Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/jQMV1Xi7sey3NM0PB-OX7XREQYY.roa
File:                     jQMV1Xi7sey3NM0PB-OX7XREQYY.roa (raw, json)
Hash identifier:          Ukd5wSS1natLXH4FbcYx1DHyg6pA+AP92B5ltB1n4JQ=
Subject key identifier:   8D:03:15:D5:78:BB:B1:EC:B7:34:CD:0F:07:E3:97:ED:74:44:41:86
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E32FEE9F54DE7D791B010E3634EC
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/jQMV1Xi7sey3NM0PB-OX7XREQYY.roa
Signing time:             Mon 01 Jan 2024 10:30:09 +0000
ROA not before:           Mon 01 Jan 2024 10:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62318
IP address blocks:        5.160.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e3:2f:ee:9f:54:de:7d:79:1b:01:0e:36:34:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d0315d578bbb1ecb734cd0f07e397ed74444186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:60:14:91:3f:4e:f2:83:e0:3c:36:bd:8f:34:
                    83:f2:2a:2b:a4:f4:8a:03:97:b9:af:e0:f1:c8:b9:
                    7d:a3:73:8e:41:77:01:f4:44:fc:e2:b3:e6:b4:82:
                    db:f2:66:ff:57:a5:97:d0:ab:8b:b5:bb:85:54:4e:
                    24:2f:c6:e4:50:92:94:3f:e2:9d:67:06:f3:db:1f:
                    e6:e6:2f:2e:f9:17:57:a0:8a:89:47:aa:6b:86:7d:
                    04:0d:1d:9a:9b:ee:da:d8:b5:2a:a1:28:d5:76:a1:
                    3e:4f:d3:a3:03:cd:d8:06:40:3b:0c:fb:9f:b0:0a:
                    c3:54:8d:63:40:0e:dc:35:e9:02:4c:ba:01:01:38:
                    20:2f:e3:56:31:4f:7d:a2:d6:3e:0f:8c:93:53:62:
                    c8:3c:fa:aa:a9:d7:53:ff:59:5f:56:b0:5f:1a:0b:
                    c6:77:3e:b7:ea:05:c3:7c:ab:cf:bf:e4:15:f7:f5:
                    ac:47:2e:4b:26:b2:9c:73:e7:8d:68:5e:87:76:1f:
                    6f:76:81:a0:af:00:45:c1:8a:02:38:b0:5e:6e:83:
                    5e:20:fd:d8:09:7b:96:01:20:23:ba:7a:60:ea:38:
                    e9:5e:92:bd:06:a0:6e:60:8a:b6:30:2f:07:8c:0b:
                    66:41:27:b9:c0:20:a9:52:20:2d:1b:d7:b9:46:d4:
                    39:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:03:15:D5:78:BB:B1:EC:B7:34:CD:0F:07:E3:97:ED:74:44:41:86
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/jQMV1Xi7sey3NM0PB-OX7XREQYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:07:4d:35:90:6c:0a:99:9b:cd:dc:15:6b:a9:f0:0f:aa:44:
         cb:c1:15:04:19:cd:ef:79:3d:7d:9d:24:68:9a:cf:90:38:46:
         27:b3:e7:8d:2d:00:dc:8b:21:0d:d7:ba:f4:8d:48:0d:73:a4:
         c3:9f:86:c4:42:ed:40:db:d2:67:32:f3:60:1b:e1:82:09:6b:
         b4:7a:1f:30:8b:91:5a:a2:fc:4d:4a:7d:fb:f2:20:f7:da:04:
         f4:13:b5:a6:66:75:8d:4f:64:3c:40:2d:04:9b:43:bc:2f:b5:
         11:06:0e:ea:f2:d7:16:f2:90:f7:c3:e4:bb:75:6a:8e:ad:fa:
         aa:97:ea:83:54:0d:1f:7b:21:86:1f:50:04:85:25:e6:de:36:
         29:2c:6a:74:11:4d:66:42:35:61:a0:55:71:79:f3:26:21:d5:
         ac:74:35:4c:40:c6:26:01:91:60:ea:f5:14:79:62:87:cf:50:
         d5:7d:94:a4:22:4a:12:4c:e3:6a:84:fe:31:b8:4d:fb:21:a1:
         37:3a:d0:e3:fb:d5:4f:8f:29:ba:e8:74:92:a1:19:0e:2f:c0:
         18:3d:a2:9f:d6:67:40:f1:6a:95:b7:5b:e1:2b:3e:8b:97:d9:
         2c:53:f4:69:55:b7:76:f8:4d:cf:e5:90:ff:45:8f:cf:d3:07:
         19:10:5f:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuMv7p9U3n15GwEONjTsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDAzMTVkNTc4YmJiMWVjYjczNGNkMGYwN2UzOTdlZDc0NDQ0MTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWAUkT9O8oPgPDa9jzSD8iorpPSK
A5e5r+DxyLl9o3OOQXcB9ET84rPmtILb8mb/V6WX0KuLtbuFVE4kL8bkUJKUP+Kd
Zwbz2x/m5i8u+RdXoIqJR6prhn0EDR2am+7a2LUqoSjVdqE+T9OjA83YBkA7DPuf
sArDVI1jQA7cNekCTLoBATggL+NWMU99otY+D4yTU2LIPPqqqddT/1lfVrBfGgvG
dz636gXDfKvPv+QV9/WsRy5LJrKcc+eNaF6Hdh9vdoGgrwBFwYoCOLBeboNeIP3Y
CXuWASAjunpg6jjpXpK9BqBuYIq2MC8HjAtmQSe5wCCpUiAtG9e5RtQ5yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0DFdV4u7HstzTNDwfjl+10REGGMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvalFNVjFYaTdzZXkzTk0wUEItT1g3WFJFUVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaAeMA0G
CSqGSIb3DQEBCwUAA4IBAQBdB001kGwKmZvN3BVrqfAPqkTLwRUEGc3veT19nSRo
ms+QOEYns+eNLQDciyEN17r0jUgNc6TDn4bEQu1A29JnMvNgG+GCCWu0eh8wi5Fa
ovxNSn378iD32gT0E7WmZnWNT2Q8QC0Em0O8L7URBg7q8tcW8pD3w+S7dWqOrfqq
l+qDVA0feyGGH1AEhSXm3jYpLGp0EU1mQjVhoFVxefMmIdWsdDVMQMYmAZFg6vUU
eWKHz1DVfZSkIkoSTONqhP4xuE37IaE3OtDj+9VPjym66HSSoRkOL8AYPaKf1mdA
8WqVt1vhKz6Ll9ksU/RpVbd2+E3P5ZD/RY/P0wcZEF9J
-----END CERTIFICATE-----