Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/phoqC7KdOvEjaOSbFu-Nfs5Kys8.roa
File:                     phoqC7KdOvEjaOSbFu-Nfs5Kys8.roa (raw, json)
Hash identifier:          zKyLs6wHa4xMeglFDYCdUn7zOwsumXKpCE2hHuwv0rk=
Subject key identifier:   A6:1A:2A:0B:B2:9D:3A:F1:23:68:E4:9B:16:EF:8D:7E:CE:4A:CA:CF
Certificate issuer:       /CN=aa54c4763ea018c3dc70203d04efe71fd4b1b066
Certificate serial:       018CC649A78889C2957BC44228BF711293C1
Authority key identifier: AA:54:C4:76:3E:A0:18:C3:DC:70:20:3D:04:EF:E7:1F:D4:B1:B0:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlTEdj6gGMPccCA9BO_nH9SxsGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/phoqC7KdOvEjaOSbFu-Nfs5Kys8.roa
Signing time:             Mon 01 Jan 2024 18:29:24 +0000
ROA not before:           Mon 01 Jan 2024 18:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42010
IP address blocks:        5.175.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/qlTEdj6gGMPccCA9BO_nH9SxsGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/qlTEdj6gGMPccCA9BO_nH9SxsGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlTEdj6gGMPccCA9BO_nH9SxsGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 04:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:a7:88:89:c2:95:7b:c4:42:28:bf:71:12:93:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa54c4763ea018c3dc70203d04efe71fd4b1b066
        Validity
            Not Before: Jan  1 18:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a61a2a0bb29d3af12368e49b16ef8d7ece4acacf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6d:c9:01:c9:14:f2:d9:9e:98:a5:bc:df:da:
                    24:b8:d4:97:37:08:1c:44:33:72:05:79:4c:ad:ce:
                    e1:9a:ab:1d:ac:bf:b6:65:83:29:3b:b8:ad:ac:bf:
                    70:ca:e7:81:c0:16:88:ee:22:93:b1:2f:27:3f:83:
                    c7:0d:1e:e5:20:5e:49:b0:df:60:2c:9d:d8:fd:84:
                    44:38:93:72:fa:cb:7d:af:46:de:44:5f:de:61:dd:
                    4b:d3:08:67:51:51:f1:ff:57:c9:c8:69:09:92:c4:
                    d0:49:89:f3:69:b7:ce:6a:cc:27:e1:b9:27:fa:47:
                    c4:aa:9a:d5:da:a0:5d:ed:d0:db:ff:96:c6:d5:a5:
                    57:da:98:67:f6:48:e6:da:99:5f:5f:16:3c:94:89:
                    78:31:03:bf:06:c9:82:ea:f3:ce:83:7a:8d:bb:7c:
                    c9:b0:50:63:a7:86:46:1c:df:0c:08:7c:03:34:ac:
                    9d:d8:bb:00:e4:a7:3a:0d:0a:ab:e7:e9:47:f4:f3:
                    97:9c:a7:9b:1a:f4:23:d8:dc:2a:5a:24:4b:6d:8c:
                    a5:69:62:fd:c1:75:bb:26:50:ca:a1:b1:3a:3e:bc:
                    8f:ca:12:f1:05:40:9d:41:d5:75:c9:01:55:4b:66:
                    4a:fd:11:04:4a:3b:ab:7a:65:ea:f1:46:b2:a6:aa:
                    0c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:1A:2A:0B:B2:9D:3A:F1:23:68:E4:9B:16:EF:8D:7E:CE:4A:CA:CF
            X509v3 Authority Key Identifier:
