Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/6XtZM194OdHKrAzig3c5ExdN_ZM.roa
File:                     6XtZM194OdHKrAzig3c5ExdN_ZM.roa (raw, json)
Hash identifier:          qB1y+Hz0CVyxyXdy1LZy5TNrg3UI6g4R2MbnOJuN4O4=
Subject key identifier:   E9:7B:59:33:5F:78:39:D1:CA:AC:0C:E2:83:77:39:13:17:4D:FD:93
Certificate issuer:       /CN=99ce77f7d916513b84914849950fe43f55694fda
Certificate serial:       018CC26D27C5CF5BAA89FD9A7E2A9159DAD8
Authority key identifier: 99:CE:77:F7:D9:16:51:3B:84:91:48:49:95:0F:E4:3F:55:69:4F:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5399kWUTuEkUhJlQ_kP1VpT9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/6XtZM194OdHKrAzig3c5ExdN_ZM.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208984
IP address blocks:        5.102.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/mc5399kWUTuEkUhJlQ_kP1VpT9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/mc5399kWUTuEkUhJlQ_kP1VpT9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5399kWUTuEkUhJlQ_kP1VpT9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:03:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:27:c5:cf:5b:aa:89:fd:9a:7e:2a:91:59:da:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce77f7d916513b84914849950fe43f55694fda
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e97b59335f7839d1caac0ce283773913174dfd93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d4:89:6e:b4:83:3d:b4:a4:5b:44:7b:76:8d:
                    52:b7:3a:ef:40:25:37:a2:9c:8c:42:9d:eb:93:bb:
                    bc:67:7d:be:bc:58:f3:4b:39:45:30:62:70:bc:94:
                    a2:5e:7d:05:d8:04:47:9d:fa:e6:1d:c3:64:18:ea:
                    49:95:83:6c:c5:0a:4f:0d:f2:dc:65:dc:c4:e9:a0:
                    ee:79:36:04:74:24:a0:c9:39:45:e9:b7:eb:21:e9:
                    f8:36:1d:3a:b7:18:59:f6:3a:86:44:d3:f3:c5:89:
                    b2:14:26:8b:97:6b:15:52:11:e1:55:e5:56:f9:a3:
                    2e:e3:5e:ee:be:97:64:01:80:46:7f:55:ca:c5:84:
                    44:3b:e6:6d:81:06:d7:64:0e:c4:32:aa:f4:b4:61:
                    13:ae:a8:e6:19:6b:ef:fb:2f:dd:b9:8e:e5:34:4d:
                    ec:30:65:b2:54:c2:f0:0a:ee:5f:71:28:da:7e:4c:
                    d5:bf:0c:c8:08:9e:f0:2b:a7:a4:12:2a:d5:81:7d:
                    c5:fa:eb:82:8a:81:2b:81:a8:7f:89:a2:a5:76:20:
                    f7:69:42:52:7a:e0:79:41:01:17:b3:36:83:98:39:
                    6f:5c:64:cd:46:90:b4:4f:cd:64:53:58:2b:99:d7:
                    fb:98:43:e0:14:36:3d:54:67:57:fa:2c:16:01:48:
                    80:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:7B:59:33:5F:78:39:D1:CA:AC:0C:E2:83:77:39:13:17:4D:FD:93
            X509v3 Authority Key Identifier:
