Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/eIZVqxI6-hHdUf_qj1D76rrxVpE.roa
File:                     eIZVqxI6-hHdUf_qj1D76rrxVpE.roa (raw, json)
Hash identifier:          NsbKSDhLzow3zdEPZu6tUqkOBL6+VnD4rWhy3AC3Yk8=
Subject key identifier:   78:86:55:AB:12:3A:FA:11:DD:51:FF:EA:8F:50:FB:EA:BA:F1:56:91
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E0062A86A7982DCBE106F3E8E0BC
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/eIZVqxI6-hHdUf_qj1D76rrxVpE.roa
Signing time:             Mon 01 Jan 2024 10:30:09 +0000
ROA not before:           Mon 01 Jan 2024 10:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60811
IP address blocks:        5.160.192.0/24 maxlen: 24
                          5.160.192.0/23 maxlen: 23
                          5.160.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e0:06:2a:86:a7:98:2d:cb:e1:06:f3:e8:e0:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=788655ab123afa11dd51ffea8f50fbeabaf15691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cd:ef:a0:9b:63:bf:c1:77:fb:26:ba:34:97:
                    9b:c0:fa:6f:af:2e:7e:86:52:ea:6e:78:b2:a5:01:
                    a1:80:2c:23:da:62:a0:54:df:d6:6a:0f:ab:48:21:
                    1d:08:55:f6:8c:26:7e:90:59:08:c1:e9:e6:5b:56:
                    e4:21:13:39:b0:21:0d:b8:cd:5c:2f:34:c0:9c:35:
                    b0:c0:cc:bd:8f:1c:21:a1:42:79:ae:37:89:af:49:
                    15:4b:48:aa:d9:47:aa:1d:bd:4a:88:70:25:93:c9:
                    2e:d7:55:87:1d:02:f0:28:58:10:fe:a6:7b:36:a4:
                    9f:6f:5e:97:96:17:f7:2f:04:82:82:74:c9:65:6a:
                    61:40:f4:88:bb:7d:32:ce:70:72:df:b5:d4:53:5d:
                    1c:cd:10:db:c5:c9:b6:6e:25:b6:21:2d:09:3c:70:
                    0f:69:16:61:91:d4:b3:4b:76:88:bc:b4:7a:c8:9a:
                    36:49:99:95:02:25:f8:24:51:96:71:c3:2d:63:56:
                    03:07:f4:e6:a5:92:f4:27:76:b8:61:dc:ab:3a:bc:
                    20:38:47:65:e6:b1:1b:70:f9:06:d9:48:6b:35:10:
                    9b:b4:b9:3b:99:f0:98:f3:26:e0:30:cd:d0:26:fb:
                    48:a2:0f:da:88:0e:da:1d:34:28:e5:8c:64:2a:e0:
                    6e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:86:55:AB:12:3A:FA:11:DD:51:FF:EA:8F:50:FB:EA:BA:F1:56:91
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/eIZVqxI6-hHdUf_qj1D76rrxVpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:ef:4a:32:55:b8:6a:e7:9b:b8:86:19:74:23:80:2a:81:ba:
         ca:a3:6d:9e:cc:f8:e8:4b:e6:0a:f2:d0:eb:e4:74:35:9c:22:
         da:4d:c8:75:1a:e2:12:f6:80:38:77:7d:50:0c:ca:cd:2f:9a:
         b6:b3:c8:96:0b:bd:7f:76:dc:ad:7b:e6:08:72:c1:49:d7:9f:
         8a:2e:43:03:5c:37:89:a9:2d:25:1c:d4:c0:ee:89:0e:bb:4f:
         2c:b6:78:ad:38:1c:c5:26:ee:50:d7:4a:b2:94:c1:ec:d4:76:
         00:88:39:6d:dd:6b:65:71:1b:03:8d:0b:da:cf:b8:d9:26:18:
         12:c9:b6:b4:c3:dd:97:09:28:9a:46:2e:64:0b:bc:f5:63:5b:
         1c:04:70:f2:2f:a7:72:d6:db:2b:59:c4:2a:35:c8:07:0f:03:
         52:aa:b5:b7:51:8a:e2:6f:3c:0f:40:13:1c:e6:4b:5f:5d:a6:
         d0:56:02:47:4c:f7:72:9c:43:b3:61:33:e6:c8:aa:cc:b4:49:
         44:f5:7e:0b:d0:eb:60:83:b0:69:4a:7c:85:da:a5:a0:c6:12:
         15:5b:58:b0:0a:91:79:6e:1b:8c:cc:7e:21:12:5e:2c:14:d6:
         66:76:00:7b:c0:37:b9:4e:80:72:4a:a4:6b:c9:28:f7:4c:32:
         c4:bb:c2:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuAGKoanmC3L4Qbz6OC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODg2NTVhYjEyM2FmYTExZGQ1MWZmZWE4ZjUwZmJlYWJhZjE1NjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms3voJtjv8F3+ya6NJebwPpvry5+
hlLqbniypQGhgCwj2mKgVN/Wag+rSCEdCFX2jCZ+kFkIwenmW1bkIRM5sCENuM1c
LzTAnDWwwMy9jxwhoUJ5rjeJr0kVS0iq2UeqHb1KiHAlk8ku11WHHQLwKFgQ/qZ7
NqSfb16Xlhf3LwSCgnTJZWphQPSIu30yznBy37XUU10czRDbxcm2biW2IS0JPHAP
aRZhkdSzS3aIvLR6yJo2SZmVAiX4JFGWccMtY1YDB/TmpZL0J3a4YdyrOrwgOEdl
5rEbcPkG2UhrNRCbtLk7mfCY8ybgMM3QJvtIog/aiA7aHTQo5YxkKuBuPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiGVasSOvoR3VH/6o9Q++q68VaRMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvZUlaVnF4STYtaEhkVWZfcWoxRDc2cnJ4VnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBaDAMA0G
CSqGSIb3DQEBCwUAA4IBAQB970oyVbhq55u4hhl0I4AqgbrKo22ezPjoS+YK8tDr
5HQ1nCLaTch1GuIS9oA4d31QDMrNL5q2s8iWC71/dtyte+YIcsFJ15+KLkMDXDeJ
qS0lHNTA7okOu08stnitOBzFJu5Q10qylMHs1HYAiDlt3WtlcRsDjQvaz7jZJhgS
yba0w92XCSiaRi5kC7z1Y1scBHDyL6dy1tsrWcQqNcgHDwNSqrW3UYribzwPQBMc
5ktfXabQVgJHTPdynEOzYTPmyKrMtElE9X4L0Otgg7BpSnyF2qWgxhIVW1iwCpF5
bhuMzH4hEl4sFNZmdgB7wDe5ToBySqRrySj3TDLEu8Lw
-----END CERTIFICATE-----