Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/wXfVuQXAYlT4M58vT9cG2zo6B-4.roa
File:                     wXfVuQXAYlT4M58vT9cG2zo6B-4.roa (raw, json)
Hash identifier:          B8659Uzx14dBu2v6VsJ92iHl73b8Kw6cujrwyJTax2Y=
Subject key identifier:   C1:77:D5:B9:05:C0:62:54:F8:33:9F:2F:4F:D7:06:DB:3A:3A:07:EE
Certificate issuer:       /CN=99ce77f7d916513b84914849950fe43f55694fda
Certificate serial:       018CC26D2802A6FF3098C8BCF4BB249F4DCF
Authority key identifier: 99:CE:77:F7:D9:16:51:3B:84:91:48:49:95:0F:E4:3F:55:69:4F:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5399kWUTuEkUhJlQ_kP1VpT9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/wXfVuQXAYlT4M58vT9cG2zo6B-4.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210272
IP address blocks:        5.102.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/mc5399kWUTuEkUhJlQ_kP1VpT9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/mc5399kWUTuEkUhJlQ_kP1VpT9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5399kWUTuEkUhJlQ_kP1VpT9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:28:02:a6:ff:30:98:c8:bc:f4:bb:24:9f:4d:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce77f7d916513b84914849950fe43f55694fda
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c177d5b905c06254f8339f2f4fd706db3a3a07ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:22:bc:9b:2a:75:16:d1:e2:f9:48:d7:7a:47:
                    3f:a0:27:cb:62:dd:c4:29:3e:48:20:d6:12:dc:d4:
                    19:de:1f:b8:49:54:bb:53:59:6d:a1:75:fa:a5:17:
                    bd:1c:89:9f:1b:26:df:e8:58:98:b9:31:16:39:f8:
                    b1:30:17:c1:6b:38:9e:79:91:a9:8c:74:7d:28:30:
                    64:86:29:57:b8:7c:81:da:fe:db:2a:83:0b:f9:48:
                    3f:79:d8:8f:72:b1:d8:8b:75:20:af:8a:96:98:09:
                    09:29:fe:bc:40:c6:29:53:e2:e4:88:e0:4a:c1:c0:
                    3c:85:a9:22:4b:e6:ed:c5:b8:7a:73:fe:8c:a2:ca:
                    72:5c:6e:92:af:d4:55:29:96:62:ca:35:7d:73:e8:
                    70:3e:a2:43:ce:79:14:7c:d2:c8:f6:7c:52:3e:32:
                    b5:96:96:68:cb:54:9c:cb:24:f6:fc:99:15:54:02:
                    ec:d9:20:c8:24:86:52:27:70:2a:ad:8b:46:89:c7:
                    f3:56:64:a6:5f:b4:65:bf:6d:61:db:91:5e:46:63:
                    43:87:15:1f:25:37:1b:a9:6b:6b:b4:8c:da:c8:53:
                    d3:1f:1f:75:38:07:1b:6c:aa:de:f2:e2:9b:1d:e3:
                    7b:7c:58:f9:61:eb:c7:80:8a:a2:59:f0:41:fa:7b:
                    40:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:77:D5:B9:05:C0:62:54:F8:33:9F:2F:4F:D7:06:DB:3A:3A:07:EE
            X509v3 Authority Key Identifier:
