Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/5pBYf8QowtZk1NnL1BwIAU7qaog.roa
File:                     5pBYf8QowtZk1NnL1BwIAU7qaog.roa (raw, json)
Hash identifier:          7i34NU+vjd0A2F5WBSJyHl1U4aVPhhy20qC5izWcgRk=
Subject key identifier:   E6:90:58:7F:C4:28:C2:D6:64:D4:D9:CB:D4:1C:08:01:4E:EA:6A:88
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF48E8DF2643B1F943A9AF11A26DA
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/5pBYf8QowtZk1NnL1BwIAU7qaog.roa
Signing time:             Tue 02 Jan 2024 04:30:29 +0000
ROA not before:           Tue 02 Jan 2024 04:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199333
IP address blocks:        212.252.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f4:8e:8d:f2:64:3b:1f:94:3a:9a:f1:1a:26:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e690587fc428c2d664d4d9cbd41c08014eea6a88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:94:6f:df:5c:da:08:a6:36:1d:fa:06:61:11:
                    b5:42:df:17:30:32:02:91:88:cc:d6:5f:21:7b:eb:
                    28:5b:31:7c:af:57:5d:ee:52:80:11:45:fa:57:cd:
                    7b:5b:aa:07:d8:4b:6e:d1:6d:82:40:1b:35:ad:e1:
                    ca:97:37:81:b7:88:75:f9:38:f4:97:71:e2:15:cb:
                    1d:2d:e1:d3:95:7c:50:0a:43:c0:ea:12:09:76:04:
                    a6:1b:97:e3:12:6a:46:58:e3:bc:ac:04:71:78:aa:
                    c6:92:6b:a7:f8:f4:c3:73:30:70:d4:4c:3b:06:aa:
                    13:ca:6f:3a:3a:15:dc:c2:67:93:35:c6:a9:f5:1c:
                    74:88:3e:3b:83:8e:72:b8:6d:2a:83:2d:5a:0b:22:
                    bd:68:02:c9:27:4d:1e:91:76:27:c2:c0:03:13:56:
                    03:32:99:fa:18:17:f8:a9:1f:bc:68:91:b4:d0:5c:
                    df:1e:2e:9a:d4:e9:bd:11:2e:15:c1:40:e4:35:65:
                    c0:70:ec:35:ef:18:7c:78:cf:a2:59:9c:56:71:8d:
                    07:a2:34:d3:c0:8e:9d:26:9c:cf:cd:6a:86:33:49:
                    da:e7:48:6d:48:c9:e5:04:09:5d:bd:52:16:3f:a0:
                    81:53:1b:9c:45:8f:94:99:6d:4d:02:4c:d7:49:51:
                    15:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:90:58:7F:C4:28:C2:D6:64:D4:D9:CB:D4:1C:08:01:4E:EA:6A:88
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/5pBYf8QowtZk1NnL1BwIAU7qaog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.252.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:42:07:eb:ec:7a:69:16:ab:31:30:57:62:6c:38:4e:f9:94:
         b2:4f:1a:d6:cc:2a:94:65:a0:58:df:5c:9c:c3:b6:8e:80:26:
         33:23:d6:24:04:1c:5f:73:25:66:d0:5a:e1:bd:35:cd:93:70:
         3c:2e:c7:8c:86:a5:5f:c4:3f:44:25:46:0a:b6:c7:37:d0:42:
         10:2c:2b:54:9a:a1:52:2f:30:61:db:ae:a0:02:07:89:14:01:
         41:ae:14:22:e6:60:af:a8:f3:5c:97:d4:5d:80:6b:d0:0b:86:
         32:d3:ed:49:a3:dc:b5:d4:99:53:64:ff:a1:65:be:82:9e:a3:
         23:19:a6:52:0c:b1:2c:4e:fe:30:6b:3d:d1:0d:9c:7e:62:76:
         6b:99:b1:11:5f:1e:7c:f5:51:22:f7:5a:5f:b4:a4:77:33:10:
         36:7b:2d:c9:e4:4b:0b:0c:72:fe:4f:a5:21:4c:df:51:db:1c:
         18:32:09:1a:0e:a9:d5:e0:ad:84:70:57:af:c9:81:2b:d9:d9:
         ec:63:8b:21:20:d3:2e:e8:9e:17:fc:af:53:f2:f2:88:85:e8:
         88:3d:94:30:4f:dd:0e:20:e5:04:c3:9b:56:20:bf:1c:32:fc:
         8b:b4:c7:4a:12:72:bb:92:0d:7f:35:94:d8:6b:19:7e:a5:fb:
         2a:ae:4a:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/SOjfJkOx+UOprxGibaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjkwNTg3ZmM0MjhjMmQ2NjRkNGQ5Y2JkNDFjMDgwMTRlZWE2YTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpRv31zaCKY2HfoGYRG1Qt8XMDIC
kYjM1l8he+soWzF8r1dd7lKAEUX6V817W6oH2Etu0W2CQBs1reHKlzeBt4h1+Tj0
l3HiFcsdLeHTlXxQCkPA6hIJdgSmG5fjEmpGWOO8rARxeKrGkmun+PTDczBw1Ew7
BqoTym86OhXcwmeTNcap9Rx0iD47g45yuG0qgy1aCyK9aALJJ00ekXYnwsADE1YD
Mpn6GBf4qR+8aJG00FzfHi6a1Om9ES4VwUDkNWXAcOw17xh8eM+iWZxWcY0HojTT
wI6dJpzPzWqGM0na50htSMnlBAldvVIWP6CBUxucRY+UmW1NAkzXSVEV8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaQWH/EKMLWZNTZy9QcCAFO6mqIMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvNXBCWWY4UW93dFprMU5uTDFCd0lBVTdxYW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Px8MA0G
CSqGSIb3DQEBCwUAA4IBAQBdQgfr7HppFqsxMFdibDhO+ZSyTxrWzCqUZaBY31yc
w7aOgCYzI9YkBBxfcyVm0FrhvTXNk3A8LseMhqVfxD9EJUYKtsc30EIQLCtUmqFS
LzBh266gAgeJFAFBrhQi5mCvqPNcl9RdgGvQC4Yy0+1Jo9y11JlTZP+hZb6CnqMj
GaZSDLEsTv4waz3RDZx+YnZrmbERXx589VEi91pftKR3MxA2ey3J5EsLDHL+T6Uh
TN9R2xwYMgkaDqnV4K2EcFevyYEr2dnsY4shINMu6J4X/K9T8vKIheiIPZQwT90O
IOUEw5tWIL8cMvyLtMdKEnK7kg1/NZTYaxl+pfsqrkoY
-----END CERTIFICATE-----