Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/UZEvZkitdRsk1WnrUsg0VBCN7oM.roa
File:                     UZEvZkitdRsk1WnrUsg0VBCN7oM.roa (raw, json)
Hash identifier:          QqPjaSiMFtjIi1Se/GAalY2DdwpJWmVOl4mn9SXxEF4=
Subject key identifier:   51:91:2F:66:48:AD:75:1B:24:D5:69:EB:52:C8:34:54:10:8D:EE:83
Certificate issuer:       /CN=c933481d3fa48710dcb973fdcd29340dedb6229a
Certificate serial:       018CC50141938F3F36A763671FC0CEB41D44
Authority key identifier: C9:33:48:1D:3F:A4:87:10:DC:B9:73:FD:CD:29:34:0D:ED:B6:22:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yTNIHT-khxDcuXP9zSk0De22Ipo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/UZEvZkitdRsk1WnrUsg0VBCN7oM.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36352
IP address blocks:        5.226.171.0/24 maxlen: 24
                          5.226.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/yTNIHT-khxDcuXP9zSk0De22Ipo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/yTNIHT-khxDcuXP9zSk0De22Ipo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yTNIHT-khxDcuXP9zSk0De22Ipo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:41:93:8f:3f:36:a7:63:67:1f:c0:ce:b4:1d:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c933481d3fa48710dcb973fdcd29340dedb6229a
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51912f6648ad751b24d569eb52c83454108dee83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5f:cb:29:d7:14:45:62:c7:94:b7:9e:03:48:
                    c3:cf:fe:f3:87:e9:fe:a6:29:d1:0a:fb:1d:70:70:
                    bf:55:17:12:a9:5a:5d:97:a9:2d:86:b0:6e:fd:b4:
                    a3:92:bb:7a:98:d3:28:68:eb:d5:c3:e2:34:f9:40:
                    b3:df:cf:dd:b9:17:d1:07:fe:6a:3d:53:a9:58:3c:
                    b8:cd:1a:e6:e3:34:ef:d0:df:be:b8:d5:0a:bf:5f:
                    71:b3:2b:9d:87:48:e2:a8:3b:0b:57:39:55:4f:a3:
                    a3:9c:fc:bf:9d:7c:9a:34:ec:0c:c3:6f:1b:e0:d7:
                    b6:9d:47:ef:17:00:b0:50:53:52:60:36:2d:ac:5d:
                    3e:fd:2e:ff:30:fe:1c:87:94:f1:b5:e1:56:3e:2e:
                    1f:57:dc:91:d3:25:82:60:9f:fc:31:ac:3a:9b:3f:
                    6f:ce:9c:b7:96:2d:3b:ed:46:9d:23:73:2f:ab:10:
                    41:8b:39:2e:66:3a:42:44:86:d0:e8:fd:3f:f3:7e:
                    ff:5b:f8:ce:14:c3:ee:da:d0:a5:40:00:b6:4d:85:
                    8d:7b:d6:e3:9d:64:ab:95:b5:31:33:b4:dc:d9:78:
                    cc:76:d1:b5:34:b7:d8:3f:4c:86:0c:11:68:53:b1:
                    29:cb:60:96:f7:aa:bd:4a:c0:32:33:a3:4e:04:eb:
                    09:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:91:2F:66:48:AD:75:1B:24:D5:69:EB:52:C8:34:54:10:8D:EE:83
            X509v3 Authority Key Identifier:
