Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/cWOCTkayGGu8YHr71R0hqhMVwbk.roa
File:                     cWOCTkayGGu8YHr71R0hqhMVwbk.roa (raw, json)
Hash identifier:          K9YakXhqxzOpTSDT7quD+4E+xcF+tKizNecEFiYVxqQ=
Subject key identifier:   71:63:82:4E:46:B2:18:6B:BC:60:7A:FB:D5:1D:21:AA:13:15:C1:B9
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0196AFCF7369E19C5C065A82D07369E7AA21
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/cWOCTkayGGu8YHr71R0hqhMVwbk.roa
Signing time:             Thu 08 May 2025 12:12:10 +0000
ROA not before:           Thu 08 May 2025 12:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        5.181.84.0/24 maxlen: 24
                          5.181.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:cf:73:69:e1:9c:5c:06:5a:82:d0:73:69:e7:aa:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: May  8 12:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7163824e46b2186bbc607afbd51d21aa1315c1b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7b:8b:f0:05:04:30:ca:9f:46:e7:ad:46:0b:
                    e9:11:84:40:d6:e7:3e:6b:52:73:08:4c:b1:9f:7f:
                    ac:e2:10:f0:78:8c:1d:08:59:78:ac:f1:df:b9:86:
                    e3:ba:90:4b:6a:b8:be:8f:f0:7e:77:71:50:46:2a:
                    33:43:ca:32:89:42:5c:4b:7c:60:a9:9c:d4:bb:0d:
                    22:91:c6:68:47:84:07:58:d5:d0:5a:a9:8c:e7:ae:
                    18:51:48:b2:2d:3c:6a:11:b9:4a:7e:c7:6a:05:61:
                    62:39:0c:39:20:f0:c1:55:3b:84:bc:0b:03:5e:ec:
                    80:97:10:37:b4:d6:e8:14:c3:ef:43:ea:0b:a6:15:
                    44:47:fa:37:ae:1e:f5:63:ca:ec:dd:e9:5d:f8:d9:
                    dd:ac:a9:0d:6e:7d:0c:88:00:86:54:42:7a:5c:3d:
                    9c:d0:ec:d4:f1:f6:2e:89:f3:43:3f:1e:ef:47:16:
                    b2:d0:b6:05:50:72:d0:b1:49:4b:3c:d5:09:c5:10:
                    c9:ea:c2:ac:15:14:d9:68:0b:ed:dc:dc:2f:a1:8f:
                    68:20:a9:6f:84:19:e2:2b:30:07:16:ee:72:82:b7:
                    47:0c:d8:2e:b6:28:42:7f:db:ce:8e:36:6f:5c:8e:
                    0f:9b:1e:9d:f0:29:3f:ff:ed:d4:68:bd:07:3b:33:
                    d4:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:63:82:4E:46:B2:18:6B:BC:60:7A:FB:D5:1D:21:AA:13:15:C1:B9
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/cWOCTkayGGu8YHr71R0hqhMVwbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:14:30:fd:d1:86:37:d2:48:42:7d:12:78:be:63:2e:a1:a3:
         3c:6d:dc:21:25:04:af:dc:a0:70:6d:6c:07:96:28:4e:8f:1a:
         76:9c:c5:0a:fc:fb:d1:df:98:0b:92:0c:f4:50:cb:e3:2e:53:
         e4:7d:9d:e6:4f:6e:98:eb:f0:4b:f4:e5:16:fa:84:f0:2e:96:
         a2:71:67:4d:e4:45:77:97:5a:7f:af:ce:6c:57:58:7d:db:77:
         a1:f4:c7:7a:51:88:67:a8:4d:c6:0e:ab:fc:fb:88:2a:40:f1:
         fc:67:47:73:ed:8e:20:8e:9b:48:45:f5:c1:4a:c7:2b:ee:b6:
         89:c8:f0:dc:99:8b:5e:51:41:9e:f3:a2:de:7a:f9:1c:db:d8:
         4f:a0:f5:9d:90:8d:43:b5:c9:ec:ed:25:f2:a8:1f:42:85:d2:
         e9:3c:07:81:ad:70:0d:44:5a:7e:dd:c6:40:ec:58:68:86:23:
         4f:17:bf:f9:7d:1e:b1:e1:9e:12:2e:b6:9d:2f:3e:6c:5a:95:
         10:dd:0f:93:e1:27:9b:c2:bd:d7:11:33:f0:ab:7d:96:52:fb:
         ba:67:e4:54:ad:9e:50:e6:41:fa:d4:cd:86:99:c2:3f:d3:c9:
         2c:6e:1f:2a:99:7d:aa:da:05:da:8f:3c:9c:81:83:99:04:5d:
         b2:75:4d:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZavz3Np4ZxcBlqC0HNp56ohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNTA4MTIxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTYzODI0ZTQ2YjIxODZiYmM2MDdhZmJkNTFkMjFhYTEzMTVjMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXuL8AUEMMqfRuetRgvpEYRA1uc+
a1JzCEyxn3+s4hDweIwdCFl4rPHfuYbjupBLari+j/B+d3FQRiozQ8oyiUJcS3xg
qZzUuw0ikcZoR4QHWNXQWqmM564YUUiyLTxqEblKfsdqBWFiOQw5IPDBVTuEvAsD
XuyAlxA3tNboFMPvQ+oLphVER/o3rh71Y8rs3eld+NndrKkNbn0MiACGVEJ6XD2c
0OzU8fYuifNDPx7vRxay0LYFUHLQsUlLPNUJxRDJ6sKsFRTZaAvt3NwvoY9oIKlv
hBniKzAHFu5ygrdHDNgutihCf9vOjjZvXI4Pmx6d8Ck//+3UaL0HOzPUPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFjgk5GshhrvGB6+9UdIaoTFcG5MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvY1dPQ1RrYXlHR3U4WUhyNzFSMGhxaE1Wd2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbVUMA0G
CSqGSIb3DQEBCwUAA4IBAQACFDD90YY30khCfRJ4vmMuoaM8bdwhJQSv3KBwbWwH
lihOjxp2nMUK/PvR35gLkgz0UMvjLlPkfZ3mT26Y6/BL9OUW+oTwLpaicWdN5EV3
l1p/r85sV1h923eh9Md6UYhnqE3GDqv8+4gqQPH8Z0dz7Y4gjptIRfXBSscr7raJ
yPDcmYteUUGe86Leevkc29hPoPWdkI1Dtcns7SXyqB9ChdLpPAeBrXANRFp+3cZA
7FhohiNPF7/5fR6x4Z4SLradLz5sWpUQ3Q+T4Sebwr3XETPwq32WUvu6Z+RUrZ5Q
5kH61M2GmcI/08ksbh8qmX2q2gXajzycgYOZBF2ydU1A
-----END CERTIFICATE-----