Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/e2b946-1b4a-4214-9234-ad027327f9d8/1/Q9olgamGlzjpXDNMBrtD1gWUVU4.roa
File:                     Q9olgamGlzjpXDNMBrtD1gWUVU4.roa (raw, json)
Hash identifier:          XeA6Ue0lUaFSJ8TCSBJ+7Rgu8KB7dyFLqjzcZPMccSk=
Subject key identifier:   43:DA:25:81:A9:86:97:38:E9:5C:33:4C:06:BB:43:D6:05:94:55:4E
Certificate issuer:       /CN=81a021d540ed7d82c690adc04fbd9dd6ee50e8d5
Certificate serial:       018CCA9A0922CFD38A3630ABC9C4B48A5D56
Authority key identifier: 81:A0:21:D5:40:ED:7D:82:C6:90:AD:C0:4F:BD:9D:D6:EE:50:E8:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gaAh1UDtfYLGkK3AT72d1u5Q6NU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/e2b946-1b4a-4214-9234-ad027327f9d8/1/Q9olgamGlzjpXDNMBrtD1gWUVU4.roa
Signing time:             Tue 02 Jan 2024 14:35:41 +0000
ROA not before:           Tue 02 Jan 2024 14:35:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209448
IP address blocks:        5.253.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/e2b946-1b4a-4214-9234-ad027327f9d8/1/gaAh1UDtfYLGkK3AT72d1u5Q6NU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/e2b946-1b4a-4214-9234-ad027327f9d8/1/gaAh1UDtfYLGkK3AT72d1u5Q6NU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gaAh1UDtfYLGkK3AT72d1u5Q6NU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:09:22:cf:d3:8a:36:30:ab:c9:c4:b4:8a:5d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a021d540ed7d82c690adc04fbd9dd6ee50e8d5
        Validity
            Not Before: Jan  2 14:35:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43da2581a9869738e95c334c06bb43d60594554e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:00:20:3b:04:a5:6e:0f:96:bb:72:34:50:77:
                    85:3c:da:f8:47:5f:93:41:80:4a:e3:ca:60:68:63:
                    3c:19:42:01:d1:cb:84:d0:47:21:93:81:b7:14:74:
                    8a:e9:ea:54:6d:30:69:b9:f3:2c:0f:e3:16:92:f8:
                    bf:ef:e0:33:a1:e6:3b:15:88:62:fb:7c:27:c5:c3:
                    be:d9:11:f4:db:d8:25:d4:76:dc:e4:08:0d:b9:63:
                    58:02:2f:8c:5c:04:df:0f:3d:5c:8b:ae:07:f0:af:
                    04:4c:8a:22:81:a5:f6:3f:42:bd:56:2f:fd:cd:ef:
                    70:9f:ee:31:71:c8:c0:51:b8:91:28:7d:d7:ee:ca:
                    8a:a5:e2:9f:a8:90:f3:15:4d:ec:0d:7f:ed:e8:c4:
                    51:f8:85:fe:ff:f4:d1:31:d9:ea:5f:04:dc:71:69:
                    3d:57:02:62:26:d5:a6:48:3f:ad:73:76:83:0b:5c:
                    16:1c:9b:b5:8f:fc:c0:4e:8e:af:13:fd:97:51:90:
                    f1:c9:25:f9:dd:26:44:7d:0d:81:5e:76:df:5a:32:
                    19:b2:34:00:6f:02:d5:b2:17:a3:bb:7f:10:be:0b:
                    51:97:c2:ee:fc:3d:52:c4:62:13:70:85:fe:d4:4d:
                    fd:05:71:07:1c:a5:22:dc:fa:0b:83:04:3c:f5:8c:
                    f6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DA:25:81:A9:86:97:38:E9:5C:33:4C:06:BB:43:D6:05:94:55:4E
            X509v3 Authority Key Identifier:
