Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/uIyn0rYDPV5V6d_JYdEI72IyG74.roa
File:                     uIyn0rYDPV5V6d_JYdEI72IyG74.roa (raw, json)
Hash identifier:          epSwPNgpIwrsUiUZdCwjvYtXGtSrL1S+qZ85hQN6KMQ=
Subject key identifier:   B8:8C:A7:D2:B6:03:3D:5E:55:E9:DF:C9:61:D1:08:EF:62:32:1B:BE
Certificate issuer:       /CN=d07dc35ebcd88dd0e2a8db3a5a08654bc3be0262
Certificate serial:       018CC64B115D41A412DD517502D78E2A144D
Authority key identifier: D0:7D:C3:5E:BC:D8:8D:D0:E2:A8:DB:3A:5A:08:65:4B:C3:BE:02:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/uIyn0rYDPV5V6d_JYdEI72IyG74.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60358
IP address blocks:        5.44.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:11:5d:41:a4:12:dd:51:75:02:d7:8e:2a:14:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07dc35ebcd88dd0e2a8db3a5a08654bc3be0262
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b88ca7d2b6033d5e55e9dfc961d108ef62321bbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:17:7b:d6:0d:15:53:a1:61:da:bc:fd:c9:2d:
                    c8:e1:e7:35:1f:a9:0a:96:75:16:77:5b:3d:12:e4:
                    a7:59:03:27:5c:c8:70:78:63:86:04:4a:9e:bd:6d:
                    bd:f9:77:1e:b6:03:ae:df:51:c4:49:0b:45:be:60:
                    25:4a:49:7e:5a:01:cd:6d:a9:16:0f:75:2b:72:a5:
                    11:e8:59:93:21:7b:0c:cf:cb:e2:3d:ac:c6:da:1a:
                    55:2f:65:f1:be:12:71:4b:3e:a6:12:00:94:65:7c:
                    14:18:06:dc:7c:db:13:1e:8e:e2:47:a4:0d:e7:9a:
                    b0:15:9e:d6:b9:8b:63:49:c0:56:b7:29:3d:93:ab:
                    db:65:ba:5b:ec:01:a5:08:5c:a5:c9:c1:9b:7f:2c:
                    70:83:e5:5e:0a:20:84:86:74:40:c6:8a:b2:90:3f:
                    c4:d4:3c:55:83:d8:de:db:65:35:8c:ec:9f:9f:18:
                    4d:9e:83:35:5a:2a:68:e6:5e:02:ad:46:3a:61:5c:
                    9b:5f:6b:39:84:be:48:35:e1:31:fc:42:ca:8b:f9:
                    0d:39:ba:e5:03:76:e1:85:79:d9:a5:c0:2d:52:33:
                    3c:26:30:cf:1b:3b:e2:fa:4d:4b:2d:3f:48:73:52:
                    62:7f:fb:46:24:af:7f:22:3b:7e:a4:67:ca:23:f9:
                    7f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:8C:A7:D2:B6:03:3D:5E:55:E9:DF:C9:61:D1:08:EF:62:32:1B:BE
            X509v3 Authority Key Identifier:
                keyid:D0:7D:C3:5E:BC:D8:8D:D0:E2:A8:DB:3A:5A:08:65:4B:C3:BE:02:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/uIyn0rYDPV5V6d_JYdEI72IyG74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:57:bc:d2:48:5a:f8:36:e2:f6:67:e8:e2:83:fd:85:c5:db:
