Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/y5SuKmcUemt9OJc8wj1yplgBTMg.roa
File:                     y5SuKmcUemt9OJc8wj1yplgBTMg.roa (raw, json)
Hash identifier:          87ru/b996XrJAfTEL9AG3yc21G1405lwgbLevUSPwbE=
Subject key identifier:   CB:94:AE:2A:67:14:7A:6B:7D:38:97:3C:C2:3D:72:A6:58:01:4C:C8
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C31ABE8C9A024A8C7EB6D7E5F49A
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/y5SuKmcUemt9OJc8wj1yplgBTMg.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41689
IP address blocks:        5.202.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c3:1a:be:8c:9a:02:4a:8c:7e:b6:d7:e5:f4:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb94ae2a67147a6b7d38973cc23d72a658014cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b5:99:3b:a7:e5:8b:e6:b7:f3:b6:1d:e6:fb:
                    ab:10:ae:bb:8b:49:72:13:92:14:ce:b0:50:2e:c4:
                    93:f4:4b:60:00:93:92:08:62:da:3b:f0:2c:af:d3:
                    91:63:31:60:11:91:75:67:61:f0:8f:f6:17:ce:0b:
                    b7:cc:f2:07:aa:3e:56:b8:6b:70:be:3c:3f:42:a4:
                    9e:a6:9a:5e:79:81:51:18:29:6d:61:54:b4:3c:f3:
                    d3:b0:a3:24:84:59:e0:da:76:a3:fd:fe:84:fb:4e:
                    3b:3c:e8:8e:db:e9:38:db:63:4d:6f:a3:e6:d2:d0:
                    69:b0:e1:30:1d:6c:97:1c:59:21:18:1d:e8:1e:8c:
                    23:d6:05:25:8f:33:e3:67:71:e8:a0:6e:c6:c9:6c:
                    5d:37:3c:39:ec:ab:33:76:ad:70:27:63:b2:7b:0b:
                    f2:a5:9b:59:0d:c0:e6:04:0d:85:c8:1e:e1:75:c5:
                    fa:f0:2c:53:91:44:69:cd:f7:79:cf:e3:be:63:fd:
                    18:59:e8:64:53:80:ca:70:9d:86:fe:cf:65:62:3b:
                    b9:3f:b1:18:9d:31:b1:14:16:49:15:57:a0:52:f0:
                    b9:33:3c:25:0d:b4:ba:30:8d:3c:2f:97:62:64:34:
                    6f:ea:14:5c:11:44:66:47:60:88:c3:c3:b6:86:b8:
                    71:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:94:AE:2A:67:14:7A:6B:7D:38:97:3C:C2:3D:72:A6:58:01:4C:C8
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/y5SuKmcUemt9OJc8wj1yplgBTMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:21:ae:10:68:20:6b:ad:84:96:25:3f:ea:92:ee:d6:c4:7a:
         09:9c:a1:ce:eb:80:d0:ca:9e:f4:d4:6d:a9:71:59:06:27:06:
         d3:aa:39:cd:72:61:e3:fd:f1:84:e9:01:d5:5d:9f:67:2a:e9:
         5b:b2:30:7f:5f:33:9e:51:36:b1:8d:e7:36:67:81:b4:1d:d7:
         b8:05:fa:6f:09:58:b4:34:af:a5:b8:86:00:5c:d5:63:2b:74:
         f8:6e:35:67:80:64:95:2c:bc:af:0d:3d:dc:bf:35:0f:ce:04:
         46:a6:b0:ea:34:bc:00:bf:60:48:a5:73:3b:08:cc:78:4a:39:
         cb:c4:31:e0:bb:47:81:5b:16:5b:e2:4d:83:8b:8d:65:2a:58:
         f1:53:6d:ea:78:80:b4:b0:3a:eb:1b:c0:c4:69:2c:e3:b9:14:
         43:4f:5d:18:3a:35:57:f8:e8:8d:dc:09:b5:25:5b:1e:f0:75:
         4d:2f:54:3e:d9:86:c5:0e:70:09:92:fd:c6:a9:1a:d7:f2:be:
         4f:13:9b:86:ef:5d:4a:e5:f7:7f:e5:ab:69:e1:54:a2:04:23:
         cc:9f:39:88:67:aa:2f:34:44:94:5a:b2:50:ef:2e:d2:24:5b:
         19:1a:4d:bf:e7:52:84:3d:d5:f1:59:ff:8a:de:4b:7d:24:66:
         8e:38:89:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMMavoyaAkqMfrbX5fSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk0YWUyYTY3MTQ3YTZiN2QzODk3M2NjMjNkNzJhNjU4MDE0Y2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLWZO6fli+a387Yd5vurEK67i0ly
E5IUzrBQLsST9EtgAJOSCGLaO/Asr9ORYzFgEZF1Z2Hwj/YXzgu3zPIHqj5WuGtw
vjw/QqSepppeeYFRGCltYVS0PPPTsKMkhFng2naj/f6E+047POiO2+k422NNb6Pm
0tBpsOEwHWyXHFkhGB3oHowj1gUljzPjZ3HooG7GyWxdNzw57Kszdq1wJ2Oyewvy
pZtZDcDmBA2FyB7hdcX68CxTkURpzfd5z+O+Y/0YWehkU4DKcJ2G/s9lYju5P7EY
nTGxFBZJFVegUvC5MzwlDbS6MI08L5diZDRv6hRcEURmR2CIw8O2hrhxYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuUripnFHprfTiXPMI9cqZYAUzIMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEveTVTdUttY1VlbXQ5T0pjOHdqMXlwbGdCVE1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABcqHMA0G
CSqGSIb3DQEBCwUAA4IBAQB+Ia4QaCBrrYSWJT/qku7WxHoJnKHO64DQyp701G2p
cVkGJwbTqjnNcmHj/fGE6QHVXZ9nKulbsjB/XzOeUTaxjec2Z4G0Hde4BfpvCVi0
NK+luIYAXNVjK3T4bjVngGSVLLyvDT3cvzUPzgRGprDqNLwAv2BIpXM7CMx4SjnL
xDHgu0eBWxZb4k2Di41lKljxU23qeIC0sDrrG8DEaSzjuRRDT10YOjVX+OiN3Am1
JVse8HVNL1Q+2YbFDnAJkv3GqRrX8r5PE5uG711K5fd/5atp4VSiBCPMnzmIZ6ov
NESUWrJQ7y7SJFsZGk2/51KEPdXxWf+K3kt9JGaOOIn4
-----END CERTIFICATE-----