:23:58:09:76:77:dd:44:db:22:ac:32:c2:
         9b:a0:4e:e7:af:d7:b9:6d:44:21:33:26:b1:82:b2:26:23:71:
         41:65:de:53:63:b6:12:90:83:f8:27:d3:c5:b8:48:47:a4:ff:
         03:dd:54:93:cf:80:2d:f7:83:a0:42:4f:8a:68:07:28:ec:2c:
         bc:0c:28:15:50:2c:25:f4:56:35:01:2e:df:79:40:40:b2:9e:
         46:8f:28:7a:15:76:9c:e2:8e:90:43:ed:05:75:1c:b3:69:33:
         f0:1d:f6:44:39:67:b6:33:2c:87:c5:c7:37:3d:60:2f:2c:99:
         73:fa:50:ee:2d:49:ce:f0:df:6f:ad:97:67:3b:f8:05:c7:ff:
         ee:d1:f4:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuKVJrWctyU2U5QVpKcMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmVmYzg5NTNlZWFhMTc3YTc4YTU0OTViZThkM2RjZDNiOTcwYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvejN8/qammIfY9+fUQq4pAxVOS2n
GHa3V1UUs87FkOro8FMZL/X17Ik8NMUiGUEnCVs0j2o1OkjXqFME4OuoN2tqAu1D
ECxfimM1AP+qXCdDxyWbN2RDkj727NWpdMkmv1i4CL6WMCIY4sFHaoSv/FuuEdz+
ds4DfQR3D+OdfWBKvJZ1i58yNiG/uNjHlJ/FL1U4DUAV5F+9Gee1m/0PlOo+U6D3
8Rcg1AJ0rUzbxhvnFe8Pc/DpE+YTi7+IFhFzrnieIatnyzrjSWreD9v3gsG2oHDN
ars+xXHHvxj21J2vwX0NwnKS1L6KZa9I3I4FtXonLrCYmIC1acMqvkVR5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvvyJU+6qF3p4pUlb6NPc07lwqWMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvUy1fSWxUN3FvWGVuaWxTVnZvMDl6VHVYQ3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBaA2MA0G
CSqGSIb3DQEBCwUAA4IBAQBuqGslWkIGl+5mIUXjTPTHVeb6Dew96LN3F0Qk9DFq
THutlFTcJRfa2PUGPqsczGOZ5A2fAcbopUtlZ3O1yW5+tikVNV4lkXajgBwG14gl
Aa/UPmM+m5yxDr4fVgQGDbm54RY08Y4KcQIFnKtZMwD5714jWAl2d91E2yKsMsKb
oE7nr9e5bUQhMyaxgrImI3FBZd5TY7YSkIP4J9PFuEhHpP8D3VSTz4At94OgQk+K
aAco7Cy8DCgVUCwl9FY1AS7feUBAsp5Gjyh6FXac4o6QQ+0FdRyzaTPwHfZEOWe2
MyyHxcc3PWAvLJlz+lDuLUnO8N9vrZdnO/gFx//u0fS1
-----END CERTIFICATE-----