Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/fCleNlHbxsVeZ3a7P97pQRFlLZI.roa
File:                     fCleNlHbxsVeZ3a7P97pQRFlLZI.roa (raw, json)
Hash identifier:          K6pa8uD3+UnxthRe3sa6TzSI5KyrtrPrEufxbM2IShA=
Subject key identifier:   7C:29:5E:36:51:DB:C6:C5:5E:67:76:BB:3F:DE:E9:41:11:65:2D:92
Certificate issuer:       /CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
Certificate serial:       0196472860040210EE608AB162C0CD0BAAAD
Authority key identifier: 4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/fCleNlHbxsVeZ3a7P97pQRFlLZI.roa
Signing time:             Fri 18 Apr 2025 04:29:10 +0000
ROA not before:           Fri 18 Apr 2025 04:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198292
IP address blocks:        5.133.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:47:28:60:04:02:10:ee:60:8a:b1:62:c0:cd:0b:aa:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
        Validity
            Not Before: Apr 18 04:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c295e3651dbc6c55e6776bb3fdee94111652d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:36:2b:59:bb:e1:1f:21:3b:c1:62:1c:04:5d:
                    e0:ba:27:ef:7d:4f:8a:a4:fc:eb:db:dc:81:eb:13:
                    36:64:09:29:ac:39:8f:f1:6b:5d:ae:83:10:61:b7:
                    82:24:37:ad:64:12:f2:ad:0f:c5:db:09:f3:07:57:
                    3f:42:2c:85:62:ce:96:66:e2:c5:71:bd:07:7b:f7:
                    d7:45:35:0c:fe:8e:a3:ad:82:5c:14:cc:06:45:5f:
                    f2:a7:07:8b:b5:2e:91:94:8b:00:28:dc:c8:81:dc:
                    8b:48:74:9d:f6:0f:ef:cb:56:59:4c:12:b2:c7:6e:
                    b7:bf:92:cc:86:eb:bd:67:0e:ab:bf:b4:3e:16:8e:
                    a0:2c:4f:4c:aa:a8:33:4c:07:4b:d8:37:a8:92:1b:
                    b8:7d:db:e8:d0:79:b5:18:fc:9d:3c:d8:5a:40:29:
                    d6:d2:18:ac:ad:85:26:40:e4:a9:b6:81:f2:a2:97:
                    b9:9e:00:27:b3:c4:48:0a:19:8f:b6:17:b9:d2:fb:
                    ff:63:10:23:0c:77:7a:d9:88:a7:37:5c:85:f8:a2:
                    73:7c:bd:de:49:12:cf:22:26:1b:d8:97:cb:4c:8c:
                    65:c6:91:66:05:0b:2c:4c:13:1c:3b:cd:2b:d2:69:
                    14:ae:98:0b:1c:da:65:cc:07:b1:95:99:77:01:3f:
                    c3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:29:5E:36:51:DB:C6:C5:5E:67:76:BB:3F:DE:E9:41:11:65:2D:92
            X509v3 Authority Key Identifier:
                keyid:4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/fCleNlHbxsVeZ3a7P97pQRFlLZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:9d:ec:24:13:bd:6a:49:09:c5:87:53:93:d4:2d:d7:7d:62:
         20:9d:26:8e:56:67:b5:f3:ca:e1:a1:ac:00:ce:5f:0f:2e:63:
         bb:38:d8:07:44:b8:d6:a9:37:34:e2:bf:ab:52:4b:e6:95:9e:
         c1:69:20:40:9c:17:2a:1e:63:3b:4f:2b:c1:49:8f:cf:ca:8b:
         d2:8a:61:37:1f:b6:47:d0:2f:45:0e:ac:57:81:15:d1:a0:f3:
         b4:19:5c:6b:6c:07:bb:fb:7f:67:3c:c0:d7:0f:a2:04:cb:69:
         d3:db:b5:68:bb:46:f5:f1:91:f5:60:cf:1d:3e:2a:91:00:45:
         dc:99:89:78:67:4a:6d:f6:ab:28:02:16:0a:24:48:3e:35:5a:
         f1:a7:6d:1a:0f:db:1e:b8:8c:61:d9:39:6f:fc:2b:2b:1b:a5:
         c6:18:3d:61:7a:9d:ab:aa:f3:cc:22:c4:ff:ba:ab:94:53:4c:
         de:71:22:e2:ce:d4:cc:60:3f:a0:7e:d1:dd:4c:40:fa:2a:73:
         e2:58:f2:22:bf:12:3b:8f:f7:f5:1d:90:7f:ab:55:39:5b:14:
         73:bd:8b:8f:62:a3:af:2c:73:00:41:94:96:cf:31:7d:39:a7:
         bd:58:99:01:fd:be:6b:ca:4b:cf:56:a7:8b:cf:4b:e8:8a:d3:
         26:12:14:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZHKGAEAhDuYIqxYsDNC6qtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNTE0NmJiNGUyMTk3NDRmNThjMjY4ZTllYzYyMWMxOGRk
MjI5YzMwHhcNMjUwNDE4MDQyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzI5NWUzNjUxZGJjNmM1NWU2Nzc2YmIzZmRlZTk0MTExNjUyZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTYrWbvhHyE7wWIcBF3guifvfU+K
pPzr29yB6xM2ZAkprDmP8WtdroMQYbeCJDetZBLyrQ/F2wnzB1c/QiyFYs6WZuLF
cb0He/fXRTUM/o6jrYJcFMwGRV/ypweLtS6RlIsAKNzIgdyLSHSd9g/vy1ZZTBKy
x263v5LMhuu9Zw6rv7Q+Fo6gLE9MqqgzTAdL2Deokhu4fdvo0Hm1GPydPNhaQCnW
0hisrYUmQOSptoHyope5ngAns8RIChmPthe50vv/YxAjDHd62YinN1yF+KJzfL3e
SRLPIiYb2JfLTIxlxpFmBQssTBMcO80r0mkUrpgLHNplzAexlZl3AT/D4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwpXjZR28bFXmd2uz/e6UERZS2SMB8GA1UdIwQY
MBaAFE5RRrtOIZdE9Ywmjp7GIcGN0inDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQt
YzkyMGM1MTdkNjAwLzEvZkNsZU5sSGJ4c1ZlWjNhN1A5N3BRUkZsTFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQtYzkyMGM1MTdkNjAw
LzEvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBYUwMA0G
CSqGSIb3DQEBCwUAA4IBAQBonewkE71qSQnFh1OT1C3XfWIgnSaOVme188rhoawA
zl8PLmO7ONgHRLjWqTc04r+rUkvmlZ7BaSBAnBcqHmM7TyvBSY/PyovSimE3H7ZH
0C9FDqxXgRXRoPO0GVxrbAe7+39nPMDXD6IEy2nT27Vou0b18ZH1YM8dPiqRAEXc
mYl4Z0pt9qsoAhYKJEg+NVrxp20aD9seuIxh2Tlv/CsrG6XGGD1hep2rqvPMIsT/
uquUU0zecSLiztTMYD+gftHdTED6KnPiWPIivxI7j/f1HZB/q1U5WxRzvYuPYqOv
LHMAQZSWzzF9Oae9WJkB/b5rykvPVqeLz0voitMmEhSc
-----END CERTIFICATE-----