                keyid:81:A0:21:D5:40:ED:7D:82:C6:90:AD:C0:4F:BD:9D:D6:EE:50:E8:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaAh1UDtfYLGkK3AT72d1u5Q6NU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/e2b946-1b4a-4214-9234-ad027327f9d8/1/Q9olgamGlzjpXDNMBrtD1gWUVU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/e2b946-1b4a-4214-9234-ad027327f9d8/1/gaAh1UDtfYLGkK3AT72d1u5Q6NU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:a2:a4:53:ae:47:ac:01:e1:98:a8:5a:6e:2e:15:4d:76:fa:
         8a:b3:ac:74:2c:05:31:0b:5b:07:59:1b:c6:37:07:3c:74:5f:
         d8:76:7e:c6:0d:73:2b:47:03:fe:aa:73:3e:aa:7d:13:41:8c:
         4e:e7:55:b7:66:db:fe:72:74:98:41:2a:99:e0:84:8a:39:b7:
         c6:5b:5f:dd:60:d6:18:10:e0:70:e2:d5:82:bf:ae:dd:fd:25:
         b9:18:66:a3:00:9d:8e:b3:59:09:9b:24:0e:83:21:c0:4c:22:
         94:9a:91:44:32:3f:d2:cc:c0:45:6c:3b:f2:6c:b3:fe:f4:59:
         65:53:ee:6c:24:24:fc:4b:e9:50:fa:31:5b:d6:49:36:56:39:
         7b:95:94:8c:5c:23:9d:88:38:28:ae:cb:4b:e5:bf:9d:06:7d:
         21:95:ae:e9:40:56:b3:db:50:47:b3:1c:b2:89:75:5c:11:7f:
         1d:52:d9:0b:c3:b3:67:f0:18:07:8c:ad:92:d1:05:20:63:5e:
         15:f7:7e:b5:62:4b:72:64:af:e7:84:8d:a3:92:cb:05:5a:7f:
         75:44:7e:3c:7f:56:a7:41:f5:f9:7b:b3:c2:47:c5:db:fd:4b:
         66:a0:12:f6:8f:9e:57:f4:cf:c5:12:f4:4b:22:67:f4:52:93:
         e1:5e:34:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmgkiz9OKNjCrycS0il1WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTAyMWQ1NDBlZDdkODJjNjkwYWRjMDRmYmQ5ZGQ2ZWU1
MGU4ZDUwHhcNMjQwMTAyMTQzNTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2RhMjU4MWE5ODY5NzM4ZTk1YzMzNGMwNmJiNDNkNjA1OTQ1NTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQAgOwSlbg+Wu3I0UHeFPNr4R1+T
QYBK48pgaGM8GUIB0cuE0Echk4G3FHSK6epUbTBpufMsD+MWkvi/7+AzoeY7FYhi
+3wnxcO+2RH029gl1Hbc5AgNuWNYAi+MXATfDz1ci64H8K8ETIoigaX2P0K9Vi/9
ze9wn+4xccjAUbiRKH3X7sqKpeKfqJDzFU3sDX/t6MRR+IX+//TRMdnqXwTccWk9
VwJiJtWmSD+tc3aDC1wWHJu1j/zATo6vE/2XUZDxySX53SZEfQ2BXnbfWjIZsjQA
bwLVsheju38QvgtRl8Lu/D1SxGITcIX+1E39BXEHHKUi3PoLgwQ89Yz2MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPaJYGphpc46VwzTAa7Q9YFlFVOMB8GA1UdIwQY
MBaAFIGgIdVA7X2CxpCtwE+9ndbuUOjVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FBaDFVRHRmWUxHa0szQVQ3MmQxdTVRNk5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9lMmI5NDYtMWI0YS00MjE0LTkyMzQt
YWQwMjczMjdmOWQ4LzEvUTlvbGdhbUdsempwWEROTUJydEQxZ1dVVlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9lMmI5NDYtMWI0YS00MjE0LTkyMzQtYWQwMjczMjdmOWQ4
LzEvZ2FBaDFVRHRmWUxHa0szQVQ3MmQxdTVRNk5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf2kMA0G
CSqGSIb3DQEBCwUAA4IBAQAtoqRTrkesAeGYqFpuLhVNdvqKs6x0LAUxC1sHWRvG
Nwc8dF/Ydn7GDXMrRwP+qnM+qn0TQYxO51W3Ztv+cnSYQSqZ4ISKObfGW1/dYNYY
EOBw4tWCv67d/SW5GGajAJ2Os1kJmyQOgyHATCKUmpFEMj/SzMBFbDvybLP+9Fll
U+5sJCT8S+lQ+jFb1kk2Vjl7lZSMXCOdiDgorstL5b+dBn0hla7pQFaz21BHsxyy
iXVcEX8dUtkLw7Nn8BgHjK2S0QUgY14V9361YktyZK/nhI2jkssFWn91RH48f1an
QfX5e7PCR8Xb/UtmoBL2j55X9M/FEvRLImf0UpPhXjTy
-----END CERTIFICATE-----