Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/t0DZFwRoEGNUkMF5IJAbypKPfdE.roa
File:                     t0DZFwRoEGNUkMF5IJAbypKPfdE.roa (raw, json)
Hash identifier:          BnCKdSUm3xzztIzkh3IpiUW8/3fHIBvUC/ExMA7EF+o=
Subject key identifier:   B7:40:D9:17:04:68:10:63:54:90:C1:79:20:90:1B:CA:92:8F:7D:D1
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E213B2D9BD7B5C524B0B0556129C
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/t0DZFwRoEGNUkMF5IJAbypKPfdE.roa
Signing time:             Mon 01 Jan 2024 10:30:09 +0000
ROA not before:           Mon 01 Jan 2024 10:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62048
IP address blocks:        5.160.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e2:13:b2:d9:bd:7b:5c:52:4b:0b:05:56:12:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b740d917046810635490c17920901bca928f7dd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:8f:b6:89:0b:10:8b:63:c5:1d:80:b7:8e:f4:
                    ff:17:b5:a9:f2:3d:b9:c7:4a:5d:61:c2:c6:9e:ab:
                    10:4c:a9:83:69:ee:18:24:67:44:73:35:c9:3f:83:
                    75:45:72:94:a7:d2:e1:7d:d3:8a:6d:2b:25:bf:c1:
                    69:c2:12:6e:57:53:24:b7:22:08:cb:61:8b:74:10:
                    c5:d5:e2:4f:62:d5:99:eb:44:53:d9:89:f2:36:a3:
                    7a:00:9e:d8:75:79:45:41:e8:b6:00:a9:45:f4:cf:
                    2d:12:02:ab:88:3e:d6:38:d5:2a:79:bc:ed:a8:5c:
                    bd:90:f2:f9:78:0a:4c:8d:90:8a:0a:75:19:0b:c8:
                    75:e7:cc:f4:8b:73:9c:b9:7e:12:9f:ed:e3:d2:fb:
                    a9:b7:a4:af:d7:3f:33:3c:c0:74:cc:03:b2:26:30:
                    1d:19:18:fe:29:27:f7:be:c7:8d:31:9b:af:a6:57:
                    cb:76:44:c7:b7:c1:e4:44:4c:1e:4d:d8:1c:2d:7a:
                    0b:90:a5:e7:90:b3:0f:93:f1:d9:df:36:6e:44:72:
                    7f:89:76:01:28:56:48:1a:b2:a6:cd:42:31:94:c1:
                    a4:5f:78:41:be:ff:70:ff:25:27:c8:b9:1a:6a:4d:
                    e8:e3:3c:ce:84:1e:e3:8f:98:93:72:a1:4f:28:9a:
                    5f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:40:D9:17:04:68:10:63:54:90:C1:79:20:90:1B:CA:92:8F:7D:D1
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/t0DZFwRoEGNUkMF5IJAbypKPfdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:fb:5e:a1:ad:d9:4b:06:8f:fd:c1:c7:7d:a7:20:00:b5:8f:
         0e:5e:26:4d:1a:f2:dc:ce:a7:ee:0d:f8:01:16:35:bc:bb:21:
         73:c2:89:1a:bd:21:05:94:33:3f:2a:4f:f4:f6:09:54:9f:ae:
         6d:45:51:ea:cd:ac:57:b9:e5:be:07:6e:f3:dd:54:d2:e3:b4:
         4c:0a:ea:e0:cd:3c:4e:ac:f0:45:b8:65:dd:32:a7:e0:c7:ff:
         9a:54:80:c6:67:59:e6:a6:51:eb:e6:df:0f:de:70:8c:2b:86:
         92:c8:3d:d9:e6:b6:74:9b:82:20:d4:55:8f:f5:0f:5d:de:cb:
         28:72:bf:7e:e1:87:d4:54:00:dc:3c:7b:a4:af:2c:6d:09:61:
         4b:bc:89:d9:f4:aa:8b:93:a0:5c:34:ec:79:86:5f:fb:59:c7:
         50:b9:02:31:4f:ec:1a:93:2f:06:cb:4f:04:57:6f:8b:44:50:
         83:28:a4:db:e1:3a:8e:fa:a1:36:e0:f9:4b:3a:6f:97:b8:ec:
         07:76:03:02:e9:d9:95:ab:08:e2:9a:64:9b:fc:5c:26:c9:ec:
         cd:fa:4c:03:ce:94:ae:5b:05:29:eb:d0:29:18:02:8e:a0:b1:
         0a:89:cb:4c:19:b9:68:78:f0:04:c3:c5:aa:c9:4c:b6:c6:b2:
         3a:8d:f3:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuITstm9e1xSSwsFVhKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzQwZDkxNzA0NjgxMDYzNTQ5MGMxNzkyMDkwMWJjYTkyOGY3ZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhY+2iQsQi2PFHYC3jvT/F7Wp8j25
x0pdYcLGnqsQTKmDae4YJGdEczXJP4N1RXKUp9LhfdOKbSslv8FpwhJuV1MktyII
y2GLdBDF1eJPYtWZ60RT2YnyNqN6AJ7YdXlFQei2AKlF9M8tEgKriD7WONUqebzt
qFy9kPL5eApMjZCKCnUZC8h158z0i3OcuX4Sn+3j0vupt6Sv1z8zPMB0zAOyJjAd
GRj+KSf3vseNMZuvplfLdkTHt8HkREweTdgcLXoLkKXnkLMPk/HZ3zZuRHJ/iXYB
KFZIGrKmzUIxlMGkX3hBvv9w/yUnyLkaak3o4zzOhB7jj5iTcqFPKJpfKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdA2RcEaBBjVJDBeSCQG8qSj33RMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvdDBEWkZ3Um9FR05Va01GNUlKQWJ5cEtQZmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaCSMA0G
CSqGSIb3DQEBCwUAA4IBAQBo+16hrdlLBo/9wcd9pyAAtY8OXiZNGvLczqfuDfgB
FjW8uyFzwokavSEFlDM/Kk/09glUn65tRVHqzaxXueW+B27z3VTS47RMCurgzTxO
rPBFuGXdMqfgx/+aVIDGZ1nmplHr5t8P3nCMK4aSyD3Z5rZ0m4Ig1FWP9Q9d3sso
cr9+4YfUVADcPHukryxtCWFLvInZ9KqLk6BcNOx5hl/7WcdQuQIxT+waky8Gy08E
V2+LRFCDKKTb4TqO+qE24PlLOm+XuOwHdgMC6dmVqwjimmSb/FwmyezN+kwDzpSu
WwUp69ApGAKOoLEKictMGbloePAEw8WqyUy2xrI6jfNA
-----END CERTIFICATE-----