                keyid:99:CE:77:F7:D9:16:51:3B:84:91:48:49:95:0F:E4:3F:55:69:4F:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5399kWUTuEkUhJlQ_kP1VpT9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/wXfVuQXAYlT4M58vT9cG2zo6B-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5cc337-bc56-4766-a450-f35373da7deb/1/mc5399kWUTuEkUhJlQ_kP1VpT9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:01:2f:d6:9a:a7:dd:49:66:4f:f9:e8:b2:32:99:bb:ed:a1:
         a9:28:aa:5a:53:6e:34:44:1d:49:e6:50:61:19:13:91:44:d3:
         da:f9:74:38:d3:26:95:0e:96:ad:db:69:6a:45:5a:72:30:64:
         f3:f0:cf:0b:a1:8e:ae:ae:56:1e:99:4c:fe:7f:56:91:f2:28:
         db:0e:d5:c6:14:ef:d0:c3:1e:a5:dc:94:ca:ae:0f:7f:2d:96:
         ba:85:ec:d1:c1:4e:85:80:cc:59:9d:4d:2c:e1:9e:c7:3e:87:
         36:6d:00:38:55:56:62:e7:bf:5c:bf:90:cc:89:0c:b4:14:29:
         49:7b:8f:fe:c8:0a:32:f4:e1:1a:aa:3f:95:06:46:be:bd:fe:
         9f:0c:62:d6:bd:fe:38:de:b9:2b:84:58:62:1b:cb:2e:27:fa:
         19:43:2b:4d:1b:4c:17:a6:7d:4e:75:bd:ff:75:ed:82:43:a6:
         c6:d3:d3:61:cc:aa:62:49:63:06:43:a7:f5:96:cb:7a:13:e8:
         ee:3d:30:9f:c7:2a:10:59:3a:54:44:3c:bf:ab:a4:64:35:93:
         4f:9c:a6:41:a1:70:29:7d:e6:d6:f3:a7:ba:69:b8:7e:e5:a4:
         a0:0d:0e:40:5b:f7:d0:e8:65:40:fe:f2:88:d0:c8:cb:e5:ea:
         35:27:4e:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSgCpv8wmMi89Lskn03PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U3N2Y3ZDkxNjUxM2I4NDkxNDg0OTk1MGZlNDNmNTU2
OTRmZGEwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTc3ZDViOTA1YzA2MjU0ZjgzMzlmMmY0ZmQ3MDZkYjNhM2EwN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSK8myp1FtHi+UjXekc/oCfLYt3E
KT5IINYS3NQZ3h+4SVS7U1ltoXX6pRe9HImfGybf6FiYuTEWOfixMBfBazieeZGp
jHR9KDBkhilXuHyB2v7bKoML+Ug/ediPcrHYi3Ugr4qWmAkJKf68QMYpU+LkiOBK
wcA8hakiS+btxbh6c/6MospyXG6Sr9RVKZZiyjV9c+hwPqJDznkUfNLI9nxSPjK1
lpZoy1ScyyT2/JkVVALs2SDIJIZSJ3AqrYtGicfzVmSmX7Rlv21h25FeRmNDhxUf
JTcbqWtrtIzayFPTHx91OAcbbKre8uKbHeN7fFj5YevHgIqiWfBB+ntA2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMF31bkFwGJU+DOfL0/XBts6OgfuMB8GA1UdIwQY
MBaAFJnOd/fZFlE7hJFISZUP5D9VaU/aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1Mzk5a1dVVHVFa1VoSmxRX2tQMVZwVDlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81Y2MzMzctYmM1Ni00NzY2LWE0NTAt
ZjM1MzczZGE3ZGViLzEvd1hmVnVRWEFZbFQ0TTU4dlQ5Y0cyem82Qi00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81Y2MzMzctYmM1Ni00NzY2LWE0NTAtZjM1MzczZGE3ZGVi
LzEvbWM1Mzk5a1dVVHVFa1VoSmxRX2tQMVZwVDlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYtMA0G
CSqGSIb3DQEBCwUAA4IBAQBXAS/WmqfdSWZP+eiyMpm77aGpKKpaU240RB1J5lBh
GRORRNPa+XQ40yaVDpat22lqRVpyMGTz8M8LoY6urlYemUz+f1aR8ijbDtXGFO/Q
wx6l3JTKrg9/LZa6hezRwU6FgMxZnU0s4Z7HPoc2bQA4VVZi579cv5DMiQy0FClJ
e4/+yAoy9OEaqj+VBka+vf6fDGLWvf443rkrhFhiG8suJ/oZQytNG0wXpn1Odb3/
de2CQ6bG09NhzKpiSWMGQ6f1lst6E+juPTCfxyoQWTpURDy/q6RkNZNPnKZBoXAp
febW86e6abh+5aSgDQ5AW/fQ6GVA/vKI0MjL5eo1J05E
-----END CERTIFICATE-----