Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/wWxrv0GSyd7L0ACHeIIbzrKTOZQ.roa
File:                     wWxrv0GSyd7L0ACHeIIbzrKTOZQ.roa (raw, json)
Hash identifier:          qr+pJKdvPqvPNNJSPv0ay0YAu3YvX7TrRAA7SWSReQ8=
Subject key identifier:   C1:6C:6B:BF:41:92:C9:DE:CB:D0:00:87:78:82:1B:CE:B2:93:39:94
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492D42A4AA934FE0F107E530CC5DAC8
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/wWxrv0GSyd7L0ACHeIIbzrKTOZQ.roa
Signing time:             Mon 01 Jan 2024 10:30:06 +0000
ROA not before:           Mon 01 Jan 2024 10:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44889
IP address blocks:        5.160.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d4:2a:4a:a9:34:fe:0f:10:7e:53:0c:c5:da:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c16c6bbf4192c9decbd0008778821bceb2933994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:26:9c:c1:2e:92:de:bb:d5:a9:72:1c:e7:9e:
                    67:0c:ea:3e:12:dc:00:58:de:b1:4d:fd:10:d9:32:
                    ab:14:db:b1:ee:93:a5:cd:57:59:eb:e1:7f:5e:91:
                    0b:11:70:27:09:a4:dd:0e:cb:07:2e:69:a7:04:43:
                    97:47:c5:57:12:16:85:b5:a5:ca:32:57:63:a5:72:
                    9f:7f:72:8f:40:21:71:aa:35:bf:8a:a7:b0:33:58:
                    65:ea:61:19:44:50:c9:07:a3:05:fe:be:64:71:14:
                    c6:8d:3c:4f:cb:4d:5e:24:90:aa:a6:32:b4:71:ba:
                    14:8f:64:48:d0:c1:fe:e8:c2:c6:0e:06:59:22:31:
                    68:9e:e6:19:ce:37:f2:51:80:a7:9c:d5:be:88:7a:
                    20:95:d4:aa:2e:52:b2:1d:20:f4:95:8a:70:fd:b2:
                    46:45:6a:c8:cf:30:80:ed:d1:ab:8c:7b:a5:88:79:
                    af:45:08:c2:16:91:f7:cb:fe:83:70:89:b7:66:4f:
                    95:86:2e:88:a2:c7:76:de:39:4b:03:3b:25:29:b7:
                    2a:3d:cd:9e:83:d7:0c:53:a2:d6:d9:7e:bd:75:42:
                    f6:22:47:ed:12:97:6d:59:35:aa:7d:45:e3:84:cc:
                    40:c5:b4:f5:db:0c:f3:58:2b:f8:ee:6c:26:41:70:
                    33:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:6C:6B:BF:41:92:C9:DE:CB:D0:00:87:78:82:1B:CE:B2:93:39:94
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/wWxrv0GSyd7L0ACHeIIbzrKTOZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c8:82:1e:1c:dd:2e:eb:8d:34:81:3f:97:9b:44:99:dc:59:
         72:37:08:d6:8b:01:42:70:71:69:96:23:3e:f9:9d:21:98:9c:
         80:0c:ee:86:2c:d8:8c:95:33:0f:3c:59:1e:69:41:44:2b:2b:
         c7:af:53:b8:03:27:f5:0f:ab:53:82:42:aa:50:d4:36:40:94:
         01:24:a6:10:2e:24:5d:a8:8a:cd:54:63:ad:b7:10:90:2b:f3:
         e0:55:77:5b:d9:23:18:ec:17:25:fa:02:34:a2:00:af:64:21:
         f1:5c:42:23:d4:7c:bd:07:4b:63:22:ab:52:7d:84:bd:26:95:
         2e:67:14:c1:28:a7:d8:fd:e7:ee:b9:e9:a4:ab:42:52:1a:0f:
         12:f1:a5:c4:dd:17:be:57:45:9a:8d:2b:fc:de:2a:24:ae:28:
         57:d0:dd:1a:df:96:2d:70:98:cb:37:80:28:18:8d:71:0d:0d:
         5d:87:2e:2c:36:ff:b6:2e:48:07:86:eb:cc:d5:6c:8b:b2:65:
         a2:97:a4:d5:42:aa:7b:32:1d:93:dd:9c:c5:e2:5a:63:cb:d8:
         04:c3:d9:6a:02:81:88:cc:51:9e:7b:7f:5a:e8:8d:7c:ff:c4:
         1c:71:06:f7:c1:33:57:0a:db:10:15:d1:83:66:7a:1f:31:e0:
         11:2b:8a:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktQqSqk0/g8QflMMxdrIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTZjNmJiZjQxOTJjOWRlY2JkMDAwODc3ODgyMWJjZWIyOTMzOTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiacwS6S3rvVqXIc555nDOo+EtwA
WN6xTf0Q2TKrFNux7pOlzVdZ6+F/XpELEXAnCaTdDssHLmmnBEOXR8VXEhaFtaXK
MldjpXKff3KPQCFxqjW/iqewM1hl6mEZRFDJB6MF/r5kcRTGjTxPy01eJJCqpjK0
cboUj2RI0MH+6MLGDgZZIjFonuYZzjfyUYCnnNW+iHogldSqLlKyHSD0lYpw/bJG
RWrIzzCA7dGrjHuliHmvRQjCFpH3y/6DcIm3Zk+Vhi6Iosd23jlLAzslKbcqPc2e
g9cMU6LW2X69dUL2IkftEpdtWTWqfUXjhMxAxbT12wzzWCv47mwmQXAzTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFsa79Bksney9AAh3iCG86ykzmUMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvd1d4cnYwR1N5ZDdMMEFDSGVJSWJ6cktUT1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaCdMA0G
CSqGSIb3DQEBCwUAA4IBAQAfyIIeHN0u6400gT+Xm0SZ3FlyNwjWiwFCcHFpliM+
+Z0hmJyADO6GLNiMlTMPPFkeaUFEKyvHr1O4Ayf1D6tTgkKqUNQ2QJQBJKYQLiRd
qIrNVGOttxCQK/PgVXdb2SMY7Bcl+gI0ogCvZCHxXEIj1Hy9B0tjIqtSfYS9JpUu
ZxTBKKfY/efuuemkq0JSGg8S8aXE3Re+V0WajSv83iokrihX0N0a35YtcJjLN4Ao
GI1xDQ1dhy4sNv+2LkgHhuvM1WyLsmWil6TVQqp7Mh2T3ZzF4lpjy9gEw9lqAoGI
zFGee39a6I18/8QccQb3wTNXCtsQFdGDZnofMeARK4qd
-----END CERTIFICATE-----