Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/8ZI6THmH5qVLJ0wFDTnOcUHJD6U.roa
File:                     8ZI6THmH5qVLJ0wFDTnOcUHJD6U.roa (raw, json)
Hash identifier:          Oonx6agTHqIiMXkYdCRJEwvcCLfe1aiguIiEzVe0m/M=
Subject key identifier:   F1:92:3A:4C:79:87:E6:A5:4B:27:4C:05:0D:39:CE:71:41:C9:0F:A5
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       0192B511842484CAB5C66076DA4B7DA08B28
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/8ZI6THmH5qVLJ0wFDTnOcUHJD6U.roa
Signing time:             Tue 22 Oct 2024 16:31:16 +0000
ROA not before:           Tue 22 Oct 2024 16:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        5.181.200.0/24 maxlen: 24
                          45.158.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b5:11:84:24:84:ca:b5:c6:60:76:da:4b:7d:a0:8b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Oct 22 16:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1923a4c7987e6a54b274c050d39ce7141c90fa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:55:51:83:29:f5:50:65:f1:9a:b6:3a:a0:ca:
                    f2:a7:65:8c:b6:33:12:b9:ce:1a:13:57:35:73:ba:
                    d3:0a:2c:b0:96:2d:81:19:0b:c3:e8:b2:2a:2b:7f:
                    f2:49:98:b7:32:66:0f:49:30:c6:e7:9d:4f:52:a0:
                    19:80:12:be:28:8f:af:47:b2:bb:2f:05:9b:41:cf:
                    9a:99:3f:99:90:c4:c2:77:e7:e6:b3:e6:52:b6:3d:
                    f7:20:30:d8:53:c4:8e:7f:24:fb:77:c6:56:37:06:
                    1e:db:c0:ba:ab:e7:c5:66:e9:1a:b5:11:f9:f2:4c:
                    36:ca:01:8e:be:65:87:86:60:f2:1e:01:79:9f:60:
                    c1:f8:a2:83:8c:3f:9f:98:d6:cb:b9:04:c3:6f:71:
                    aa:60:5c:40:53:95:aa:b2:fe:3e:93:07:be:5b:5c:
                    30:9d:ff:ce:98:ce:a8:b4:1c:2d:f4:fb:85:b3:30:
                    c5:56:93:81:e2:ab:09:4f:ee:ea:be:8b:78:65:fc:
                    ab:a6:39:0e:5f:1d:63:d1:1a:7f:50:62:53:87:77:
                    39:03:d0:42:52:03:1c:01:dc:54:d2:b4:71:65:8d:
                    2b:2e:2b:e5:87:9b:87:96:cd:0b:dd:0a:c8:fc:30:
                    6f:73:fe:99:61:09:f8:e9:34:63:cb:3a:0a:f7:76:
                    77:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:92:3A:4C:79:87:E6:A5:4B:27:4C:05:0D:39:CE:71:41:C9:0F:A5
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/8ZI6THmH5qVLJ0wFDTnOcUHJD6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.200.0/24
                  45.158.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:0d:d6:2e:fc:5f:28:2f:12:b0:23:57:00:7f:be:13:fe:06:
         63:81:d8:ac:40:9a:f3:4f:e4:0e:9b:1c:bf:46:7b:66:ed:a4:
         1f:be:ff:ea:f3:75:af:bb:4b:2e:07:4f:71:c4:61:85:0e:d8:
         20:fc:9a:e3:b4:26:c3:03:2e:8f:9f:bc:7c:bf:ed:da:46:57:
         9f:f5:44:ce:92:c1:5c:71:35:36:42:b2:1d:30:e1:ac:26:90:
         53:c2:84:43:84:34:b5:ab:44:7a:bf:15:17:ab:03:58:d2:ca:
         07:e9:77:43:32:ec:84:e5:8d:ce:07:1a:51:3c:6a:42:03:e4:
         7f:8c:fc:34:fb:76:b5:ca:5d:21:08:88:f4:91:26:52:ab:5b:
         18:0a:8f:64:79:43:12:4b:0d:ea:02:07:af:7e:d8:5c:a4:ac:
         75:cb:1d:b1:07:b2:33:ef:f8:44:f8:45:dd:6a:2f:74:15:2c:
         f5:33:82:e1:99:61:d3:28:14:c7:c0:14:09:1e:c8:fa:28:a4:
         0d:2b:ca:e8:25:34:1d:28:e9:79:7a:17:87:8f:19:89:1c:7f:
         a0:20:0e:44:a0:e3:c1:91:21:9e:a2:68:1e:3c:f9:31:2a:6e:
         e6:c0:b8:b0:6a:df:7a:d0:67:cf:9d:ef:1e:bf:b4:09:49:c3:
         8e:6e:5e:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK1EYQkhMq1xmB22kt9oIsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQxMDIyMTYzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTkyM2E0Yzc5ODdlNmE1NGIyNzRjMDUwZDM5Y2U3MTQxYzkwZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1VRgyn1UGXxmrY6oMryp2WMtjMS
uc4aE1c1c7rTCiywli2BGQvD6LIqK3/ySZi3MmYPSTDG551PUqAZgBK+KI+vR7K7
LwWbQc+amT+ZkMTCd+fms+ZStj33IDDYU8SOfyT7d8ZWNwYe28C6q+fFZukatRH5
8kw2ygGOvmWHhmDyHgF5n2DB+KKDjD+fmNbLuQTDb3GqYFxAU5Wqsv4+kwe+W1ww
nf/OmM6otBwt9PuFszDFVpOB4qsJT+7qvot4ZfyrpjkOXx1j0Rp/UGJTh3c5A9BC
UgMcAdxU0rRxZY0rLivlh5uHls0L3QrI/DBvc/6ZYQn46TRjyzoK93Z3ZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPGSOkx5h+alSydMBQ05znFByQ+lMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvOFpJNlRIbUg1cVZMSjB3RkRUbk9jVUhKRDZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbXIAwQA
LZ5TMA0GCSqGSIb3DQEBCwUAA4IBAQCiDdYu/F8oLxKwI1cAf74T/gZjgdisQJrz
T+QOmxy/Rntm7aQfvv/q83Wvu0suB09xxGGFDtgg/JrjtCbDAy6Pn7x8v+3aRlef
9UTOksFccTU2QrIdMOGsJpBTwoRDhDS1q0R6vxUXqwNY0soH6XdDMuyE5Y3OBxpR
PGpCA+R/jPw0+3a1yl0hCIj0kSZSq1sYCo9keUMSSw3qAgevfthcpKx1yx2xB7Iz
7/hE+EXdai90FSz1M4LhmWHTKBTHwBQJHsj6KKQNK8roJTQdKOl5eheHjxmJHH+g
IA5EoOPBkSGeomgePPkxKm7mwLiwat960GfPne8ev7QJScOObl6B
-----END CERTIFICATE-----