Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/30cc41-8aab-4463-99f8-dcb56acb777f/1/A1bootIuKzfe1YsbXrIiKpuzVkM.roa
File:                     A1bootIuKzfe1YsbXrIiKpuzVkM.roa (raw, json)
Hash identifier:          WcBOg5L1I1NJ1nWmr8Fs7OvzDELEizWMLgLBEyLgVmg=
Subject key identifier:   03:56:E8:A2:D2:2E:2B:37:DE:D5:8B:1B:5E:B2:22:2A:9B:B3:56:43
Certificate issuer:       /CN=3853af5014499b2fb5cd2c1e68a24ff8256d0d0d
Certificate serial:       018CC8DCEFBA6878A88FA2A4772639A9CC55
Authority key identifier: 38:53:AF:50:14:49:9B:2F:B5:CD:2C:1E:68:A2:4F:F8:25:6D:0D:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OFOvUBRJmy-1zSweaKJP-CVtDQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/30cc41-8aab-4463-99f8-dcb56acb777f/1/A1bootIuKzfe1YsbXrIiKpuzVkM.roa
Signing time:             Tue 02 Jan 2024 06:29:31 +0000
ROA not before:           Tue 02 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209301
IP address blocks:        5.253.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/30cc41-8aab-4463-99f8-dcb56acb777f/1/OFOvUBRJmy-1zSweaKJP-CVtDQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/30cc41-8aab-4463-99f8-dcb56acb777f/1/OFOvUBRJmy-1zSweaKJP-CVtDQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OFOvUBRJmy-1zSweaKJP-CVtDQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ef:ba:68:78:a8:8f:a2:a4:77:26:39:a9:cc:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3853af5014499b2fb5cd2c1e68a24ff8256d0d0d
        Validity
            Not Before: Jan  2 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0356e8a2d22e2b37ded58b1b5eb2222a9bb35643
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6e:08:e6:8e:9b:11:9a:f4:9b:cd:60:7a:a1:
                    97:30:c9:3e:e3:03:5a:b9:0f:42:fc:08:7a:61:fc:
                    0f:52:2f:d1:ef:80:36:11:d6:ab:1e:6f:5e:2b:37:
                    74:be:91:5f:f8:c6:f2:e0:74:1c:c9:cd:a4:32:81:
                    d0:46:3a:4b:a2:91:fa:92:39:00:c5:f7:33:a1:37:
                    ad:b8:6a:8f:0e:34:1e:59:38:19:61:93:de:1c:78:
                    08:39:4f:b3:97:f1:0c:6e:28:f2:56:39:86:d6:d6:
                    97:7a:75:c9:9c:1b:84:19:0d:a9:f5:a7:84:7b:07:
                    46:0a:36:9e:36:56:b9:a8:98:e6:26:30:c9:07:6e:
                    1b:c2:57:eb:25:5e:56:25:81:c0:fe:76:fc:c4:87:
                    d8:be:43:6e:7d:ac:a3:ad:80:9e:cf:c1:2f:21:00:
                    0c:f1:4a:00:4a:91:bd:68:3d:75:c6:76:93:5e:ec:
                    d7:19:20:7d:35:05:0f:ed:d4:62:b4:2c:e4:2c:55:
                    a4:23:27:52:a6:68:46:5a:6c:d2:f9:e4:32:59:0d:
                    e3:66:11:0d:9c:69:a3:8c:82:e6:4e:d8:2d:7f:67:
                    e8:5e:19:a8:97:c2:8a:41:b6:2d:de:3e:6a:fe:b6:
                    54:6d:0d:91:71:cc:60:ca:9f:fb:d1:e3:33:5b:ec:
                    a9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:56:E8:A2:D2:2E:2B:37:DE:D5:8B:1B:5E:B2:22:2A:9B:B3:56:43
            X509v3 Authority Key Identifier:
