Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/f89AYQ4311tA8O1QnwV1JGRiGKE.roa
File:                     f89AYQ4311tA8O1QnwV1JGRiGKE.roa (raw, json)
Hash identifier:          OxCGoEoSqaATysV/kEnsi2gEBIpn/MNYNjglXTr6viQ=
Subject key identifier:   7F:CF:40:61:0E:37:D7:5B:40:F0:ED:50:9F:05:75:24:64:62:18:A1
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018CC802092D26AD0D6D048624B58973DAE8
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/f89AYQ4311tA8O1QnwV1JGRiGKE.roa
Signing time:             Tue 02 Jan 2024 02:30:25 +0000
ROA not before:           Tue 02 Jan 2024 02:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60716
IP address blocks:        5.140.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:09:2d:26:ad:0d:6d:04:86:24:b5:89:73:da:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 02:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fcf40610e37d75b40f0ed509f057524646218a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2f:ee:31:96:78:ef:40:da:a7:5c:8b:36:0a:
                    0c:64:3a:aa:98:6d:45:72:3c:a1:21:e9:c2:7c:4d:
                    41:55:5d:f1:ca:89:a8:c9:2a:4a:7b:f0:19:e6:34:
                    7b:9b:dd:30:b6:dd:2b:c0:32:0b:6c:58:35:dc:37:
                    44:72:0f:cf:28:39:c9:61:90:8c:a9:28:8b:a0:4e:
                    3a:d5:13:96:e2:69:a4:72:74:26:3d:f5:cf:cd:22:
                    8a:2d:bd:96:ce:06:08:0b:f0:2c:ae:d6:4e:18:c9:
                    ed:41:51:bc:2e:98:c9:28:a1:c0:3b:bd:f3:05:a9:
                    af:cd:4a:52:bf:a4:6c:84:4a:0e:ed:b1:5d:cb:37:
                    f3:d0:ed:aa:9b:00:1c:2e:9b:14:4b:30:c6:f9:0d:
                    b2:8a:81:f3:ec:ba:ff:0d:30:b6:d6:b8:75:c4:00:
                    b2:b8:67:07:3e:fd:a3:ce:cc:48:1f:fa:1f:55:7f:
                    70:ae:b0:af:ab:31:34:86:d3:0d:49:b9:85:fe:7e:
                    3d:d6:8c:78:3b:97:97:a5:23:38:bc:4e:62:af:65:
                    86:21:50:df:0a:e9:93:7e:ff:dc:0f:85:77:09:71:
                    94:9e:c1:a7:ce:e7:87:ee:4f:c9:1e:e4:c2:11:09:
                    d3:0a:da:a2:9d:00:8e:8c:c4:8c:63:86:97:7a:58:
                    82:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:CF:40:61:0E:37:D7:5B:40:F0:ED:50:9F:05:75:24:64:62:18:A1
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/f89AYQ4311tA8O1QnwV1JGRiGKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.140.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:94:70:e6:05:33:cb:ae:84:6a:81:cf:58:26:e8:d0:fe:c5:
         58:97:9b:01:47:fd:b2:39:6e:00:f3:10:ff:aa:6c:b1:74:c9:
         7e:ec:27:4b:cb:18:a0:a0:28:a1:6f:46:37:ce:04:c7:1f:c3:
         f1:63:21:e2:c0:03:51:fa:59:89:e9:ec:26:43:85:d2:10:d5:
         30:26:2d:dc:6c:f7:21:fa:c0:77:c9:18:9f:6c:63:b9:bb:f4:
         f7:74:dc:19:bf:2f:b9:5e:90:42:7a:e9:a9:86:e9:03:05:f0:
         4f:dc:48:1e:7d:2c:8a:5b:42:39:42:9d:9e:f7:16:56:46:fe:
         dd:23:83:9b:0d:19:22:44:2e:9f:a7:0d:1d:4d:c2:31:d7:d8:
         50:b2:6f:13:89:c2:e8:ca:dd:b9:a6:12:76:0e:ef:39:6e:d8:
         b3:8e:9c:e7:a8:3e:78:c6:29:08:f5:c6:c5:bd:2a:54:99:a6:
         e4:dd:23:39:ac:48:c4:7b:bb:b7:6e:78:80:c0:52:06:11:09:
         2f:fd:fb:de:d7:14:64:e9:17:64:0b:47:43:67:9e:ad:fe:ca:
         d9:5c:4c:3a:4e:e9:b7:37:08:24:2b:fc:87:72:c2:c0:66:42:
         2a:16:21:1f:cb:6c:6c:e9:17:26:66:79:34:96:ac:56:3e:7c:
         e1:ec:6c:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAgktJq0NbQSGJLWJc9roMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMTAyMDIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmNmNDA2MTBlMzdkNzViNDBmMGVkNTA5ZjA1NzUyNDY0NjIxOGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzS/uMZZ470Dap1yLNgoMZDqqmG1F
cjyhIenCfE1BVV3xyomoySpKe/AZ5jR7m90wtt0rwDILbFg13DdEcg/PKDnJYZCM
qSiLoE461ROW4mmkcnQmPfXPzSKKLb2WzgYIC/AsrtZOGMntQVG8LpjJKKHAO73z
BamvzUpSv6RshEoO7bFdyzfz0O2qmwAcLpsUSzDG+Q2yioHz7Lr/DTC21rh1xACy
uGcHPv2jzsxIH/ofVX9wrrCvqzE0htMNSbmF/n491ox4O5eXpSM4vE5ir2WGIVDf
CumTfv/cD4V3CXGUnsGnzueH7k/JHuTCEQnTCtqinQCOjMSMY4aXeliC2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/PQGEON9dbQPDtUJ8FdSRkYhihMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvZjg5QVlRNDMxMXRBOE8xUW53VjFKR1JpR0tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYyhMA0G
CSqGSIb3DQEBCwUAA4IBAQBYlHDmBTPLroRqgc9YJujQ/sVYl5sBR/2yOW4A8xD/
qmyxdMl+7CdLyxigoCihb0Y3zgTHH8PxYyHiwANR+lmJ6ewmQ4XSENUwJi3cbPch
+sB3yRifbGO5u/T3dNwZvy+5XpBCeumphukDBfBP3EgefSyKW0I5Qp2e9xZWRv7d
I4ObDRkiRC6fpw0dTcIx19hQsm8TicLoyt25phJ2Du85btizjpznqD54xikI9cbF
vSpUmabk3SM5rEjEe7u3bniAwFIGEQkv/fve1xRk6RdkC0dDZ56t/srZXEw6Tum3
NwgkK/yHcsLAZkIqFiEfy2xs6RcmZnk0lqxWPnzh7Gxb
-----END CERTIFICATE-----