         c3:36:cd:cb:27:14:ce:71:00:4f:39:be:58:1b:54:09:38:95:
         a9:c9:4c:e7:7f:04:34:65:3a:bd:1d:7d:e2:24:f3:73:44:a6:
         e8:83:b2:95:56:8b:4c:cc:77:ed:5e:e0:6b:89:47:33:88:2e:
         43:9c:e1:16:bc:d9:ed:d9:d7:47:c1:97:1a:7b:44:1b:7c:75:
         8e:7d:17:7c:ac:f3:f9:6f:84:60:7a:05:57:73:3d:fb:7f:13:
         ff:e5:65:16:db:92:98:b5:b7:ae:ce:6a:e8:6e:e3:e9:86:ca:
         b4:f7:08:a7:cd:b2:76:ee:fe:d6:5b:a3:c8:75:a8:de:30:2c:
         79:20:47:96:fc:c2:72:6f:2e:12:0b:81:e5:a4:0e:79:b1:95:
         29:c0:ed:b6:62:41:93:09:2c:e6:0a:9c:e4:e6:8c:e0:c8:e8:
         74:3c:af:41:e1:4b:a1:57:5f:31:32:fd:40:fd:e6:3e:d9:81:
         bb:6b:f9:a4:34:71:61:9f:71:24:92:1b:bf:c7:f5:48:e5:a3:
         d9:42:3e:2f:7f:dc:a7:48:e2:79:52:98:ab:a3:cb:fc:9a:b7:
         40:f9:ea:68:13:b1:e6:fc:e9:1d:a0:0b:3f:1f:f2:ef:74:ed:
         5a:85:f6:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxFdQaQS3VF1AteOKhRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2RjMzVlYmNkODhkZDBlMmE4ZGIzYTVhMDg2NTRiYzNi
ZTAyNjIwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODhjYTdkMmI2MDMzZDVlNTVlOWRmYzk2MWQxMDhlZjYyMzIxYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRd71g0VU6Fh2rz9yS3I4ec1H6kK
lnUWd1s9EuSnWQMnXMhweGOGBEqevW29+XcetgOu31HESQtFvmAlSkl+WgHNbakW
D3UrcqUR6FmTIXsMz8viPazG2hpVL2XxvhJxSz6mEgCUZXwUGAbcfNsTHo7iR6QN
55qwFZ7WuYtjScBWtyk9k6vbZbpb7AGlCFylycGbfyxwg+VeCiCEhnRAxoqykD/E
1DxVg9je22U1jOyfnxhNnoM1Wipo5l4CrUY6YVybX2s5hL5INeEx/ELKi/kNObrl
A3bhhXnZpcAtUjM8JjDPGzvi+k1LLT9Ic1Jif/tGJK9/Ijt+pGfKI/l/VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiMp9K2Az1eVenfyWHRCO9iMhu+MB8GA1UdIwQY
MBaAFNB9w1682I3Q4qjbOloIZUvDvgJiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgzRFhyellqZERpcU5zNldnaGxTOE8tQW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8xYzcxOGQtZTdhMC00MGFjLWExODEt
Y2JhYTQyYTYyNzI3LzEvdUl5bjByWURQVjVWNmRfSllkRUk3Mkl5Rzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8xYzcxOGQtZTdhMC00MGFjLWExODEtY2JhYTQyYTYyNzI3
LzEvMEgzRFhyellqZERpcU5zNldnaGxTOE8tQW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSxPMA0G
CSqGSIb3DQEBCwUAA4IBAQBqV7zSSFr4NuL2Z+jig/2FxdvDNs3LJxTOcQBPOb5Y
G1QJOJWpyUznfwQ0ZTq9HX3iJPNzRKbog7KVVotMzHftXuBriUcziC5DnOEWvNnt
2ddHwZcae0QbfHWOfRd8rPP5b4RgegVXcz37fxP/5WUW25KYtbeuzmrobuPphsq0
9winzbJ27v7WW6PIdajeMCx5IEeW/MJyby4SC4HlpA55sZUpwO22YkGTCSzmCpzk
5ozgyOh0PK9B4UuhV18xMv1A/eY+2YG7a/mkNHFhn3Ekkhu/x/VI5aPZQj4vf9yn
SOJ5Upiro8v8mrdA+epoE7Hm/OkdoAs/H/LvdO1ahfYT
-----END CERTIFICATE-----