Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/Ml4sQKTmSpS4eSt99aWN2P6Yb5k.roa
File:                     Ml4sQKTmSpS4eSt99aWN2P6Yb5k.roa (raw, json)
Hash identifier:          J/tnVFJhggLagTowBPCIDcidDOt5xRUa54rWu3p0RLA=
Subject key identifier:   32:5E:2C:40:A4:E6:4A:94:B8:79:2B:7D:F5:A5:8D:D8:FE:98:6F:99
Certificate issuer:       /CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
Certificate serial:       018CC5011BEA32218C80838521AAA57FA74E
Authority key identifier: 0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/Ml4sQKTmSpS4eSt99aWN2P6Yb5k.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5593
IP address blocks:        212.110.128.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1b:ea:32:21:8c:80:83:85:21:aa:a5:7f:a7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=325e2c40a4e64a94b8792b7df5a58dd8fe986f99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e6:bb:fd:4a:9d:c1:64:29:e4:69:b3:a5:ac:
                    3e:9a:9c:0f:47:09:29:0f:c7:d5:27:db:8a:b1:fd:
                    bb:65:70:b0:eb:d9:3b:5a:a7:57:8f:6e:18:be:6b:
                    28:7e:65:01:99:30:f7:46:a5:17:5f:6b:e8:6e:5f:
                    87:7d:f5:db:b5:ab:fa:0a:27:0b:cc:63:14:e1:94:
                    ee:11:b7:b3:9b:8b:dc:0a:0a:c8:98:6f:93:8b:13:
                    99:a6:a3:39:0b:7f:53:d1:d1:a6:f8:a8:67:df:ca:
                    bf:62:1a:46:ff:fe:2d:97:20:74:82:bb:b8:55:06:
                    30:2f:f6:41:ca:e2:f1:93:1f:22:4d:0c:8f:25:1b:
                    14:bb:ba:09:c7:7f:a1:f0:4b:c5:ae:ec:f6:39:94:
                    e0:57:12:3c:1f:a9:0b:0c:94:38:1a:48:e1:7d:a0:
                    c8:18:65:e1:38:29:97:73:7c:a7:2e:38:98:36:a5:
                    8c:b1:ce:18:6b:f9:26:7b:08:38:41:40:5d:e5:1f:
                    d2:db:da:ab:80:54:9d:95:2c:23:4d:6f:a0:5b:f2:
                    91:44:0c:9c:21:8e:f2:28:16:ac:6d:cc:2a:bd:1d:
                    a1:72:ad:69:7e:5b:f2:db:48:c2:7f:8f:72:f5:42:
                    a0:25:d7:23:4d:1f:34:4a:aa:f0:cd:69:cd:39:4e:
                    fc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:5E:2C:40:A4:E6:4A:94:B8:79:2B:7D:F5:A5:8D:D8:FE:98:6F:99
            X509v3 Authority Key Identifier:
                keyid:0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/Ml4sQKTmSpS4eSt99aWN2P6Yb5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.110.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:4a:0b:90:8e:b3:34:8a:37:f1:a4:e5:01:2f:12:4f:2b:76:
         e1:be:9a:1a:97:fd:d8:a6:87:86:eb:79:fc:73:08:cb:79:ec:
         54:10:c6:a5:06:c5:6c:da:c2:fa:d5:fa:cb:a5:ef:eb:2f:d8:
         21:e4:1c:aa:1d:e1:36:83:83:fe:bb:ad:ad:22:d1:4d:52:05:
         7d:64:04:a1:0b:07:a7:27:9f:64:0b:d2:1f:da:05:77:b5:62:
         2b:6d:5f:ca:f5:c3:c3:81:3f:9a:94:64:f6:ca:42:41:0f:2d:
         36:7d:82:0a:fb:bd:28:77:eb:e4:28:7d:98:d1:13:64:2f:b6:
         e5:68:a3:79:5a:64:84:6a:eb:7c:9c:f5:48:37:fd:03:b7:3b:
         2c:5c:c1:66:ac:f5:95:c4:ee:13:9e:c1:88:31:50:c3:0f:93:
         03:ef:76:7d:89:61:ee:07:88:36:c5:8e:6e:39:d8:77:4f:c5:
         4f:8c:34:c3:18:b1:30:dd:99:14:0c:88:e3:4d:06:51:59:b2:
         27:ee:9c:79:71:8e:9b:b7:ff:e9:42:83:4a:e9:44:77:d1:a3:
         48:ae:67:d8:b6:06:03:4b:14:be:c2:dc:4a:5b:52:28:98:ec:
         99:65:82:6d:37:5c:c2:a9:4c:05:72:a7:8e:0a:4f:97:e1:fc:
         4c:94:3c:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARvqMiGMgIOFIaqlf6dOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkODcxNDJiZGMyYjNmMGQwODQ4YTBkODAwYjY5MzBiMWFi
YjM0YmMwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjVlMmM0MGE0ZTY0YTk0Yjg3OTJiN2RmNWE1OGRkOGZlOTg2Zjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+a7/UqdwWQp5Gmzpaw+mpwPRwkp
D8fVJ9uKsf27ZXCw69k7WqdXj24YvmsofmUBmTD3RqUXX2vobl+HffXbtav6CicL
zGMU4ZTuEbezm4vcCgrImG+TixOZpqM5C39T0dGm+Khn38q/YhpG//4tlyB0gru4
VQYwL/ZByuLxkx8iTQyPJRsUu7oJx3+h8EvFruz2OZTgVxI8H6kLDJQ4GkjhfaDI
GGXhOCmXc3ynLjiYNqWMsc4Ya/kmewg4QUBd5R/S29qrgFSdlSwjTW+gW/KRRAyc
IY7yKBasbcwqvR2hcq1pflvy20jCf49y9UKgJdcjTR80SqrwzWnNOU78ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJeLECk5kqUuHkrffWljdj+mG+ZMB8GA1UdIwQY
MBaAFA2HFCvcKz8NCEig2AC2kwsauzS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQt
YTMxNzA4ZDQwMzkxLzEvTWw0c1FLVG1TcFM0ZVN0OTlhV04yUDZZYjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQtYTMxNzA4ZDQwMzkx
LzEvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G6AMA0G
CSqGSIb3DQEBCwUAA4IBAQCISguQjrM0ijfxpOUBLxJPK3bhvpoal/3YpoeG63n8
cwjLeexUEMalBsVs2sL61frLpe/rL9gh5ByqHeE2g4P+u62tItFNUgV9ZAShCwen
J59kC9If2gV3tWIrbV/K9cPDgT+alGT2ykJBDy02fYIK+70od+vkKH2Y0RNkL7bl
aKN5WmSEaut8nPVIN/0DtzssXMFmrPWVxO4TnsGIMVDDD5MD73Z9iWHuB4g2xY5u
Odh3T8VPjDTDGLEw3ZkUDIjjTQZRWbIn7px5cY6bt//pQoNK6UR30aNIrmfYtgYD
SxS+wtxKW1IomOyZZYJtN1zCqUwFcqeOCk+X4fxMlDwL
-----END CERTIFICATE-----