Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/Tjod77QWp3ftnQpTVpVwqbn-cjk.roa
File:                     Tjod77QWp3ftnQpTVpVwqbn-cjk.roa (raw, json)
Hash identifier:          cfD41bZC18h7RfrEoPD7EeBXyIewaT9o07CO11wqE24=
Subject key identifier:   4E:3A:1D:EF:B4:16:A7:77:ED:9D:0A:53:56:95:70:A9:B9:FE:72:39
Certificate issuer:       /CN=137f3372df57c814aba8b51a907861d92b9e4f55
Certificate serial:       018CC5DC05588B0273D00BC1C5D5C7A73A9B
Authority key identifier: 13:7F:33:72:DF:57:C8:14:AB:A8:B5:1A:90:78:61:D9:2B:9E:4F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E38zct9XyBSrqLUakHhh2SueT1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/Tjod77QWp3ftnQpTVpVwqbn-cjk.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209459
IP address blocks:        5.253.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/E38zct9XyBSrqLUakHhh2SueT1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/E38zct9XyBSrqLUakHhh2SueT1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E38zct9XyBSrqLUakHhh2SueT1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:05:58:8b:02:73:d0:0b:c1:c5:d5:c7:a7:3a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137f3372df57c814aba8b51a907861d92b9e4f55
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e3a1defb416a777ed9d0a53569570a9b9fe7239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e5:cf:ce:56:0a:60:30:82:32:19:06:5a:20:
                    10:8e:da:fd:cc:2d:9e:12:b4:f0:78:78:d6:fe:d7:
                    92:96:28:0c:28:c9:a8:20:1f:28:5b:74:a5:b4:ad:
                    0f:63:0e:e5:ae:0f:f6:ef:e6:1f:c2:78:cf:9f:33:
                    dd:97:05:f3:1b:c3:74:5b:b5:c3:75:28:ea:fc:7e:
                    4b:d0:d3:98:40:4a:67:86:9d:87:88:e4:9f:66:8f:
                    55:7d:eb:2f:3b:da:de:66:b8:ed:16:69:b3:58:3b:
                    0b:5e:8e:5e:44:9c:30:d5:f9:4e:39:09:42:a9:03:
                    cd:5c:fe:a0:50:73:eb:65:15:28:57:bf:ae:0d:12:
                    dc:2a:f3:a3:05:cd:35:ab:3d:67:a4:60:36:c1:2b:
                    66:ad:9b:e5:d7:dd:f6:46:bb:44:03:7c:db:d4:51:
                    dc:22:fe:2e:e3:f4:80:fe:5f:5b:87:1d:c3:91:0a:
                    25:96:b6:02:f8:a7:96:69:86:b7:ba:ad:2f:a1:f5:
                    11:44:81:5b:56:ca:85:3f:a0:c2:a9:17:47:ba:62:
                    c8:9f:2d:df:ef:eb:d0:30:d1:06:7d:e9:ec:02:79:
                    88:1c:59:30:be:88:d5:f3:5c:3c:43:59:48:e1:d7:
                    1f:74:68:1a:ad:12:ae:f6:bf:53:7f:36:4a:1b:16:
                    a3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:3A:1D:EF:B4:16:A7:77:ED:9D:0A:53:56:95:70:A9:B9:FE:72:39
            X509v3 Authority Key Identifier:
