Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/8Kn64p9snod_KH5IARhDTMSStFM.roa
File:                     8Kn64p9snod_KH5IARhDTMSStFM.roa (raw, json)
Hash identifier:          VPFAcFWNDQ9JUnshlVnJz1ZsNUbwE7QCayQ40+VhM6E=
Subject key identifier:   F0:A9:FA:E2:9F:6C:9E:87:7F:28:7E:48:01:18:43:4C:C4:92:B4:53
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C9869370CACB713CCA622AC7E12B
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/8Kn64p9snod_KH5IARhDTMSStFM.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208593
IP address blocks:        5.202.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c9:86:93:70:ca:cb:71:3c:ca:62:2a:c7:e1:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0a9fae29f6c9e877f287e480118434cc492b453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c7:8c:47:e4:4d:4f:e2:46:be:33:bd:26:37:
                    7b:e6:72:55:cc:45:93:81:b6:52:ee:ab:f9:68:18:
                    10:c6:d2:b8:f8:e9:53:4c:83:47:54:41:49:f2:26:
                    b5:48:eb:6d:66:e3:a2:81:f7:9a:db:95:42:7e:9d:
                    8b:b0:18:ae:43:a4:0b:b2:46:11:36:a4:f8:9e:7c:
                    28:ec:b4:0a:d4:7e:d9:f3:13:11:a4:c8:78:73:71:
                    89:f2:3d:e4:1b:96:48:aa:99:c4:71:b1:55:a1:3f:
                    40:96:07:fc:74:6c:48:79:1c:82:0d:e2:a9:50:04:
                    ab:bf:39:de:e3:68:03:8f:79:9f:6f:06:58:8f:44:
                    14:8b:4a:52:11:49:80:fa:2a:ff:ef:45:9a:68:d9:
                    1f:f4:c1:f8:6d:d4:75:18:45:fe:46:7a:b7:48:75:
                    cb:af:41:e5:6a:78:f0:7b:1f:b7:36:0a:c1:58:8d:
                    c0:fa:50:81:5b:c6:f5:2b:88:18:a0:92:d4:f8:e6:
                    c5:0a:ce:ea:7f:23:35:a8:6b:3b:8f:5c:9d:ad:2b:
                    66:88:b3:2c:91:b2:a0:cc:65:dd:95:e3:3e:82:35:
                    f4:23:b8:b4:81:82:29:45:4d:8d:35:d3:57:3e:1d:
                    4b:26:2c:21:d3:a5:62:42:a9:fa:18:88:6e:9d:0f:
                    6b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A9:FA:E2:9F:6C:9E:87:7F:28:7E:48:01:18:43:4C:C4:92:B4:53
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/8Kn64p9snod_KH5IARhDTMSStFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:e8:f2:db:59:b6:c2:b4:3b:41:fa:9f:40:06:19:00:6e:a4:
         5f:26:f8:ea:51:e9:07:53:0b:c7:96:7b:1a:e8:ac:98:30:74:
         c0:7f:52:55:72:51:20:0d:13:29:c7:ce:6b:3c:03:f8:a6:25:
         df:65:d3:ed:af:6e:cf:6f:6e:5e:2a:1b:0d:bd:67:a3:cd:28:
         30:bd:33:89:e1:12:42:bb:01:62:a5:29:65:f9:c1:32:d0:8a:
         ba:50:5a:d0:f1:c9:23:c5:03:2d:53:07:17:83:f9:f6:88:f2:
         c4:c3:78:84:41:34:89:a2:c7:2a:69:ce:1f:5c:d9:ff:b9:5a:
         f0:e6:24:15:b4:60:d0:51:76:ab:ec:83:12:c5:31:60:a9:01:
         d9:01:bb:10:be:41:53:bd:bb:c9:af:69:ba:8c:bf:b8:8d:45:
         e3:8e:db:36:ed:19:ab:46:9d:65:12:4e:df:a6:83:4f:aa:6b:
         6b:a2:ba:73:0f:3f:7d:24:03:8f:6a:7d:c0:97:18:17:ab:70:
         80:08:a2:fb:aa:92:01:be:7d:51:f1:57:ec:cc:c0:50:63:ec:
         07:97:f5:af:a2:bf:c9:7a:aa:d3:3c:13:2b:05:37:25:ea:70:
         ff:6f:19:4d:b5:90:12:74:f2:a9:95:02:b9:2b:de:69:3a:2a:
         5e:1d:e1:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMmGk3DKy3E8ymIqx+ErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGE5ZmFlMjlmNmM5ZTg3N2YyODdlNDgwMTE4NDM0Y2M0OTJiNDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08eMR+RNT+JGvjO9Jjd75nJVzEWT
gbZS7qv5aBgQxtK4+OlTTINHVEFJ8ia1SOttZuOigfea25VCfp2LsBiuQ6QLskYR
NqT4nnwo7LQK1H7Z8xMRpMh4c3GJ8j3kG5ZIqpnEcbFVoT9Algf8dGxIeRyCDeKp
UASrvzne42gDj3mfbwZYj0QUi0pSEUmA+ir/70WaaNkf9MH4bdR1GEX+Rnq3SHXL
r0Hlanjwex+3NgrBWI3A+lCBW8b1K4gYoJLU+ObFCs7qfyM1qGs7j1ydrStmiLMs
kbKgzGXdleM+gjX0I7i0gYIpRU2NNdNXPh1LJiwh06ViQqn6GIhunQ9r0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCp+uKfbJ6Hfyh+SAEYQ0zEkrRTMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvOEtuNjRwOXNub2RfS0g1SUFSaERUTVNTdEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABcq7MA0G
CSqGSIb3DQEBCwUAA4IBAQCJ6PLbWbbCtDtB+p9ABhkAbqRfJvjqUekHUwvHlnsa
6KyYMHTAf1JVclEgDRMpx85rPAP4piXfZdPtr27Pb25eKhsNvWejzSgwvTOJ4RJC
uwFipSll+cEy0Iq6UFrQ8ckjxQMtUwcXg/n2iPLEw3iEQTSJoscqac4fXNn/uVrw
5iQVtGDQUXar7IMSxTFgqQHZAbsQvkFTvbvJr2m6jL+4jUXjjts27RmrRp1lEk7f
poNPqmtrorpzDz99JAOPan3AlxgXq3CACKL7qpIBvn1R8VfszMBQY+wHl/Wvor/J
eqrTPBMrBTcl6nD/bxlNtZASdPKplQK5K95pOipeHeGU
-----END CERTIFICATE-----