Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/fHJfbQdVy1c65w7yyFVXm8CE80A.roa
File:                     fHJfbQdVy1c65w7yyFVXm8CE80A.roa (raw, json)
Hash identifier:          mKYkkvRSiuIw83pBbnPFZlZiLjClCJ+nO6ayljch6fA=
Subject key identifier:   7C:72:5F:6D:07:55:CB:57:3A:E7:0E:F2:C8:55:57:9B:C0:84:F3:40
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C63E251B3F942852419C3C39F2E0
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/fHJfbQdVy1c65w7yyFVXm8CE80A.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58142
IP address blocks:        5.202.168.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c6:3e:25:1b:3f:94:28:52:41:9c:3c:39:f2:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c725f6d0755cb573ae70ef2c855579bc084f340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fa:f4:76:60:a7:72:7d:2a:4e:5e:ec:6c:82:
                    54:30:7e:b1:b2:9f:02:8b:16:cf:ba:28:cf:ec:49:
                    e3:8a:92:70:f1:6e:f7:4c:56:5b:ee:90:9b:ca:d9:
                    0a:62:c0:ef:74:ce:03:f6:5d:bb:16:13:cf:0e:70:
                    08:70:a3:97:7a:46:c6:35:81:db:7b:4d:bb:3a:89:
                    ec:e0:98:ae:d1:4a:c3:33:2e:8f:9c:2a:e0:4d:18:
                    ce:37:37:f0:15:7f:70:0b:d9:07:31:35:72:61:7b:
                    e1:91:a4:fe:ef:44:1b:e6:ee:d7:93:5d:bc:4e:ba:
                    6a:24:58:1a:90:30:8a:13:c9:c3:47:5f:91:47:40:
                    aa:2c:4a:cc:99:8b:3f:b2:d3:d8:14:65:e0:1b:d3:
                    c5:53:41:33:91:73:51:04:38:42:03:64:28:da:e7:
                    c2:4e:00:8f:b8:c3:5e:5b:97:a0:09:b0:0e:af:35:
                    a7:91:33:28:82:b1:e5:84:e5:be:9d:19:29:0a:9b:
                    c9:49:e9:94:83:d2:ac:52:21:e2:b2:46:26:33:10:
                    e0:cc:cb:df:6c:8f:11:f5:96:53:38:6e:11:69:aa:
                    91:1d:94:b3:06:d2:a4:d1:c7:15:80:1d:36:84:42:
                    41:21:6c:d9:31:45:c8:df:fe:11:3d:49:84:fe:de:
                    cd:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:72:5F:6D:07:55:CB:57:3A:E7:0E:F2:C8:55:57:9B:C0:84:F3:40
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/fHJfbQdVy1c65w7yyFVXm8CE80A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ad:01:48:ae:db:a4:2f:67:32:b3:3a:da:2f:fe:27:59:9d:b3:
         2f:79:51:94:84:df:9f:61:3f:23:67:32:cc:9e:d7:40:d9:6e:
         b9:c2:a5:36:8f:3f:8e:64:ee:e3:56:d7:a4:aa:9c:32:7f:dd:
         b8:58:55:16:f5:92:4d:6f:1d:17:67:7c:12:4c:3a:23:c1:36:
         59:4e:6e:7e:fb:7a:8d:13:27:5e:36:f9:6a:f5:b0:44:b2:d2:
         b1:b2:f4:ee:b9:89:b8:2a:58:3a:1b:7b:92:1c:65:40:92:92:
         96:3e:6e:a6:77:3b:b1:58:0e:6b:ec:d6:5d:32:f0:d4:30:9e:
         24:25:ea:dc:b0:6f:43:72:ea:25:d8:9d:83:1d:f5:aa:9c:52:
         8c:31:2f:e9:5d:b4:0c:f7:88:53:43:83:95:28:9d:66:79:1b:
         af:54:d4:34:c1:c4:00:b5:f6:66:66:a3:28:af:d4:29:21:37:
         bc:dc:c0:7a:ac:1b:42:55:91:af:13:46:b4:ae:93:84:f0:54:
         e0:d7:df:e0:9c:52:8c:2c:f2:ce:b8:26:01:cf:40:2a:8c:d8:
         a3:56:e6:42:81:9e:d4:30:d3:06:b5:78:ca:3d:30:e2:a8:93:
         f4:9f:e3:97:7a:ce:e2:e2:52:7a:5d:14:06:24:7d:a7:8f:05:
         f3:4a:27:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMY+JRs/lChSQZw8OfLgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzcyNWY2ZDA3NTVjYjU3M2FlNzBlZjJjODU1NTc5YmMwODRmMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/r0dmCncn0qTl7sbIJUMH6xsp8C
ixbPuijP7EnjipJw8W73TFZb7pCbytkKYsDvdM4D9l27FhPPDnAIcKOXekbGNYHb
e027Oons4Jiu0UrDMy6PnCrgTRjONzfwFX9wC9kHMTVyYXvhkaT+70Qb5u7Xk128
TrpqJFgakDCKE8nDR1+RR0CqLErMmYs/stPYFGXgG9PFU0EzkXNRBDhCA2Qo2ufC
TgCPuMNeW5egCbAOrzWnkTMogrHlhOW+nRkpCpvJSemUg9KsUiHiskYmMxDgzMvf
bI8R9ZZTOG4RaaqRHZSzBtKk0ccVgB02hEJBIWzZMUXI3/4RPUmE/t7NfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxyX20HVctXOucO8shVV5vAhPNAMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvZkhKZmJRZFZ5MWM2NXc3eXlGVlhtOENFODBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBcqoMA0G
CSqGSIb3DQEBCwUAA4IBAQCtAUiu26QvZzKzOtov/idZnbMveVGUhN+fYT8jZzLM
ntdA2W65wqU2jz+OZO7jVtekqpwyf924WFUW9ZJNbx0XZ3wSTDojwTZZTm5++3qN
EydeNvlq9bBEstKxsvTuuYm4Klg6G3uSHGVAkpKWPm6mdzuxWA5r7NZdMvDUMJ4k
JercsG9Dcuol2J2DHfWqnFKMMS/pXbQM94hTQ4OVKJ1meRuvVNQ0wcQAtfZmZqMo
r9QpITe83MB6rBtCVZGvE0a0rpOE8FTg19/gnFKMLPLOuCYBz0AqjNijVuZCgZ7U
MNMGtXjKPTDiqJP0n+OXes7i4lJ6XRQGJH2njwXzSieP
-----END CERTIFICATE-----