Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/bd2d39-15e6-4640-ad08-d7b64b7cc583/1/mJVjoDKLLnA8GLJ5XT8W6jIUD2E.roa
File:                     mJVjoDKLLnA8GLJ5XT8W6jIUD2E.roa (raw, json)
Hash identifier:          e3V5GyNViPLusY+yA99VQ5VPUE2z27yhrO9VhN61FX8=
Subject key identifier:   98:95:63:A0:32:8B:2E:70:3C:18:B2:79:5D:3F:16:EA:32:14:0F:61
Certificate issuer:       /CN=b24d588df20b32db9787d77864394cd7a66d4030
Certificate serial:       018CC9BC74B5D2928E4E9B6035A9F1A52F7B
Authority key identifier: B2:4D:58:8D:F2:0B:32:DB:97:87:D7:78:64:39:4C:D7:A6:6D:40:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sk1YjfILMtuXh9d4ZDlM16ZtQDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/bd2d39-15e6-4640-ad08-d7b64b7cc583/1/mJVjoDKLLnA8GLJ5XT8W6jIUD2E.roa
Signing time:             Tue 02 Jan 2024 10:33:40 +0000
ROA not before:           Tue 02 Jan 2024 10:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61362
IP address blocks:        5.252.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/bd2d39-15e6-4640-ad08-d7b64b7cc583/1/sk1YjfILMtuXh9d4ZDlM16ZtQDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/bd2d39-15e6-4640-ad08-d7b64b7cc583/1/sk1YjfILMtuXh9d4ZDlM16ZtQDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sk1YjfILMtuXh9d4ZDlM16ZtQDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:74:b5:d2:92:8e:4e:9b:60:35:a9:f1:a5:2f:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b24d588df20b32db9787d77864394cd7a66d4030
        Validity
            Not Before: Jan  2 10:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=989563a0328b2e703c18b2795d3f16ea32140f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:6d:ec:c4:8a:90:f5:36:f9:20:21:50:74:68:
                    10:4c:15:e2:4b:45:22:e0:d7:78:85:b9:79:4c:e7:
                    b6:5b:64:68:dd:a1:d0:65:24:cd:0d:68:7b:c4:5f:
                    7f:64:53:8e:b0:c2:c4:57:74:a7:60:69:9d:33:30:
                    c7:3b:69:0b:d3:9b:2e:58:35:71:f4:e5:4f:28:8f:
                    11:1b:77:e1:15:21:d5:34:a9:a1:e9:f4:d4:28:e4:
                    6f:23:d2:29:d7:ac:5b:e0:40:49:c0:7c:cc:4a:38:
                    48:7f:97:a0:52:78:7e:93:93:74:a4:d4:b5:d3:75:
                    c0:65:2b:35:85:1f:44:27:2c:2c:15:8a:9e:be:8a:
                    ff:d8:d5:f0:c6:70:f4:e5:7b:cd:97:00:6e:42:a6:
                    cf:76:9e:5d:ca:01:49:76:b6:a1:d4:78:58:11:f6:
                    47:f3:5b:87:f4:63:82:a7:b7:b4:f1:cf:b5:2c:19:
                    b6:9e:9c:09:41:ff:9c:42:f7:e9:47:08:0b:d7:f9:
                    92:5f:ed:ba:65:42:19:ac:17:b2:8c:0d:02:73:f3:
                    72:c8:10:24:09:b2:3b:0a:78:c2:b9:27:94:61:00:
                    ab:ff:30:32:04:98:9f:0a:05:0e:55:8f:c5:9c:33:
                    77:3f:98:14:db:4a:ec:5e:1b:0f:8c:d9:89:1d:4f:
                    9a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:95:63:A0:32:8B:2E:70:3C:18:B2:79:5D:3F:16:EA:32:14:0F:61
            X509v3 Authority Key Identifier:
