Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/y-q4QvIjOXXAb6phQmiwxEr2T44.roa
File:                     y-q4QvIjOXXAb6phQmiwxEr2T44.roa (raw, json)
Hash identifier:          Fy91hg1vS4tIXtpEC6wT1knLe6VIcGMT2+6MAUeo8ig=
Subject key identifier:   CB:EA:B8:42:F2:23:39:75:C0:6F:AA:61:42:68:B0:C4:4A:F6:4F:8E
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01942824149B413CBF7CD8E8351A86BD52B4
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/y-q4QvIjOXXAb6phQmiwxEr2T44.roa
Signing time:             Thu 02 Jan 2025 17:50:40 +0000
ROA not before:           Thu 02 Jan 2025 17:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63902
IP address blocks:        5.102.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:14:9b:41:3c:bf:7c:d8:e8:35:1a:86:bd:52:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 17:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbeab842f2233975c06faa614268b0c44af64f8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:21:75:81:07:79:27:e6:db:ea:41:40:19:0b:
                    66:d6:c6:fb:e3:fa:78:18:36:51:e7:62:30:e3:45:
                    f7:bb:3d:39:a8:c5:32:ef:37:8b:fd:e1:29:9c:3c:
                    46:e0:69:21:9b:d1:20:06:2d:d9:c0:67:f3:4f:d0:
                    d3:96:c3:7a:cb:c8:a7:34:e0:7b:d8:94:c7:a5:b1:
                    b5:26:86:47:54:f2:da:7f:21:5a:98:b4:3c:18:2a:
                    e7:ba:b3:50:b9:99:c1:b5:02:a6:01:fd:e3:a5:d3:
                    13:ca:48:7d:48:f8:17:3b:5b:ec:a2:a0:ec:cd:4a:
                    44:2d:db:f1:b1:5f:47:dc:d8:30:d0:4f:8e:bc:79:
                    63:2e:28:5f:f2:e3:21:fa:7e:8c:2f:59:c1:09:8b:
                    6a:06:2f:9d:f7:bd:10:f4:e9:c2:4c:ac:79:3b:3f:
                    ae:07:f6:c3:7a:f2:66:e2:45:b2:d8:bc:7f:3f:94:
                    16:86:e1:8e:58:d3:1f:7b:8e:d8:13:f1:db:a2:70:
                    ac:2f:97:61:e3:b3:c2:3d:5a:43:b7:14:67:f4:11:
                    21:24:18:bb:d7:09:9c:87:26:58:aa:ec:d1:24:54:
                    d8:4a:71:a5:61:85:33:18:31:f0:b9:b6:87:f3:04:
                    72:64:21:8e:96:48:b1:58:0a:33:9c:36:47:f5:8a:
                    c2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:EA:B8:42:F2:23:39:75:C0:6F:AA:61:42:68:B0:C4:4A:F6:4F:8E
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/y-q4QvIjOXXAb6phQmiwxEr2T44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:a4:8f:62:bb:bb:85:f7:cb:b4:20:53:3f:a2:85:a3:0c:e4:
         6e:71:9f:c5:2a:c3:4f:4f:38:75:b9:50:dc:66:76:39:c7:9e:
         24:53:cd:d6:66:0f:28:f3:5a:6a:59:25:44:49:1f:02:28:de:
         92:33:3f:83:3c:c6:e2:d4:fc:b1:ea:3b:bd:07:49:60:3b:54:
         d6:d9:df:9b:45:51:a6:7f:97:69:70:d2:1f:c4:3e:d0:71:ab:
         3e:6e:f1:0a:51:35:4d:05:ea:34:8c:4b:dc:bd:f7:e7:57:78:
         0f:12:3d:db:37:30:33:08:63:f9:e7:99:fb:41:ce:13:3d:f5:
         8b:38:0d:dc:64:36:a2:1c:f7:1e:ef:07:d4:c4:76:e1:c4:6d:
         87:fd:6f:ae:08:0b:f2:29:08:68:26:a6:6d:12:09:e7:83:a0:
         32:0c:9d:cb:f0:bc:c1:ec:10:94:00:df:6f:b4:20:e8:75:ba:
         fd:2a:ad:01:62:b9:dd:62:c7:75:32:9e:b8:38:c1:af:b3:32:
         53:a6:3c:05:b0:95:db:8b:92:63:3d:d4:96:cf:a3:64:dc:86:
         c3:a0:d1:6c:d2:c4:92:48:ff:36:ee:a5:7c:09:bd:80:5d:5e:
         82:4d:65:19:e3:28:c8:bd:e3:aa:53:23:9e:04:f7:6e:9e:5d:
         d0:9b:55:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJBSbQTy/fNjoNRqGvVK0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTAyMTc1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmVhYjg0MmYyMjMzOTc1YzA2ZmFhNjE0MjY4YjBjNDRhZjY0ZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSF1gQd5J+bb6kFAGQtm1sb74/p4
GDZR52Iw40X3uz05qMUy7zeL/eEpnDxG4Gkhm9EgBi3ZwGfzT9DTlsN6y8inNOB7
2JTHpbG1JoZHVPLafyFamLQ8GCrnurNQuZnBtQKmAf3jpdMTykh9SPgXO1vsoqDs
zUpELdvxsV9H3Ngw0E+OvHljLihf8uMh+n6ML1nBCYtqBi+d970Q9OnCTKx5Oz+u
B/bDevJm4kWy2Lx/P5QWhuGOWNMfe47YE/HbonCsL5dh47PCPVpDtxRn9BEhJBi7
1wmchyZYquzRJFTYSnGlYYUzGDHwubaH8wRyZCGOlkixWAoznDZH9YrCtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvquELyIzl1wG+qYUJosMRK9k+OMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEveS1xNFF2SWpPWFhBYjZwaFFtaXd4RXIyVDQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQA5pI9iu7uF98u0IFM/ooWjDORucZ/FKsNPTzh1uVDc
ZnY5x54kU83WZg8o81pqWSVESR8CKN6SMz+DPMbi1Pyx6ju9B0lgO1TW2d+bRVGm
f5dpcNIfxD7Qcas+bvEKUTVNBeo0jEvcvffnV3gPEj3bNzAzCGP555n7Qc4TPfWL
OA3cZDaiHPce7wfUxHbhxG2H/W+uCAvyKQhoJqZtEgnng6AyDJ3L8LzB7BCUAN9v
tCDodbr9Kq0BYrndYsd1Mp64OMGvszJTpjwFsJXbi5JjPdSWz6Nk3IbDoNFs0sSS
SP827qV8Cb2AXV6CTWUZ4yjIveOqUyOeBPdunl3Qm1WO
-----END CERTIFICATE-----