                keyid:AA:54:C4:76:3E:A0:18:C3:DC:70:20:3D:04:EF:E7:1F:D4:B1:B0:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlTEdj6gGMPccCA9BO_nH9SxsGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/phoqC7KdOvEjaOSbFu-Nfs5Kys8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/qlTEdj6gGMPccCA9BO_nH9SxsGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8a:0d:4f:39:7f:52:0b:f7:84:e4:9a:9b:ba:62:af:64:5d:8d:
         55:d4:80:b8:f6:3d:09:19:62:37:f9:b4:a9:39:48:3c:04:0f:
         b1:6a:09:9f:0f:dd:dc:b4:a7:d7:cc:de:fb:35:31:05:65:3e:
         b3:d4:d8:f3:18:17:c8:7e:6c:02:6a:89:5d:e8:3b:70:83:95:
         29:1b:79:ae:2e:c7:0e:fe:1b:11:cd:d1:97:ac:ce:cc:ff:f3:
         d9:6e:1e:68:3e:bd:c9:f0:b7:22:dd:0d:3e:8b:21:46:8e:e5:
         3a:ed:b9:96:23:e4:4d:95:fc:e4:39:be:6b:94:cf:81:b5:88:
         70:79:2d:71:cf:f7:1c:ff:57:ec:f1:fc:54:78:0f:30:e9:2b:
         fb:5c:0e:40:da:1b:ef:20:51:39:eb:08:c0:e6:03:6f:d4:17:
         a7:91:e8:07:f4:c9:c1:a7:5b:5e:bd:25:f1:1c:b2:a1:d4:ab:
         2f:a9:0e:c6:4c:49:49:2d:e6:8c:96:94:67:75:b1:a7:0a:a8:
         1d:d0:c2:b2:bc:26:f4:7c:60:32:dd:54:0d:65:a4:cc:e7:66:
         4a:69:01:ca:74:e6:ad:ca:e2:30:ac:39:28:a7:23:5c:00:6f:
         3a:4b:3c:24:f7:0d:f4:67:7a:01:4b:ea:b6:21:75:ac:4c:d7:
         5f:4b:07:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSaeIicKVe8RCKL9xEpPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTRjNDc2M2VhMDE4YzNkYzcwMjAzZDA0ZWZlNzFmZDRi
MWIwNjYwHhcNMjQwMTAxMTgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjFhMmEwYmIyOWQzYWYxMjM2OGU0OWIxNmVmOGQ3ZWNlNGFjYWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1W3JAckU8tmemKW839okuNSXNwgc
RDNyBXlMrc7hmqsdrL+2ZYMpO7itrL9wyueBwBaI7iKTsS8nP4PHDR7lIF5JsN9g
LJ3Y/YREOJNy+st9r0beRF/eYd1L0whnUVHx/1fJyGkJksTQSYnzabfOaswn4bkn
+kfEqprV2qBd7dDb/5bG1aVX2phn9kjm2plfXxY8lIl4MQO/BsmC6vPOg3qNu3zJ
sFBjp4ZGHN8MCHwDNKyd2LsA5Kc6DQqr5+lH9POXnKebGvQj2NwqWiRLbYylaWL9
wXW7JlDKobE6PryPyhLxBUCdQdV1yQFVS2ZK/REESjuremXq8UaypqoMJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYaKguynTrxI2jkmxbvjX7OSsrPMB8GA1UdIwQY
MBaAFKpUxHY+oBjD3HAgPQTv5x/UsbBmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxURWRqNmdHTVBjY0NBOUJPX25IOVN4c0dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9hMjFjOWUtODdmMS00OTgzLTgzOTQt
ZGUzNzY3M2M0MDljLzEvcGhvcUM3S2RPdkVqYU9TYkZ1LU5mczVLeXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9hMjFjOWUtODdmMS00OTgzLTgzOTQtZGUzNzY3M2M0MDlj
LzEvcWxURWRqNmdHTVBjY0NBOUJPX25IOVN4c0dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBa84MA0G
CSqGSIb3DQEBCwUAA4IBAQCKDU85f1IL94Tkmpu6Yq9kXY1V1IC49j0JGWI3+bSp
OUg8BA+xagmfD93ctKfXzN77NTEFZT6z1NjzGBfIfmwCaold6Dtwg5UpG3muLscO
/hsRzdGXrM7M//PZbh5oPr3J8Lci3Q0+iyFGjuU67bmWI+RNlfzkOb5rlM+BtYhw
eS1xz/cc/1fs8fxUeA8w6Sv7XA5A2hvvIFE56wjA5gNv1BenkegH9MnBp1tevSXx
HLKh1KsvqQ7GTElJLeaMlpRndbGnCqgd0MKyvCb0fGAy3VQNZaTM52ZKaQHKdOat
yuIwrDkopyNcAG86Szwk9w30Z3oBS+q2IXWsTNdfSwc8
-----END CERTIFICATE-----