                keyid:C9:33:48:1D:3F:A4:87:10:DC:B9:73:FD:CD:29:34:0D:ED:B6:22:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yTNIHT-khxDcuXP9zSk0De22Ipo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/UZEvZkitdRsk1WnrUsg0VBCN7oM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/yTNIHT-khxDcuXP9zSk0De22Ipo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.171.0/24
                  5.226.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:9e:a1:2f:cc:fd:7c:b2:8f:e0:fe:58:71:59:4b:43:10:02:
         13:78:d6:de:a5:fa:35:e1:24:6b:ef:43:bd:98:0e:0c:56:a0:
         da:60:cb:5f:8c:7e:21:f8:38:b7:0c:01:4f:1d:92:82:5f:31:
         a7:89:35:b7:ed:3b:cf:4b:94:75:41:17:c4:b2:36:18:70:32:
         a6:ce:a5:0f:da:a8:b8:27:9f:79:5c:d8:19:ef:de:1d:5a:e3:
         8c:02:cf:56:42:40:d9:18:36:80:04:4d:96:c0:73:71:99:70:
         b1:51:35:77:ab:01:7c:09:06:75:06:7f:df:ac:9e:2e:9d:a5:
         a8:b7:60:64:4a:a5:04:bb:b7:c0:92:3c:ac:83:74:5c:e8:2e:
         8a:d2:a4:7d:3f:df:88:65:b5:e3:a7:e9:dd:81:08:32:55:3d:
         70:6d:42:6b:ca:5d:27:b6:a1:bc:4f:7f:fe:b7:dc:bf:88:0b:
         fc:f4:65:35:d2:f4:c5:2e:65:44:50:f9:fd:ef:52:d0:ec:22:
         02:12:b1:75:56:a6:3f:fa:49:8e:ff:27:3d:2d:2f:41:db:2f:
         f7:90:40:de:4e:dd:0b:4a:c9:11:f9:5c:f5:16:67:45:bd:80:
         76:14:69:50:24:7a:c9:af:88:fe:78:a4:90:a4:7a:6e:2c:00:
         0c:20:ab:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAUGTjz82p2NnH8DOtB1EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MzM0ODFkM2ZhNDg3MTBkY2I5NzNmZGNkMjkzNDBkZWRi
NjIyOWEwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTkxMmY2NjQ4YWQ3NTFiMjRkNTY5ZWI1MmM4MzQ1NDEwOGRlZTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV/LKdcURWLHlLeeA0jDz/7zh+n+
pinRCvsdcHC/VRcSqVpdl6kthrBu/bSjkrt6mNMoaOvVw+I0+UCz38/duRfRB/5q
PVOpWDy4zRrm4zTv0N++uNUKv19xsyudh0jiqDsLVzlVT6OjnPy/nXyaNOwMw28b
4Ne2nUfvFwCwUFNSYDYtrF0+/S7/MP4ch5TxteFWPi4fV9yR0yWCYJ/8Maw6mz9v
zpy3li077UadI3MvqxBBizkuZjpCRIbQ6P0/837/W/jOFMPu2tClQAC2TYWNe9bj
nWSrlbUxM7Tc2XjMdtG1NLfYP0yGDBFoU7Epy2CW96q9SsAyM6NOBOsJeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFGRL2ZIrXUbJNVp61LINFQQje6DMB8GA1UdIwQY
MBaAFMkzSB0/pIcQ3Llz/c0pNA3ttiKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVROSUhULWtoeERjdVhQOXpTazBEZTIySXBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS83MzI4MDEtNjI5NC00MTJiLTk1NWUt
ZmVmZDM3NjY2NzQxLzEvVVpFdlpraXRkUnNrMVduclVzZzBWQkNON29NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS83MzI4MDEtNjI5NC00MTJiLTk1NWUtZmVmZDM3NjY2NzQx
LzEveVROSUhULWtoeERjdVhQOXpTazBEZTIySXBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABeKrAwQA
BeKtMA0GCSqGSIb3DQEBCwUAA4IBAQBZnqEvzP18so/g/lhxWUtDEAITeNbepfo1
4SRr70O9mA4MVqDaYMtfjH4h+Di3DAFPHZKCXzGniTW37TvPS5R1QRfEsjYYcDKm
zqUP2qi4J595XNgZ794dWuOMAs9WQkDZGDaABE2WwHNxmXCxUTV3qwF8CQZ1Bn/f
rJ4unaWot2BkSqUEu7fAkjysg3Rc6C6K0qR9P9+IZbXjp+ndgQgyVT1wbUJryl0n
tqG8T3/+t9y/iAv89GU10vTFLmVEUPn971LQ7CICErF1VqY/+kmO/yc9LS9B2y/3
kEDeTt0LSskR+Vz1FmdFvYB2FGlQJHrJr4j+eKSQpHpuLAAMIKtp
-----END CERTIFICATE-----