Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e698c7-0b1f-4106-ba67-6eefe5b335aa/1/ge5vMssxVPqPPsmfoHbdky0-g04.roa
File:                     ge5vMssxVPqPPsmfoHbdky0-g04.roa (raw, json)
Hash identifier:          VUTWBelbzOebwprvXdnYyjXyyDAvmLMloCTwyIMQu40=
Subject key identifier:   81:EE:6F:32:CB:31:54:FA:8F:3E:C9:9F:A0:76:DD:93:2D:3E:83:4E
Certificate issuer:       /CN=f0d59f121fc7efa0c10b7dd614d95a8756d53606
Certificate serial:       018CC8DCDD3D9C3BF05EF1729CFFC39AD15E
Authority key identifier: F0:D5:9F:12:1F:C7:EF:A0:C1:0B:7D:D6:14:D9:5A:87:56:D5:36:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8NWfEh_H76DBC33WFNlah1bVNgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/e698c7-0b1f-4106-ba67-6eefe5b335aa/1/ge5vMssxVPqPPsmfoHbdky0-g04.roa
Signing time:             Tue 02 Jan 2024 06:29:26 +0000
ROA not before:           Tue 02 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21263
IP address blocks:        45.10.98.0/23 maxlen: 24
                          5.104.144.0/21 maxlen: 24
                          2a01:76c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/e698c7-0b1f-4106-ba67-6eefe5b335aa/1/8NWfEh_H76DBC33WFNlah1bVNgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/e698c7-0b1f-4106-ba67-6eefe5b335aa/1/8NWfEh_H76DBC33WFNlah1bVNgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8NWfEh_H76DBC33WFNlah1bVNgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:dd:3d:9c:3b:f0:5e:f1:72:9c:ff:c3:9a:d1:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0d59f121fc7efa0c10b7dd614d95a8756d53606
        Validity
            Not Before: Jan  2 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81ee6f32cb3154fa8f3ec99fa076dd932d3e834e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d0:62:f2:c3:26:9a:6f:83:af:17:85:b9:4b:
                    a7:8f:8a:8a:cf:46:f6:29:c8:96:1d:da:39:2f:a6:
                    6d:ec:b3:44:06:2e:5a:a3:ec:15:f1:52:67:c0:b1:
                    cd:1a:6a:0f:fc:8e:62:80:22:79:68:fe:f6:30:06:
                    21:7a:e4:f4:fb:5e:ec:f4:88:7f:ae:fb:d7:3f:28:
                    19:66:87:37:cb:2d:9e:f3:51:e5:d1:54:14:f7:14:
                    26:db:6c:ec:fc:29:d4:66:31:28:81:0a:4f:1c:d5:
                    b2:ff:7e:b0:6f:c3:97:0d:74:18:b2:6b:20:8e:8d:
                    8c:18:e0:e9:fa:21:5a:cd:3a:cc:69:7f:37:7a:d8:
                    ff:e5:41:9b:09:b4:19:25:2d:c6:11:13:b9:d8:c8:
                    e2:a7:09:ed:57:02:6a:d8:44:4c:f8:f1:f2:85:c3:
                    9d:ca:f2:ae:8e:92:7e:45:ce:7e:fb:ea:c8:cf:6f:
                    f1:06:06:27:68:ec:c2:0e:70:91:e7:24:d6:41:f1:
                    33:be:0c:0e:9f:25:73:d2:0f:34:fa:84:d8:97:07:
                    6f:33:65:ea:c7:ef:09:b7:cf:ff:a9:5d:31:91:51:
                    5d:e1:8a:10:24:21:8b:f0:9d:f7:d0:c1:21:39:b9:
                    c8:8b:4a:b3:f7:fa:b2:a9:40:d0:22:58:7b:9d:10:
                    a7:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:EE:6F:32:CB:31:54:FA:8F:3E:C9:9F:A0:76:DD:93:2D:3E:83:4E
            X509v3 Authority Key Identifier:
