Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/T5d4oh-duAj8pIRSern8Q-fC3rc.roa
File:                     T5d4oh-duAj8pIRSern8Q-fC3rc.roa (raw, json)
Hash identifier:          PVUHxgMs0WjgvbfBb3Nsct5pJF5o+AA2cHtHHvFPjS0=
Subject key identifier:   4F:97:78:A2:1F:9D:B8:08:FC:A4:84:52:7A:B9:FC:43:E7:C2:DE:B7
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0195194B571EFF9598093371113B7C02A430
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/T5d4oh-duAj8pIRSern8Q-fC3rc.roa
Signing time:             Tue 18 Feb 2025 13:42:02 +0000
ROA not before:           Tue 18 Feb 2025 13:42:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26832
IP address blocks:        5.175.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:19:4b:57:1e:ff:95:98:09:33:71:11:3b:7c:02:a4:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb 18 13:42:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f9778a21f9db808fca484527ab9fc43e7c2deb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:5e:e3:c6:9f:df:51:09:98:c2:44:9b:1d:52:
                    23:28:8e:be:d7:0a:26:d6:ec:cb:2c:da:52:aa:4d:
                    c5:1c:8d:7c:54:be:9c:a9:eb:68:28:b0:66:87:06:
                    ed:e1:8d:ee:70:c0:6b:51:ae:2d:3a:a3:a8:c4:49:
                    64:82:e9:55:23:d9:af:bd:be:47:e4:87:71:b7:9c:
                    6d:c1:3b:4f:06:03:d1:3e:9d:66:aa:2d:02:0d:d1:
                    6d:e4:94:a0:e9:39:d5:9d:bc:2b:21:b1:b8:37:c7:
                    3e:b8:a2:81:c6:29:31:84:aa:54:19:e2:32:e6:53:
                    05:86:e0:d0:02:ba:bb:c9:00:93:e6:c1:e4:4d:cf:
                    ac:41:15:f0:c1:33:e9:97:63:13:e8:23:76:46:11:
                    4f:e6:b8:cd:64:3f:10:de:ff:f8:75:50:e1:a1:bd:
                    8f:b8:f3:ba:b5:87:25:a9:69:95:06:19:67:45:45:
                    56:72:97:bd:ea:ca:c6:85:76:b2:b4:54:14:58:81:
                    0a:a3:48:d1:3c:c3:fc:83:11:2d:d7:02:9a:8c:4d:
                    e9:45:4a:a4:c9:c4:f3:14:b5:a6:0b:66:67:79:68:
                    7f:d9:09:a2:59:cd:f6:d1:c0:20:85:2c:91:23:6f:
                    32:b1:9b:32:69:71:c8:5a:2a:4c:f3:98:0a:bd:c6:
                    09:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:97:78:A2:1F:9D:B8:08:FC:A4:84:52:7A:B9:FC:43:E7:C2:DE:B7
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/T5d4oh-duAj8pIRSern8Q-fC3rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:0c:b7:5d:58:14:d1:62:95:54:32:39:b8:41:ee:f4:b5:7a:
         83:b6:7a:43:fb:10:fd:ee:79:f5:0f:23:8c:38:fd:2d:09:c5:
         33:a5:62:e5:df:c7:8b:e8:e1:34:c6:82:b7:3f:0b:a9:67:c7:
         ce:8d:35:62:5d:a9:d4:09:45:f5:c5:b8:83:28:a9:c9:3c:f9:
         69:0a:e8:00:d4:ac:6d:5a:14:be:19:0c:82:70:24:14:c2:d7:
         56:f2:40:bd:12:0a:4c:5b:1a:06:ff:93:ed:1b:48:39:86:2a:
         d6:58:98:0a:8a:dc:5b:79:f0:5c:3c:67:48:d8:ad:33:83:96:
         c9:d3:34:72:f0:0b:d3:15:6e:d4:2d:1b:00:5f:c4:0e:aa:c4:
         e9:19:6e:df:88:9d:0c:86:26:9e:e1:1f:09:77:63:9f:82:53:
         1d:da:1a:b1:d5:12:de:b3:37:95:8a:1f:f3:6f:6a:09:66:9b:
         4c:58:4b:26:4a:77:5e:ed:e1:5c:74:39:22:ed:a2:19:9e:23:
         0e:ef:f0:b4:33:7e:32:e4:84:e8:d0:b4:5a:5d:66:4d:69:19:
         93:18:35:58:36:04:13:c5:45:11:94:a3:2b:38:c1:51:24:0a:
         13:c1:76:87:90:dc:79:b9:d3:61:d3:63:67:ec:35:c5:bc:e5:
         ec:d0:d4:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUZS1ce/5WYCTNxETt8AqQwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMjE4MTM0MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjk3NzhhMjFmOWRiODA4ZmNhNDg0NTI3YWI5ZmM0M2U3YzJkZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7l7jxp/fUQmYwkSbHVIjKI6+1wom
1uzLLNpSqk3FHI18VL6cqetoKLBmhwbt4Y3ucMBrUa4tOqOoxElkgulVI9mvvb5H
5Idxt5xtwTtPBgPRPp1mqi0CDdFt5JSg6TnVnbwrIbG4N8c+uKKBxikxhKpUGeIy
5lMFhuDQArq7yQCT5sHkTc+sQRXwwTPpl2MT6CN2RhFP5rjNZD8Q3v/4dVDhob2P
uPO6tYclqWmVBhlnRUVWcpe96srGhXaytFQUWIEKo0jRPMP8gxEt1wKajE3pRUqk
ycTzFLWmC2ZneWh/2QmiWc320cAghSyRI28ysZsyaXHIWipM85gKvcYJ4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+XeKIfnbgI/KSEUnq5/EPnwt63MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVDVkNG9oLWR1QWo4cElSU2VybjhRLWZDM3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/4MA0G
CSqGSIb3DQEBCwUAA4IBAQCTDLddWBTRYpVUMjm4Qe70tXqDtnpD+xD97nn1DyOM
OP0tCcUzpWLl38eL6OE0xoK3PwupZ8fOjTViXanUCUX1xbiDKKnJPPlpCugA1Kxt
WhS+GQyCcCQUwtdW8kC9EgpMWxoG/5PtG0g5hirWWJgKitxbefBcPGdI2K0zg5bJ
0zRy8AvTFW7ULRsAX8QOqsTpGW7fiJ0Mhiae4R8Jd2OfglMd2hqx1RLeszeVih/z
b2oJZptMWEsmSnde7eFcdDki7aIZniMO7/C0M34y5ITo0LRaXWZNaRmTGDVYNgQT
xUURlKMrOMFRJAoTwXaHkNx5udNh02Nn7DXFvOXs0NS1
-----END CERTIFICATE-----