Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/9SA_NUJQoN-5R9I9oUB9ftoZlgI.roa
File:                     9SA_NUJQoN-5R9I9oUB9ftoZlgI.roa (raw, json)
Hash identifier:          xiVm96H4PzVPMM0JHzWViQIfakKB3SzEeU9oyzJJBuM=
Subject key identifier:   F5:20:3F:35:42:50:A0:DF:B9:47:D2:3D:A1:40:7D:7E:DA:19:96:02
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018E7FF76BB80B10AF7F4DBE8CF0B9F7E80D
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/9SA_NUJQoN-5R9I9oUB9ftoZlgI.roa
Signing time:             Wed 27 Mar 2024 12:51:45 +0000
ROA not before:           Wed 27 Mar 2024 12:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212607
IP address blocks:        5.10.248.0/24 maxlen: 24
                          5.10.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:f7:6b:b8:0b:10:af:7f:4d:be:8c:f0:b9:f7:e8:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Mar 27 12:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5203f354250a0dfb947d23da1407d7eda199602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:48:0c:66:46:5d:09:19:be:22:d2:c5:ca:c5:
                    36:c8:7d:8b:7a:d4:53:33:26:6f:4a:94:21:28:78:
                    9b:21:d2:c6:5e:f6:e0:84:2c:5f:d6:c3:6c:a2:7f:
                    fb:f3:47:93:d5:99:70:22:87:76:fc:87:08:43:1b:
                    a8:16:88:bc:44:2d:21:38:98:57:c9:20:66:47:72:
                    41:5c:8e:52:d8:dc:20:e5:42:59:b1:7f:fa:a3:b3:
                    67:34:0e:94:9b:75:b2:0d:54:af:f2:17:b7:80:94:
                    0f:a3:98:b4:de:ad:6f:0b:c9:2c:f4:08:8b:65:93:
                    fc:2f:78:1c:f9:74:21:ee:d1:62:75:c0:38:40:39:
                    be:96:8b:7a:d3:36:a4:14:68:c1:8c:14:d5:3e:95:
                    28:ea:91:dc:e5:14:34:06:6f:32:62:f6:5c:47:ad:
                    ab:53:f2:9b:0d:55:74:3d:09:59:00:59:f8:06:3e:
                    3e:12:2f:07:7e:b8:d5:6a:08:39:f5:62:09:f3:48:
                    5f:f0:7b:bc:d2:08:53:d1:e6:f3:6e:fe:ae:aa:9b:
                    82:74:e8:0c:ad:54:a4:8e:b7:a5:b5:6b:1c:60:b9:
                    18:de:0e:dd:1f:bb:30:2d:00:4c:6e:33:30:84:9b:
                    e8:ff:87:16:f3:64:2f:2b:b7:87:48:63:c6:da:c6:
                    97:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:20:3F:35:42:50:A0:DF:B9:47:D2:3D:A1:40:7D:7E:DA:19:96:02
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/9SA_NUJQoN-5R9I9oUB9ftoZlgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:cc:27:7c:8c:f9:54:71:6c:99:62:d7:3b:fe:f1:83:e9:2b:
         3c:bd:12:69:cf:e1:08:40:b7:7b:25:ee:1f:d1:f2:f6:b1:bd:
         9e:71:81:9f:93:42:3d:f8:cc:b6:92:cc:a7:7b:0b:bb:34:c7:
         f4:27:c5:f8:b5:8d:18:06:a3:19:e2:48:a2:f9:0a:96:d4:a5:
         3e:bb:7b:0b:b6:f5:a6:51:1e:86:a8:cc:ae:20:c5:1a:93:22:
         66:9a:f6:b8:18:8f:55:73:8c:19:91:d5:15:f1:b3:ab:22:1f:
         fd:ab:87:06:20:f9:a4:d8:be:3b:cf:c7:23:b2:01:df:09:bc:
         26:4b:21:d5:3d:9c:5e:31:3e:44:e9:d5:6b:52:8d:7f:34:39:
         8a:dd:17:a7:b1:31:13:3d:6b:f1:54:f1:19:24:29:5d:47:33:
         f3:3c:a9:9b:bd:cc:73:3c:9f:46:1e:b0:bb:cb:db:da:1d:19:
         0e:fb:7d:c9:8f:1e:07:1d:50:67:6d:b8:f5:53:e6:12:a7:34:
         38:db:44:6a:a0:65:d7:8b:7b:36:ab:19:b6:46:2a:54:1b:10:
         07:be:5b:ff:1f:50:fe:c6:cd:7d:63:c5:5f:67:b7:64:0d:34:
         9f:35:cd:b0:c0:8d:b8:f5:35:c0:13:0b:35:41:07:0f:db:3d:
         ee:6a:75:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/92u4CxCvf02+jPC59+gNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMzI3MTI1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTIwM2YzNTQyNTBhMGRmYjk0N2QyM2RhMTQwN2Q3ZWRhMTk5NjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0gMZkZdCRm+ItLFysU2yH2LetRT
MyZvSpQhKHibIdLGXvbghCxf1sNson/780eT1ZlwIod2/IcIQxuoFoi8RC0hOJhX
ySBmR3JBXI5S2Nwg5UJZsX/6o7NnNA6Um3WyDVSv8he3gJQPo5i03q1vC8ks9AiL
ZZP8L3gc+XQh7tFidcA4QDm+lot60zakFGjBjBTVPpUo6pHc5RQ0Bm8yYvZcR62r
U/KbDVV0PQlZAFn4Bj4+Ei8HfrjVagg59WIJ80hf8Hu80ghT0ebzbv6uqpuCdOgM
rVSkjreltWscYLkY3g7dH7swLQBMbjMwhJvo/4cW82QvK7eHSGPG2saXNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUgPzVCUKDfuUfSPaFAfX7aGZYCMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvOVNBX05VSlFvTi01UjlJOW9VQjlmdG9abGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBQr4MA0G
CSqGSIb3DQEBCwUAA4IBAQAyzCd8jPlUcWyZYtc7/vGD6Ss8vRJpz+EIQLd7Je4f
0fL2sb2ecYGfk0I9+My2ksynewu7NMf0J8X4tY0YBqMZ4kii+QqW1KU+u3sLtvWm
UR6GqMyuIMUakyJmmva4GI9Vc4wZkdUV8bOrIh/9q4cGIPmk2L47z8cjsgHfCbwm
SyHVPZxeMT5E6dVrUo1/NDmK3RensTETPWvxVPEZJCldRzPzPKmbvcxzPJ9GHrC7
y9vaHRkO+33Jjx4HHVBnbbj1U+YSpzQ420RqoGXXi3s2qxm2RipUGxAHvlv/H1D+
xs19Y8VfZ7dkDTSfNc2wwI249TXAEws1QQcP2z3uanXR
-----END CERTIFICATE-----