Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/8r8gE7GPa98NgZkWQQGCGc3Sdlk.roa
File:                     8r8gE7GPa98NgZkWQQGCGc3Sdlk.roa (raw, json)
Hash identifier:          k8aE/QQNQh7UhiBtx81uNLOF0yA1bjrJY/A3YQ+J6ik=
Subject key identifier:   F2:BF:20:13:B1:8F:6B:DF:0D:81:99:16:41:01:82:19:CD:D2:76:59
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C91A0A975329A856644BB1A25BA4
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/8r8gE7GPa98NgZkWQQGCGc3Sdlk.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208412
IP address blocks:        5.202.204.0/24 maxlen: 24
                          5.202.204.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c9:1a:0a:97:53:29:a8:56:64:4b:b1:a2:5b:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2bf2013b18f6bdf0d81991641018219cdd27659
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:20:9b:4f:b5:f2:a7:1d:89:61:30:b0:f7:90:
                    e9:6d:c7:8f:6b:a9:93:33:ae:af:b6:b5:cd:e7:76:
                    27:bb:5d:9c:8f:8a:b3:fb:9a:97:25:da:08:24:88:
                    5c:84:0f:75:0a:e1:69:07:76:42:0b:75:eb:26:d0:
                    b0:84:a1:b2:ca:25:9d:a2:2b:0b:50:49:68:12:0f:
                    75:b5:57:74:fa:ee:db:d7:31:30:e0:40:e0:20:1c:
                    e0:4b:5d:4b:52:1a:4b:fa:06:a9:ee:a2:ae:5b:b8:
                    a9:bf:38:39:d1:12:30:84:92:9f:d6:71:47:51:12:
                    b3:8e:d9:8b:3d:91:6f:d5:02:6c:b8:65:76:04:68:
                    a1:5d:3d:6e:8c:03:7a:da:56:d2:b6:b2:a7:ed:e6:
                    00:53:bf:57:ce:c2:03:90:6c:0f:a0:59:1c:3c:d8:
                    04:8c:8a:e9:d2:f7:44:42:62:6b:0e:fc:cc:0d:84:
                    f5:73:32:c3:6f:56:14:c4:25:fc:32:9f:3b:96:f8:
                    d3:3c:0d:24:01:ce:ce:df:2b:0f:cf:5f:3a:59:52:
                    10:60:38:c0:c5:f3:78:66:ab:69:7e:ed:4c:bb:f8:
                    09:77:62:52:a2:f5:69:28:85:34:e4:28:ec:d7:30:
                    d6:b3:4b:a1:c4:0c:03:70:12:21:9e:be:22:1a:38:
                    2c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:BF:20:13:B1:8F:6B:DF:0D:81:99:16:41:01:82:19:CD:D2:76:59
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/8r8gE7GPa98NgZkWQQGCGc3Sdlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:7c:44:2e:39:a0:bb:c9:2c:64:da:df:9e:0d:0e:67:46:37:
         9d:a5:68:aa:11:84:de:47:33:42:19:91:c9:0c:82:d4:2b:41:
         09:f2:00:8d:6f:4e:47:2e:99:25:89:f6:e6:8d:bd:cc:d1:cb:
         24:82:7d:6f:69:5d:63:79:eb:29:f8:70:f6:d6:c9:46:22:d6:
         e8:23:67:98:13:20:2b:6d:8b:b6:e6:a9:2c:42:c8:d1:04:e8:
         be:0d:4d:d7:62:e4:57:68:77:03:c5:01:c7:c3:1c:e0:9f:90:
         e3:d6:2b:a0:82:97:95:d4:b4:d3:96:da:e6:ba:27:bd:cb:c4:
         5c:a8:de:89:28:d4:0c:d8:05:bf:38:8d:60:b5:09:ed:69:d7:
         4a:a0:b8:4a:6d:3f:5c:d3:07:4a:23:a7:79:50:54:ba:70:c3:
         a0:df:1f:84:bd:42:22:7a:19:0c:bb:b3:bc:9f:a3:71:74:5b:
         82:0a:32:fa:41:75:e1:8b:fd:5d:ef:fa:f0:da:d2:1e:07:65:
         72:cf:bc:15:5e:ad:19:66:88:a8:4e:5b:a3:aa:fc:65:09:76:
         45:d5:b1:96:77:72:fc:1e:5a:4f:13:f3:45:94:21:ca:7f:cc:
         80:be:72:21:a2:eb:7a:5a:fe:63:5f:98:15:7a:44:a8:f0:6b:
         65:3c:cf:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMkaCpdTKahWZEuxolukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmJmMjAxM2IxOGY2YmRmMGQ4MTk5MTY0MTAxODIxOWNkZDI3NjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyCbT7Xypx2JYTCw95DpbcePa6mT
M66vtrXN53Ynu12cj4qz+5qXJdoIJIhchA91CuFpB3ZCC3XrJtCwhKGyyiWdoisL
UEloEg91tVd0+u7b1zEw4EDgIBzgS11LUhpL+gap7qKuW7ipvzg50RIwhJKf1nFH
URKzjtmLPZFv1QJsuGV2BGihXT1ujAN62lbStrKn7eYAU79XzsIDkGwPoFkcPNgE
jIrp0vdEQmJrDvzMDYT1czLDb1YUxCX8Mp87lvjTPA0kAc7O3ysPz186WVIQYDjA
xfN4Zqtpfu1Mu/gJd2JSovVpKIU05Cjs1zDWs0uhxAwDcBIhnr4iGjgsJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPK/IBOxj2vfDYGZFkEBghnN0nZZMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvOHI4Z0U3R1BhOThOZ1prV1FRR0NHYzNTZGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBcrMMA0G
CSqGSIb3DQEBCwUAA4IBAQBAfEQuOaC7ySxk2t+eDQ5nRjedpWiqEYTeRzNCGZHJ
DILUK0EJ8gCNb05HLpklifbmjb3M0cskgn1vaV1jeesp+HD21slGItboI2eYEyAr
bYu25qksQsjRBOi+DU3XYuRXaHcDxQHHwxzgn5Dj1iuggpeV1LTTltrmuie9y8Rc
qN6JKNQM2AW/OI1gtQntaddKoLhKbT9c0wdKI6d5UFS6cMOg3x+EvUIiehkMu7O8
n6NxdFuCCjL6QXXhi/1d7/rw2tIeB2Vyz7wVXq0ZZoioTlujqvxlCXZF1bGWd3L8
HlpPE/NFlCHKf8yAvnIhout6Wv5jX5gVekSo8GtlPM+3
-----END CERTIFICATE-----