Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/9KAfaDsU33IRH77MZEJ0152sN9k.roa
File:                     9KAfaDsU33IRH77MZEJ0152sN9k.roa (raw, json)
Hash identifier:          /wCwkrCyzmYsu6zplJU9Wj0i3e+QM4N/vMOq70TDjtQ=
Subject key identifier:   F4:A0:1F:68:3B:14:DF:72:11:1F:BE:CC:64:42:74:D7:9D:AC:37:D9
Certificate issuer:       /CN=aee08d9336f2e6cd165eb730297fe6d20c83c39a
Certificate serial:       018CC79470FA37EBA0722A49BB3CDF4B474F
Authority key identifier: AE:E0:8D:93:36:F2:E6:CD:16:5E:B7:30:29:7F:E6:D2:0C:83:C3:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/9KAfaDsU33IRH77MZEJ0152sN9k.roa
Signing time:             Tue 02 Jan 2024 00:30:43 +0000
ROA not before:           Tue 02 Jan 2024 00:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57588
IP address blocks:        5.149.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:70:fa:37:eb:a0:72:2a:49:bb:3c:df:4b:47:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aee08d9336f2e6cd165eb730297fe6d20c83c39a
        Validity
            Not Before: Jan  2 00:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4a01f683b14df72111fbecc644274d79dac37d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:17:e3:f6:84:e4:9d:ee:5b:25:93:5d:cf:80:
                    06:a1:8e:a8:bf:27:ef:b8:63:bb:0d:94:27:cc:4e:
                    74:61:42:f5:27:ed:48:79:db:1a:72:c3:e3:37:0e:
                    30:db:0a:b2:8f:05:c2:af:4a:d5:29:49:36:1e:b3:
                    54:7b:ce:0f:ec:b9:e4:6c:48:10:bf:21:aa:ca:f1:
                    db:c8:ba:df:f2:aa:e4:04:de:96:6a:29:9d:2f:65:
                    61:d3:17:d7:4a:d3:7f:4a:be:71:71:46:f8:6a:9d:
                    18:bc:e2:f1:11:21:9e:23:31:18:f5:89:7e:db:bd:
                    cf:0d:b2:10:46:c8:fa:79:97:ab:6d:86:23:81:07:
                    a2:86:b5:df:b2:52:9a:23:22:dc:50:da:1f:1a:fa:
                    b0:7f:a3:a9:24:2e:ba:a7:bd:9a:37:7b:59:85:61:
                    0e:ad:3f:c9:de:f9:eb:31:7c:62:f1:fe:d8:dd:f2:
                    b8:bf:68:8a:93:d1:18:80:7e:5b:d9:5a:ef:e9:e0:
                    9f:7e:ce:7b:a6:f3:e0:f3:36:a6:02:3e:fb:68:2d:
                    cb:1d:31:a8:5c:dd:94:f7:ce:bf:09:4f:38:5a:be:
                    48:a1:e5:c2:8a:f0:b4:54:ef:52:e6:c2:19:36:34:
                    02:e5:cd:de:ca:b5:e2:09:7d:9c:d6:92:ba:49:8d:
                    7d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:A0:1F:68:3B:14:DF:72:11:1F:BE:CC:64:42:74:D7:9D:AC:37:D9
            X509v3 Authority Key Identifier:
                keyid:AE:E0:8D:93:36:F2:E6:CD:16:5E:B7:30:29:7F:E6:D2:0C:83:C3:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/9KAfaDsU33IRH77MZEJ0152sN9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:e1:44:5e:2a:da:14:e5:00:5c:a4:bc:f5:b6:4c:d9:90:95:
