Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/jnCHUjTdAK30-NQlBRnrZWwdGrc.roa
File:                     jnCHUjTdAK30-NQlBRnrZWwdGrc.roa (raw, json)
Hash identifier:          Nu8+T+YbF1uCyGR93X8zw/Mzxp/0xZoFpgA53vgu8Is=
Subject key identifier:   8E:70:87:52:34:DD:00:AD:F4:F8:D4:25:05:19:EB:65:6C:1D:1A:B7
Certificate issuer:       /CN=9a78fd4d41a49384bdf6e7dc3ebbc500bf66d9d5
Certificate serial:       018CC5DCC6B339DE235EACF01D236BEB5E9E
Authority key identifier: 9A:78:FD:4D:41:A4:93:84:BD:F6:E7:DC:3E:BB:C5:00:BF:66:D9:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mnj9TUGkk4S99ufcPrvFAL9m2dU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/jnCHUjTdAK30-NQlBRnrZWwdGrc.roa
Signing time:             Mon 01 Jan 2024 16:30:29 +0000
ROA not before:           Mon 01 Jan 2024 16:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.8.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/mnj9TUGkk4S99ufcPrvFAL9m2dU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/mnj9TUGkk4S99ufcPrvFAL9m2dU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mnj9TUGkk4S99ufcPrvFAL9m2dU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c6:b3:39:de:23:5e:ac:f0:1d:23:6b:eb:5e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a78fd4d41a49384bdf6e7dc3ebbc500bf66d9d5
        Validity
            Not Before: Jan  1 16:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e70875234dd00adf4f8d4250519eb656c1d1ab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ab:8f:92:e7:b8:6d:6b:ab:ca:95:17:b3:68:
                    1f:7e:b1:47:37:20:76:12:a5:17:4a:b3:ed:6e:0c:
                    f8:d2:2a:0d:13:64:5a:db:ef:f4:4d:cf:32:42:4e:
                    24:b6:96:2a:24:fb:ad:5e:5d:8c:7f:91:81:b2:db:
                    3d:71:c4:22:f8:d5:97:a9:3a:76:ed:32:6b:80:18:
                    78:88:ba:22:7d:dd:2c:b8:45:4d:bc:e6:94:68:75:
                    bf:e6:fc:45:30:aa:f0:98:f1:4c:25:cd:95:6e:a3:
                    dd:0b:64:03:e1:c0:49:85:0f:0f:c9:72:47:89:6d:
                    d4:46:98:05:83:70:f2:0d:3b:8c:5b:5a:b0:69:ed:
                    31:92:1b:9f:bc:32:6e:88:47:1e:7a:60:61:d1:9b:
                    e1:e5:84:27:e6:84:af:31:a7:4c:e1:9d:98:d4:b8:
                    a3:de:16:53:62:27:1a:b8:07:03:ae:79:5a:2e:ba:
                    a0:ce:69:ff:00:96:93:d1:d8:42:98:fb:4c:3e:3f:
                    8c:58:3d:b7:08:d6:7a:76:1c:d0:0e:c9:20:6e:75:
                    1c:db:c4:b7:73:5d:e3:df:80:5a:e2:cd:32:8b:11:
                    54:95:a3:0a:b5:93:30:9d:69:c9:1f:42:d4:d2:82:
                    39:98:45:0c:3a:2b:0f:e2:bd:e7:88:48:82:4e:ff:
                    20:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:70:87:52:34:DD:00:AD:F4:F8:D4:25:05:19:EB:65:6C:1D:1A:B7
            X509v3 Authority Key Identifier:
