Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/XbmHThqhegm3X2CpGaMeQwTQLRw.roa
File:                     XbmHThqhegm3X2CpGaMeQwTQLRw.roa (raw, json)
Hash identifier:          vLDcTRAExrtdUtuPUwQldeFrqz6FW7qGQVqQCCDw+hE=
Subject key identifier:   5D:B9:87:4E:1A:A1:7A:09:B7:5F:60:A9:19:A3:1E:43:04:D0:2D:1C
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C71B1569F8C69DCC723F7A08FCB9
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/XbmHThqhegm3X2CpGaMeQwTQLRw.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200376
IP address blocks:        5.202.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c7:1b:15:69:f8:c6:9d:cc:72:3f:7a:08:fc:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5db9874e1aa17a09b75f60a919a31e4304d02d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:20:03:d0:2b:81:0f:f0:08:d5:94:59:1f:38:
                    1f:a2:0f:05:99:b6:6e:39:29:fb:1d:db:ba:92:dc:
                    e8:20:e9:20:5c:be:6a:17:67:ca:a1:1f:64:ae:07:
                    47:07:7e:3d:c3:86:f5:44:9d:5f:0e:d6:67:f1:94:
                    fc:1a:14:1f:f0:f1:88:9f:2e:07:0b:22:9a:40:11:
                    3a:04:c3:1e:b6:b5:db:a2:45:86:8e:c3:63:e6:f8:
                    97:25:50:b3:e8:60:27:c6:c3:06:35:30:7d:a1:ac:
                    8e:b1:00:96:7f:5c:4a:e7:5a:d9:a6:21:e7:c8:71:
                    bb:e2:0f:4e:3b:eb:3d:34:6f:45:bb:8e:8c:a0:0c:
                    53:e8:18:74:0d:f6:f0:e7:bb:67:cb:38:f9:86:56:
                    62:2c:af:8f:74:e8:35:e9:f5:97:3d:ed:08:10:9b:
                    49:45:8b:ec:6e:07:fd:7c:1b:3e:0f:f0:3a:e5:b8:
                    de:8d:f9:ab:83:25:4b:e2:0e:c5:20:de:27:a8:b6:
                    f5:ad:15:7d:44:d1:72:8e:08:69:e3:ba:9a:4e:52:
                    34:51:8c:a8:8d:43:27:4c:8a:12:ff:41:ec:7d:63:
                    c8:37:ab:c2:69:25:b5:8e:5b:f1:f1:11:c0:b2:e0:
                    ef:18:80:00:cd:35:33:4d:57:d7:28:5a:f1:0d:6c:
                    35:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B9:87:4E:1A:A1:7A:09:B7:5F:60:A9:19:A3:1E:43:04:D0:2D:1C
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/XbmHThqhegm3X2CpGaMeQwTQLRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:46:65:69:48:ce:dd:20:4c:f1:0e:b4:b3:02:5d:31:d3:f4:
         f2:10:ba:01:c2:57:bf:21:2b:5d:bf:f1:00:e0:7c:b2:55:9a:
         f0:3e:6a:e7:d5:c9:0f:99:7f:fe:f4:ed:21:1c:6d:cb:6e:35:
         1a:2d:d2:be:15:d0:a2:87:fd:52:bd:1a:a4:00:0e:3a:3f:6d:
         b0:6e:50:9d:8e:58:7c:29:4e:8b:11:ec:b9:e7:56:4b:e5:ed:
         f8:1e:7f:02:12:1f:2d:3f:69:b6:47:6f:b6:a3:66:ee:ad:5d:
         13:39:f0:04:aa:09:eb:5d:ad:8b:8b:66:c7:8a:e1:5a:23:fb:
         57:09:18:db:b3:d4:04:8b:34:ac:33:2c:03:03:ef:2e:f4:81:
         db:a0:6d:57:74:fc:1d:1d:a9:2f:d9:ec:58:39:41:c3:6e:5e:
         08:b6:16:bf:8f:c9:6f:c5:9d:90:61:d0:d4:66:77:39:7d:22:
         3e:a8:88:9a:37:2f:17:78:f2:55:70:2d:a8:ca:49:d9:34:49:
         fb:17:b2:eb:3a:c9:cc:f0:79:f1:da:4c:66:f7:a5:0d:e6:30:
         15:28:06:bb:eb:3c:17:77:02:1b:47:69:1f:c4:8c:ef:38:ca:
         89:e8:2a:a1:5f:a7:af:39:79:6d:5a:86:c0:4f:33:05:e2:cc:
         51:9e:25:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMcbFWn4xp3Mcj96CPy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI5ODc0ZTFhYTE3YTA5Yjc1ZjYwYTkxOWEzMWU0MzA0ZDAyZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCAD0CuBD/AI1ZRZHzgfog8FmbZu
OSn7Hdu6ktzoIOkgXL5qF2fKoR9krgdHB349w4b1RJ1fDtZn8ZT8GhQf8PGIny4H
CyKaQBE6BMMetrXbokWGjsNj5viXJVCz6GAnxsMGNTB9oayOsQCWf1xK51rZpiHn
yHG74g9OO+s9NG9Fu46MoAxT6Bh0Dfbw57tnyzj5hlZiLK+PdOg16fWXPe0IEJtJ
RYvsbgf9fBs+D/A65bjejfmrgyVL4g7FIN4nqLb1rRV9RNFyjghp47qaTlI0UYyo
jUMnTIoS/0HsfWPIN6vCaSW1jlvx8RHAsuDvGIAAzTUzTVfXKFrxDWw1dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF25h04aoXoJt19gqRmjHkME0C0cMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvWGJtSFRocWhlZ20zWDJDcEdhTWVRd1RRTFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABcpWMA0G
CSqGSIb3DQEBCwUAA4IBAQCgRmVpSM7dIEzxDrSzAl0x0/TyELoBwle/IStdv/EA
4HyyVZrwPmrn1ckPmX/+9O0hHG3LbjUaLdK+FdCih/1SvRqkAA46P22wblCdjlh8
KU6LEey551ZL5e34Hn8CEh8tP2m2R2+2o2burV0TOfAEqgnrXa2Li2bHiuFaI/tX
CRjbs9QEizSsMywDA+8u9IHboG1XdPwdHakv2exYOUHDbl4Itha/j8lvxZ2QYdDU
Znc5fSI+qIiaNy8XePJVcC2oyknZNEn7F7LrOsnM8Hnx2kxm96UN5jAVKAa76zwX
dwIbR2kfxIzvOMqJ6CqhX6evOXltWobATzMF4sxRniV1
-----END CERTIFICATE-----