                keyid:38:53:AF:50:14:49:9B:2F:B5:CD:2C:1E:68:A2:4F:F8:25:6D:0D:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OFOvUBRJmy-1zSweaKJP-CVtDQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/30cc41-8aab-4463-99f8-dcb56acb777f/1/A1bootIuKzfe1YsbXrIiKpuzVkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/30cc41-8aab-4463-99f8-dcb56acb777f/1/OFOvUBRJmy-1zSweaKJP-CVtDQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:06:a2:5e:3e:fa:43:23:8e:89:96:fa:81:28:1b:d2:aa:33:
         b6:b0:25:4d:7a:a8:6e:19:a0:f9:90:64:13:d2:2d:6e:6b:a2:
         32:5e:23:6e:eb:5e:d0:9a:e1:6c:2d:47:75:90:b9:8d:a3:03:
         fa:9b:0f:17:c8:dd:5d:f0:6b:d4:9d:b9:73:32:c4:a9:7a:95:
         cb:91:03:62:12:d6:a5:6a:0d:7e:cc:1e:2e:da:28:c4:c0:27:
         a4:4d:78:b8:72:9e:bf:0b:4d:1e:c0:9d:8e:b3:d5:07:6a:b7:
         c1:4e:ea:bb:d8:3a:66:a2:5a:a3:1c:c8:7e:96:fb:a7:6b:a8:
         27:4b:74:1e:06:7b:8d:8d:6d:9e:76:96:dc:97:ed:79:20:89:
         8d:90:08:92:58:74:46:be:58:c0:af:ca:b0:cc:73:62:2d:aa:
         44:ea:14:f6:5a:5a:01:cf:74:b7:1c:79:d4:2d:9c:31:3c:4e:
         85:bf:f5:83:0b:04:0a:70:36:09:0c:d2:4a:26:79:b0:17:09:
         07:8c:6d:e2:9c:ec:12:74:44:4d:f1:14:0f:ba:5d:87:ad:01:
         03:61:8f:53:1e:00:65:9e:82:92:db:d9:1c:49:39:2e:7f:ed:
         38:63:0a:c2:68:42:c6:7d:74:a7:f9:50:8a:f9:e8:9f:d5:36:
         2c:90:a4:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3O+6aHioj6KkdyY5qcxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NTNhZjUwMTQ0OTliMmZiNWNkMmMxZTY4YTI0ZmY4MjU2
ZDBkMGQwHhcNMjQwMTAyMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzU2ZThhMmQyMmUyYjM3ZGVkNThiMWI1ZWIyMjIyYTliYjM1NjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi24I5o6bEZr0m81geqGXMMk+4wNa
uQ9C/Ah6YfwPUi/R74A2EdarHm9eKzd0vpFf+Mby4HQcyc2kMoHQRjpLopH6kjkA
xfczoTetuGqPDjQeWTgZYZPeHHgIOU+zl/EMbijyVjmG1taXenXJnBuEGQ2p9aeE
ewdGCjaeNla5qJjmJjDJB24bwlfrJV5WJYHA/nb8xIfYvkNufayjrYCez8EvIQAM
8UoASpG9aD11xnaTXuzXGSB9NQUP7dRitCzkLFWkIydSpmhGWmzS+eQyWQ3jZhEN
nGmjjILmTtgtf2foXhmol8KKQbYt3j5q/rZUbQ2Rccxgyp/70eMzW+yp+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANW6KLSLis33tWLG16yIiqbs1ZDMB8GA1UdIwQY
MBaAFDhTr1AUSZsvtc0sHmiiT/glbQ0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0ZPdlVCUkpteS0xelN3ZWFLSlAtQ1Z0RFEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zMGNjNDEtOGFhYi00NDYzLTk5Zjgt
ZGNiNTZhY2I3NzdmLzEvQTFib290SXVLemZlMVlzYlhySWlLcHV6VmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zMGNjNDEtOGFhYi00NDYzLTk5ZjgtZGNiNTZhY2I3Nzdm
LzEvT0ZPdlVCUkpteS0xelN3ZWFLSlAtQ1Z0RFEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf0wMA0G
CSqGSIb3DQEBCwUAA4IBAQB9BqJePvpDI46JlvqBKBvSqjO2sCVNeqhuGaD5kGQT
0i1ua6IyXiNu617QmuFsLUd1kLmNowP6mw8XyN1d8GvUnblzMsSpepXLkQNiEtal
ag1+zB4u2ijEwCekTXi4cp6/C00ewJ2Os9UHarfBTuq72DpmolqjHMh+lvuna6gn
S3QeBnuNjW2edpbcl+15IImNkAiSWHRGvljAr8qwzHNiLapE6hT2WloBz3S3HHnU
LZwxPE6Fv/WDCwQKcDYJDNJKJnmwFwkHjG3inOwSdERN8RQPul2HrQEDYY9THgBl
noKS29kcSTkuf+04YwrCaELGfXSn+VCK+eif1TYskKTy
-----END CERTIFICATE-----