Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/_-rQHfGgKm0J6X4rXcPY0UYk9o0.roa
File:                     _-rQHfGgKm0J6X4rXcPY0UYk9o0.roa (raw, json)
Hash identifier:          K7yTuCQChMwE9OXBZGNgJ5WEB3rKKM68YvKEMa/WH2U=
Subject key identifier:   FF:EA:D0:1D:F1:A0:2A:6D:09:E9:7E:2B:5D:C3:D8:D1:46:24:F6:8D
Certificate issuer:       /CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
Certificate serial:       018CCA2A2809E04AECE80F0C80A9B0A8CD3A
Authority key identifier: 5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/_-rQHfGgKm0J6X4rXcPY0UYk9o0.roa
Signing time:             Tue 02 Jan 2024 12:33:29 +0000
ROA not before:           Tue 02 Jan 2024 12:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206862
IP address blocks:        5.200.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Oct 2024 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:28:09:e0:4a:ec:e8:0f:0c:80:a9:b0:a8:cd:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
        Validity
            Not Before: Jan  2 12:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffead01df1a02a6d09e97e2b5dc3d8d14624f68d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:dd:3a:5f:06:53:77:bb:00:8a:40:33:e4:1e:
                    f4:02:bc:8d:60:19:32:40:00:53:b6:ad:78:84:e5:
                    fb:5a:b1:10:76:53:87:31:17:cb:03:c0:85:37:2f:
                    58:f8:30:da:31:04:c3:74:9b:c7:e4:85:2b:dc:5e:
                    63:c8:82:d6:d2:16:6a:a5:7c:06:0a:5a:49:a5:24:
                    43:cb:55:ac:49:89:cc:30:d7:06:86:03:6e:c4:f5:
                    8f:76:eb:04:7a:f4:9a:fa:16:7d:17:23:25:2f:bb:
                    bf:e0:0a:90:10:13:8c:a1:c6:a6:fd:55:d6:45:bd:
                    18:87:31:45:bd:ec:f3:cf:a8:d9:fb:2d:90:a9:8d:
                    dd:cb:7e:e0:94:d2:42:3f:5c:0b:66:58:c4:4e:fd:
                    d3:83:4b:f1:e4:ca:1f:6e:81:7b:df:e2:4c:cf:a8:
                    0f:26:31:6f:67:2c:00:f7:71:c6:a0:f6:8e:58:5f:
                    1d:28:ae:48:7f:25:c5:14:70:f0:bf:b1:a8:39:0f:
                    fa:8e:78:4d:d9:90:ca:0f:6e:76:19:57:07:4e:4d:
                    e3:9d:94:a8:53:f8:4e:3f:6c:52:69:60:03:2b:fd:
                    87:bd:dd:a3:d8:23:aa:78:1c:af:7f:af:cf:8b:49:
                    d7:8e:3a:32:32:1e:c6:d2:1d:e6:06:a6:aa:ce:06:
                    6f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:EA:D0:1D:F1:A0:2A:6D:09:E9:7E:2B:5D:C3:D8:D1:46:24:F6:8D
            X509v3 Authority Key Identifier:
                keyid:5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/_-rQHfGgKm0J6X4rXcPY0UYk9o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.200.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:49:4f:b1:0f:b7:cf:38:18:c2:00:c1:85:ab:64:bc:79:ed:
         4b:62:85:33:8d:52:26:63:1a:c2:bf:d0:19:4f:98:7b:9e:b5:
         8d:65:18:74:f7:a3:6e:66:d2:4b:5b:3d:21:84:4b:bf:be:de:
         ac:cb:32:51:ae:9a:47:68:c0:31:ef:dc:49:72:37:12:72:77:
         8e:76:b5:92:37:28:90:10:97:fc:b4:45:48:f2:81:75:f6:cc:
         8c:52:24:18:92:12:bc:c4:28:47:ba:a6:d1:2f:ad:6f:e9:84:
         c0:32:bd:a1:5d:79:54:c8:7c:18:7c:66:77:ec:b9:6f:09:ad:
         bc:15:ba:ca:71:fd:cb:8f:1e:1a:fa:13:91:78:75:c7:e0:c6:
         7e:ba:e2:86:77:8b:03:ae:8b:52:d4:84:37:f5:97:63:c0:5a:
         80:8e:df:ba:45:83:3e:a1:00:40:17:64:f5:2e:41:01:63:76:
         99:2e:ef:8f:1f:bb:e6:45:66:a2:a2:84:ed:79:79:f8:5c:99:
         64:27:15:8e:6c:3f:7e:d0:b1:41:6d:00:2d:20:c7:e9:92:76:
         d0:2d:ee:6d:61:de:81:3e:0e:04:53:39:71:bc:fe:e4:21:66:
         f5:ff:5e:ee:d6:8a:a1:08:54:26:fe:01:5c:05:d4:db:d5:ff:
         6d:ab:df:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKigJ4Ers6A8MgKmwqM06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNjk4YzRiNjEyYWZlZTJjYmIxY2RkNTA5ZTRmMDI0NmZi
YjgwZTEwHhcNMjQwMTAyMTIzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmVhZDAxZGYxYTAyYTZkMDllOTdlMmI1ZGMzZDhkMTQ2MjRmNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq906XwZTd7sAikAz5B70AryNYBky
QABTtq14hOX7WrEQdlOHMRfLA8CFNy9Y+DDaMQTDdJvH5IUr3F5jyILW0hZqpXwG
ClpJpSRDy1WsSYnMMNcGhgNuxPWPdusEevSa+hZ9FyMlL7u/4AqQEBOMocam/VXW
Rb0YhzFFvezzz6jZ+y2QqY3dy37glNJCP1wLZljETv3Tg0vx5MofboF73+JMz6gP
JjFvZywA93HGoPaOWF8dKK5IfyXFFHDwv7GoOQ/6jnhN2ZDKD252GVcHTk3jnZSo
U/hOP2xSaWADK/2Hvd2j2COqeByvf6/Pi0nXjjoyMh7G0h3mBqaqzgZvSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/q0B3xoCptCel+K13D2NFGJPaNMB8GA1UdIwQY
MBaAFFtpjEthKv7iy7HN1Qnk8CRvu4DhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMt
Y2MyZmFmZTNhOGI0LzEvXy1yUUhmR2dLbTBKNlg0clhjUFkwVVlrOW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMtY2MyZmFmZTNhOGI0
LzEvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABchfMA0G
CSqGSIb3DQEBCwUAA4IBAQBtSU+xD7fPOBjCAMGFq2S8ee1LYoUzjVImYxrCv9AZ
T5h7nrWNZRh096NuZtJLWz0hhEu/vt6syzJRrppHaMAx79xJcjcScneOdrWSNyiQ
EJf8tEVI8oF19syMUiQYkhK8xChHuqbRL61v6YTAMr2hXXlUyHwYfGZ37LlvCa28
FbrKcf3Ljx4a+hOReHXH4MZ+uuKGd4sDrotS1IQ39ZdjwFqAjt+6RYM+oQBAF2T1
LkEBY3aZLu+PH7vmRWaiooTteXn4XJlkJxWObD9+0LFBbQAtIMfpknbQLe5tYd6B
Pg4EUzlxvP7kIWb1/17u1oqhCFQm/gFcBdTb1f9tq9+U
-----END CERTIFICATE-----