Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/jlnnCgmQIYRrNbYpKZOF4xO3rWc.roa
File:                     jlnnCgmQIYRrNbYpKZOF4xO3rWc.roa (raw, json)
Hash identifier:          cfUQxw/Zy9r1O1jblo1s6afyMGSvYzcEVYXAoWw5d3Q=
Subject key identifier:   8E:59:E7:0A:09:90:21:84:6B:35:B6:29:29:93:85:E3:13:B7:AD:67
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018D8C8271D759AF36FC793A505EF2F92ED2
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/jlnnCgmQIYRrNbYpKZOF4xO3rWc.roa
Signing time:             Fri 09 Feb 2024 06:16:15 +0000
ROA not before:           Fri 09 Feb 2024 06:16:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16190
IP address blocks:        5.134.86.0/23 maxlen: 24
                          217.113.0.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8c:82:71:d7:59:af:36:fc:79:3a:50:5e:f2:f9:2e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Feb  9 06:16:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e59e70a099021846b35b629299385e313b7ad67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ae:aa:86:e9:1b:de:f5:7d:e3:2a:b4:87:99:
                    b7:51:67:07:ca:80:d1:74:e1:70:75:c3:fb:0a:55:
                    05:b0:b4:5d:e5:fe:db:ea:5b:8d:78:0f:b6:a2:33:
                    6b:df:e6:49:6e:10:82:39:ee:50:58:b9:98:81:3b:
                    31:ae:ae:67:15:5d:67:0d:32:fd:9a:62:aa:ac:71:
                    e9:6a:49:90:71:09:e0:b0:8a:82:7e:df:97:f1:b6:
                    71:37:26:2f:59:cf:e7:45:15:2a:8a:a9:e8:6c:c5:
                    3d:7c:16:73:2f:ad:79:80:44:c5:b0:70:77:7a:3b:
                    2c:a5:dd:bc:1b:4b:5d:76:e0:91:7e:a4:ab:b5:66:
                    3e:93:2e:4a:61:89:72:a8:02:59:36:23:53:ae:20:
                    a3:a2:7f:a9:54:06:44:a5:21:24:89:83:2a:32:58:
                    59:14:29:66:6c:49:2c:79:73:76:d9:55:ef:71:fe:
                    96:c0:88:ce:cd:1b:49:c1:59:de:0c:af:bc:e9:64:
                    5d:e4:ec:11:86:ae:78:24:ab:c0:82:e7:d7:c8:4e:
                    ed:eb:4a:56:29:5d:f5:b4:f9:39:e7:07:bf:0d:b0:
                    e2:dc:60:e7:83:13:32:17:f8:5f:e7:69:cd:e9:fd:
                    d2:ef:7c:59:ce:19:e2:16:69:61:43:8e:ba:3f:5c:
                    06:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:59:E7:0A:09:90:21:84:6B:35:B6:29:29:93:85:E3:13:B7:AD:67
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/jlnnCgmQIYRrNbYpKZOF4xO3rWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.134.86.0/23
                  217.113.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a9:39:44:52:07:16:30:9a:33:a9:de:d8:34:ed:ec:cc:7a:fa:
         24:26:f0:c0:c7:43:c3:ea:f9:bd:7d:da:85:7f:92:2c:17:46:
         8b:12:84:0c:fd:59:ce:bf:4d:55:17:16:f7:88:0d:dd:1b:f0:
         d1:fe:61:73:5d:d6:55:af:0f:56:7b:58:6a:4c:00:d7:09:1f:
         9f:18:cb:f5:c0:34:df:00:2c:24:93:a2:40:e8:80:d8:e3:a2:
         11:ba:27:be:b1:f3:0d:7a:52:4a:35:bf:98:ad:e9:be:c8:13:
         51:d2:68:aa:46:91:e1:93:db:67:33:ec:bc:e8:52:6f:f9:65:
         25:66:47:ca:c7:97:ba:5f:52:96:17:e5:07:a9:71:4e:71:8c:
         42:1a:56:b1:80:57:60:e7:8b:69:e8:46:29:11:8a:d2:e9:29:
         e2:81:8d:f8:11:0d:2e:6f:79:46:f4:ce:05:48:77:d7:46:65:
         83:94:0f:56:1d:45:c0:db:ee:65:1f:2b:de:6e:5b:0f:0c:12:
         d7:cd:08:f8:51:c7:e2:d9:4c:98:f4:66:01:d7:ec:89:ae:07:
         db:5e:4f:d7:83:d4:3b:06:c8:75:95:38:75:af:14:d3:e3:c4:
         ea:35:1f:55:a8:20:ca:13:2a:1e:d9:fc:45:f9:12:03:2b:2c:
         94:f0:26:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2MgnHXWa82/Hk6UF7y+S7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMjA5MDYxNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTU5ZTcwYTA5OTAyMTg0NmIzNWI2MjkyOTkzODVlMzEzYjdhZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv66qhukb3vV94yq0h5m3UWcHyoDR
dOFwdcP7ClUFsLRd5f7b6luNeA+2ojNr3+ZJbhCCOe5QWLmYgTsxrq5nFV1nDTL9
mmKqrHHpakmQcQngsIqCft+X8bZxNyYvWc/nRRUqiqnobMU9fBZzL615gETFsHB3
ejsspd28G0tdduCRfqSrtWY+ky5KYYlyqAJZNiNTriCjon+pVAZEpSEkiYMqMlhZ
FClmbEkseXN22VXvcf6WwIjOzRtJwVneDK+86WRd5OwRhq54JKvAgufXyE7t60pW
KV31tPk55we/DbDi3GDngxMyF/hf52nN6f3S73xZzhniFmlhQ466P1wGNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI5Z5woJkCGEazW2KSmTheMTt61nMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvamxubkNnbVFJWVJyTmJZcEtaT0Y0eE8zcldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBYZWAwQD
2XEAMA0GCSqGSIb3DQEBCwUAA4IBAQCpOURSBxYwmjOp3tg07ezMevokJvDAx0PD
6vm9fdqFf5IsF0aLEoQM/VnOv01VFxb3iA3dG/DR/mFzXdZVrw9We1hqTADXCR+f
GMv1wDTfACwkk6JA6IDY46IRuie+sfMNelJKNb+Yrem+yBNR0miqRpHhk9tnM+y8
6FJv+WUlZkfKx5e6X1KWF+UHqXFOcYxCGlaxgFdg54tp6EYpEYrS6SnigY34EQ0u
b3lG9M4FSHfXRmWDlA9WHUXA2+5lHyveblsPDBLXzQj4Ucfi2UyY9GYB1+yJrgfb
Xk/Xg9Q7Bsh1lTh1rxTT48TqNR9VqCDKEyoe2fxF+RIDKyyU8CYm
-----END CERTIFICATE-----