Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/f8HNGqYZ56HDzKMkA97HvxLpDaY.roa
File:                     f8HNGqYZ56HDzKMkA97HvxLpDaY.roa (raw, json)
Hash identifier:          UaI0iT5qEh6DsVjN4hoPGEtmvVSAkZnS69Ts1ZSzz7Y=
Subject key identifier:   7F:C1:CD:1A:A6:19:E7:A1:C3:CC:A3:24:03:DE:C7:BF:12:E9:0D:A6
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0194266C25819A717F9CF260F7CCF8986D8C
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/f8HNGqYZ56HDzKMkA97HvxLpDaY.roa
Signing time:             Thu 02 Jan 2025 09:50:09 +0000
ROA not before:           Thu 02 Jan 2025 09:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44092
IP address blocks:        5.39.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:25:81:9a:71:7f:9c:f2:60:f7:cc:f8:98:6d:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  2 09:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fc1cd1aa619e7a1c3cca32403dec7bf12e90da6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a6:e8:47:01:bc:45:b6:8a:08:e3:27:2d:9f:
                    d0:6b:b8:65:32:e9:86:df:75:5c:70:1e:56:79:49:
                    a4:36:8d:5f:f9:11:f6:8e:3c:d5:d1:ac:5d:49:47:
                    93:f6:a3:58:31:e0:5e:d6:e5:b7:61:47:eb:77:ad:
                    8f:0e:96:e5:f3:93:c9:4f:78:e8:ea:3e:f5:0b:e4:
                    cf:0e:98:89:a6:dd:cc:90:c3:67:6a:7f:75:f5:80:
                    bb:5c:af:e2:4c:ca:d9:fd:09:75:1d:f4:e3:0c:87:
                    61:b6:90:79:f0:f4:90:fc:bd:f8:c5:1b:71:6d:35:
                    82:0f:b0:7e:bc:5e:8a:e5:38:62:cc:d4:cb:22:4a:
                    20:58:f0:be:0a:03:cc:96:91:92:1d:1b:45:86:34:
                    5f:a8:46:5e:76:52:74:ff:f5:e0:de:d9:1d:21:01:
                    c0:77:27:5d:08:75:58:2b:c5:35:d9:da:ca:5a:27:
                    11:98:e2:de:6a:ff:27:4e:c5:59:e1:64:02:1a:af:
                    5d:2e:a5:30:c5:3a:73:ae:d9:20:dd:5a:73:1c:50:
                    c3:49:4b:f3:8d:af:3a:5c:67:13:23:5c:7d:20:ea:
                    88:7b:ca:19:0b:f1:ff:44:5f:47:2f:a4:57:92:f1:
                    bc:06:85:8e:eb:38:7d:ba:f5:d5:70:ac:d6:b8:62:
                    28:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C1:CD:1A:A6:19:E7:A1:C3:CC:A3:24:03:DE:C7:BF:12:E9:0D:A6
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/f8HNGqYZ56HDzKMkA97HvxLpDaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:65:16:c7:a5:ce:62:7a:61:03:c7:c8:f2:38:ff:88:f9:1a:
         e3:ec:cf:f9:86:b9:96:3c:74:b0:f3:d0:cc:84:b0:ac:2f:25:
         fe:6d:4d:58:7c:01:e1:4c:40:18:0c:51:c6:53:36:d6:cc:bf:
         c5:50:15:f8:36:00:2b:d7:33:48:19:6e:5d:5d:30:77:de:ad:
         f2:00:4d:16:27:06:4e:a2:07:d1:9c:3d:e9:03:a0:94:02:69:
         76:aa:75:08:0d:a8:aa:36:42:d3:93:e9:6b:c0:1c:2a:4d:3f:
         1b:76:9b:1e:c3:98:bc:42:76:e7:82:c3:c2:c5:8a:9c:34:b7:
         af:6b:24:71:b7:37:3b:70:40:bf:7f:40:26:64:7e:b7:55:05:
         20:64:f5:77:ba:cd:92:0e:33:9c:ce:48:0b:d7:11:34:64:f3:
         ba:db:b8:99:46:bc:c2:59:09:e9:ae:e0:2d:d0:a1:8e:6e:88:
         87:27:55:e0:1c:b1:47:8f:2a:99:41:e9:cd:13:80:17:6d:6c:
         bb:09:6f:79:55:f6:f1:d5:b9:b8:90:07:5e:fe:5b:49:8d:5d:
         e6:90:50:8d:23:b0:50:51:b7:f4:8f:bd:49:fd:ea:a7:3b:4b:
         09:22:0c:88:4e:b5:ee:f8:54:bf:e8:3f:fd:73:f9:7c:6d:eb:
         b1:4e:50:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbCWBmnF/nPJg98z4mG2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwMTAyMDk1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmMxY2QxYWE2MTllN2ExYzNjY2EzMjQwM2RlYzdiZjEyZTkwZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaboRwG8RbaKCOMnLZ/Qa7hlMumG
33VccB5WeUmkNo1f+RH2jjzV0axdSUeT9qNYMeBe1uW3YUfrd62PDpbl85PJT3jo
6j71C+TPDpiJpt3MkMNnan919YC7XK/iTMrZ/Ql1HfTjDIdhtpB58PSQ/L34xRtx
bTWCD7B+vF6K5ThizNTLIkogWPC+CgPMlpGSHRtFhjRfqEZedlJ0//Xg3tkdIQHA
dyddCHVYK8U12drKWicRmOLeav8nTsVZ4WQCGq9dLqUwxTpzrtkg3VpzHFDDSUvz
ja86XGcTI1x9IOqIe8oZC/H/RF9HL6RXkvG8BoWO6zh9uvXVcKzWuGIo0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/BzRqmGeehw8yjJAPex78S6Q2mMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvZjhITkdxWVo1NkhEektNa0E5N0h2eExwRGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSf9MA0G
CSqGSIb3DQEBCwUAA4IBAQDAZRbHpc5iemEDx8jyOP+I+Rrj7M/5hrmWPHSw89DM
hLCsLyX+bU1YfAHhTEAYDFHGUzbWzL/FUBX4NgAr1zNIGW5dXTB33q3yAE0WJwZO
ogfRnD3pA6CUAml2qnUIDaiqNkLTk+lrwBwqTT8bdpsew5i8QnbngsPCxYqcNLev
ayRxtzc7cEC/f0AmZH63VQUgZPV3us2SDjOczkgL1xE0ZPO627iZRrzCWQnpruAt
0KGOboiHJ1XgHLFHjyqZQenNE4AXbWy7CW95Vfbx1bm4kAde/ltJjV3mkFCNI7BQ
Ubf0j71J/eqnO0sJIgyITrXu+FS/6D/9c/l8beuxTlBn
-----END CERTIFICATE-----