                keyid:F0:D5:9F:12:1F:C7:EF:A0:C1:0B:7D:D6:14:D9:5A:87:56:D5:36:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8NWfEh_H76DBC33WFNlah1bVNgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e698c7-0b1f-4106-ba67-6eefe5b335aa/1/ge5vMssxVPqPPsmfoHbdky0-g04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e698c7-0b1f-4106-ba67-6eefe5b335aa/1/8NWfEh_H76DBC33WFNlah1bVNgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.144.0/21
                  45.10.98.0/23
                IPv6:
                  2a01:76c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:7a:32:3d:7b:8c:2d:2f:32:da:36:e1:d0:7b:2f:7c:4b:6b:
         14:f7:82:63:9f:2e:91:82:15:32:89:f3:71:69:c2:ee:27:65:
         23:e3:4e:db:70:15:d7:0f:15:2a:08:17:48:04:74:e5:d3:f3:
         ad:90:d2:93:04:17:fd:55:fb:b5:29:19:b1:3a:4c:bc:7f:d4:
         6e:ca:e5:42:17:91:40:46:d4:c4:76:6c:16:0a:da:ad:3f:b2:
         6a:47:22:39:77:6f:72:8c:dd:bb:02:91:6d:9f:b9:52:be:f2:
         3e:dc:fc:70:0c:a4:34:86:a8:3b:ae:97:de:83:df:10:20:10:
         5c:e4:a1:fd:ca:b2:83:b4:40:73:43:ae:6d:76:89:3a:a8:04:
         bb:4b:32:f9:df:0f:64:cf:cc:39:80:35:86:2c:38:bf:1f:ba:
         46:62:40:2d:12:67:2b:4f:f6:92:31:b2:da:01:47:33:7e:01:
         9a:07:8c:c3:72:7a:91:b5:dc:8f:93:45:f7:09:db:10:23:e9:
         de:bc:0a:ab:69:8e:3d:23:e2:86:8d:56:e2:59:d2:ce:40:e8:
         4e:f3:dc:80:46:2c:58:61:47:53:ab:39:01:4d:0f:f2:91:26:
         0c:b7:24:94:de:37:8c:a0:9a:73:df:51:90:3b:a7:95:99:c4:
         ff:93:d7:82
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI3N09nDvwXvFynP/DmtFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZDU5ZjEyMWZjN2VmYTBjMTBiN2RkNjE0ZDk1YTg3NTZk
NTM2MDYwHhcNMjQwMTAyMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWVlNmYzMmNiMzE1NGZhOGYzZWM5OWZhMDc2ZGQ5MzJkM2U4MzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNBi8sMmmm+DrxeFuUunj4qKz0b2
KciWHdo5L6Zt7LNEBi5ao+wV8VJnwLHNGmoP/I5igCJ5aP72MAYheuT0+17s9Ih/
rvvXPygZZoc3yy2e81Hl0VQU9xQm22zs/CnUZjEogQpPHNWy/36wb8OXDXQYsmsg
jo2MGODp+iFazTrMaX83etj/5UGbCbQZJS3GERO52MjipwntVwJq2ERM+PHyhcOd
yvKujpJ+Rc5+++rIz2/xBgYnaOzCDnCR5yTWQfEzvgwOnyVz0g80+oTYlwdvM2Xq
x+8Jt8//qV0xkVFd4YoQJCGL8J330MEhObnIi0qz9/qyqUDQIlh7nRCnGQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIHubzLLMVT6jz7Jn6B23ZMtPoNOMB8GA1UdIwQY
MBaAFPDVnxIfx++gwQt91hTZWodW1TYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE5XZkVoX0g3NkRCQzMzV0ZObGFoMWJWTmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lNjk4YzctMGIxZi00MTA2LWJhNjct
NmVlZmU1YjMzNWFhLzEvZ2U1dk1zc3hWUHFQUHNtZm9IYmRreTAtZzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lNjk4YzctMGIxZi00MTA2LWJhNjctNmVlZmU1YjMzNWFh
LzEvOE5XZkVoX0g3NkRCQzMzV0ZObGFoMWJWTmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBWiQAwQB
LQpiMA0EAgACMAcDBQMqAXbAMA0GCSqGSIb3DQEBCwUAA4IBAQB1ejI9e4wtLzLa
NuHQey98S2sU94Jjny6RghUyifNxacLuJ2Uj407bcBXXDxUqCBdIBHTl0/OtkNKT
BBf9Vfu1KRmxOky8f9RuyuVCF5FARtTEdmwWCtqtP7JqRyI5d29yjN27ApFtn7lS
vvI+3PxwDKQ0hqg7rpfeg98QIBBc5KH9yrKDtEBzQ65tdok6qAS7SzL53w9kz8w5
gDWGLDi/H7pGYkAtEmcrT/aSMbLaAUczfgGaB4zDcnqRtdyPk0X3CdsQI+nevAqr
aY49I+KGjVbiWdLOQOhO89yARixYYUdTqzkBTQ/ykSYMtySU3jeMoJpz31GQO6eV
mcT/k9eC
-----END CERTIFICATE-----