Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/G2Puv8YdjTeeoo07Tkk-Jv84cmQ.roa
File:                     G2Puv8YdjTeeoo07Tkk-Jv84cmQ.roa (raw, json)
Hash identifier:          WYCyd4nKC21CWDYxTFtUCkGI8VYrkYS735IL87PvFDk=
Subject key identifier:   1B:63:EE:BF:C6:1D:8D:37:9E:A2:8D:3B:4E:49:3E:26:FF:38:72:64
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0190F92FE7AEBD3F4B84A86B31720C0EA023
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/G2Puv8YdjTeeoo07Tkk-Jv84cmQ.roa
Signing time:             Sun 28 Jul 2024 11:53:04 +0000
ROA not before:           Sun 28 Jul 2024 11:53:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     270172
IP address blocks:        5.102.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f9:2f:e7:ae:bd:3f:4b:84:a8:6b:31:72:0c:0e:a0:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jul 28 11:53:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b63eebfc61d8d379ea28d3b4e493e26ff387264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:eb:c9:76:84:69:59:e2:30:1b:d6:a8:56:cd:
                    1b:90:6e:d0:d4:d4:fb:74:28:56:92:06:62:94:0e:
                    c5:d1:a0:bb:79:62:55:c6:2d:3d:91:a7:ba:b0:be:
                    e5:cd:dc:63:f1:64:78:4c:3f:91:d6:40:bd:13:00:
                    3e:73:50:0e:cc:ea:a9:3e:78:3b:bb:e2:8d:51:8c:
                    7a:f6:5d:ae:c7:89:16:de:db:1e:2f:1d:a7:f0:85:
                    6e:27:d1:c5:60:db:0c:c5:e5:83:91:ed:5b:54:3a:
                    e3:a2:dc:bc:29:ed:be:10:0f:cc:61:44:19:e6:78:
                    2f:ee:b8:3e:39:cb:3f:7b:32:08:03:70:76:92:cb:
                    d1:7e:80:e5:5a:94:ed:de:9a:bd:d0:fe:a8:b0:57:
                    a1:94:e3:d1:b7:e0:9a:16:60:f6:2b:05:e5:27:22:
                    e6:96:f4:6e:61:c1:81:18:12:6c:84:7a:93:2d:1a:
                    8c:a6:21:51:48:dc:71:24:6d:9f:33:53:d9:93:05:
                    fa:59:11:b2:7e:0e:eb:9f:1c:29:c3:db:46:f0:a7:
                    3a:31:6b:69:b9:0f:5b:a2:b2:56:14:c6:2e:8d:d8:
                    4a:f0:d4:4a:a5:ec:3e:30:f8:73:25:78:20:bd:06:
                    14:ea:c6:21:f6:59:c3:bb:cb:79:26:6c:b1:50:7a:
                    96:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:63:EE:BF:C6:1D:8D:37:9E:A2:8D:3B:4E:49:3E:26:FF:38:72:64
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/G2Puv8YdjTeeoo07Tkk-Jv84cmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:b8:96:b0:43:5c:23:02:50:7d:52:24:46:4c:13:1a:44:e4:
         e2:05:fc:85:a7:5d:2c:4f:c3:28:90:f6:86:44:39:b4:d9:63:
         e5:18:23:7f:ff:20:0b:7a:09:9d:28:03:b4:75:ba:29:7d:2f:
         08:c8:56:33:31:b6:fa:0f:54:e9:4b:cd:0b:e4:8e:5d:07:4b:
         ad:d3:e8:72:3b:fc:88:6b:1f:39:ff:17:a4:57:11:96:c0:fe:
         a3:b7:e2:8c:71:f1:46:4c:88:d4:cc:94:8d:3c:ea:fe:18:44:
         4f:77:67:7f:35:ec:91:f6:28:29:ef:27:c1:ec:11:e5:47:97:
         15:0b:54:6a:33:ee:42:9f:c9:85:1a:37:64:26:61:db:e4:8f:
         31:25:40:73:c2:0d:17:42:0d:30:8c:de:cb:15:c7:6c:bb:7b:
         96:aa:18:7e:e8:1a:a6:ad:c5:3b:fe:15:71:a9:e3:af:f4:4c:
         31:03:89:a4:ec:2d:90:ea:f4:1b:03:81:42:82:62:8b:77:9c:
         37:5a:64:0d:d8:0e:82:75:97:bf:84:b7:29:36:10:fd:cb:3a:
         fe:73:50:7e:c1:44:63:85:d4:98:0c:85:e2:2a:45:7d:67:41:
         53:6d:bb:4e:c5:7e:f2:46:8c:5a:57:a2:71:85:4d:9c:c4:cf:
         ec:42:6b:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD5L+euvT9LhKhrMXIMDqAjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwNzI4MTE1MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjYzZWViZmM2MWQ4ZDM3OWVhMjhkM2I0ZTQ5M2UyNmZmMzg3MjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuvJdoRpWeIwG9aoVs0bkG7Q1NT7
dChWkgZilA7F0aC7eWJVxi09kae6sL7lzdxj8WR4TD+R1kC9EwA+c1AOzOqpPng7
u+KNUYx69l2ux4kW3tseLx2n8IVuJ9HFYNsMxeWDke1bVDrjoty8Ke2+EA/MYUQZ
5ngv7rg+Ocs/ezIIA3B2ksvRfoDlWpTt3pq90P6osFehlOPRt+CaFmD2KwXlJyLm
lvRuYcGBGBJshHqTLRqMpiFRSNxxJG2fM1PZkwX6WRGyfg7rnxwpw9tG8Kc6MWtp
uQ9borJWFMYujdhK8NRKpew+MPhzJXggvQYU6sYh9lnDu8t5JmyxUHqW5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtj7r/GHY03nqKNO05JPib/OHJkMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvRzJQdXY4WWRqVGVlb28wN1Rray1Kdjg0Y21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZsMA0G
CSqGSIb3DQEBCwUAA4IBAQAFuJawQ1wjAlB9UiRGTBMaROTiBfyFp10sT8MokPaG
RDm02WPlGCN//yALegmdKAO0dbopfS8IyFYzMbb6D1TpS80L5I5dB0ut0+hyO/yI
ax85/xekVxGWwP6jt+KMcfFGTIjUzJSNPOr+GERPd2d/NeyR9igp7yfB7BHlR5cV
C1RqM+5Cn8mFGjdkJmHb5I8xJUBzwg0XQg0wjN7LFcdsu3uWqhh+6BqmrcU7/hVx
qeOv9EwxA4mk7C2Q6vQbA4FCgmKLd5w3WmQN2A6CdZe/hLcpNhD9yzr+c1B+wURj
hdSYDIXiKkV9Z0FTbbtOxX7yRoxaV6JxhU2cxM/sQmvf
-----END CERTIFICATE-----