Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/dhDCKCjQaSVOg9hJbRuU7PHxvSw.roa
File:                     dhDCKCjQaSVOg9hJbRuU7PHxvSw.roa (raw, json)
Hash identifier:          NM+a9VCYXQVF9uO7jeekdRySrQLfqwh2lM0mTU4IpSE=
Subject key identifier:   76:10:C2:28:28:D0:69:25:4E:83:D8:49:6D:1B:94:EC:F1:F1:BD:2C
Certificate issuer:       /CN=608e6a6a54017dd3b9b2cce35fd5a9a7f2a45498
Certificate serial:       018CC80310D531329076E0EE77208F693270
Authority key identifier: 60:8E:6A:6A:54:01:7D:D3:B9:B2:CC:E3:5F:D5:A9:A7:F2:A4:54:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YI5qalQBfdO5sszjX9Wpp_KkVJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/dhDCKCjQaSVOg9hJbRuU7PHxvSw.roa
Signing time:             Tue 02 Jan 2024 02:31:33 +0000
ROA not before:           Tue 02 Jan 2024 02:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42833
IP address blocks:        5.104.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/YI5qalQBfdO5sszjX9Wpp_KkVJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/YI5qalQBfdO5sszjX9Wpp_KkVJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YI5qalQBfdO5sszjX9Wpp_KkVJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:10:d5:31:32:90:76:e0:ee:77:20:8f:69:32:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=608e6a6a54017dd3b9b2cce35fd5a9a7f2a45498
        Validity
            Not Before: Jan  2 02:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7610c22828d069254e83d8496d1b94ecf1f1bd2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3a:d1:93:92:84:5e:55:90:ec:90:1f:7f:0b:
                    95:5e:28:b5:ca:bb:a7:8e:34:74:d7:c4:62:25:a7:
                    d1:39:22:7b:8d:4b:b4:d9:60:c0:f7:43:cb:a7:f5:
                    8a:62:f7:49:55:ff:9c:be:e3:b8:d6:da:a6:29:27:
                    28:48:8d:57:53:47:f1:82:84:5f:a3:fb:64:08:96:
                    3d:e1:cd:50:49:83:bf:69:16:5f:4f:d5:f8:77:64:
                    06:2a:96:90:97:d8:d7:9e:91:73:89:3d:86:2a:90:
                    e0:13:ff:ae:cc:c0:e4:99:fa:40:e1:0a:0d:52:98:
                    94:df:00:6b:9f:24:0a:87:d6:84:73:7c:30:14:2e:
                    56:8e:65:98:b1:e2:50:e1:d4:42:dc:33:18:4c:ec:
                    25:54:cb:3e:cb:0c:67:fc:1b:60:2b:d1:23:d1:e3:
                    90:fb:b4:8a:9b:f6:f6:cd:3c:3f:3e:0a:f2:09:12:
                    c2:f1:fe:00:99:0a:70:71:a9:c0:a4:2c:2c:0d:a1:
                    38:2f:6f:b9:9a:49:79:ba:72:a4:d8:31:dc:c0:3c:
                    ca:23:72:a4:13:90:81:65:87:b1:67:38:af:b3:95:
                    7a:e4:4d:b8:79:a7:2b:9b:65:f7:7a:77:39:f8:0e:
                    3f:f8:ce:fd:4c:ef:90:7e:a4:e6:33:35:dc:12:e5:
                    32:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:10:C2:28:28:D0:69:25:4E:83:D8:49:6D:1B:94:EC:F1:F1:BD:2C
            X509v3 Authority Key Identifier:
                keyid:60:8E:6A:6A:54:01:7D:D3:B9:B2:CC:E3:5F:D5:A9:A7:F2:A4:54:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YI5qalQBfdO5sszjX9Wpp_KkVJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/dhDCKCjQaSVOg9hJbRuU7PHxvSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/c3328e-1ce9-4e38-9eca-2324977c9393/1/YI5qalQBfdO5sszjX9Wpp_KkVJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:45:78:5d:2e:35:a0:4f:dd:f1:ef:8b:11:63:5a:85:d6:35:
         67:01:4e:04:7e:b4:aa:76:ab:9f:3e:e8:6a:38:71:f8:cf:c5:
         63:e4:3e:9b:f7:d1:48:39:0e:1e:f9:c8:d8:bc:7c:11:96:42:
         a2:93:1d:ae:80:60:80:50:35:6a:ba:77:0d:33:00:65:a5:3f:
         6b:07:0c:fd:9c:d9:52:63:e5:75:db:86:39:39:a4:47:01:d1:
         fc:9d:f7:3e:e7:8c:a7:20:55:9f:dd:a7:e8:28:be:55:7d:3c:
         5c:ca:3a:65:c5:fb:a3:13:f3:0b:2e:2b:bf:b1:a3:64:0f:22:
         6e:00:cd:3f:27:eb:46:61:b6:c0:7b:87:98:82:86:61:b6:7b:
         68:08:db:55:a6:9f:53:a4:1e:c9:1b:ff:b2:0c:3d:b5:5a:12:
         da:fc:bf:9e:6e:03:5d:50:fd:d9:95:f4:b8:2d:ab:75:de:34:
         62:93:69:96:6b:9c:1d:e6:b0:02:42:a3:e8:13:d5:6f:f6:4f:
         e1:7c:a1:03:c8:ec:fb:5a:31:bf:63:f2:d0:6f:14:3c:a3:39:
         46:a2:64:86:83:b8:a0:c5:8d:49:5d:e0:6d:44:07:a5:49:9b:
         1a:22:1e:41:67:c4:92:48:a5:bd:92:45:64:90:d7:b3:8a:ec:
         51:08:e5:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAxDVMTKQduDudyCPaTJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOGU2YTZhNTQwMTdkZDNiOWIyY2NlMzVmZDVhOWE3ZjJh
NDU0OTgwHhcNMjQwMTAyMDIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjEwYzIyODI4ZDA2OTI1NGU4M2Q4NDk2ZDFiOTRlY2YxZjFiZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zrRk5KEXlWQ7JAffwuVXii1yrun
jjR018RiJafROSJ7jUu02WDA90PLp/WKYvdJVf+cvuO41tqmKScoSI1XU0fxgoRf
o/tkCJY94c1QSYO/aRZfT9X4d2QGKpaQl9jXnpFziT2GKpDgE/+uzMDkmfpA4QoN
UpiU3wBrnyQKh9aEc3wwFC5WjmWYseJQ4dRC3DMYTOwlVMs+ywxn/BtgK9Ej0eOQ
+7SKm/b2zTw/PgryCRLC8f4AmQpwcanApCwsDaE4L2+5mkl5unKk2DHcwDzKI3Kk
E5CBZYexZzivs5V65E24eacrm2X3enc5+A4/+M79TO+QfqTmMzXcEuUyZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYQwigo0GklToPYSW0blOzx8b0sMB8GA1UdIwQY
MBaAFGCOampUAX3TubLM41/VqafypFSYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUk1cWFsUUJmZE81c3N6alg5V3BwX0trVkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jMzMyOGUtMWNlOS00ZTM4LTllY2Et
MjMyNDk3N2M5MzkzLzEvZGhEQ0tDalFhU1ZPZzloSmJSdVU3UEh4dlN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jMzMyOGUtMWNlOS00ZTM4LTllY2EtMjMyNDk3N2M5Mzkz
LzEvWUk1cWFsUUJmZE81c3N6alg5V3BwX0trVkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWgfMA0G
CSqGSIb3DQEBCwUAA4IBAQAARXhdLjWgT93x74sRY1qF1jVnAU4EfrSqdqufPuhq
OHH4z8Vj5D6b99FIOQ4e+cjYvHwRlkKikx2ugGCAUDVquncNMwBlpT9rBwz9nNlS
Y+V124Y5OaRHAdH8nfc+54ynIFWf3afoKL5VfTxcyjplxfujE/MLLiu/saNkDyJu
AM0/J+tGYbbAe4eYgoZhtntoCNtVpp9TpB7JG/+yDD21WhLa/L+ebgNdUP3ZlfS4
Lat13jRik2mWa5wd5rACQqPoE9Vv9k/hfKEDyOz7WjG/Y/LQbxQ8ozlGomSGg7ig
xY1JXeBtRAelSZsaIh5BZ8SSSKW9kkVkkNeziuxRCOVA
-----END CERTIFICATE-----