         e9:17:3b:18:b5:ad:71:bd:9a:53:2a:7f:32:26:1b:90:69:d7:
         8d:01:a1:fb:59:d0:28:da:29:3f:7e:6c:28:46:7c:67:92:66:
         1d:66:84:62:dc:0f:5a:2e:79:cb:06:40:3f:75:d8:f5:85:8f:
         d8:bb:7b:db:e4:11:c2:8b:be:a6:f5:1d:dd:46:8b:d2:90:0b:
         eb:8c:61:49:a8:8f:59:bf:64:6e:af:03:21:e0:ed:34:8b:b6:
         8f:25:93:00:43:0f:a2:bb:dd:11:1e:c0:c1:15:fe:ef:fa:8f:
         c7:da:0b:8c:40:f1:fc:fe:16:80:a2:f2:00:1e:84:51:a4:0f:
         a0:2e:fc:1f:34:83:67:8e:42:33:37:e2:df:1a:da:3b:9c:13:
         89:80:73:93:7f:dd:f0:90:24:ad:79:18:16:03:68:a7:c4:21:
         d7:13:dc:43:e3:1e:e7:9b:b3:96:64:1a:e3:f1:60:9c:85:b0:
         bd:39:09:83:86:94:b4:3c:0b:3f:b5:fd:07:f7:39:61:d5:80:
         a1:7a:79:d1:0e:60:f7:5c:fb:23:80:9b:46:21:b0:b2:1c:27:
         73:47:49:77:c1:1a:72:e9:2d:a2:a6:d8:e9:c0:21:c1:5e:41:
         62:85:05:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlHD6N+ugcipJuzzfS0dPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZTA4ZDkzMzZmMmU2Y2QxNjVlYjczMDI5N2ZlNmQyMGM4
M2MzOWEwHhcNMjQwMTAyMDAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGEwMWY2ODNiMTRkZjcyMTExZmJlY2M2NDQyNzRkNzlkYWMzN2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBfj9oTkne5bJZNdz4AGoY6ovyfv
uGO7DZQnzE50YUL1J+1IedsacsPjNw4w2wqyjwXCr0rVKUk2HrNUe84P7LnkbEgQ
vyGqyvHbyLrf8qrkBN6WaimdL2Vh0xfXStN/Sr5xcUb4ap0YvOLxESGeIzEY9Yl+
273PDbIQRsj6eZerbYYjgQeihrXfslKaIyLcUNofGvqwf6OpJC66p72aN3tZhWEO
rT/J3vnrMXxi8f7Y3fK4v2iKk9EYgH5b2Vrv6eCffs57pvPg8zamAj77aC3LHTGo
XN2U986/CU84Wr5IoeXCivC0VO9S5sIZNjQC5c3eyrXiCX2c1pK6SY19LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSgH2g7FN9yER++zGRCdNedrDfZMB8GA1UdIwQY
MBaAFK7gjZM28ubNFl63MCl/5tIMg8OaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnVDTmt6Ynk1czBXWHJjd0tYX20wZ3lEdzVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9mODUzZjgtMjA3MS00OWRlLWI2YTAt
NDk3YmVkZDcxZWI5LzEvOUtBZmFEc1UzM0lSSDc3TVpFSjAxNTJzTjlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9mODUzZjgtMjA3MS00OWRlLWI2YTAtNDk3YmVkZDcxZWI5
LzEvcnVDTmt6Ynk1czBXWHJjd0tYX20wZ3lEdzVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZVmMA0G
CSqGSIb3DQEBCwUAA4IBAQA24UReKtoU5QBcpLz1tkzZkJXpFzsYta1xvZpTKn8y
JhuQadeNAaH7WdAo2ik/fmwoRnxnkmYdZoRi3A9aLnnLBkA/ddj1hY/Yu3vb5BHC
i76m9R3dRovSkAvrjGFJqI9Zv2RurwMh4O00i7aPJZMAQw+iu90RHsDBFf7v+o/H
2guMQPH8/haAovIAHoRRpA+gLvwfNINnjkIzN+LfGto7nBOJgHOTf93wkCSteRgW
A2inxCHXE9xD4x7nm7OWZBrj8WCchbC9OQmDhpS0PAs/tf0H9zlh1YChennRDmD3
XPsjgJtGIbCyHCdzR0l3wRpy6S2iptjpwCHBXkFihQXe
-----END CERTIFICATE-----