Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-6N5hPx0xq2c7q29UWdbn6yCLaw.roa
File:                     1-6N5hPx0xq2c7q29UWdbn6yCLaw.roa (raw, json)
Hash identifier:          8u7Yg4bXQe+cUd86jQFUFDSWmRwndqREwz4S8+zhCLg=
Subject key identifier:   FB:A3:79:84:FC:74:C6:AD:9C:EE:AD:BD:51:67:5B:9F:AC:82:2D:AC
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0194266C278BA6564FBD9A80B8AE140A71CB
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-6N5hPx0xq2c7q29UWdbn6yCLaw.roa
Signing time:             Thu 02 Jan 2025 09:50:09 +0000
ROA not before:           Thu 02 Jan 2025 09:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56971
IP address blocks:        5.144.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:27:8b:a6:56:4f:bd:9a:80:b8:ae:14:0a:71:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  2 09:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fba37984fc74c6ad9ceeadbd51675b9fac822dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b8:fe:fc:5d:2a:b7:ec:32:7b:b8:a2:e1:bd:
                    a8:a7:7a:ae:8b:99:5a:d0:03:6c:f7:d7:d3:46:30:
                    8d:bc:17:12:4a:36:5e:84:de:69:fb:d9:11:31:0a:
                    da:ad:00:8c:4e:57:c5:eb:cf:6f:1b:59:72:99:c0:
                    5a:2b:08:31:4f:da:c7:ea:b9:11:22:be:73:2a:a5:
                    06:dc:5e:2b:75:ed:2c:a7:d2:b1:e9:8e:64:41:f3:
                    db:64:ab:0e:77:d2:4f:1a:84:b8:be:71:f9:d4:41:
                    bb:81:5f:2a:72:cc:12:36:e0:72:c1:19:78:d5:96:
                    e4:92:79:f3:fa:00:39:61:b3:03:7c:37:18:b0:35:
                    7a:21:b4:5d:c7:e0:31:18:81:73:c5:4b:34:e0:17:
                    5b:2c:fa:8d:0b:79:c5:7b:15:2d:24:b5:0c:d5:2c:
                    27:ee:5a:cc:0f:b1:fe:00:8a:4c:cf:7f:f6:a6:a4:
                    4b:e6:5f:df:93:f9:0a:3f:10:00:5d:10:09:44:da:
                    68:0b:8d:f9:97:a0:69:d9:ff:8e:df:7e:cf:7f:0c:
                    ff:2a:d6:e5:ed:0e:c6:21:dc:86:cd:92:54:b4:14:
                    2b:ac:19:da:9a:02:e8:50:86:0c:be:39:a9:2c:9e:
                    08:31:a6:c3:0f:af:0c:a2:be:f3:15:c6:7f:04:6a:
                    df:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:A3:79:84:FC:74:C6:AD:9C:EE:AD:BD:51:67:5B:9F:AC:82:2D:AC
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-6N5hPx0xq2c7q29UWdbn6yCLaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:0d:d3:b5:53:98:c9:70:02:26:b0:70:5d:85:19:4e:a8:90:
         ce:27:b6:11:cb:41:ff:84:49:2e:f7:4a:9f:21:99:61:ed:e0:
         ed:bd:50:0d:fb:c9:c3:6e:28:32:91:23:71:4c:92:9a:a4:41:
         4c:67:88:3d:f4:5e:b7:a5:ff:fd:81:38:68:ff:60:dc:b9:33:
         96:d4:5d:5a:3c:41:de:4e:3e:c3:8a:d9:65:21:c2:73:c6:8f:
         09:8c:ad:56:0e:20:6c:c8:20:30:95:83:d5:02:3e:ed:06:70:
         eb:5c:33:70:81:a8:33:31:48:1b:ae:9c:80:89:29:08:5e:50:
         e5:6d:bc:b4:d6:68:1b:a4:cb:41:d0:df:20:05:1f:d7:8b:7f:
         c7:21:25:4c:ca:d0:24:1b:e9:48:53:7c:9e:43:2b:f0:f3:b0:
         6f:40:20:ac:4d:cc:7b:e0:82:9e:d0:41:5d:32:b2:92:96:9e:
         38:db:98:8a:fd:0b:f5:cc:fa:66:97:7d:60:55:fd:b3:34:a2:
         c8:f2:24:e4:ad:f7:1a:ef:77:ff:49:44:6d:7c:48:1a:3d:bc:
         25:ed:3b:7f:af:03:01:7b:e2:73:ff:2c:c1:ac:0d:eb:0c:16:
         82:77:a2:bb:00:85:fd:00:59:85:a5:ec:e1:6e:12:1a:26:77:
         e1:67:09:77
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmbCeLplZPvZqAuK4UCnHLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwMTAyMDk1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmEzNzk4NGZjNzRjNmFkOWNlZWFkYmQ1MTY3NWI5ZmFjODIyZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLj+/F0qt+wye7ii4b2op3qui5la
0ANs99fTRjCNvBcSSjZehN5p+9kRMQrarQCMTlfF689vG1lymcBaKwgxT9rH6rkR
Ir5zKqUG3F4rde0sp9Kx6Y5kQfPbZKsOd9JPGoS4vnH51EG7gV8qcswSNuBywRl4
1Zbkknnz+gA5YbMDfDcYsDV6IbRdx+AxGIFzxUs04BdbLPqNC3nFexUtJLUM1Swn
7lrMD7H+AIpMz3/2pqRL5l/fk/kKPxAAXRAJRNpoC435l6Bp2f+O337Pfwz/Ktbl
7Q7GIdyGzZJUtBQrrBnamgLoUIYMvjmpLJ4IMabDD68Mor7zFcZ/BGrfowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPujeYT8dMatnO6tvVFnW5+sgi2sMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvMS02TjVoUHgweHEyYzdxMjlVV2RibjZ5Q0xhdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvODlmMDcxLTU2MzEtNDVkYi1hN2U1LWNkNjE1MjI2MWM2
Zi8xL0V4aUJjeW8tSkZxVm04WjU0RVdNT2ZpVDVHcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAWQszAN
BgkqhkiG9w0BAQsFAAOCAQEAhg3TtVOYyXACJrBwXYUZTqiQzie2EctB/4RJLvdK
nyGZYe3g7b1QDfvJw24oMpEjcUySmqRBTGeIPfRet6X//YE4aP9g3LkzltRdWjxB
3k4+w4rZZSHCc8aPCYytVg4gbMggMJWD1QI+7QZw61wzcIGoMzFIG66cgIkpCF5Q
5W28tNZoG6TLQdDfIAUf14t/xyElTMrQJBvpSFN8nkMr8POwb0AgrE3Me+CCntBB
XTKykpaeONuYiv0L9cz6Zpd9YFX9szSiyPIk5K33Gu93/0lEbXxIGj28Je07f68D
AXvic/8swawN6wwWgneiuwCF/QBZhaXs4W4SGiZ34WcJdw==
-----END CERTIFICATE-----