Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/ccXgisxDCluUSlDGzIlHYvAKCI8.roa
File:                     ccXgisxDCluUSlDGzIlHYvAKCI8.roa (raw, json)
Hash identifier:          nawAK33fPVJDaEpspuqzaMnkLm1B9BqqdBCnPxd09Oo=
Subject key identifier:   71:C5:E0:8A:CC:43:0A:5B:94:4A:50:C6:CC:89:47:62:F0:0A:08:8F
Certificate issuer:       /CN=42383dcfc9d399f0397a881a4b6a6ee6ae161822
Certificate serial:       018EC4C50FBE07F6BC44651B167E37288D18
Authority key identifier: 42:38:3D:CF:C9:D3:99:F0:39:7A:88:1A:4B:6A:6E:E6:AE:16:18:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qjg9z8nTmfA5eogaS2pu5q4WGCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/ccXgisxDCluUSlDGzIlHYvAKCI8.roa
Signing time:             Tue 09 Apr 2024 21:30:32 +0000
ROA not before:           Tue 09 Apr 2024 21:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        5.199.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/Qjg9z8nTmfA5eogaS2pu5q4WGCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/Qjg9z8nTmfA5eogaS2pu5q4WGCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qjg9z8nTmfA5eogaS2pu5q4WGCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:c5:0f:be:07:f6:bc:44:65:1b:16:7e:37:28:8d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42383dcfc9d399f0397a881a4b6a6ee6ae161822
        Validity
            Not Before: Apr  9 21:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71c5e08acc430a5b944a50c6cc894762f00a088f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:93:cc:80:cc:9d:bd:b1:9d:ed:fc:65:c9:7e:
                    02:96:6f:ce:b6:cd:ef:51:09:2b:f8:28:e8:0e:ec:
                    43:53:3f:0d:ab:78:af:0f:52:42:fe:09:56:9d:7d:
                    b5:fa:97:a5:d6:f2:76:d1:ad:84:59:32:9f:1e:d3:
                    12:e0:f9:0a:a8:e0:55:87:13:aa:a4:a6:4a:1a:48:
                    d0:b8:f4:2d:f6:27:b6:92:7b:a0:9f:52:78:52:36:
                    21:27:20:bd:d5:8d:d0:1f:28:d6:7d:fa:98:91:e1:
                    35:65:0b:a4:ab:f6:a9:d6:01:fd:ab:5f:54:d6:82:
                    52:c2:07:c2:72:73:25:2b:08:ae:90:68:74:a9:04:
                    0c:6b:37:8a:c9:37:01:8a:62:1f:de:5c:88:0b:2e:
                    5f:97:28:01:94:e1:3c:c8:5c:b9:3f:6a:eb:a5:a8:
                    5b:fe:09:93:cc:80:9e:23:81:52:6d:a4:11:f0:10:
                    10:6d:c0:23:68:34:74:60:66:5c:6e:31:31:c5:28:
                    8a:f8:6c:da:9f:f8:3e:a1:db:bb:ab:2a:09:4e:96:
                    88:28:73:e4:05:0a:ee:ac:fc:8f:8f:3a:e7:9f:9b:
                    df:2b:b2:7c:40:39:29:e7:b5:76:21:f4:31:f3:2f:
                    99:28:80:ed:e5:bc:ce:5f:72:89:06:ba:9f:cf:fa:
                    cc:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:C5:E0:8A:CC:43:0A:5B:94:4A:50:C6:CC:89:47:62:F0:0A:08:8F
            X509v3 Authority Key Identifier:
