Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/n85JOZScPPfUhSMcXUSAR-z9jpA.roa
File:                     n85JOZScPPfUhSMcXUSAR-z9jpA.roa (raw, json)
Hash identifier:          GfqZL97eoZF7X5iP28mzcJchJaNd6mas25cC5FHPNGE=
Subject key identifier:   9F:CE:49:39:94:9C:3C:F7:D4:85:23:1C:5D:44:80:47:EC:FD:8E:90
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018DEAF8C4F57AE224396D9F0E2991CF2C65
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/n85JOZScPPfUhSMcXUSAR-z9jpA.roa
Signing time:             Tue 27 Feb 2024 14:29:48 +0000
ROA not before:           Tue 27 Feb 2024 14:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215416
IP address blocks:        5.134.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:f8:c4:f5:7a:e2:24:39:6d:9f:0e:29:91:cf:2c:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Feb 27 14:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fce4939949c3cf7d485231c5d448047ecfd8e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d3:8d:2f:ca:f4:5e:0c:9b:b7:55:11:52:dd:
                    5d:4a:5a:f5:d2:23:19:a8:17:d9:d5:e3:1a:64:01:
                    3b:00:55:2b:31:b9:02:a7:4b:8d:5f:23:94:ed:08:
                    0a:3e:d3:b0:ed:2c:72:09:26:ca:57:41:fd:64:84:
                    9f:8f:46:a1:c3:c4:1b:0e:5e:ad:ee:b2:a4:41:ac:
                    c8:a0:76:4b:11:c4:30:8e:83:b0:58:e3:c7:dc:f1:
                    78:e5:d1:e7:68:13:d4:b3:d7:d2:b5:e7:9e:dd:d9:
                    a1:a3:ea:1a:0f:8d:3b:3c:f4:3d:bb:0b:e0:47:4b:
                    6d:59:ae:51:a9:5d:38:b5:bc:d4:e4:67:7a:d3:17:
                    ac:2a:4b:4d:61:d6:9a:df:37:1f:8a:a6:20:de:55:
                    6e:bb:67:70:b3:26:e4:95:ac:f3:7b:8f:4b:eb:fc:
                    45:0c:02:4c:2e:88:68:90:b3:34:cf:7d:bb:d6:c4:
                    24:e0:4b:2f:bd:ac:69:10:4a:98:0e:08:53:9d:d7:
                    a1:87:71:87:bc:d0:81:91:c5:2a:0c:13:bc:ba:30:
                    9b:0e:d4:50:19:48:4a:d7:95:17:10:02:48:06:3f:
                    b8:a3:1c:9e:2d:1a:30:e3:56:fd:5f:b5:00:0d:8b:
                    23:fc:c4:ec:2a:be:86:31:be:1c:1a:5f:eb:3a:18:
                    a4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:CE:49:39:94:9C:3C:F7:D4:85:23:1C:5D:44:80:47:EC:FD:8E:90
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/n85JOZScPPfUhSMcXUSAR-z9jpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.134.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:0a:c6:29:90:05:4a:39:51:14:f0:e9:dc:b4:c8:92:f8:45:
         ae:96:87:55:c3:18:19:38:30:be:e5:9b:f9:3d:35:86:6f:13:
         d5:c0:22:0f:71:98:80:3b:c1:81:79:4a:9f:63:5a:11:f6:69:
         76:a6:d5:13:69:ff:7a:fb:fe:af:ac:f4:ad:e0:c7:0b:fa:c5:
         ae:f6:27:60:a8:67:ac:a3:a0:fc:96:b9:61:20:ed:2b:3b:fa:
         a9:fb:09:97:c8:e5:f2:cb:de:bd:5d:8d:3e:ce:2d:14:24:87:
         f1:b6:30:5d:07:6b:11:0b:41:d2:ab:e4:c9:0b:2f:d1:23:88:
         7b:d8:22:cd:32:4c:6b:5d:c9:85:a5:29:82:65:47:ef:de:26:
         ab:0a:6e:51:4e:a4:4f:c3:72:4c:96:48:8b:f0:e1:33:29:be:
         f8:a1:53:93:32:97:5b:55:eb:ab:e6:5d:5d:72:ca:7f:b5:b3:
         d4:48:77:0b:71:6c:49:56:4d:8d:22:e2:84:9b:f4:40:72:28:
         1b:e9:56:55:95:a3:82:d9:9b:84:6f:94:24:19:65:81:08:fe:
         a6:38:9b:c0:d7:bc:98:1a:72:a1:12:57:67:d4:e7:b9:d9:1d:
         08:eb:04:1b:0e:b6:4f:48:98:00:75:57:59:9f:d3:c4:5e:71:
         d8:d8:fb:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3q+MT1euIkOW2fDimRzyxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMjI3MTQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmNlNDkzOTk0OWMzY2Y3ZDQ4NTIzMWM1ZDQ0ODA0N2VjZmQ4ZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9ONL8r0Xgybt1URUt1dSlr10iMZ
qBfZ1eMaZAE7AFUrMbkCp0uNXyOU7QgKPtOw7SxyCSbKV0H9ZISfj0ahw8QbDl6t
7rKkQazIoHZLEcQwjoOwWOPH3PF45dHnaBPUs9fSteee3dmho+oaD407PPQ9uwvg
R0ttWa5RqV04tbzU5Gd60xesKktNYdaa3zcfiqYg3lVuu2dwsybklazze49L6/xF
DAJMLohokLM0z3271sQk4EsvvaxpEEqYDghTndehh3GHvNCBkcUqDBO8ujCbDtRQ
GUhK15UXEAJIBj+4oxyeLRow41b9X7UADYsj/MTsKr6GMb4cGl/rOhiknQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/OSTmUnDz31IUjHF1EgEfs/Y6QMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvbjg1Sk9aU2NQUGZVaFNNY1hVU0FSLXo5anBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYZXMA0G
CSqGSIb3DQEBCwUAA4IBAQBGCsYpkAVKOVEU8OnctMiS+EWulodVwxgZODC+5Zv5
PTWGbxPVwCIPcZiAO8GBeUqfY1oR9ml2ptUTaf96+/6vrPSt4McL+sWu9idgqGes
o6D8lrlhIO0rO/qp+wmXyOXyy969XY0+zi0UJIfxtjBdB2sRC0HSq+TJCy/RI4h7
2CLNMkxrXcmFpSmCZUfv3iarCm5RTqRPw3JMlkiL8OEzKb74oVOTMpdbVeur5l1d
csp/tbPUSHcLcWxJVk2NIuKEm/RAcigb6VZVlaOC2ZuEb5QkGWWBCP6mOJvA17yY
GnKhEldn1Oe52R0I6wQbDrZPSJgAdVdZn9PEXnHY2PuJ
-----END CERTIFICATE-----