Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8UF4B0N1O2LS0jkv1MoWCtWqRCs.roa
File:                     8UF4B0N1O2LS0jkv1MoWCtWqRCs.roa (raw, json)
Hash identifier:          LSMZm1Z5Gl8M3h7srN5xtQO2d0eLOvBIudPeLn2Msgo=
Subject key identifier:   F1:41:78:07:43:75:3B:62:D2:D2:39:2F:D4:CA:16:0A:D5:AA:44:2B
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA13865176258C15FE39038C17585
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8UF4B0N1O2LS0jkv1MoWCtWqRCs.roa
Signing time:             Tue 02 Jan 2024 06:32:28 +0000
ROA not before:           Tue 02 Jan 2024 06:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198920
IP address blocks:        5.252.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a1:38:65:17:62:58:c1:5f:e3:90:38:c1:75:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f141780743753b62d2d2392fd4ca160ad5aa442b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f7:d1:e1:66:48:fc:3f:36:46:04:fc:38:6d:
                    22:94:5f:cd:df:e7:71:56:84:21:95:4e:ae:87:66:
                    8b:9e:37:12:3c:18:66:ea:19:5f:c6:64:86:af:5a:
                    03:ae:28:60:1f:51:33:73:3c:db:de:27:4a:98:30:
                    d3:a9:7b:cb:be:41:f3:c2:a5:21:8b:4d:3b:33:59:
                    45:be:67:f3:5c:81:b6:8c:9d:23:2e:05:18:c5:70:
                    92:5c:1d:ac:14:0f:6b:d7:01:12:f5:f5:f0:0b:52:
                    22:0e:f2:b0:e0:1f:26:5e:e4:65:0a:e6:16:2c:d2:
                    a8:ff:47:1d:71:c1:84:32:c4:21:3e:3b:27:23:1d:
                    55:b8:c1:1e:de:f3:92:62:4b:d6:7a:cf:b5:c3:47:
                    ad:8f:af:20:9e:5d:dd:68:41:2d:17:eb:d6:3d:62:
                    29:3f:44:25:92:e7:fd:a9:87:2c:10:5c:3f:65:fd:
                    8c:50:2b:93:7b:93:3b:b6:e3:66:5c:62:d3:1b:95:
                    49:68:07:37:80:4e:93:ab:3b:32:82:1e:cb:cc:3b:
                    88:d7:a9:ec:ea:72:67:e5:9f:ca:31:b4:60:12:42:
                    ff:25:b3:1d:6f:eb:2a:aa:aa:cd:8b:24:87:76:f8:
                    4f:e9:22:e2:38:fd:54:20:52:a6:5b:18:6c:dc:4b:
                    99:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:41:78:07:43:75:3B:62:D2:D2:39:2F:D4:CA:16:0A:D5:AA:44:2B
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8UF4B0N1O2LS0jkv1MoWCtWqRCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:c1:3d:92:44:41:19:7e:2c:fa:f3:71:65:28:b1:f3:66:eb:
         3e:e1:10:c5:f4:27:58:af:95:8d:d5:a1:03:2e:b2:58:80:24:
         43:d8:d1:da:fa:13:be:b4:e9:76:8e:08:f5:3a:77:bf:82:98:
         0a:dc:ea:a5:0a:de:7b:17:15:3a:00:d8:79:ad:6a:80:f7:51:
         3a:ec:70:39:65:2c:7c:74:b0:00:c7:4c:aa:14:9e:60:e4:ee:
         9a:aa:ea:82:73:19:8a:98:e9:70:ea:d3:06:2f:d0:03:91:d6:
         9a:22:a5:b9:33:de:7f:85:e0:72:0f:b5:78:52:70:7c:eb:ef:
         4a:b5:a3:9a:91:51:75:08:31:2f:b7:b8:b1:e9:ce:1b:1d:54:
         96:1f:d8:fb:af:b8:38:c9:14:f8:a5:86:9a:fa:49:72:43:9c:
         62:94:bf:3e:f5:e5:3d:a4:92:41:33:fc:41:b0:ef:fe:84:58:
         81:2a:03:3a:68:0b:82:03:03:87:55:f2:61:07:c3:f8:04:f2:
         e3:5d:81:11:96:36:95:ba:0f:8d:d6:a4:06:46:4e:2a:7b:e3:
         0d:93:29:7c:99:52:81:0c:51:e1:69:36:4a:c7:19:ef:71:de:
         97:63:10:13:83:a8:06:1c:28:52:42:6f:02:04:8a:52:bd:5d:
         80:1e:40:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36E4ZRdiWMFf45A4wXWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTQxNzgwNzQzNzUzYjYyZDJkMjM5MmZkNGNhMTYwYWQ1YWE0NDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/fR4WZI/D82RgT8OG0ilF/N3+dx
VoQhlU6uh2aLnjcSPBhm6hlfxmSGr1oDrihgH1Ezczzb3idKmDDTqXvLvkHzwqUh
i007M1lFvmfzXIG2jJ0jLgUYxXCSXB2sFA9r1wES9fXwC1IiDvKw4B8mXuRlCuYW
LNKo/0cdccGEMsQhPjsnIx1VuMEe3vOSYkvWes+1w0etj68gnl3daEEtF+vWPWIp
P0Qlkuf9qYcsEFw/Zf2MUCuTe5M7tuNmXGLTG5VJaAc3gE6Tqzsygh7LzDuI16ns
6nJn5Z/KMbRgEkL/JbMdb+sqqqrNiySHdvhP6SLiOP1UIFKmWxhs3EuZWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFBeAdDdTti0tI5L9TKFgrVqkQrMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvOFVGNEIwTjFPMkxTMGprdjFNb1dDdFdxUkNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfx3MA0G
CSqGSIb3DQEBCwUAA4IBAQB2wT2SREEZfiz683FlKLHzZus+4RDF9CdYr5WN1aED
LrJYgCRD2NHa+hO+tOl2jgj1One/gpgK3OqlCt57FxU6ANh5rWqA91E67HA5ZSx8
dLAAx0yqFJ5g5O6aquqCcxmKmOlw6tMGL9ADkdaaIqW5M95/heByD7V4UnB86+9K
taOakVF1CDEvt7ix6c4bHVSWH9j7r7g4yRT4pYaa+klyQ5xilL8+9eU9pJJBM/xB
sO/+hFiBKgM6aAuCAwOHVfJhB8P4BPLjXYERljaVug+N1qQGRk4qe+MNkyl8mVKB
DFHhaTZKxxnvcd6XYxATg6gGHChSQm8CBIpSvV2AHkC4
-----END CERTIFICATE-----