Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/oDT8oRFCpU31Lrf0Chspe_sGOJ4.roa
File:                     oDT8oRFCpU31Lrf0Chspe_sGOJ4.roa (raw, json)
Hash identifier:          VyGlz4SE7MpyWbfEZT4gLSyf9tE0z1tUYLDr2Vegtas=
Subject key identifier:   A0:34:FC:A1:11:42:A5:4D:F5:2E:B7:F4:0A:1B:29:7B:FB:06:38:9E
Certificate issuer:       /CN=715b885c3b302fd50e6c22647a33dc47727fea95
Certificate serial:       018CC7943C861FF98B95BCF886E037692B94
Authority key identifier: 71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/oDT8oRFCpU31Lrf0Chspe_sGOJ4.roa
Signing time:             Tue 02 Jan 2024 00:30:29 +0000
ROA not before:           Tue 02 Jan 2024 00:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        5.62.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:3c:86:1f:f9:8b:95:bc:f8:86:e0:37:69:2b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=715b885c3b302fd50e6c22647a33dc47727fea95
        Validity
            Not Before: Jan  2 00:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a034fca11142a54df52eb7f40a1b297bfb06389e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5b:cf:40:da:4e:42:03:9a:37:7e:0d:32:58:
                    35:7c:39:e8:05:94:22:c5:f5:3a:b1:8a:b4:96:be:
                    67:35:9f:44:1c:a0:19:21:4c:0e:2f:67:23:1c:23:
                    29:ad:9a:06:7a:c6:42:ef:c0:d7:17:47:d0:ef:94:
                    39:ae:f6:51:3d:68:6b:9f:4b:54:c3:b6:b1:27:62:
                    6c:f2:b8:27:11:99:b1:e1:00:0a:02:18:b1:31:dd:
                    17:3d:31:d4:43:a3:45:c5:1b:e9:09:3a:0c:33:5a:
                    fe:97:08:0d:b2:7a:aa:c0:17:83:82:8d:76:6a:67:
                    46:9e:ae:74:bb:7e:27:0c:2a:f1:75:56:aa:9f:39:
                    6b:67:2c:ba:6b:a0:5f:2d:0d:f2:db:dc:e3:9e:5f:
                    11:e9:f4:74:91:85:ee:09:31:23:f1:77:86:80:f2:
                    0f:28:1a:3c:8a:54:08:09:7b:6a:be:7c:49:b0:76:
                    e3:96:43:25:12:87:f9:9b:5b:e3:4c:17:52:20:23:
                    f4:8f:fd:95:0c:67:ac:16:be:97:27:07:45:78:9c:
                    8e:d7:ee:25:b0:73:3c:be:53:bb:74:ae:f5:87:0b:
                    09:9a:aa:25:eb:96:27:51:7e:60:93:ef:9c:21:61:
                    e4:1e:5b:48:d5:9b:71:6b:b0:c3:1f:4b:98:6b:6d:
                    64:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:34:FC:A1:11:42:A5:4D:F5:2E:B7:F4:0A:1B:29:7B:FB:06:38:9E
            X509v3 Authority Key Identifier:
                keyid:71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/oDT8oRFCpU31Lrf0Chspe_sGOJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:46:76:d0:ea:c6:91:bd:bf:bc:77:5e:0c:a0:32:66:f7:1a:
         b2:4a:21:80:33:71:35:da:0d:b1:64:1b:82:85:d7:8e:ad:2f:
         56:e5:7a:21:cf:58:e4:c3:a4:0c:b4:a6:9c:c1:11:40:8a:22:
         2d:18:a6:01:04:15:5c:55:6b:b9:2d:8f:60:06:a0:f1:bd:2b:
         13:eb:63:62:df:36:a1:f8:85:d8:e4:6a:cb:ee:bc:f1:28:de:
         05:ff:73:a0:99:3c:7d:5f:a8:c2:c1:ec:77:12:bb:38:70:3b:
         6a:b3:c5:04:71:ea:77:21:b4:2a:99:6f:3d:88:2c:af:9c:f2:
         e8:73:71:40:fc:19:6d:1d:69:e7:a9:03:e1:92:12:c9:ec:7f:
         15:fc:e4:c4:30:3a:41:f4:7a:2c:e7:9b:96:83:60:cd:e4:e5:
         a5:0b:f8:e2:ad:ff:50:a9:60:69:ce:01:d2:a2:c7:6e:29:72:
         e5:7e:57:f5:c8:10:aa:77:f5:72:e7:d3:be:b6:b3:d8:b1:54:
         5b:ab:df:2f:56:b9:9c:9d:b4:b8:0b:9c:db:a5:01:f3:92:1f:
         b7:b7:00:bc:26:c0:92:4b:51:14:8a:e2:9d:13:dc:33:66:ce:
         5f:7f:83:9e:6b:2a:1c:d6:0f:39:3e:41:eb:aa:6f:9e:ef:65:
         5a:36:1e:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDyGH/mLlbz4huA3aSuUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNWI4ODVjM2IzMDJmZDUwZTZjMjI2NDdhMzNkYzQ3NzI3
ZmVhOTUwHhcNMjQwMTAyMDAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDM0ZmNhMTExNDJhNTRkZjUyZWI3ZjQwYTFiMjk3YmZiMDYzODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFvPQNpOQgOaN34NMlg1fDnoBZQi
xfU6sYq0lr5nNZ9EHKAZIUwOL2cjHCMprZoGesZC78DXF0fQ75Q5rvZRPWhrn0tU
w7axJ2Js8rgnEZmx4QAKAhixMd0XPTHUQ6NFxRvpCToMM1r+lwgNsnqqwBeDgo12
amdGnq50u34nDCrxdVaqnzlrZyy6a6BfLQ3y29zjnl8R6fR0kYXuCTEj8XeGgPIP
KBo8ilQICXtqvnxJsHbjlkMlEof5m1vjTBdSICP0j/2VDGesFr6XJwdFeJyO1+4l
sHM8vlO7dK71hwsJmqol65YnUX5gk++cIWHkHltI1Ztxa7DDH0uYa21kXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKA0/KERQqVN9S639AobKXv7BjieMB8GA1UdIwQY
MBaAFHFbiFw7MC/VDmwiZHoz3Edyf+qVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYt
MmE5MjMzM2Y5ZGY2LzEvb0RUOG9SRkNwVTMxTHJmMENoc3BlX3NHT0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYtMmE5MjMzM2Y5ZGY2
LzEvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT4iMA0G
CSqGSIb3DQEBCwUAA4IBAQBBRnbQ6saRvb+8d14MoDJm9xqySiGAM3E12g2xZBuC
hdeOrS9W5Xohz1jkw6QMtKacwRFAiiItGKYBBBVcVWu5LY9gBqDxvSsT62Ni3zah
+IXY5GrL7rzxKN4F/3OgmTx9X6jCwex3Ers4cDtqs8UEcep3IbQqmW89iCyvnPLo
c3FA/BltHWnnqQPhkhLJ7H8V/OTEMDpB9Hos55uWg2DN5OWlC/jirf9QqWBpzgHS
osduKXLlflf1yBCqd/Vy59O+trPYsVRbq98vVrmcnbS4C5zbpQHzkh+3twC8JsCS
S1EUiuKdE9wzZs5ff4Oeayoc1g85PkHrqm+e72VaNh52
-----END CERTIFICATE-----