Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/hMBG4CfNR2CsuSVF5TBTkBhovkE.roa
File:                     hMBG4CfNR2CsuSVF5TBTkBhovkE.roa (raw, json)
Hash identifier:          MSPxg58ij6zdoxc2M6oWrEPO9RH7Zp9OgrgRKhRrvyw=
Subject key identifier:   84:C0:46:E0:27:CD:47:60:AC:B9:25:45:E5:30:53:90:18:68:BE:41
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492D1508268B0DC75D7559F362B4558
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/hMBG4CfNR2CsuSVF5TBTkBhovkE.roa
Signing time:             Mon 01 Jan 2024 10:30:05 +0000
ROA not before:           Mon 01 Jan 2024 10:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31549
IP address blocks:        5.160.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 11:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d1:50:82:68:b0:dc:75:d7:55:9f:36:2b:45:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84c046e027cd4760acb92545e53053901868be41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:db:6b:d5:b4:a6:1d:6f:8c:5e:92:e3:6d:46:
                    a1:e1:ac:7b:ff:73:89:6a:1d:18:fe:46:ce:33:41:
                    bb:68:8d:cb:fd:b4:e3:be:5b:75:10:cf:55:1e:76:
                    00:26:b3:08:0e:d1:84:56:7d:52:11:30:b5:9c:ad:
                    42:30:02:8c:dd:d9:28:95:29:14:be:08:9c:2d:6e:
                    40:8e:e6:1e:e3:4e:1d:50:67:76:1d:a2:a7:b8:a4:
                    ef:0b:5a:c1:c1:b8:55:9a:68:b4:e5:55:60:4c:58:
                    fd:8d:c8:be:1e:97:26:0e:72:98:ec:40:59:d6:d5:
                    06:33:a8:5e:09:6c:ee:dd:f6:42:0b:f3:a3:5f:cd:
                    b1:df:c3:05:40:f7:9c:ef:46:14:8e:59:2f:37:7c:
                    36:e3:6a:3c:12:90:d0:69:00:17:94:a7:d5:c3:23:
                    8c:29:eb:94:33:d9:94:73:2d:c4:ea:49:d4:45:88:
                    36:3d:99:56:a2:c4:81:2e:4a:99:27:0e:8d:b8:e6:
                    db:2d:8e:8b:4d:ce:30:9f:60:9e:a3:b0:b8:6c:75:
                    ba:f6:7b:27:3a:f2:69:99:85:7b:7b:81:7b:01:5c:
                    f0:09:62:fe:f1:e0:82:69:f7:23:57:13:19:b5:d6:
                    88:b4:ce:e4:03:bb:4b:57:7c:fa:79:56:5c:a3:a9:
                    6a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C0:46:E0:27:CD:47:60:AC:B9:25:45:E5:30:53:90:18:68:BE:41
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/hMBG4CfNR2CsuSVF5TBTkBhovkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:03:4f:bd:e9:b3:a2:05:b0:1a:66:58:ac:7c:d9:6d:ea:bc:
         95:07:74:81:7e:5a:a9:cf:5b:91:d6:89:38:7a:90:76:2a:15:
         7d:93:a3:0d:aa:68:5e:40:61:65:b4:aa:5b:f9:a7:85:33:71:
         79:2f:7b:66:e4:80:42:99:05:3f:67:25:a7:d9:81:68:99:68:
         b7:5a:c4:7e:de:4b:c3:96:8d:2f:0a:69:d8:20:ad:d9:1c:2f:
         36:a7:f2:8a:c3:98:59:a4:6b:cd:94:75:66:8d:b9:0b:8e:3f:
         46:4d:a9:c2:3c:bb:19:05:ec:dc:89:a5:c3:4b:a2:f4:5e:50:
         ff:2e:63:21:f4:8a:cc:f4:01:69:c7:ef:ed:67:34:c3:79:0f:
         14:2f:5f:56:d6:53:49:db:ca:5c:68:d3:80:af:1d:38:27:4d:
         d2:8c:ef:ae:e6:d4:e8:c0:70:85:7c:73:d6:e9:a8:3e:93:fb:
         70:32:50:9c:ea:fe:69:38:87:ae:a6:e4:77:7c:9c:79:9f:e5:
         2d:ac:4a:bb:dc:f9:af:9f:8d:e2:00:ae:3b:11:48:ab:5b:90:
         c7:13:d5:42:f7:b1:0c:44:4c:ae:43:8b:97:1c:0e:db:38:e9:
         57:c9:ab:1b:97:00:06:9e:6c:3e:04:24:c2:ae:b6:e7:a0:3d:
         bc:b8:ed:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktFQgmiw3HXXVZ82K0VYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGMwNDZlMDI3Y2Q0NzYwYWNiOTI1NDVlNTMwNTM5MDE4NjhiZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAottr1bSmHW+MXpLjbUah4ax7/3OJ
ah0Y/kbOM0G7aI3L/bTjvlt1EM9VHnYAJrMIDtGEVn1SETC1nK1CMAKM3dkolSkU
vgicLW5AjuYe404dUGd2HaKnuKTvC1rBwbhVmmi05VVgTFj9jci+HpcmDnKY7EBZ
1tUGM6heCWzu3fZCC/OjX82x38MFQPec70YUjlkvN3w242o8EpDQaQAXlKfVwyOM
KeuUM9mUcy3E6knURYg2PZlWosSBLkqZJw6NuObbLY6LTc4wn2Ceo7C4bHW69nsn
OvJpmYV7e4F7AVzwCWL+8eCCafcjVxMZtdaItM7kA7tLV3z6eVZco6lqzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITARuAnzUdgrLklReUwU5AYaL5BMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvaE1CRzRDZk5SMkNzdVNWRjVUQlRrQmhvdmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaDeMA0G
CSqGSIb3DQEBCwUAA4IBAQBkA0+96bOiBbAaZlisfNlt6ryVB3SBflqpz1uR1ok4
epB2KhV9k6MNqmheQGFltKpb+aeFM3F5L3tm5IBCmQU/ZyWn2YFomWi3WsR+3kvD
lo0vCmnYIK3ZHC82p/KKw5hZpGvNlHVmjbkLjj9GTanCPLsZBezciaXDS6L0XlD/
LmMh9IrM9AFpx+/tZzTDeQ8UL19W1lNJ28pcaNOArx04J03SjO+u5tTowHCFfHPW
6ag+k/twMlCc6v5pOIeupuR3fJx5n+UtrEq73Pmvn43iAK47EUirW5DHE9VC97EM
REyuQ4uXHA7bOOlXyasblwAGnmw+BCTCrrbnoD28uO01
-----END CERTIFICATE-----