Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/5xT5hqMWEan4RXjVBMzMXHA7u-o.roa
File:                     5xT5hqMWEan4RXjVBMzMXHA7u-o.roa (raw, json)
Hash identifier:          mapAk5Sdk7OG+Y0x5NF1hhUlpfWEyHq7Ut4nNiSKoA8=
Subject key identifier:   E7:14:F9:86:A3:16:11:A9:F8:45:78:D5:04:CC:CC:5C:70:3B:BB:EA
Certificate issuer:       /CN=8812e924fcacb862cf3b64f56e767bc326f27fca
Certificate serial:       018CC86F3AEF743157A3166178CFDD19F620
Authority key identifier: 88:12:E9:24:FC:AC:B8:62:CF:3B:64:F5:6E:76:7B:C3:26:F2:7F:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBLpJPysuGLPO2T1bnZ7wybyf8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/5xT5hqMWEan4RXjVBMzMXHA7u-o.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50771
IP address blocks:        178.218.16.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/iBLpJPysuGLPO2T1bnZ7wybyf8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/iBLpJPysuGLPO2T1bnZ7wybyf8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBLpJPysuGLPO2T1bnZ7wybyf8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3a:ef:74:31:57:a3:16:61:78:cf:dd:19:f6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8812e924fcacb862cf3b64f56e767bc326f27fca
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e714f986a31611a9f84578d504cccc5c703bbbea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4c:0c:fa:41:d7:37:c9:f5:02:bf:cc:6e:28:
                    8b:f5:20:84:c3:f1:db:a9:30:de:b7:86:1c:a8:e4:
                    95:6b:93:8e:7b:d6:6a:01:f4:af:4d:0b:b3:0f:f4:
                    3c:3d:b2:74:c7:7b:ea:ba:49:90:c7:d5:97:1c:df:
                    5f:2e:26:1b:28:0c:91:1a:29:d2:a6:bf:88:85:aa:
                    f3:87:d3:9f:1e:49:b7:42:80:61:ff:8e:37:6a:45:
                    7a:35:7a:d6:85:f2:b0:69:21:38:23:d0:6e:5c:4a:
                    c0:fe:ab:e0:46:54:12:4a:62:37:e2:ad:75:36:96:
                    ff:71:e9:a1:c8:04:af:b4:66:f5:c4:1f:7a:c9:01:
                    58:fe:eb:f3:a6:53:ec:a5:cf:de:08:1c:ef:fe:fc:
                    8a:91:b3:24:ca:b8:29:8d:a5:54:a8:fe:28:45:21:
                    6f:8e:c6:43:25:83:a9:9c:76:9d:4b:e8:b8:fa:d8:
                    40:3f:87:89:51:a6:6c:12:ff:e3:be:a6:a3:73:81:
                    0e:ad:a1:78:03:98:65:43:04:85:91:a9:44:11:2a:
                    25:2e:36:76:48:fd:d5:60:6f:a2:1c:3a:1f:f3:42:
                    57:03:31:9a:a1:c1:17:40:98:68:48:ae:bd:c5:9f:
                    83:db:a0:f8:1e:92:27:26:28:a3:1d:99:7b:b4:e8:
                    49:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:14:F9:86:A3:16:11:A9:F8:45:78:D5:04:CC:CC:5C:70:3B:BB:EA
            X509v3 Authority Key Identifier:
                keyid:88:12:E9:24:FC:AC:B8:62:CF:3B:64:F5:6E:76:7B:C3:26:F2:7F:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBLpJPysuGLPO2T1bnZ7wybyf8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/5xT5hqMWEan4RXjVBMzMXHA7u-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3a98e2-8ae8-4723-8959-ce2d8e3fc804/1/iBLpJPysuGLPO2T1bnZ7wybyf8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.218.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1d:87:10:4d:86:7e:01:a0:db:89:a7:e3:42:3f:8b:4e:ab:96:
         9a:15:e7:4d:1f:3f:59:9b:57:42:88:2a:36:6f:36:2e:81:c9:
         59:e2:8b:89:c9:31:f3:66:1b:6b:2f:f2:c3:26:af:84:4c:ca:
         59:57:c7:1d:e3:3b:bc:bd:54:46:18:33:83:71:75:9e:18:77:
         f9:86:2c:0c:29:56:7c:7a:4d:40:48:ce:12:ae:30:af:9e:c3:
         cf:89:2c:e4:1c:68:28:da:47:70:fa:a3:45:a4:62:5c:c9:5a:
         0a:a5:a5:89:c0:ff:d3:7c:40:91:ee:4b:a4:2d:71:af:e0:15:
         16:ea:00:41:31:d2:2f:c6:11:6c:4b:1f:6c:73:9c:57:12:46:
         84:fb:c6:6c:8b:53:30:8f:e7:88:81:30:75:f7:d2:b6:a1:34:
         e2:cd:c6:74:0d:01:d8:99:6c:f3:4a:4e:8a:9d:8c:94:b8:3a:
         c7:f9:59:71:bc:0b:99:d6:bb:15:a5:7d:1d:db:9e:b2:e8:d3:
         a0:16:4b:b0:d5:85:61:16:f5:3f:d4:8d:be:a7:30:5b:11:6f:
         43:c3:be:46:58:9c:ed:7f:2d:0c:4e:d0:f7:8f:46:f1:95:1e:
         90:30:8f:6f:fb:e4:1d:ba:07:2b:52:f9:17:bb:34:59:fb:d8:
         54:4b:75:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzrvdDFXoxZheM/dGfYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTJlOTI0ZmNhY2I4NjJjZjNiNjRmNTZlNzY3YmMzMjZm
MjdmY2EwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzE0Zjk4NmEzMTYxMWE5Zjg0NTc4ZDUwNGNjY2M1YzcwM2JiYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkwM+kHXN8n1Ar/MbiiL9SCEw/Hb
qTDet4YcqOSVa5OOe9ZqAfSvTQuzD/Q8PbJ0x3vqukmQx9WXHN9fLiYbKAyRGinS
pr+Iharzh9OfHkm3QoBh/443akV6NXrWhfKwaSE4I9BuXErA/qvgRlQSSmI34q11
Npb/cemhyASvtGb1xB96yQFY/uvzplPspc/eCBzv/vyKkbMkyrgpjaVUqP4oRSFv
jsZDJYOpnHadS+i4+thAP4eJUaZsEv/jvqajc4EOraF4A5hlQwSFkalEESolLjZ2
SP3VYG+iHDof80JXAzGaocEXQJhoSK69xZ+D26D4HpInJiijHZl7tOhJvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcU+YajFhGp+EV41QTMzFxwO7vqMB8GA1UdIwQY
MBaAFIgS6ST8rLhizztk9W52e8Mm8n/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJMcEpQeXN1R0xQTzJUMWJuWjd3eWJ5ZjhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zYTk4ZTItOGFlOC00NzIzLTg5NTkt
Y2UyZDhlM2ZjODA0LzEvNXhUNWhxTVdFYW40UlhqVkJNek1YSEE3dS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zYTk4ZTItOGFlOC00NzIzLTg5NTktY2UyZDhlM2ZjODA0
LzEvaUJMcEpQeXN1R0xQTzJUMWJuWjd3eWJ5ZjhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEstoQMA0G
CSqGSIb3DQEBCwUAA4IBAQAdhxBNhn4BoNuJp+NCP4tOq5aaFedNHz9Zm1dCiCo2
bzYugclZ4ouJyTHzZhtrL/LDJq+ETMpZV8cd4zu8vVRGGDODcXWeGHf5hiwMKVZ8
ek1ASM4SrjCvnsPPiSzkHGgo2kdw+qNFpGJcyVoKpaWJwP/TfECR7kukLXGv4BUW
6gBBMdIvxhFsSx9sc5xXEkaE+8Zsi1Mwj+eIgTB199K2oTTizcZ0DQHYmWzzSk6K
nYyUuDrH+VlxvAuZ1rsVpX0d256y6NOgFkuw1YVhFvU/1I2+pzBbEW9Dw75GWJzt
fy0MTtD3j0bxlR6QMI9v++QdugcrUvkXuzRZ+9hUS3Vi
-----END CERTIFICATE-----