                keyid:9A:78:FD:4D:41:A4:93:84:BD:F6:E7:DC:3E:BB:C5:00:BF:66:D9:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mnj9TUGkk4S99ufcPrvFAL9m2dU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/jnCHUjTdAK30-NQlBRnrZWwdGrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/5cb98c-ee08-4b99-8b4d-c6f41060c5d7/1/mnj9TUGkk4S99ufcPrvFAL9m2dU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:8c:46:38:29:c3:0e:f0:68:84:6b:04:0a:27:61:a9:0a:0a:
         48:f5:2a:af:b7:75:3e:7e:4c:96:97:5b:c0:18:c7:56:ff:f4:
         45:e8:68:44:e4:df:ff:f1:43:e8:f8:63:47:97:6e:db:62:e5:
         37:86:18:77:a5:29:74:1f:d5:df:79:b0:35:ab:11:65:2e:20:
         61:25:6c:3b:f1:76:d5:52:01:97:65:a9:47:14:b3:20:32:3f:
         c0:ea:3c:69:f6:c8:9a:34:94:82:bb:aa:e7:58:e6:aa:ce:90:
         34:98:62:ac:f2:bd:c7:1e:db:2f:8a:b2:48:67:5e:1a:bf:b4:
         48:86:b9:38:34:d3:b1:e6:45:3e:7c:73:22:4a:8f:de:ca:78:
         7c:b3:03:07:4d:3e:af:41:b3:1f:eb:ed:ba:d4:9b:e1:96:04:
         0e:2c:c7:02:98:de:21:f7:b2:d2:7e:cf:aa:0f:32:8c:2d:15:
         36:7e:37:14:76:50:85:1b:c9:25:d3:bf:22:95:06:ba:6e:e8:
         58:ee:19:0c:94:45:b8:1d:09:99:f6:b9:33:c4:6f:5f:2f:4f:
         96:f3:d0:1f:11:78:8f:a1:bc:38:f7:37:02:81:38:f5:64:da:
         ea:13:86:02:66:eb:8a:5c:bb:bb:b4:ba:32:d1:29:0b:18:50:
         d3:c2:4a:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3MazOd4jXqzwHSNr616eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNzhmZDRkNDFhNDkzODRiZGY2ZTdkYzNlYmJjNTAwYmY2
NmQ5ZDUwHhcNMjQwMTAxMTYzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTcwODc1MjM0ZGQwMGFkZjRmOGQ0MjUwNTE5ZWI2NTZjMWQxYWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6uPkue4bWurypUXs2gffrFHNyB2
EqUXSrPtbgz40ioNE2Ra2+/0Tc8yQk4ktpYqJPutXl2Mf5GBsts9ccQi+NWXqTp2
7TJrgBh4iLoifd0suEVNvOaUaHW/5vxFMKrwmPFMJc2VbqPdC2QD4cBJhQ8PyXJH
iW3URpgFg3DyDTuMW1qwae0xkhufvDJuiEceemBh0Zvh5YQn5oSvMadM4Z2Y1Lij
3hZTYicauAcDrnlaLrqgzmn/AJaT0dhCmPtMPj+MWD23CNZ6dhzQDskgbnUc28S3
c13j34Ba4s0yixFUlaMKtZMwnWnJH0LU0oI5mEUMOisP4r3niEiCTv8gGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5wh1I03QCt9PjUJQUZ62VsHRq3MB8GA1UdIwQY
MBaAFJp4/U1BpJOEvfbn3D67xQC/ZtnVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW5qOVRVR2trNFM5OXVmY1BydkZBTDltMmRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS81Y2I5OGMtZWUwOC00Yjk5LThiNGQt
YzZmNDEwNjBjNWQ3LzEvam5DSFVqVGRBSzMwLU5RbEJSbnJaV3dkR3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS81Y2I5OGMtZWUwOC00Yjk5LThiNGQtYzZmNDEwNjBjNWQ3
LzEvbW5qOVRVR2trNFM5OXVmY1BydkZBTDltMmRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQhUMA0G
CSqGSIb3DQEBCwUAA4IBAQAqjEY4KcMO8GiEawQKJ2GpCgpI9Sqvt3U+fkyWl1vA
GMdW//RF6GhE5N//8UPo+GNHl27bYuU3hhh3pSl0H9XfebA1qxFlLiBhJWw78XbV
UgGXZalHFLMgMj/A6jxp9siaNJSCu6rnWOaqzpA0mGKs8r3HHtsvirJIZ14av7RI
hrk4NNOx5kU+fHMiSo/eynh8swMHTT6vQbMf6+261JvhlgQOLMcCmN4h97LSfs+q
DzKMLRU2fjcUdlCFG8kl078ilQa6buhY7hkMlEW4HQmZ9rkzxG9fL0+W89AfEXiP
obw49zcCgTj1ZNrqE4YCZuuKXLu7tLoy0SkLGFDTwkrm
-----END CERTIFICATE-----