                keyid:B2:4D:58:8D:F2:0B:32:DB:97:87:D7:78:64:39:4C:D7:A6:6D:40:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sk1YjfILMtuXh9d4ZDlM16ZtQDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bd2d39-15e6-4640-ad08-d7b64b7cc583/1/mJVjoDKLLnA8GLJ5XT8W6jIUD2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/bd2d39-15e6-4640-ad08-d7b64b7cc583/1/sk1YjfILMtuXh9d4ZDlM16ZtQDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:df:fd:04:5a:67:72:49:fb:78:35:29:36:c0:ce:ec:5c:a2:
         f9:8e:2f:79:db:32:34:07:fa:3e:a5:9d:f9:5b:30:8c:3d:8e:
         4e:80:8b:2f:11:84:63:a5:53:8e:06:e5:7b:f9:1c:9e:c5:55:
         24:64:c4:7a:c6:bd:6a:b4:eb:5f:4f:f4:86:b6:96:ee:84:e6:
         32:5c:f0:12:1b:8e:8d:5d:cb:05:17:20:98:8f:60:01:d6:8b:
         5a:14:e4:a2:8f:9c:92:b7:a3:5e:18:18:b8:a4:24:f6:a5:69:
         ae:43:df:6c:46:b4:1c:c2:dd:7f:6a:50:6a:54:2a:cb:2c:26:
         bb:bb:cb:f9:02:ea:8f:5e:7c:4b:e2:21:53:13:dc:ce:2b:57:
         7b:00:86:a2:1f:52:82:67:2d:a9:e4:eb:2a:9b:0f:dd:e0:7b:
         d2:7e:0f:2d:5f:0f:22:8e:6f:f4:79:0d:63:69:d4:d6:90:d8:
         ea:1d:11:8d:35:8e:7f:52:74:dd:29:c4:7b:10:c9:20:3f:63:
         d6:31:72:64:8e:f5:3b:c6:03:a6:70:91:8d:39:d4:3b:62:a8:
         d0:bd:c6:68:b9:62:cd:77:d8:3f:32:b6:cb:24:fa:f0:20:f1:
         25:85:67:35:a9:24:aa:87:99:e4:15:1c:73:f2:01:fd:2a:19:
         35:52:1a:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvHS10pKOTptgNanxpS97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNGQ1ODhkZjIwYjMyZGI5Nzg3ZDc3ODY0Mzk0Y2Q3YTY2
ZDQwMzAwHhcNMjQwMTAyMTAzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODk1NjNhMDMyOGIyZTcwM2MxOGIyNzk1ZDNmMTZlYTMyMTQwZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg23sxIqQ9Tb5ICFQdGgQTBXiS0Ui
4Nd4hbl5TOe2W2Ro3aHQZSTNDWh7xF9/ZFOOsMLEV3SnYGmdMzDHO2kL05suWDVx
9OVPKI8RG3fhFSHVNKmh6fTUKORvI9Ip16xb4EBJwHzMSjhIf5egUnh+k5N0pNS1
03XAZSs1hR9EJywsFYqevor/2NXwxnD05XvNlwBuQqbPdp5dygFJdrah1HhYEfZH
81uH9GOCp7e08c+1LBm2npwJQf+cQvfpRwgL1/mSX+26ZUIZrBeyjA0Cc/NyyBAk
CbI7CnjCuSeUYQCr/zAyBJifCgUOVY/FnDN3P5gU20rsXhsPjNmJHU+aVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiVY6Ayiy5wPBiyeV0/FuoyFA9hMB8GA1UdIwQY
MBaAFLJNWI3yCzLbl4fXeGQ5TNembUAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2sxWWpmSUxNdHVYaDlkNFpEbE0xNlp0UURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iZDJkMzktMTVlNi00NjQwLWFkMDgt
ZDdiNjRiN2NjNTgzLzEvbUpWam9ES0xMbkE4R0xKNVhUOFc2aklVRDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iZDJkMzktMTVlNi00NjQwLWFkMDgtZDdiNjRiN2NjNTgz
LzEvc2sxWWpmSUxNdHVYaDlkNFpEbE0xNlp0UURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfzYMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ3/0EWmdySft4NSk2wM7sXKL5ji952zI0B/o+pZ35
WzCMPY5OgIsvEYRjpVOOBuV7+RyexVUkZMR6xr1qtOtfT/SGtpbuhOYyXPASG46N
XcsFFyCYj2AB1otaFOSij5ySt6NeGBi4pCT2pWmuQ99sRrQcwt1/alBqVCrLLCa7
u8v5AuqPXnxL4iFTE9zOK1d7AIaiH1KCZy2p5Osqmw/d4HvSfg8tXw8ijm/0eQ1j
adTWkNjqHRGNNY5/UnTdKcR7EMkgP2PWMXJkjvU7xgOmcJGNOdQ7YqjQvcZouWLN
d9g/MrbLJPrwIPElhWc1qSSqh5nkFRxz8gH9Khk1Uhqy
-----END CERTIFICATE-----