Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/murjWeK1FLRE-PVmGgc2Ed0jGeA.roa
File:                     murjWeK1FLRE-PVmGgc2Ed0jGeA.roa (raw, json)
Hash identifier:          frKeiVu46Q1B9r0Bf6mgYA/+NbO1oICJpx9XYbkKO3M=
Subject key identifier:   9A:EA:E3:59:E2:B5:14:B4:44:F8:F5:66:1A:07:36:11:DD:23:19:E0
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492D578B63DDDD2AA678FD11C178EF3
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/murjWeK1FLRE-PVmGgc2Ed0jGeA.roa
Signing time:             Mon 01 Jan 2024 10:30:06 +0000
ROA not before:           Mon 01 Jan 2024 10:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47990
IP address blocks:        5.160.196.0/23 maxlen: 23
                          5.160.240.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d5:78:b6:3d:dd:d2:aa:67:8f:d1:1c:17:8e:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aeae359e2b514b444f8f5661a073611dd2319e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f9:cd:a7:74:ba:7d:ed:32:0b:43:0a:c4:2d:
                    e8:ba:cb:9e:3c:07:40:a3:80:ab:4d:7e:f8:06:15:
                    ff:90:1d:9f:bf:09:e7:6c:bb:72:2c:e2:52:33:1f:
                    09:30:70:cb:fb:79:13:20:50:be:7c:ca:04:67:18:
                    fa:b9:e4:32:f8:ac:34:a5:78:b7:a7:b9:c6:d3:ec:
                    f8:fd:7d:fb:27:f1:2b:ef:fd:e8:e6:26:7a:61:24:
                    e4:d4:2e:b3:3f:e4:16:13:6d:f9:17:a4:30:73:ac:
                    5e:d9:8a:f4:ea:95:57:35:0a:21:28:a9:1a:e8:53:
                    12:b6:6d:eb:06:5f:27:d6:ad:e3:c8:3f:07:b7:f5:
                    73:4b:e0:fd:ea:91:fb:fd:86:d4:56:5e:4d:d3:fa:
                    b6:24:53:da:78:e8:06:6e:48:dd:c8:84:2a:a5:d1:
                    23:51:72:3a:f6:ec:ef:fe:55:4c:69:ff:1b:c4:28:
                    db:77:9d:f7:09:82:fa:85:5c:62:95:ca:ba:01:31:
                    df:31:b8:a2:2f:5f:ce:25:60:ec:dc:b2:8b:d5:25:
                    2a:9e:6b:df:7f:de:17:4b:20:17:ba:9a:66:6a:ef:
                    06:90:96:c8:0f:36:21:2c:3e:72:49:f2:c9:21:dc:
                    47:8e:fd:6b:3f:2a:0f:a6:e0:76:42:39:e4:f5:f3:
                    b3:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:EA:E3:59:E2:B5:14:B4:44:F8:F5:66:1A:07:36:11:DD:23:19:E0
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/murjWeK1FLRE-PVmGgc2Ed0jGeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.196.0/23
                  5.160.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:b9:83:66:b4:b3:e8:d3:55:fc:10:76:61:2a:5a:0a:b6:46:
         af:37:30:ea:3a:06:5f:9d:54:cf:fe:40:25:17:9e:ed:16:fc:
         f9:b9:25:41:b8:39:52:38:26:e4:de:99:75:8e:cf:47:86:d1:
         5a:69:a8:7e:83:60:0e:24:d9:f5:cd:94:44:43:8f:39:2b:d5:
         48:ba:7e:3a:8e:da:f3:8f:85:a4:05:a3:90:c8:15:c2:9b:46:
         72:69:6b:34:4b:7a:05:62:51:31:86:31:f0:f0:0c:b3:16:9c:
         f3:0a:7d:b0:44:80:42:9a:60:2b:c0:56:f4:66:68:21:b0:e3:
         3f:36:f4:3a:b9:4f:ed:b2:6a:34:2b:00:84:35:83:3d:e2:c0:
         e4:97:22:b4:54:78:77:92:86:ac:21:ca:26:a6:a7:04:d5:0c:
         78:e0:d2:3f:77:35:7b:a7:da:6d:9b:cb:74:05:af:9d:92:8f:
         6f:12:9b:ac:e7:37:33:51:a4:0d:a7:f4:56:1b:ab:06:33:e5:
         3c:46:f6:08:81:a6:9a:2c:be:3e:c9:96:fe:e2:40:96:80:f1:
         c3:a8:9b:b5:2e:b5:6c:8e:26:cb:fd:54:4d:7f:62:dc:98:b0:
         3e:f6:bc:9d:8b:91:f7:bd:e8:4e:65:de:bc:34:07:c2:c5:a2:
         03:dd:9b:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEktV4tj3d0qpnj9EcF47zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWVhZTM1OWUyYjUxNGI0NDRmOGY1NjYxYTA3MzYxMWRkMjMxOWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPnNp3S6fe0yC0MKxC3ousuePAdA
o4CrTX74BhX/kB2fvwnnbLtyLOJSMx8JMHDL+3kTIFC+fMoEZxj6ueQy+Kw0pXi3
p7nG0+z4/X37J/Er7/3o5iZ6YSTk1C6zP+QWE235F6Qwc6xe2Yr06pVXNQohKKka
6FMStm3rBl8n1q3jyD8Ht/VzS+D96pH7/YbUVl5N0/q2JFPaeOgGbkjdyIQqpdEj
UXI69uzv/lVMaf8bxCjbd533CYL6hVxilcq6ATHfMbiiL1/OJWDs3LKL1SUqnmvf
f94XSyAXuppmau8GkJbIDzYhLD5ySfLJIdxHjv1rPyoPpuB2Qjnk9fOzowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJrq41nitRS0RPj1ZhoHNhHdIxngMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvbXVyaldlSzFGTFJFLVBWbUdnYzJFZDBqR2VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBaDEAwQB
BaDwMA0GCSqGSIb3DQEBCwUAA4IBAQAzuYNmtLPo01X8EHZhKloKtkavNzDqOgZf
nVTP/kAlF57tFvz5uSVBuDlSOCbk3pl1js9HhtFaaah+g2AOJNn1zZREQ485K9VI
un46jtrzj4WkBaOQyBXCm0ZyaWs0S3oFYlExhjHw8AyzFpzzCn2wRIBCmmArwFb0
ZmghsOM/NvQ6uU/tsmo0KwCENYM94sDklyK0VHh3koasIcompqcE1Qx44NI/dzV7
p9ptm8t0Ba+dko9vEpus5zczUaQNp/RWG6sGM+U8RvYIgaaaLL4+yZb+4kCWgPHD
qJu1LrVsjibL/VRNf2LcmLA+9rydi5H3vehOZd68NAfCxaID3Ztj
-----END CERTIFICATE-----