                keyid:99:CE:77:F7:D9:16:51:3B:84:91:48:49:95:0F:E4:3F:55:69:4F:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5399kWUTuEkUhJlQ_kP1VpT9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/6XtZM194OdHKrAzig3c5ExdN_ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/mc5399kWUTuEkUhJlQ_kP1VpT9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:ec:7d:92:8a:db:e0:33:ed:8c:db:d3:57:74:1b:94:f6:ac:
         78:b9:20:27:85:19:3d:da:ea:ba:4f:e3:90:d0:20:f4:69:cb:
         53:bd:7c:ed:14:37:44:60:74:86:67:52:fc:28:ef:1c:6a:d3:
         c3:5b:c1:58:76:89:e4:ff:cb:d1:ca:13:d8:c8:3b:67:b8:1c:
         9c:a9:2e:45:54:ac:60:ea:0f:87:48:f0:93:66:46:1e:66:62:
         bd:d2:5a:c0:7a:ad:fd:3f:24:98:b4:a0:2b:0c:48:c1:a0:a7:
         15:db:57:a2:19:96:9d:19:71:83:3d:cd:1b:64:0e:37:30:10:
         d8:0e:de:d3:89:87:3b:fd:1c:bd:ee:6d:25:40:05:5e:9d:8d:
         43:61:4c:a7:ab:1d:d0:1a:33:92:01:ba:c5:6b:85:66:f3:25:
         c6:28:01:6a:28:30:ff:b6:08:dd:aa:b5:fa:c6:46:e1:99:ef:
         5f:e3:5b:47:b3:6b:8b:d1:ed:f8:e2:ce:32:29:27:a7:34:7d:
         99:8c:26:6d:37:67:d6:8c:ae:b9:a3:4a:fb:c4:57:06:d1:96:
         52:16:82:82:cc:49:46:4b:2a:99:67:58:3a:e5:e8:0b:c4:02:
         13:46:7c:d2:99:35:54:69:33:bb:9c:e5:7d:a5:b2:b6:cb:13:
         92:f8:15:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSfFz1uqif2afiqRWdrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U3N2Y3ZDkxNjUxM2I4NDkxNDg0OTk1MGZlNDNmNTU2
OTRmZGEwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTdiNTkzMzVmNzgzOWQxY2FhYzBjZTI4Mzc3MzkxMzE3NGRmZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tSJbrSDPbSkW0R7do1StzrvQCU3
opyMQp3rk7u8Z32+vFjzSzlFMGJwvJSiXn0F2ARHnfrmHcNkGOpJlYNsxQpPDfLc
ZdzE6aDueTYEdCSgyTlF6bfrIen4Nh06txhZ9jqGRNPzxYmyFCaLl2sVUhHhVeVW
+aMu417uvpdkAYBGf1XKxYREO+ZtgQbXZA7EMqr0tGETrqjmGWvv+y/duY7lNE3s
MGWyVMLwCu5fcSjafkzVvwzICJ7wK6ekEirVgX3F+uuCioErgah/iaKldiD3aUJS
euB5QQEXszaDmDlvXGTNRpC0T81kU1grmdf7mEPgFDY9VGdX+iwWAUiAwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOl7WTNfeDnRyqwM4oN3ORMXTf2TMB8GA1UdIwQY
MBaAFJnOd/fZFlE7hJFISZUP5D9VaU/aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1Mzk5a1dVVHVFa1VoSmxRX2tQMVZwVDlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81Y2MzMzctYmM1Ni00NzY2LWE0NTAt
ZjM1MzczZGE3ZGViLzEvNlh0Wk0xOTRPZEhLckF6aWczYzVFeGROX1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81Y2MzMzctYmM1Ni00NzY2LWE0NTAtZjM1MzczZGE3ZGVi
LzEvbWM1Mzk5a1dVVHVFa1VoSmxRX2tQMVZwVDlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYsMA0G
CSqGSIb3DQEBCwUAA4IBAQCK7H2SitvgM+2M29NXdBuU9qx4uSAnhRk92uq6T+OQ
0CD0actTvXztFDdEYHSGZ1L8KO8catPDW8FYdonk/8vRyhPYyDtnuBycqS5FVKxg
6g+HSPCTZkYeZmK90lrAeq39PySYtKArDEjBoKcV21eiGZadGXGDPc0bZA43MBDY
Dt7TiYc7/Ry97m0lQAVenY1DYUynqx3QGjOSAbrFa4Vm8yXGKAFqKDD/tgjdqrX6
xkbhme9f41tHs2uL0e344s4yKSenNH2ZjCZtN2fWjK65o0r7xFcG0ZZSFoKCzElG
SyqZZ1g65egLxAITRnzSmTVUaTO7nOV9pbK2yxOS+BVB
-----END CERTIFICATE-----