Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/6qws1oIYRnmCbbLW4oXMZ9Sh55Y.roa
File:                     6qws1oIYRnmCbbLW4oXMZ9Sh55Y.roa (raw, json)
Hash identifier:          rQhgfyuE2jR1xNS5NfetOV6OM2nKob80X9fkbiusaHk=
Subject key identifier:   EA:AC:2C:D6:82:18:46:79:82:6D:B2:D6:E2:85:CC:67:D4:A1:E7:96
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019497C6A976C2A23B276DCB2339C150CB22
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/6qws1oIYRnmCbbLW4oXMZ9Sh55Y.roa
Signing time:             Fri 24 Jan 2025 10:06:06 +0000
ROA not before:           Fri 24 Jan 2025 10:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41720
IP address blocks:        5.182.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:97:c6:a9:76:c2:a2:3b:27:6d:cb:23:39:c1:50:cb:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan 24 10:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eaac2cd682184679826db2d6e285cc67d4a1e796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2c:c1:d1:6f:8c:51:12:3d:c3:e0:65:09:1e:
                    7c:40:01:63:fc:ec:a4:48:af:5d:f8:6f:b7:a7:36:
                    31:71:49:92:07:f5:17:88:11:9a:87:66:94:5c:97:
                    81:e5:69:ec:df:f1:87:fa:75:7a:9e:e3:35:7b:9a:
                    ec:ea:d8:f2:fc:08:99:1b:4c:e3:ef:6b:8e:eb:8f:
                    87:fe:69:5d:1f:4b:df:10:80:30:5d:14:82:17:3e:
                    53:53:43:1c:93:88:20:d1:22:b0:b3:f1:90:4b:8a:
                    a9:5f:23:16:69:e5:9f:a6:fe:55:f0:16:eb:59:1b:
                    72:93:8a:de:c8:25:f4:31:50:2a:bb:0e:ac:b6:83:
                    e5:6e:d2:50:25:49:47:a8:5a:05:aa:8b:86:c3:8c:
                    0a:33:88:1c:d0:df:0f:ef:cc:b4:f0:2d:02:16:03:
                    64:8b:fe:13:ad:45:02:8a:41:f1:75:77:5b:d2:f1:
                    c3:22:d8:c8:23:e0:93:ee:a0:aa:2c:0d:53:1d:65:
                    64:c9:12:67:51:78:c1:76:02:b6:89:4b:b6:76:23:
                    d2:8f:b4:47:97:71:fc:16:59:79:eb:4e:ee:51:c8:
                    5c:7c:1f:98:6e:2f:03:a1:e1:ea:64:fc:c3:ac:df:
                    54:7d:39:b0:19:51:dc:cb:9a:82:1c:ed:26:bb:a9:
                    05:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:AC:2C:D6:82:18:46:79:82:6D:B2:D6:E2:85:CC:67:D4:A1:E7:96
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/6qws1oIYRnmCbbLW4oXMZ9Sh55Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:1b:33:9e:06:ae:2f:4f:6d:4f:d6:f4:23:1c:0b:97:5a:ff:
         ed:82:9d:a0:e9:00:b3:c6:f4:ce:03:ad:9d:86:ce:c9:d3:be:
         f6:26:3a:09:33:b3:41:d5:58:6a:47:ea:34:aa:e8:5e:3d:96:
         9a:64:21:0d:ad:37:02:cd:d0:9b:f8:1e:f4:00:7a:01:2b:4a:
         25:f0:e8:f1:89:dd:cf:f2:93:85:a0:af:15:62:df:85:a5:b5:
         11:e9:7a:83:0f:88:c9:7b:cb:91:d7:7d:ad:66:fa:c0:23:23:
         e7:c6:a7:da:33:bf:30:0f:8a:ef:71:25:35:ef:24:ed:b7:06:
         61:31:07:a7:3c:80:c5:18:19:df:80:84:2b:44:79:a4:dd:92:
         7d:7f:06:20:ab:d9:81:c3:41:6e:4c:98:14:01:f0:07:18:de:
         3b:c3:8f:44:85:fe:b3:b7:6d:08:8f:d7:76:64:54:00:65:ee:
         f0:86:e7:4e:8f:13:b5:13:10:85:72:77:79:8b:71:d2:9a:53:
         a9:fb:78:d2:1c:c4:7d:68:84:82:2e:d7:de:bf:a2:26:bc:ce:
         87:eb:ef:3c:0c:2b:85:b6:74:a3:42:3d:64:43:f3:00:90:9f:
         01:40:c6:af:f1:89:11:cb:a1:d1:62:08:36:49:39:3e:41:52:
         a1:ff:75:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSXxql2wqI7J23LIznBUMsiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTI0MTAwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWFjMmNkNjgyMTg0Njc5ODI2ZGIyZDZlMjg1Y2M2N2Q0YTFlNzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCzB0W+MURI9w+BlCR58QAFj/Oyk
SK9d+G+3pzYxcUmSB/UXiBGah2aUXJeB5Wns3/GH+nV6nuM1e5rs6tjy/AiZG0zj
72uO64+H/mldH0vfEIAwXRSCFz5TU0Mck4gg0SKws/GQS4qpXyMWaeWfpv5V8Bbr
WRtyk4reyCX0MVAquw6stoPlbtJQJUlHqFoFqouGw4wKM4gc0N8P78y08C0CFgNk
i/4TrUUCikHxdXdb0vHDItjII+CT7qCqLA1THWVkyRJnUXjBdgK2iUu2diPSj7RH
l3H8Fll5607uUchcfB+Ybi8DoeHqZPzDrN9UfTmwGVHcy5qCHO0mu6kF4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOqsLNaCGEZ5gm2y1uKFzGfUoeeWMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvNnF3czFvSVlSbm1DYmJMVzRvWE1aOVNoNTVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbYwMA0G
CSqGSIb3DQEBCwUAA4IBAQByGzOeBq4vT21P1vQjHAuXWv/tgp2g6QCzxvTOA62d
hs7J0772JjoJM7NB1VhqR+o0quhePZaaZCENrTcCzdCb+B70AHoBK0ol8Ojxid3P
8pOFoK8VYt+FpbUR6XqDD4jJe8uR132tZvrAIyPnxqfaM78wD4rvcSU17yTttwZh
MQenPIDFGBnfgIQrRHmk3ZJ9fwYgq9mBw0FuTJgUAfAHGN47w49Ehf6zt20Ij9d2
ZFQAZe7whudOjxO1ExCFcnd5i3HSmlOp+3jSHMR9aISCLtfev6ImvM6H6+88DCuF
tnSjQj1kQ/MAkJ8BQMav8YkRy6HRYgg2STk+QVKh/3VW
-----END CERTIFICATE-----