                keyid:13:7F:33:72:DF:57:C8:14:AB:A8:B5:1A:90:78:61:D9:2B:9E:4F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E38zct9XyBSrqLUakHhh2SueT1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/Tjod77QWp3ftnQpTVpVwqbn-cjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/E38zct9XyBSrqLUakHhh2SueT1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:d1:10:e1:a0:49:8e:5c:1a:7f:b9:2c:59:c9:1d:81:b1:1d:
         9a:26:32:7c:23:0d:36:9d:06:68:95:eb:bd:22:cf:df:38:95:
         bf:73:80:07:5f:05:05:65:ce:d9:0f:c3:88:40:8f:15:6e:a6:
         a8:29:53:97:aa:60:23:df:63:d8:64:17:32:39:f1:25:74:eb:
         f1:02:7b:95:c5:06:20:ec:c5:ba:5e:59:f4:6b:ab:ae:76:b9:
         ff:06:93:12:37:27:f8:bf:df:11:1b:93:4b:97:ba:d4:7b:71:
         b7:cc:e7:ac:26:75:6d:48:5b:e4:61:f6:8c:97:8a:35:2f:b7:
         a0:45:53:f4:10:60:7b:68:5e:8a:b3:10:78:25:eb:a9:a2:a1:
         8f:6f:76:71:7f:de:fe:96:9c:d1:1d:de:aa:cd:39:a7:66:f1:
         7f:20:e1:67:7c:6f:0d:58:5a:24:bb:56:32:4e:97:54:32:ac:
         42:91:64:04:4e:b2:ac:96:05:84:03:0a:ac:de:98:ba:c1:7d:
         77:2b:50:24:ca:d6:de:b3:8e:4b:b7:c6:9d:ef:c0:5b:6a:33:
         41:68:3d:9b:5c:a4:0f:bd:42:f0:4d:0b:db:17:ee:c1:31:63:
         94:d4:0d:7a:4e:eb:e1:e4:aa:42:c3:43:cf:92:d0:f6:59:15:
         c5:65:41:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AVYiwJz0AvBxdXHpzqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2YzMzcyZGY1N2M4MTRhYmE4YjUxYTkwNzg2MWQ5MmI5
ZTRmNTUwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTNhMWRlZmI0MTZhNzc3ZWQ5ZDBhNTM1Njk1NzBhOWI5ZmU3MjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+XPzlYKYDCCMhkGWiAQjtr9zC2e
ErTweHjW/teSligMKMmoIB8oW3SltK0PYw7lrg/27+YfwnjPnzPdlwXzG8N0W7XD
dSjq/H5L0NOYQEpnhp2HiOSfZo9VfesvO9reZrjtFmmzWDsLXo5eRJww1flOOQlC
qQPNXP6gUHPrZRUoV7+uDRLcKvOjBc01qz1npGA2wStmrZvl1932RrtEA3zb1FHc
Iv4u4/SA/l9bhx3DkQollrYC+KeWaYa3uq0vofURRIFbVsqFP6DCqRdHumLIny3f
7+vQMNEGfensAnmIHFkwvojV81w8Q1lI4dcfdGgarRKu9r9TfzZKGxajRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE46He+0Fqd37Z0KU1aVcKm5/nI5MB8GA1UdIwQY
MBaAFBN/M3LfV8gUq6i1GpB4Ydkrnk9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM4emN0OVh5QlNycUxVYWtIaGgyU3VlVDFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy84YjE0MWItNDk0ZS00NjZiLWEyMmMt
YTIyNGZlZmFjMjE4LzEvVGpvZDc3UVdwM2Z0blFwVFZwVndxYm4tY2prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy84YjE0MWItNDk0ZS00NjZiLWEyMmMtYTIyNGZlZmFjMjE4
LzEvRTM4emN0OVh5QlNycUxVYWtIaGgyU3VlVDFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf0YMA0G
CSqGSIb3DQEBCwUAA4IBAQAA0RDhoEmOXBp/uSxZyR2BsR2aJjJ8Iw02nQZoleu9
Is/fOJW/c4AHXwUFZc7ZD8OIQI8VbqaoKVOXqmAj32PYZBcyOfEldOvxAnuVxQYg
7MW6Xln0a6uudrn/BpMSNyf4v98RG5NLl7rUe3G3zOesJnVtSFvkYfaMl4o1L7eg
RVP0EGB7aF6KsxB4JeupoqGPb3Zxf97+lpzRHd6qzTmnZvF/IOFnfG8NWFoku1Yy
TpdUMqxCkWQETrKslgWEAwqs3pi6wX13K1Akytbes45Lt8ad78BbajNBaD2bXKQP
vULwTQvbF+7BMWOU1A16Tuvh5KpCw0PPktD2WRXFZUGV
-----END CERTIFICATE-----