                keyid:42:38:3D:CF:C9:D3:99:F0:39:7A:88:1A:4B:6A:6E:E6:AE:16:18:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qjg9z8nTmfA5eogaS2pu5q4WGCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/ccXgisxDCluUSlDGzIlHYvAKCI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/Qjg9z8nTmfA5eogaS2pu5q4WGCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:7b:4a:38:c5:cd:3c:3b:d1:1b:05:08:13:69:60:e6:e7:7b:
         a3:12:04:a5:6b:24:fe:b6:59:3a:e9:f3:70:f0:db:94:6d:d2:
         b5:5c:ac:a9:ff:64:d0:4f:b8:65:37:c3:4b:7d:01:0d:0b:c2:
         b8:cf:fe:c0:18:6c:75:73:07:38:0c:3f:e3:8c:3b:bb:01:2b:
         fc:8c:86:2b:42:6e:41:6d:fe:5a:64:16:05:11:5f:f9:9a:f6:
         3f:cb:3a:b9:76:22:3b:74:7f:77:61:2b:c2:ae:5a:52:4e:ba:
         99:72:a6:0c:a4:44:dd:19:36:9c:52:1c:2c:db:2f:ce:cd:62:
         e1:bb:41:8b:f8:90:63:90:7a:4a:27:e2:6f:7e:cb:0b:42:10:
         b1:2c:6e:8e:3a:f2:c2:e2:0f:af:4e:a6:2a:3c:3e:64:6f:33:
         0e:ad:58:3c:7a:e6:f7:86:54:5f:2b:8b:7b:a6:cd:50:ab:27:
         f7:0c:b7:3e:a6:c9:e2:31:84:82:20:31:8c:b1:b3:b0:76:8b:
         67:02:a5:f3:78:43:d4:08:72:9f:bb:6a:1f:0b:97:fb:d3:cb:
         b1:01:ff:52:ac:91:30:ee:c1:eb:11:15:7b:f5:c8:86:38:bd:
         24:da:f0:28:2f:de:d4:a2:f9:4a:ff:25:c0:0a:bf:80:ce:27:
         0f:c9:47:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7ExQ++B/a8RGUbFn43KI0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMzgzZGNmYzlkMzk5ZjAzOTdhODgxYTRiNmE2ZWU2YWUx
NjE4MjIwHhcNMjQwNDA5MjEzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWM1ZTA4YWNjNDMwYTViOTQ0YTUwYzZjYzg5NDc2MmYwMGEwODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJPMgMydvbGd7fxlyX4Clm/Ots3v
UQkr+CjoDuxDUz8Nq3ivD1JC/glWnX21+pel1vJ20a2EWTKfHtMS4PkKqOBVhxOq
pKZKGkjQuPQt9ie2knugn1J4UjYhJyC91Y3QHyjWffqYkeE1ZQukq/ap1gH9q19U
1oJSwgfCcnMlKwiukGh0qQQMazeKyTcBimIf3lyICy5flygBlOE8yFy5P2rrpahb
/gmTzICeI4FSbaQR8BAQbcAjaDR0YGZcbjExxSiK+Gzan/g+odu7qyoJTpaIKHPk
BQrurPyPjzrnn5vfK7J8QDkp57V2IfQx8y+ZKIDt5bzOX3KJBrqfz/rMjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHF4IrMQwpblEpQxsyJR2LwCgiPMB8GA1UdIwQY
MBaAFEI4Pc/J05nwOXqIGktqbuauFhgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWpnOXo4blRtZkE1ZW9nYVMycHU1cTRXR0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS82YWI0MGUtNTlhMC00ODQzLWFkMzEt
Zjg4MGQwY2FlMDkwLzEvY2NYZ2lzeERDbHVVU2xER3pJbEhZdkFLQ0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS82YWI0MGUtNTlhMC00ODQzLWFkMzEtZjg4MGQwY2FlMDkw
LzEvUWpnOXo4blRtZkE1ZW9nYVMycHU1cTRXR0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBce8MA0G
CSqGSIb3DQEBCwUAA4IBAQBle0o4xc08O9EbBQgTaWDm53ujEgSlayT+tlk66fNw
8NuUbdK1XKyp/2TQT7hlN8NLfQENC8K4z/7AGGx1cwc4DD/jjDu7ASv8jIYrQm5B
bf5aZBYFEV/5mvY/yzq5diI7dH93YSvCrlpSTrqZcqYMpETdGTacUhws2y/OzWLh
u0GL+JBjkHpKJ+JvfssLQhCxLG6OOvLC4g+vTqYqPD5kbzMOrVg8eub3hlRfK4t7
ps1Qqyf3DLc+psniMYSCIDGMsbOwdotnAqXzeEPUCHKfu2ofC5f708uxAf9SrJEw
7sHrERV79ciGOL0k2vAoL97UovlK/yXACr+AzicPyUcT
-----END CERTIFICATE-----