Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/5xAiSENvpaQY7HjBK_c7TAIY4vg.roa
File:                     5xAiSENvpaQY7HjBK_c7TAIY4vg.roa (raw, json)
Hash identifier:          g9OMq/a70KDyagPAvgGWt0zXZoKviJEEC9zQ0mi1T6Q=
Subject key identifier:   E7:10:22:48:43:6F:A5:A4:18:EC:78:C1:2B:F7:3B:4C:02:18:E2:F8
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       018CC8018C0152D38EC58BCFD6DD0DFE57E0
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/5xAiSENvpaQY7HjBK_c7TAIY4vg.roa
Signing time:             Tue 02 Jan 2024 02:29:53 +0000
ROA not before:           Tue 02 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141968
IP address blocks:        103.76.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8c:01:52:d3:8e:c5:8b:cf:d6:dd:0d:fe:57:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Jan  2 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7102248436fa5a418ec78c12bf73b4c0218e2f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c6:a5:55:49:9a:e0:10:42:a4:53:c6:30:42:
                    cf:5d:62:36:ec:e2:be:ae:30:66:6a:77:7f:4b:bd:
                    3a:59:8c:e7:64:7b:e3:9d:dd:5c:00:6b:a9:43:74:
                    1d:ed:61:38:6d:a1:b2:16:f8:df:dd:97:e3:b7:af:
                    d9:3a:38:c3:d3:a3:e8:41:c5:6b:90:35:4e:23:b7:
                    d6:a7:16:92:67:75:6d:bf:46:ed:94:1c:46:65:90:
                    ee:65:11:1f:9b:1d:55:11:31:1f:8f:b0:29:7c:3f:
                    d4:b6:b7:30:cb:28:21:97:42:60:30:a9:2c:b2:1c:
                    89:b5:65:ef:df:a3:97:5f:71:e3:a4:ca:86:a2:f3:
                    9c:73:87:14:a5:bb:16:d1:d5:a6:a4:a1:18:8a:c0:
                    b2:84:e4:e7:9f:f3:47:88:92:66:aa:43:7f:fa:c3:
                    3f:af:7e:06:1b:ad:8c:ab:4c:e8:cf:be:95:3c:40:
                    d0:fc:a9:cf:c0:0d:5b:ee:06:9c:4b:98:67:b5:cf:
                    33:b1:ce:7f:62:e6:c6:40:8a:5d:f0:01:c4:07:e1:
                    1a:f6:51:10:a8:9c:62:f5:d9:b1:99:21:7a:6d:14:
                    b2:01:b6:8d:4e:07:a0:ac:dc:05:dd:19:f4:7b:84:
                    91:fa:37:a5:f9:75:93:05:0a:62:11:5a:6c:fb:f5:
                    2d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:10:22:48:43:6F:A5:A4:18:EC:78:C1:2B:F7:3B:4C:02:18:E2:F8
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/5xAiSENvpaQY7HjBK_c7TAIY4vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:40:db:d0:58:31:8d:cf:61:f4:1f:e6:9d:c5:af:6d:f6:16:
         45:bd:68:97:b3:65:61:0e:b5:68:23:35:b1:fd:d6:47:8e:de:
         0d:a7:d6:c9:df:02:1f:fa:94:bf:3a:e1:a8:d5:73:77:d0:28:
         af:60:19:5d:84:88:5e:db:e9:0e:f6:9d:65:b7:d9:2f:ac:e0:
         ec:09:6e:5e:0e:10:b6:67:96:22:c8:76:9b:f5:ba:b2:51:69:
         d9:df:df:6b:fa:db:87:88:28:1b:a9:50:74:ea:ef:2c:12:54:
         9e:31:23:06:28:ab:4a:2e:b1:a4:60:cd:78:5d:0f:21:94:3c:
         d2:e2:47:3a:eb:90:89:2c:32:ff:94:fa:c7:37:9f:97:30:6b:
         34:94:cb:58:39:1a:50:b9:41:b6:90:71:c0:5b:41:c7:a8:36:
         58:aa:ed:55:e4:a0:58:83:15:ff:fd:90:aa:ef:67:f8:7c:03:
         5d:4e:ab:41:2b:ff:1c:39:b7:68:01:cf:7b:ba:47:2e:0c:3a:
         38:6c:f6:6b:9d:72:8e:ea:c8:6d:5f:6e:c3:a9:aa:da:da:31:
         b5:c9:6d:49:18:48:0a:50:3b:11:90:97:82:0a:01:1d:a4:61:
         ea:40:4e:2d:ea:a5:3d:3d:46:20:c4:0b:37:c4:ee:1b:14:5a:
         28:4d:9e:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYwBUtOOxYvP1t0N/lfgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjQwMTAyMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzEwMjI0ODQzNmZhNWE0MThlYzc4YzEyYmY3M2I0YzAyMThlMmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucalVUma4BBCpFPGMELPXWI27OK+
rjBmand/S706WYznZHvjnd1cAGupQ3Qd7WE4baGyFvjf3Zfjt6/ZOjjD06PoQcVr
kDVOI7fWpxaSZ3Vtv0btlBxGZZDuZREfmx1VETEfj7ApfD/Utrcwyyghl0JgMKks
shyJtWXv36OXX3HjpMqGovOcc4cUpbsW0dWmpKEYisCyhOTnn/NHiJJmqkN/+sM/
r34GG62Mq0zoz76VPEDQ/KnPwA1b7gacS5hntc8zsc5/YubGQIpd8AHEB+Ea9lEQ
qJxi9dmxmSF6bRSyAbaNTgegrNwF3Rn0e4SR+jel+XWTBQpiEVps+/UtgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcQIkhDb6WkGOx4wSv3O0wCGOL4MB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvNXhBaVNFTnZwYVFZN0hqQktfYzdUQUlZNHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0yBMA0G
CSqGSIb3DQEBCwUAA4IBAQBvQNvQWDGNz2H0H+adxa9t9hZFvWiXs2VhDrVoIzWx
/dZHjt4Np9bJ3wIf+pS/OuGo1XN30CivYBldhIhe2+kO9p1lt9kvrODsCW5eDhC2
Z5YiyHab9bqyUWnZ399r+tuHiCgbqVB06u8sElSeMSMGKKtKLrGkYM14XQ8hlDzS
4kc665CJLDL/lPrHN5+XMGs0lMtYORpQuUG2kHHAW0HHqDZYqu1V5KBYgxX//ZCq
72f4fANdTqtBK/8cObdoAc97ukcuDDo4bPZrnXKO6shtX27Dqara2jG1yW1JGEgK
UDsRkJeCCgEdpGHqQE4t6qU9PUYgxAs3xO4bFFooTZ6L
-----END CERTIFICATE-----