Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/t5aCGrZ6rcyva8zLgQdLPgJ__sI.roa
File:                     t5aCGrZ6rcyva8zLgQdLPgJ__sI.roa (raw, json)
Hash identifier:          5lR8EV/++5T9H+FsraQUyR9QdpkZc4456WAL6oOktrA=
Subject key identifier:   B7:96:82:1A:B6:7A:AD:CC:AF:6B:CC:CB:81:07:4B:3E:02:7F:FE:C2
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B59947C08E1CC604E8F5BD474DA847
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/t5aCGrZ6rcyva8zLgQdLPgJ__sI.roa
Signing time:             Thu 02 Jan 2025 15:49:59 +0000
ROA not before:           Thu 02 Jan 2025 15:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25591
IP address blocks:        5.101.208.0/22 maxlen: 22
                          5.101.212.0/22 maxlen: 22
                          91.243.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:99:47:c0:8e:1c:c6:04:e8:f5:bd:47:4d:a8:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b796821ab67aadccaf6bcccb81074b3e027ffec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:16:c8:92:29:31:dd:02:d7:6b:b3:99:eb:6e:
                    5b:83:66:4b:98:98:3d:09:65:59:fc:b1:f4:31:66:
                    f5:0d:89:58:cf:43:3e:5a:d4:f3:eb:8a:e9:64:51:
                    dd:05:c0:a6:07:27:0d:05:07:ef:d5:a9:f7:8a:41:
                    47:1c:15:29:de:d4:bb:4c:2d:20:65:c6:60:4e:fe:
                    64:52:dc:5b:63:ea:f6:b1:59:2b:a3:e2:06:11:e4:
                    8e:61:5d:03:f3:78:47:83:08:5e:e6:fd:4f:7b:ec:
                    70:d2:36:c8:48:b2:38:02:ea:a4:05:91:3f:1f:01:
                    bb:74:78:1d:50:77:ae:4a:ea:bb:f4:76:3c:7c:35:
                    5b:18:35:87:1c:a9:98:f7:b7:92:93:fa:40:2a:28:
                    ad:4d:1d:84:2c:a8:e7:6b:4b:0c:05:69:c6:c3:df:
                    88:97:35:35:6d:48:e3:76:2e:74:a4:2e:18:15:b2:
                    71:61:5e:1f:31:b1:c0:45:8b:0c:f8:1c:8b:f3:ad:
                    0d:dd:bf:f3:a6:09:1e:f0:ec:93:c3:dc:51:b6:c8:
                    21:72:dd:56:8e:5e:f6:ce:dc:ab:12:cf:8a:b6:16:
                    27:ff:f5:77:bf:b7:ac:4b:22:a8:63:55:79:25:36:
                    ad:c3:0c:e7:de:96:03:d6:dd:88:e0:a5:37:e5:1a:
                    f8:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:96:82:1A:B6:7A:AD:CC:AF:6B:CC:CB:81:07:4B:3E:02:7F:FE:C2
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/t5aCGrZ6rcyva8zLgQdLPgJ__sI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.208.0/21
                  91.243.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:47:5f:b4:95:33:38:9b:8b:3c:07:9a:7b:df:45:95:91:8a:
         85:2e:fd:fe:3f:d5:a8:46:d6:75:e5:d9:5e:13:85:92:18:e3:
         25:7d:d2:37:74:70:4c:a8:f3:28:ab:f0:40:d8:c4:15:85:0f:
         e6:c1:18:67:16:ec:4f:70:8d:97:a8:67:2f:f9:e0:c9:47:5c:
         73:7a:5c:11:03:47:6c:2b:59:a9:98:61:30:7f:66:9e:03:96:
         ae:08:bd:7a:16:7c:d9:7c:68:7b:b4:db:0a:06:1b:7e:bf:16:
         0c:5a:e4:ae:e2:c0:e8:43:df:1d:9f:a8:0d:e3:e3:a3:25:b5:
         f0:ac:a6:be:d5:3c:61:a7:e6:0b:fe:1e:84:ea:8b:8d:af:26:
         52:6d:c0:59:04:a4:4c:01:45:f8:32:89:fc:02:9f:4d:29:07:
         b5:0a:dd:d8:b3:5a:6d:10:5b:bc:77:cb:f7:0e:2b:61:51:92:
         ad:9f:96:b1:0d:d5:7b:e5:c5:e4:a0:89:ae:ee:59:9d:dc:40:
         5b:8b:1e:4d:39:47:4b:43:d7:9c:e8:76:82:1c:59:dc:61:4a:
         9c:85:c4:ae:c3:27:e7:5d:45:c1:5d:5f:f1:fa:39:23:0c:a9:
         93:44:63:0f:ee:ab:2b:31:65:3c:6f:4b:e0:ff:7b:7a:33:c4:
         12:3b:05:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntZlHwI4cxgTo9b1HTahHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzk2ODIxYWI2N2FhZGNjYWY2YmNjY2I4MTA3NGIzZTAyN2ZmZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRbIkikx3QLXa7OZ625bg2ZLmJg9
CWVZ/LH0MWb1DYlYz0M+WtTz64rpZFHdBcCmBycNBQfv1an3ikFHHBUp3tS7TC0g
ZcZgTv5kUtxbY+r2sVkro+IGEeSOYV0D83hHgwhe5v1Pe+xw0jbISLI4AuqkBZE/
HwG7dHgdUHeuSuq79HY8fDVbGDWHHKmY97eSk/pAKiitTR2ELKjna0sMBWnGw9+I
lzU1bUjjdi50pC4YFbJxYV4fMbHARYsM+ByL860N3b/zpgke8OyTw9xRtsghct1W
jl72ztyrEs+KthYn//V3v7esSyKoY1V5JTatwwzn3pYD1t2I4KU35Rr4/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLeWghq2eq3Mr2vMy4EHSz4Cf/7CMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdDVhQ0dyWjZyY3l2YTh6TGdRZExQZ0pfX3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBWXQAwQC
W/MkMA0GCSqGSIb3DQEBCwUAA4IBAQDBR1+0lTM4m4s8B5p730WVkYqFLv3+P9Wo
RtZ15dleE4WSGOMlfdI3dHBMqPMoq/BA2MQVhQ/mwRhnFuxPcI2XqGcv+eDJR1xz
elwRA0dsK1mpmGEwf2aeA5auCL16FnzZfGh7tNsKBht+vxYMWuSu4sDoQ98dn6gN
4+OjJbXwrKa+1Txhp+YL/h6E6ouNryZSbcBZBKRMAUX4Mon8Ap9NKQe1Ct3Ys1pt
EFu8d8v3DithUZKtn5axDdV75cXkoImu7lmd3EBbix5NOUdLQ9ec6HaCHFncYUqc
hcSuwyfnXUXBXV/x+jkjDKmTRGMP7qsrMWU8b0vg/3t6M8QSOwXR
-----END CERTIFICATE-----