Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/tUy7VKDDVboY2Qo-sNWljYmxPOI.roa
File:                     tUy7VKDDVboY2Qo-sNWljYmxPOI.roa (raw, json)
Hash identifier:          nOufD9VcAARAPXFJN7YbCFA3vo77wDsfl0JVajaSTdE=
Subject key identifier:   B5:4C:BB:54:A0:C3:55:BA:18:D9:0A:3E:B0:D5:A5:8D:89:B1:3C:E2
Certificate issuer:       /CN=b04b1cdf506ce5e9937e77f8263ecf6ddb255b05
Certificate serial:       01942368C508E22E2352F17C12B2BC019269
Authority key identifier: B0:4B:1C:DF:50:6C:E5:E9:93:7E:77:F8:26:3E:CF:6D:DB:25:5B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sEsc31Bs5emTfnf4Jj7PbdslWwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/tUy7VKDDVboY2Qo-sNWljYmxPOI.roa
Signing time:             Wed 01 Jan 2025 19:47:36 +0000
ROA not before:           Wed 01 Jan 2025 19:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35258
IP address blocks:        5.183.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/sEsc31Bs5emTfnf4Jj7PbdslWwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/sEsc31Bs5emTfnf4Jj7PbdslWwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sEsc31Bs5emTfnf4Jj7PbdslWwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:c5:08:e2:2e:23:52:f1:7c:12:b2:bc:01:92:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b04b1cdf506ce5e9937e77f8263ecf6ddb255b05
        Validity
            Not Before: Jan  1 19:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b54cbb54a0c355ba18d90a3eb0d5a58d89b13ce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ae:fe:92:c5:93:fb:27:08:45:6a:35:23:27:
                    70:d0:b3:e7:3a:74:1c:42:c5:9a:76:04:a5:33:d7:
                    f1:df:5f:06:77:7d:c2:9a:b3:4c:81:0c:90:00:e4:
                    21:58:57:33:cb:0e:cf:07:68:18:69:0c:2b:bf:aa:
                    e6:f3:38:58:06:0f:be:1f:81:e5:cf:1e:ac:be:b7:
                    50:91:14:2e:c0:db:07:c6:2e:84:90:5a:d5:8d:75:
                    72:96:97:a4:d6:d8:4f:4a:20:6d:00:39:2e:b0:18:
                    4a:d7:b5:7a:6c:15:f7:64:c6:d3:7a:2f:ad:e0:43:
                    16:55:5e:22:df:22:3f:ee:a0:ad:d0:97:3d:a1:73:
                    0a:1b:20:2d:6a:ed:5f:26:bb:97:fe:7a:38:24:83:
                    ef:6c:d4:4a:52:4f:f8:b1:2a:96:71:98:66:4f:bb:
                    b5:a0:85:db:0a:c1:0b:0c:2b:46:07:bc:03:11:0a:
                    91:2b:98:86:a1:b9:07:54:95:cd:b1:e0:a0:99:fa:
                    8a:87:44:95:cb:b4:8e:2c:42:c4:2a:ff:e7:bd:ff:
                    bb:89:29:4a:57:cb:4e:77:70:2d:f3:e7:d8:40:57:
                    da:88:e6:8a:82:20:0d:a1:c3:3b:6f:1d:d8:6d:af:
                    d3:22:c8:97:87:89:91:9c:ca:51:8f:e5:a0:81:b5:
                    21:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:4C:BB:54:A0:C3:55:BA:18:D9:0A:3E:B0:D5:A5:8D:89:B1:3C:E2
            X509v3 Authority Key Identifier:
