Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/fO1H1JGHzbdzDDgaUN1o8TMdGOM.roa
File:                     fO1H1JGHzbdzDDgaUN1o8TMdGOM.roa (raw, json)
Hash identifier:          lyaewYIlSUNjqGCMWE3zgRd4QOnkzTRIsX3Qr+HMdZ8=
Subject key identifier:   7C:ED:47:D4:91:87:CD:B7:73:0C:38:1A:50:DD:68:F1:33:1D:18:E3
Certificate issuer:       /CN=8ad47baa9aa6e0a20ad995a79c2a8de604f9aa37
Certificate serial:       018CC9BBC0C7A020ED3D598A50B0B1DE631D
Authority key identifier: 8A:D4:7B:AA:9A:A6:E0:A2:0A:D9:95:A7:9C:2A:8D:E6:04:F9:AA:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itR7qpqm4KIK2ZWnnCqN5gT5qjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/fO1H1JGHzbdzDDgaUN1o8TMdGOM.roa
Signing time:             Tue 02 Jan 2024 10:32:54 +0000
ROA not before:           Tue 02 Jan 2024 10:32:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60609
IP address blocks:        5.158.223.0/24 maxlen: 24
                          5.158.221.0/24 maxlen: 24
                          5.158.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/itR7qpqm4KIK2ZWnnCqN5gT5qjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/itR7qpqm4KIK2ZWnnCqN5gT5qjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itR7qpqm4KIK2ZWnnCqN5gT5qjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 22:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c0:c7:a0:20:ed:3d:59:8a:50:b0:b1:de:63:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad47baa9aa6e0a20ad995a79c2a8de604f9aa37
        Validity
            Not Before: Jan  2 10:32:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ced47d49187cdb7730c381a50dd68f1331d18e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:4f:14:8f:df:f8:f5:42:b9:64:7f:66:32:fa:
                    d0:7e:ac:1b:6a:e7:07:c1:88:d1:ca:28:a6:fb:85:
                    f6:03:04:a4:87:d8:91:6f:ee:50:01:6f:28:d7:ed:
                    03:ff:3a:7f:3d:f5:c4:0f:71:16:ac:8c:cf:63:3a:
                    6d:40:11:c8:ae:bb:25:41:08:a6:15:80:99:9e:1a:
                    7c:0c:c6:1e:60:39:3e:b9:4b:5a:f5:67:b2:bc:cd:
                    07:19:ff:fb:cf:db:84:ae:13:ca:e2:1d:c4:52:f8:
                    d9:48:dd:aa:f1:1f:95:4c:cd:2e:0f:e3:7f:9a:0d:
                    7f:0e:2e:24:0d:ce:be:3c:c1:51:9f:01:54:cc:36:
                    86:c3:a3:14:b2:ac:3b:7e:16:50:e0:c2:0d:4f:28:
                    ad:96:4e:5d:23:65:b2:94:23:1e:6d:c0:6a:87:32:
                    fd:dd:11:3e:12:68:c8:03:87:d8:b2:a7:66:86:da:
                    ba:57:08:8e:0d:ef:00:81:49:28:1d:b1:34:ed:5f:
                    4c:c5:88:82:f0:a9:a3:be:50:36:b3:00:e2:4b:dc:
                    0a:2c:64:4e:c7:4a:9b:2f:ba:7a:2e:3c:b8:99:97:
                    22:37:e8:36:6c:bf:6f:dd:8e:97:59:4b:72:5e:3f:
                    b2:51:05:3d:53:e6:3c:f5:03:86:c5:a2:3e:d0:a9:
                    c0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:ED:47:D4:91:87:CD:B7:73:0C:38:1A:50:DD:68:F1:33:1D:18:E3
            X509v3 Authority Key Identifier:
                keyid:8A:D4:7B:AA:9A:A6:E0:A2:0A:D9:95:A7:9C:2A:8D:E6:04:F9:AA:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itR7qpqm4KIK2ZWnnCqN5gT5qjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/fO1H1JGHzbdzDDgaUN1o8TMdGOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/itR7qpqm4KIK2ZWnnCqN5gT5qjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.221.0-5.158.223.255

    Signature Algorithm: sha256WithRSAEncryption
         08:05:cb:68:c7:e8:7b:ef:59:fa:f2:76:c5:92:d9:ae:20:91:
         25:f6:b9:9a:90:5d:90:22:4f:a4:54:fb:67:ca:bc:ba:08:11:
         d3:03:09:64:64:61:bc:d6:43:e2:7e:6e:40:b0:3b:c9:ca:37:
         63:7c:63:f9:62:b3:94:6b:51:86:05:ed:c2:8d:96:72:c9:c1:
         1d:69:89:2b:91:b9:65:d4:ce:47:ac:4a:d2:66:9c:51:df:6e:
         d0:44:27:20:c5:5e:d5:4a:ff:4e:ba:a7:95:71:40:7c:53:d6:
         40:0a:0f:e3:01:fc:1c:8c:5a:0b:ec:a7:b1:01:7b:aa:3a:bb:
         0d:e5:c3:ec:4b:e3:be:1b:ca:05:d8:e4:b6:e2:32:b2:23:a9:
         df:3d:d6:d4:b2:15:ba:1b:b3:66:a4:68:cc:62:13:1d:bc:03:
         b3:9d:99:eb:a3:ea:3f:26:69:4c:bd:40:48:c6:4b:d3:f5:3a:
         f3:f4:1a:e7:de:ce:31:18:05:1c:4c:7c:5e:93:0d:5d:cb:af:
         dc:af:60:96:e2:c9:4d:6a:b2:f7:19:0b:01:a2:ed:70:f2:47:
         49:6c:8c:71:29:e4:d1:09:18:4c:a7:4f:24:6b:6d:bc:42:93:
         43:19:52:8a:76:87:bb:ff:08:1e:7b:41:7a:82:1e:4f:af:06:
         1a:e1:c2:fd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJu8DHoCDtPVmKULCx3mMdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDQ3YmFhOWFhNmUwYTIwYWQ5OTVhNzljMmE4ZGU2MDRm
OWFhMzcwHhcNMjQwMTAyMTAzMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2VkNDdkNDkxODdjZGI3NzMwYzM4MWE1MGRkNjhmMTMzMWQxOGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgE8Uj9/49UK5ZH9mMvrQfqwbaucH
wYjRyiim+4X2AwSkh9iRb+5QAW8o1+0D/zp/PfXED3EWrIzPYzptQBHIrrslQQim
FYCZnhp8DMYeYDk+uUta9WeyvM0HGf/7z9uErhPK4h3EUvjZSN2q8R+VTM0uD+N/
mg1/Di4kDc6+PMFRnwFUzDaGw6MUsqw7fhZQ4MINTyitlk5dI2WylCMebcBqhzL9
3RE+EmjIA4fYsqdmhtq6VwiODe8AgUkoHbE07V9MxYiC8KmjvlA2swDiS9wKLGRO
x0qbL7p6Ljy4mZciN+g2bL9v3Y6XWUtyXj+yUQU9U+Y89QOGxaI+0KnAqQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHztR9SRh823cww4GlDdaPEzHRjjMB8GA1UdIwQY
MBaAFIrUe6qapuCiCtmVp5wqjeYE+ao3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRSN3FwcW00S0lLMlpXbm5DcU41Z1Q1cWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85MzU1YjktNzNkNC00YzRjLTk2MDEt
ZjAxYTJmNThlZjg4LzEvZk8xSDFKR0h6YmR6RERnYVVOMW84VE1kR09NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85MzU1YjktNzNkNC00YzRjLTk2MDEtZjAxYTJmNThlZjg4
LzEvaXRSN3FwcW00S0lLMlpXbm5DcU41Z1Q1cWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAFnt0D
BAUFnsAwDQYJKoZIhvcNAQELBQADggEBAAgFy2jH6HvvWfrydsWS2a4gkSX2uZqQ
XZAiT6RU+2fKvLoIEdMDCWRkYbzWQ+J+bkCwO8nKN2N8Y/lis5RrUYYF7cKNlnLJ
wR1piSuRuWXUzkesStJmnFHfbtBEJyDFXtVK/066p5VxQHxT1kAKD+MB/ByMWgvs
p7EBe6o6uw3lw+xL474bygXY5LbiMrIjqd891tSyFbobs2akaMxiEx28A7Odmeuj
6j8maUy9QEjGS9P1OvP0GufezjEYBRxMfF6TDV3Lr9yvYJbiyU1qsvcZCwGi7XDy
R0lsjHEp5NEJGEynTyRrbbxCk0MZUop2h7v/CB57QXqCHk+vBhrhwv0=
-----END CERTIFICATE-----