Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/npSbX89ppW1EvXT8SquAkvP6voE.roa
File:                     npSbX89ppW1EvXT8SquAkvP6voE.roa (raw, json)
Hash identifier:          MxmtVOWJZ2CbOzuQXF5iaQtC+5JJ6zax1Xsv1/neKxU=
Subject key identifier:   9E:94:9B:5F:CF:69:A5:6D:44:BD:74:FC:4A:AB:80:92:F3:FA:BE:81
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       01941F8C4F1D4B37C062E3064B0AF5A5815A
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/npSbX89ppW1EvXT8SquAkvP6voE.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200376
IP address blocks:        5.202.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4f:1d:4b:37:c0:62:e3:06:4b:0a:f5:a5:81:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e949b5fcf69a56d44bd74fc4aab8092f3fabe81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d0:b4:66:5a:94:42:b7:1b:f4:4a:e6:56:86:
                    31:11:e4:6a:97:a2:e0:45:f5:f2:14:81:a7:89:0a:
                    52:18:aa:54:a7:2a:0d:55:17:72:b4:4e:ff:ba:d7:
                    26:ea:cd:53:a0:e2:5e:d0:c5:b4:ca:05:5e:ab:13:
                    79:3d:31:93:80:1b:c7:0d:b2:cd:46:f2:27:a2:27:
                    30:9c:eb:e1:07:f3:b3:49:46:9a:53:c0:c8:a9:c9:
                    d2:d1:06:e2:76:74:e3:b8:48:81:70:88:54:a1:e4:
                    56:85:a1:42:e9:7a:32:ca:c4:cb:1c:fa:24:43:95:
                    b7:34:c3:3c:a7:e7:96:dc:4a:39:8e:43:50:c5:78:
                    be:2a:58:75:2b:9d:d8:ce:f1:61:85:86:f1:99:cc:
                    ee:fa:ef:bb:8c:a5:2c:31:c0:ac:6a:4e:78:8d:dc:
                    b9:4a:e7:30:a3:f6:73:4e:61:71:f1:fe:0b:c5:73:
                    37:96:1c:e5:99:41:6b:e6:2e:f3:4d:3f:a1:6f:8e:
                    8e:55:91:07:bf:93:a6:09:a2:13:d9:67:a6:bf:7d:
                    85:ca:81:09:fd:c7:14:01:38:9b:2f:bb:3e:81:f2:
                    4b:15:36:e6:7d:1e:5f:f1:d3:3b:d8:0d:8e:00:2d:
                    62:41:10:b3:33:db:9a:6d:06:b8:61:6b:36:9f:89:
                    74:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:94:9B:5F:CF:69:A5:6D:44:BD:74:FC:4A:AB:80:92:F3:FA:BE:81
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/npSbX89ppW1EvXT8SquAkvP6voE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:2e:0b:79:88:b6:ed:10:9e:44:d8:12:a0:1d:91:97:82:e7:
         ac:dc:5e:2d:68:f9:da:e3:81:e8:d1:77:7e:b7:17:30:ee:e2:
         d9:35:0b:6c:82:47:e1:b7:e1:f2:cd:eb:a1:16:55:86:c4:c7:
         99:c7:40:fd:3d:6e:6c:69:6f:ad:25:b0:05:fe:98:17:95:25:
         cd:76:e7:ef:b8:f4:41:e0:3c:c3:d7:10:67:e6:f8:37:84:09:
         28:b2:ce:a1:5f:28:52:e2:43:3f:1e:a7:22:67:8c:2c:a0:60:
         d1:81:f6:82:0f:2b:71:c8:5d:ac:de:f9:ba:f5:72:36:4f:1b:
         60:8e:93:40:ab:08:f8:4a:9c:11:f6:be:e6:a7:e6:1d:f4:41:
         a3:19:1b:23:42:34:04:04:4d:ca:58:65:a6:8b:1a:34:74:a8:
         4b:53:e4:e9:a8:35:36:15:43:6a:64:53:6c:13:81:95:c5:ac:
         25:5f:86:8e:5a:71:7c:5d:8c:f2:4b:36:e8:fe:1b:34:8e:f6:
         8a:61:a0:77:33:10:c9:ae:6b:08:19:90:c6:17:95:fc:51:96:
         ac:e5:a6:73:95:e6:50:1f:5e:32:7c:0d:39:3e:2b:93:34:86:
         1d:82:4f:0d:59:85:54:3b:3e:e5:e1:26:74:dc:4f:c0:f8:2b:
         3b:27:3d:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjE8dSzfAYuMGSwr1pYFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTk0OWI1ZmNmNjlhNTZkNDRiZDc0ZmM0YWFiODA5MmYzZmFiZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltC0ZlqUQrcb9ErmVoYxEeRql6Lg
RfXyFIGniQpSGKpUpyoNVRdytE7/utcm6s1ToOJe0MW0ygVeqxN5PTGTgBvHDbLN
RvInoicwnOvhB/OzSUaaU8DIqcnS0QbidnTjuEiBcIhUoeRWhaFC6XoyysTLHPok
Q5W3NMM8p+eW3Eo5jkNQxXi+Klh1K53YzvFhhYbxmczu+u+7jKUsMcCsak54jdy5
Sucwo/ZzTmFx8f4LxXM3lhzlmUFr5i7zTT+hb46OVZEHv5OmCaIT2Wemv32FyoEJ
/ccUATibL7s+gfJLFTbmfR5f8dM72A2OAC1iQRCzM9uabQa4YWs2n4l0ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6Um1/PaaVtRL10/EqrgJLz+r6BMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvbnBTYlg4OXBwVzFFdlhUOFNxdUFrdlA2dm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABcpWMA0G
CSqGSIb3DQEBCwUAA4IBAQC+Lgt5iLbtEJ5E2BKgHZGXgues3F4taPna44Ho0Xd+
txcw7uLZNQtsgkfht+HyzeuhFlWGxMeZx0D9PW5saW+tJbAF/pgXlSXNdufvuPRB
4DzD1xBn5vg3hAkoss6hXyhS4kM/HqciZ4wsoGDRgfaCDytxyF2s3vm69XI2Txtg
jpNAqwj4SpwR9r7mp+Yd9EGjGRsjQjQEBE3KWGWmixo0dKhLU+TpqDU2FUNqZFNs
E4GVxawlX4aOWnF8XYzySzbo/hs0jvaKYaB3MxDJrmsIGZDGF5X8UZas5aZzleZQ
H14yfA05PiuTNIYdgk8NWYVUOz7l4SZ03E/A+Cs7Jz0/
-----END CERTIFICATE-----