Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nS4hNXsJ4IIvLDSBcea0gI-QyDU.roa
File:                     nS4hNXsJ4IIvLDSBcea0gI-QyDU.roa (raw, json)
Hash identifier:          85OvAqaVylk32FIrubB7ARSGhQEA5rNOfn5hJl/SDEA=
Subject key identifier:   9D:2E:21:35:7B:09:E0:82:2F:2C:34:81:71:E6:B4:80:8F:90:C8:35
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747E50F1BDFA6888D02E423A78C89D6
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nS4hNXsJ4IIvLDSBcea0gI-QyDU.roa
Signing time:             Thu 02 Jan 2025 13:50:10 +0000
ROA not before:           Thu 02 Jan 2025 13:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209181
IP address blocks:        5.182.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 09:23:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e5:0f:1b:df:a6:88:8d:02:e4:23:a7:8c:89:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d2e21357b09e0822f2c348171e6b4808f90c835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:97:10:4b:61:c2:7b:ec:20:b0:91:95:84:ec:
                    4d:cd:76:0d:db:94:f4:97:71:53:20:c6:de:96:93:
                    c9:ce:4f:ae:a8:50:fb:45:df:cb:2a:ed:9b:7a:1b:
                    2f:7f:85:11:71:8f:0c:b3:31:f7:13:ad:8d:a6:00:
                    de:29:59:8f:e5:4d:df:65:a1:2b:44:a9:fb:0c:c9:
                    4d:8f:8f:ed:65:e5:54:41:da:12:a9:92:2c:45:48:
                    46:ca:97:71:dd:7a:ae:e1:10:80:53:25:67:c8:bf:
                    11:f3:ac:4b:ff:1b:0f:e1:26:8f:2a:53:7a:39:8d:
                    ef:68:21:8e:e7:60:a6:bb:10:a5:0a:f9:c8:0b:40:
                    e0:f9:31:0f:02:dc:b4:01:9b:f5:0f:ac:97:ac:d2:
                    b3:36:c3:74:94:cb:9a:a7:d8:86:b8:50:e9:52:c9:
                    2e:49:a6:53:3e:6a:36:98:e9:a4:34:61:f6:9b:a9:
                    3e:ee:58:07:01:87:4a:48:f8:02:86:09:ae:eb:c5:
                    06:dc:29:da:c8:d4:c4:d0:4d:05:b2:b8:1e:7a:a3:
                    5a:d4:8f:af:f3:0d:8e:c5:27:47:04:90:b1:9d:44:
                    6c:89:b9:31:56:6a:8e:29:8f:40:d5:78:e2:ec:7b:
                    94:03:21:cf:c3:1b:4e:84:1d:ca:e5:a3:e3:2e:80:
                    10:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:2E:21:35:7B:09:E0:82:2F:2C:34:81:71:E6:B4:80:8F:90:C8:35
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nS4hNXsJ4IIvLDSBcea0gI-QyDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:76:c6:4d:79:2a:b0:a7:3f:56:7d:82:a7:05:ba:96:d4:3b:
         e4:a7:ee:a1:f6:c6:62:24:60:07:40:20:78:21:4d:73:c9:76:
         ca:99:f4:41:b5:92:3d:8b:95:3d:4b:35:75:dc:af:b5:74:82:
         e9:6b:4b:f8:91:e0:09:80:d4:d3:cf:20:ed:cf:60:1d:7d:7c:
         48:f7:1d:e1:61:b9:d4:21:94:de:64:39:6a:77:90:83:08:96:
         b9:00:7f:bd:e0:29:48:fd:7b:7e:10:ed:fb:a7:c7:d6:d6:72:
         28:54:16:45:98:04:1d:9f:28:71:aa:97:6c:86:0a:2b:a9:7a:
         c9:c7:d6:62:60:45:82:18:a7:21:f8:1e:18:58:c1:3b:21:82:
         5b:4b:b7:cf:72:c5:16:49:65:ed:b9:2b:be:90:ab:59:34:eb:
         13:bf:f2:0f:8d:07:eb:bd:6d:36:66:2b:e7:b2:5e:73:22:ed:
         4b:8a:c2:a2:04:e4:50:62:85:fd:1c:e2:79:20:d6:ab:70:ee:
         33:bc:fc:9f:bc:da:b6:39:14:25:bc:37:cf:bb:e3:18:40:3e:
         6c:ea:39:cb:73:39:42:7a:7b:e1:33:a1:1a:5d:61:d0:ec:e4:
         a5:e5:cb:f4:d7:74:9a:9d:61:1f:7b:14:d5:80:d2:af:7b:48:
         a3:3b:ca:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+UPG9+miI0C5COnjInWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDJlMjEzNTdiMDllMDgyMmYyYzM0ODE3MWU2YjQ4MDhmOTBjODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5cQS2HCe+wgsJGVhOxNzXYN25T0
l3FTIMbelpPJzk+uqFD7Rd/LKu2behsvf4URcY8MszH3E62NpgDeKVmP5U3fZaEr
RKn7DMlNj4/tZeVUQdoSqZIsRUhGypdx3Xqu4RCAUyVnyL8R86xL/xsP4SaPKlN6
OY3vaCGO52CmuxClCvnIC0Dg+TEPAty0AZv1D6yXrNKzNsN0lMuap9iGuFDpUsku
SaZTPmo2mOmkNGH2m6k+7lgHAYdKSPgChgmu68UG3CnayNTE0E0FsrgeeqNa1I+v
8w2OxSdHBJCxnURsibkxVmqOKY9A1Xji7HuUAyHPwxtOhB3K5aPjLoAQBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0uITV7CeCCLyw0gXHmtICPkMg1MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvblM0aE5Yc0o0SUl2TERTQmNlYTBnSS1ReURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbYxMA0G
CSqGSIb3DQEBCwUAA4IBAQA5dsZNeSqwpz9WfYKnBbqW1Dvkp+6h9sZiJGAHQCB4
IU1zyXbKmfRBtZI9i5U9SzV13K+1dILpa0v4keAJgNTTzyDtz2AdfXxI9x3hYbnU
IZTeZDlqd5CDCJa5AH+94ClI/Xt+EO37p8fW1nIoVBZFmAQdnyhxqpdshgorqXrJ
x9ZiYEWCGKch+B4YWME7IYJbS7fPcsUWSWXtuSu+kKtZNOsTv/IPjQfrvW02Zivn
sl5zIu1LisKiBORQYoX9HOJ5INarcO4zvPyfvNq2ORQlvDfPu+MYQD5s6jnLczlC
envhM6EaXWHQ7OSl5cv013SanWEfexTVgNKve0ijO8qh
-----END CERTIFICATE-----