Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/tfTjjOAMSUGwFesB85GwFzVOyOg.roa
File:                     tfTjjOAMSUGwFesB85GwFzVOyOg.roa (raw, json)
Hash identifier:          DZ01sfyvtKIOAWNrbijdMgZ0Cf0i0izBgKNLMbH9quI=
Subject key identifier:   B5:F4:E3:8C:E0:0C:49:41:B0:15:EB:01:F3:91:B0:17:35:4E:C8:E8
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C68D0150872327139524E6A82493
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/tfTjjOAMSUGwFesB85GwFzVOyOg.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60138
IP address blocks:        5.202.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c6:8d:01:50:87:23:27:13:95:24:e6:a8:24:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5f4e38ce00c4941b015eb01f391b017354ec8e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ca:2e:42:cc:1f:c5:80:df:ae:44:7d:bc:fb:
                    1a:2c:64:3c:88:ff:51:ee:e9:7c:45:07:ee:ce:d3:
                    3a:a1:27:e2:8d:65:40:0e:0e:35:e3:95:82:a4:cb:
                    9c:24:4d:2b:41:fd:3a:88:37:b4:73:58:69:a5:50:
                    ba:72:66:b5:35:78:c0:b1:b3:98:ba:49:fa:48:8c:
                    a2:d8:ee:72:03:e6:3b:17:bc:54:8e:f5:8f:50:03:
                    b0:e2:2c:90:1f:46:cb:5f:b5:35:92:11:ae:24:14:
                    b6:7a:fe:14:d7:35:5b:2a:89:10:4f:74:53:f8:bc:
                    51:09:83:7a:21:32:a2:53:6b:3d:c9:f9:b1:c0:9e:
                    d8:15:10:f2:cb:07:ba:43:68:97:22:1c:03:0f:e5:
                    e8:2d:8e:46:78:31:48:42:e4:1e:5d:88:01:f3:00:
                    1f:3c:75:ff:95:dd:f6:b2:84:80:d4:2f:46:57:d7:
                    38:ad:e2:2e:2f:18:36:f1:b7:c4:00:5c:e2:a6:1a:
                    27:d7:91:fb:b2:c8:21:70:ad:79:a9:d5:0c:f8:e8:
                    5e:22:14:26:38:a7:9f:a0:2a:71:0e:a2:5e:c1:0d:
                    c1:ba:3e:90:38:aa:57:11:7b:6a:f1:87:a3:76:a9:
                    d7:f4:12:f4:d1:0a:f1:7d:93:b5:0f:fc:75:fc:1a:
                    88:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F4:E3:8C:E0:0C:49:41:B0:15:EB:01:F3:91:B0:17:35:4E:C8:E8
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/tfTjjOAMSUGwFesB85GwFzVOyOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:82:76:89:92:1b:a6:c0:c7:bf:af:d4:b3:01:43:82:8c:9f:
         f8:db:23:c9:c0:c0:31:e1:f8:1f:2e:d1:ce:2e:a2:f1:7a:c4:
         4d:a6:03:0c:62:6c:0e:58:5a:40:e6:8f:14:b7:80:9c:98:d8:
         40:fc:53:44:8e:8f:22:32:7a:b4:48:02:92:8b:be:a8:36:ca:
         e8:fc:a9:1d:3d:ee:fc:2f:14:45:aa:a2:d2:bd:ad:2c:7a:02:
         d8:93:ee:7a:3a:8d:05:87:2a:db:cd:34:ad:dd:b0:45:99:2c:
         33:ee:fe:b8:2e:69:d9:74:a3:b9:71:93:c5:7a:56:16:ac:fb:
         f4:17:35:16:fe:0d:0e:ae:2d:ad:69:f8:78:ba:e4:c3:98:f6:
         42:29:55:b2:b9:75:24:84:18:3b:be:a7:72:d0:cc:f2:f8:93:
         7f:b2:a9:d0:90:90:42:f5:a6:d1:87:f8:30:a7:ee:71:2c:59:
         9c:05:5d:53:d6:73:b7:41:9b:77:56:55:37:a2:1a:05:53:d1:
         5a:26:e9:97:ab:b8:42:f9:43:63:f1:71:74:2b:46:c1:7e:8c:
         c2:c1:38:8c:ea:4f:70:47:b1:6c:b4:a9:bf:11:ab:d7:c0:37:
         40:48:52:47:48:2f:22:ba:c8:b6:2b:64:18:73:ff:3a:84:98:
         6d:59:26:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMaNAVCHIycTlSTmqCSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWY0ZTM4Y2UwMGM0OTQxYjAxNWViMDFmMzkxYjAxNzM1NGVjOGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8ouQswfxYDfrkR9vPsaLGQ8iP9R
7ul8RQfuztM6oSfijWVADg4145WCpMucJE0rQf06iDe0c1hppVC6cma1NXjAsbOY
ukn6SIyi2O5yA+Y7F7xUjvWPUAOw4iyQH0bLX7U1khGuJBS2ev4U1zVbKokQT3RT
+LxRCYN6ITKiU2s9yfmxwJ7YFRDyywe6Q2iXIhwDD+XoLY5GeDFIQuQeXYgB8wAf
PHX/ld32soSA1C9GV9c4reIuLxg28bfEAFziphon15H7ssghcK15qdUM+OheIhQm
OKefoCpxDqJewQ3Buj6QOKpXEXtq8YejdqnX9BL00QrxfZO1D/x1/BqIpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLX044zgDElBsBXrAfORsBc1TsjoMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvdGZUampPQU1TVUd3RmVzQjg1R3dGelZPeU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBcpYMA0G
CSqGSIb3DQEBCwUAA4IBAQB1gnaJkhumwMe/r9SzAUOCjJ/42yPJwMAx4fgfLtHO
LqLxesRNpgMMYmwOWFpA5o8Ut4CcmNhA/FNEjo8iMnq0SAKSi76oNsro/KkdPe78
LxRFqqLSva0segLYk+56Oo0FhyrbzTSt3bBFmSwz7v64LmnZdKO5cZPFelYWrPv0
FzUW/g0Ori2tafh4uuTDmPZCKVWyuXUkhBg7vqdy0Mzy+JN/sqnQkJBC9abRh/gw
p+5xLFmcBV1T1nO3QZt3VlU3ohoFU9FaJumXq7hC+UNj8XF0K0bBfozCwTiM6k9w
R7FstKm/EavXwDdASFJHSC8iusi2K2QYc/86hJhtWSaJ
-----END CERTIFICATE-----