                keyid:B0:4B:1C:DF:50:6C:E5:E9:93:7E:77:F8:26:3E:CF:6D:DB:25:5B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sEsc31Bs5emTfnf4Jj7PbdslWwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/tUy7VKDDVboY2Qo-sNWljYmxPOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/sEsc31Bs5emTfnf4Jj7PbdslWwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:fa:f4:9f:5e:3f:cf:e1:f1:ff:f3:ad:34:28:80:c0:c5:02:
         f7:63:38:a1:9a:bb:eb:8e:12:b5:1e:23:d7:6b:8e:db:ef:8a:
         77:ad:00:3c:bb:85:ba:b8:85:cf:c5:25:27:ee:fb:11:1b:0b:
         6d:ab:33:00:5d:7f:3f:8e:1a:01:23:13:58:67:93:c6:5a:54:
         58:cb:f6:b6:70:0c:aa:8e:4a:b7:e3:c6:77:e4:7a:dd:0f:c8:
         ea:68:32:fa:56:08:9c:e8:1e:1a:e2:12:06:f4:91:30:0d:a4:
         cc:b3:38:1b:0c:c6:5c:a8:93:e9:01:cf:4b:5e:02:2b:34:f9:
         4c:46:df:f6:9c:f0:a4:68:73:27:76:74:08:7b:04:84:c7:e8:
         69:99:26:04:d4:ff:7a:02:ed:f4:56:2d:57:af:87:2d:91:ab:
         0c:a1:58:09:57:49:0b:29:38:c3:f0:12:89:00:a1:bb:3a:2d:
         4c:26:0a:bb:ed:16:2e:6f:4f:db:2e:e6:62:47:05:c5:8a:4a:
         c2:1f:53:a4:f6:4f:3b:38:5d:1e:b7:ee:ef:69:7f:ed:da:db:
         93:3d:92:44:14:f5:94:15:fb:95:e7:69:9f:ab:71:38:fe:6f:
         1a:1a:9c:30:f3:f6:92:38:fc:c3:70:9a:cf:a4:8a:07:51:d9:
         5a:90:c2:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaMUI4i4jUvF8ErK8AZJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNGIxY2RmNTA2Y2U1ZTk5MzdlNzdmODI2M2VjZjZkZGIy
NTViMDUwHhcNMjUwMTAxMTk0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTRjYmI1NGEwYzM1NWJhMThkOTBhM2ViMGQ1YTU4ZDg5YjEzY2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyK7+ksWT+ycIRWo1Iydw0LPnOnQc
QsWadgSlM9fx318Gd33CmrNMgQyQAOQhWFczyw7PB2gYaQwrv6rm8zhYBg++H4Hl
zx6svrdQkRQuwNsHxi6EkFrVjXVylpek1thPSiBtADkusBhK17V6bBX3ZMbTei+t
4EMWVV4i3yI/7qCt0Jc9oXMKGyAtau1fJruX/no4JIPvbNRKUk/4sSqWcZhmT7u1
oIXbCsELDCtGB7wDEQqRK5iGobkHVJXNseCgmfqKh0SVy7SOLELEKv/nvf+7iSlK
V8tOd3At8+fYQFfaiOaKgiANocM7bx3Yba/TIsiXh4mRnMpRj+WggbUh6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVMu1Sgw1W6GNkKPrDVpY2JsTziMB8GA1UdIwQY
MBaAFLBLHN9QbOXpk353+CY+z23bJVsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0VzYzMxQnM1ZW1UZm5mNEpqN1BiZHNsV3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi84MzliMzQtMzUyOS00MzhiLTg3ZDAt
Y2U1MDE5MjY0ODk1LzEvdFV5N1ZLRERWYm9ZMlFvLXNOV2xqWW14UE9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi84MzliMzQtMzUyOS00MzhiLTg3ZDAtY2U1MDE5MjY0ODk1
LzEvc0VzYzMxQnM1ZW1UZm5mNEpqN1BiZHNsV3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbdIMA0G
CSqGSIb3DQEBCwUAA4IBAQAN+vSfXj/P4fH/8600KIDAxQL3YzihmrvrjhK1HiPX
a47b74p3rQA8u4W6uIXPxSUn7vsRGwttqzMAXX8/jhoBIxNYZ5PGWlRYy/a2cAyq
jkq348Z35HrdD8jqaDL6Vgic6B4a4hIG9JEwDaTMszgbDMZcqJPpAc9LXgIrNPlM
Rt/2nPCkaHMndnQIewSEx+hpmSYE1P96Au30Vi1Xr4ctkasMoVgJV0kLKTjD8BKJ
AKG7Oi1MJgq77RYub0/bLuZiRwXFikrCH1Ok9k87OF0et+7vaX/t2tuTPZJEFPWU
FfuV52mfq3E4/m8aGpww8/aSOPzDcJrPpIoHUdlakMJ/
-----END CERTIFICATE-----