Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/o5ChnZN8Fh2UfQkol6pllSa8vlg.roa
File:                     o5ChnZN8Fh2UfQkol6pllSa8vlg.roa (raw, json)
Hash identifier:          aGdO4WpQUBPqENnqKDVSzkgV5hoyIVh/xhrIeTDF4cA=
Subject key identifier:   A3:90:A1:9D:93:7C:16:1D:94:7D:09:28:97:AA:65:95:26:BC:BE:58
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0195628B6F0C8A2228FC4CFDAA4EF0C2B414
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/o5ChnZN8Fh2UfQkol6pllSa8vlg.roa
Signing time:             Tue 04 Mar 2025 19:04:19 +0000
ROA not before:           Tue 04 Mar 2025 19:04:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215140
IP address blocks:        5.178.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:62:8b:6f:0c:8a:22:28:fc:4c:fd:aa:4e:f0:c2:b4:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Mar  4 19:04:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a390a19d937c161d947d092897aa659526bcbe58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:da:5b:57:dd:bf:d0:bd:37:ed:f9:ab:19:f0:
                    7c:98:46:23:17:7d:fe:56:b8:77:75:20:06:bf:d5:
                    64:09:38:c5:4c:c8:55:71:78:6d:82:a0:34:88:80:
                    44:63:86:be:4e:2b:ea:05:6d:b1:1f:f6:b4:ad:f0:
                    9a:a1:a9:99:56:fd:94:89:18:e2:79:ed:b7:61:c0:
                    a6:4c:fb:c9:63:f2:48:ea:ad:8c:5a:18:7a:b1:14:
                    12:2a:30:e3:ba:2c:b8:1d:2f:41:17:68:b6:90:8d:
                    51:8c:79:34:21:ac:31:50:1c:38:d1:56:6b:ef:d8:
                    59:79:a4:0e:b0:02:d3:a1:60:49:08:74:03:8e:3f:
                    a9:0e:f7:00:76:7f:99:c2:bf:0d:21:8b:fa:1c:fe:
                    ca:a0:a4:b2:6c:0c:dc:69:24:41:12:bf:1f:5b:04:
                    72:d1:24:e4:1c:24:f4:67:39:32:b2:bf:00:2c:d2:
                    6d:2b:bb:37:a2:88:55:c8:5e:e6:6b:67:34:65:87:
                    c6:e9:84:09:b0:d1:8e:fc:b3:4f:42:82:24:72:52:
                    61:d3:12:e1:57:3a:13:a9:2b:25:e1:d3:5f:53:02:
                    eb:a0:cc:bb:07:c1:53:d7:34:fb:74:6a:fa:28:2c:
                    1c:7d:30:1b:d2:1e:d1:31:c5:4c:c2:64:8b:85:8e:
                    5c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:90:A1:9D:93:7C:16:1D:94:7D:09:28:97:AA:65:95:26:BC:BE:58
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/o5ChnZN8Fh2UfQkol6pllSa8vlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:59:a7:e5:ec:e0:3c:ba:e3:0e:b4:ea:c3:71:f0:e0:45:e5:
         7d:fd:d9:ca:28:f6:0b:8a:0b:68:08:83:c7:79:2f:37:f1:34:
         1b:71:8d:86:83:13:9f:90:3a:a8:17:60:bc:b8:4f:94:8e:7a:
         90:03:8e:51:82:85:db:25:ab:57:cd:1c:fb:ae:b8:22:f4:98:
         43:73:c8:43:81:52:60:38:dc:b0:7c:a2:d4:c1:96:b2:e0:93:
         0f:1e:d0:d1:bd:c1:34:8a:0f:38:2a:35:f2:db:43:2b:c4:a9:
         3b:4a:2a:cf:55:0b:89:b5:82:83:61:df:e2:49:14:15:20:da:
         84:ef:38:1d:54:f8:9e:a8:53:7f:28:dd:3f:38:97:73:98:23:
         cf:71:67:16:93:9a:11:6e:ab:3b:8e:18:0f:77:97:cf:c7:2f:
         bf:49:03:54:06:d7:ed:9a:59:39:52:e2:8f:57:08:76:dc:73:
         3b:cb:42:9b:b9:36:28:78:42:5a:b1:56:f4:58:d6:28:db:70:
         cf:08:f7:2d:29:ba:af:a7:a2:df:39:ab:49:a0:41:1a:8d:31:
         26:d4:45:a5:74:94:2c:de:17:77:6c:0f:ee:a9:66:d8:c9:33:
         05:ee:14:dd:39:4e:cc:2e:e2:2d:dd:ab:2b:7e:68:d4:1d:96:
         58:17:2d:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVii28MiiIo/Ez9qk7wwrQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwMzA0MTkwNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzkwYTE5ZDkzN2MxNjFkOTQ3ZDA5Mjg5N2FhNjU5NTI2YmNiZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtpbV92/0L037fmrGfB8mEYjF33+
Vrh3dSAGv9VkCTjFTMhVcXhtgqA0iIBEY4a+TivqBW2xH/a0rfCaoamZVv2UiRji
ee23YcCmTPvJY/JI6q2MWhh6sRQSKjDjuiy4HS9BF2i2kI1RjHk0IawxUBw40VZr
79hZeaQOsALToWBJCHQDjj+pDvcAdn+Zwr8NIYv6HP7KoKSybAzcaSRBEr8fWwRy
0STkHCT0Zzkysr8ALNJtK7s3oohVyF7ma2c0ZYfG6YQJsNGO/LNPQoIkclJh0xLh
VzoTqSsl4dNfUwLroMy7B8FT1zT7dGr6KCwcfTAb0h7RMcVMwmSLhY5c/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOQoZ2TfBYdlH0JKJeqZZUmvL5YMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvbzVDaG5aTjhGaDJVZlFrb2w2cGxsU2E4dmxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJjMA0G
CSqGSIb3DQEBCwUAA4IBAQCeWafl7OA8uuMOtOrDcfDgReV9/dnKKPYLigtoCIPH
eS838TQbcY2GgxOfkDqoF2C8uE+UjnqQA45RgoXbJatXzRz7rrgi9JhDc8hDgVJg
ONywfKLUwZay4JMPHtDRvcE0ig84KjXy20MrxKk7SirPVQuJtYKDYd/iSRQVINqE
7zgdVPieqFN/KN0/OJdzmCPPcWcWk5oRbqs7jhgPd5fPxy+/SQNUBtftmlk5UuKP
Vwh23HM7y0KbuTYoeEJasVb0WNYo23DPCPctKbqvp6LfOatJoEEajTEm1EWldJQs
3hd3bA/uqWbYyTMF7hTdOU7MLuIt3asrfmjUHZZYFy1F
-----END CERTIFICATE-----