Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/5Y78HpqLKPC4v9YmmTGkiJBzT0c.roa
File:                     5Y78HpqLKPC4v9YmmTGkiJBzT0c.roa (raw, json)
Hash identifier:          Z+AXEvwWtq3tylXTJ+eIgQMLwaL/YQd+Wcae2WtPo7k=
Subject key identifier:   E5:8E:FC:1E:9A:8B:28:F0:B8:BF:D6:26:99:31:A4:88:90:73:4F:47
Certificate issuer:       /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial:       018D1A10989050FC23E2FD349E919D642AF4
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/5Y78HpqLKPC4v9YmmTGkiJBzT0c.roa
Signing time:             Thu 18 Jan 2024 00:55:11 +0000
ROA not before:           Thu 18 Jan 2024 00:55:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55286
IP address blocks:        86.104.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1a:10:98:90:50:fc:23:e2:fd:34:9e:91:9d:64:2a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
        Validity
            Not Before: Jan 18 00:55:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e58efc1e9a8b28f0b8bfd6269931a48890734f47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d5:9e:f4:63:ac:3d:58:38:bd:0b:75:1a:56:
                    2c:0a:19:e4:66:a8:38:0d:b1:c5:ea:10:06:33:7a:
                    4b:db:c4:a6:46:31:22:47:1d:03:73:6b:69:a0:2f:
                    07:c5:78:52:d4:9a:08:62:48:3e:f8:ba:48:15:fc:
                    ad:90:70:06:d1:4b:24:55:ad:4e:1e:7c:29:4b:a1:
                    f7:7f:41:d9:8b:33:c0:2d:a2:6a:aa:ca:c1:12:3d:
                    b2:56:6b:90:8d:90:74:d1:e7:7a:ab:ee:4e:6e:06:
                    5c:7a:4d:9f:5e:cd:54:a5:5f:68:11:5a:4f:b8:f6:
                    03:ad:de:72:27:54:5a:bb:89:68:8e:b3:93:04:97:
                    6b:5e:8c:1b:7f:f8:57:22:dc:60:d5:e1:93:e4:30:
                    f2:d9:9d:0f:79:bf:29:d1:db:f7:9e:9d:32:01:6d:
                    65:63:8d:33:be:5c:93:54:f8:72:d9:e7:cd:7f:91:
                    5b:97:f0:d5:fe:7b:90:96:a0:56:3a:9e:19:33:a1:
                    9f:47:e6:79:dc:e7:86:d6:39:3b:f7:a2:d4:51:5e:
                    b9:65:1e:53:80:f2:ed:4c:aa:14:67:61:6e:c2:56:
                    5b:27:6d:f1:12:21:9c:60:3f:37:d9:cb:61:40:93:
                    a2:da:07:5d:59:eb:dd:e7:ef:d4:be:5c:9f:3a:26:
                    92:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:8E:FC:1E:9A:8B:28:F0:B8:BF:D6:26:99:31:A4:88:90:73:4F:47
            X509v3 Authority Key Identifier:
                keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/5Y78HpqLKPC4v9YmmTGkiJBzT0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:96:c0:98:0c:a4:23:f3:f5:44:80:26:88:b4:18:01:d0:9a:
         b4:6a:55:dc:6e:fa:db:50:24:3e:f1:8d:17:9a:74:5c:b7:d4:
         9d:a5:b1:1a:54:ea:eb:7f:e6:ed:c6:c5:be:61:74:02:c1:0a:
         6d:ec:b5:69:b6:ee:57:bd:3e:df:6f:1d:40:b2:e3:47:eb:ad:
         d8:53:ae:b5:3f:20:f8:44:e3:6c:c6:64:36:95:07:91:a8:30:
         3f:b3:ff:0e:12:db:a8:4c:47:45:d6:4f:c2:0b:b5:ed:19:5c:
         8c:28:a7:b0:c0:7d:f4:f2:54:3f:59:91:b6:f9:43:bc:27:32:
         b6:83:60:84:1e:0a:8d:50:aa:69:45:63:eb:3d:09:e1:42:ad:
         a7:2f:cc:8b:16:36:06:93:02:fd:b6:61:e9:be:87:8f:8f:fa:
         f2:c8:e5:32:9f:7f:8d:11:9b:b0:24:53:ee:69:62:d8:32:f9:
         40:13:ef:80:f9:c8:f2:72:a3:b7:75:c2:bb:d3:85:5b:35:bb:
         85:bb:fa:98:c2:ea:10:e2:7c:77:73:f9:48:4f:ab:91:98:0a:
         cc:02:c3:d2:b4:5b:a3:6c:ca:3a:89:bf:98:90:65:6b:d4:03:
         da:53:8d:97:1f:e1:65:72:72:10:5d:f8:99:cb:fb:d8:a3:e9:
         d3:5e:f0:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0aEJiQUPwj4v00npGdZCr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjQwMTE4MDA1NTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNThlZmMxZTlhOGIyOGYwYjhiZmQ2MjY5OTMxYTQ4ODkwNzM0ZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdWe9GOsPVg4vQt1GlYsChnkZqg4
DbHF6hAGM3pL28SmRjEiRx0Dc2tpoC8HxXhS1JoIYkg++LpIFfytkHAG0UskVa1O
HnwpS6H3f0HZizPALaJqqsrBEj2yVmuQjZB00ed6q+5ObgZcek2fXs1UpV9oEVpP
uPYDrd5yJ1Rau4lojrOTBJdrXowbf/hXItxg1eGT5DDy2Z0Peb8p0dv3np0yAW1l
Y40zvlyTVPhy2efNf5Fbl/DV/nuQlqBWOp4ZM6GfR+Z53OeG1jk796LUUV65ZR5T
gPLtTKoUZ2FuwlZbJ23xEiGcYD832cthQJOi2gddWevd5+/UvlyfOiaSBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWO/B6aiyjwuL/WJpkxpIiQc09HMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvNVk3OEhwcUxLUEM0djlZbW1UR2tpSkJ6VDBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmgIMA0G
CSqGSIb3DQEBCwUAA4IBAQBSlsCYDKQj8/VEgCaItBgB0Jq0alXcbvrbUCQ+8Y0X
mnRct9SdpbEaVOrrf+btxsW+YXQCwQpt7LVptu5XvT7fbx1AsuNH663YU661PyD4
RONsxmQ2lQeRqDA/s/8OEtuoTEdF1k/CC7XtGVyMKKewwH308lQ/WZG2+UO8JzK2
g2CEHgqNUKppRWPrPQnhQq2nL8yLFjYGkwL9tmHpvoePj/ryyOUyn3+NEZuwJFPu
aWLYMvlAE++A+cjycqO3dcK704VbNbuFu/qYwuoQ4nx3c/lIT6uRmArMAsPStFuj
bMo6ib+YkGVr1APaU42XH+FlcnIQXfiZy/vYo+nTXvD5
-----END CERTIFICATE-----