Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/979y1ewi-7SEm_T0flkHL35tEXQ.roa
File:                     979y1ewi-7SEm_T0flkHL35tEXQ.roa (raw, json)
Hash identifier:          xNramKEqtSQ1nTz+XWW8Zm8oB+KD6+6creTMgjWomW8=
Subject key identifier:   F7:BF:72:D5:EC:22:FB:B4:84:9B:F4:F4:7E:59:07:2F:7E:6D:11:74
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       01904A88C0BFC01BD219B6A05E0F63E64F2E
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/979y1ewi-7SEm_T0flkHL35tEXQ.roa
Signing time:             Mon 24 Jun 2024 13:56:34 +0000
ROA not before:           Mon 24 Jun 2024 13:56:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44092
IP address blocks:        5.39.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:88:c0:bf:c0:1b:d2:19:b6:a0:5e:0f:63:e6:4f:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jun 24 13:56:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7bf72d5ec22fbb4849bf4f47e59072f7e6d1174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4f:0a:ce:e1:53:5d:31:d7:16:30:17:0b:cb:
                    1b:f6:82:b0:ed:50:f6:0c:70:bb:b4:d4:37:4d:89:
                    04:d0:45:81:8e:6d:db:82:cd:f2:9f:ad:c9:1c:2e:
                    ee:32:9e:36:b1:36:5c:ca:cc:ad:1e:27:75:ea:8f:
                    27:b8:95:47:78:0d:f7:76:8f:e3:ee:fa:93:62:c6:
                    52:69:7f:44:07:f6:b8:fb:03:de:f6:5d:5a:2c:d1:
                    05:7d:dc:30:70:c6:db:aa:29:72:0c:47:78:20:ff:
                    87:a5:62:8d:bd:c9:b9:9b:0c:83:c5:46:bb:36:51:
                    a2:e2:35:cb:88:3e:7d:80:3a:e2:1b:09:27:47:63:
                    73:64:84:b3:e7:de:a2:90:29:68:66:21:81:b5:72:
                    a3:bb:24:21:23:74:af:20:db:a9:fc:7e:3d:67:11:
                    fd:e7:50:56:74:b5:96:db:18:50:d5:c1:b8:83:d7:
                    34:04:bb:a4:31:29:61:25:dc:cd:7f:87:ae:62:c7:
                    3b:a3:e8:e1:78:6d:12:f7:db:92:13:c0:db:5c:6c:
                    28:39:7c:8f:54:2b:84:fb:b3:67:79:4f:29:04:47:
                    1b:0d:1d:2a:a4:eb:01:4c:81:54:ff:4a:c3:61:11:
                    a1:51:47:f8:3e:62:1f:1e:a4:50:32:53:b3:d6:3a:
                    db:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:BF:72:D5:EC:22:FB:B4:84:9B:F4:F4:7E:59:07:2F:7E:6D:11:74
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/979y1ewi-7SEm_T0flkHL35tEXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:fa:a8:1a:0b:04:0b:0f:45:7f:41:7c:a4:3f:98:57:f8:d0:
         3b:0c:1c:40:4c:3d:6b:09:34:ee:b0:f8:f4:46:86:e1:bc:06:
         2a:43:33:0b:a3:d5:4f:e4:02:6c:80:7b:53:9b:7d:41:fe:f6:
         e8:1e:d5:b9:11:31:da:71:39:94:82:0a:29:94:23:c1:55:e1:
         10:89:e1:f4:b5:4d:d2:78:b7:bb:99:b8:b0:43:3a:44:68:d6:
         2e:c2:87:4d:2c:23:cd:e8:61:b2:a6:01:0d:9d:3a:14:15:2b:
         22:03:d9:e8:44:e4:f8:01:3a:f3:70:9f:41:a9:b5:31:49:cc:
         98:34:97:e5:ef:f2:09:c4:1f:89:c9:15:aa:40:18:ca:16:39:
         e3:64:38:08:9a:c5:82:fa:f3:2d:cb:d9:0b:94:d4:b2:c1:9d:
         f4:bc:fd:02:6f:a0:35:64:46:fa:16:7e:e2:3e:b3:7e:54:e3:
         3b:df:6e:1d:5b:c1:97:61:5c:1a:f8:ce:e5:04:51:ae:90:76:
         ca:23:5f:37:ad:c9:3c:59:8c:a2:89:88:18:f7:c1:cf:6f:96:
         39:01:19:fd:78:10:cb:8e:90:b3:c0:a7:f1:29:ce:44:26:e0:
         61:fa:2b:ab:b0:f5:15:7a:7c:85:1e:a0:3c:67:36:7c:8d:6b:
         95:c7:76:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBKiMC/wBvSGbagXg9j5k8uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwNjI0MTM1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2JmNzJkNWVjMjJmYmI0ODQ5YmY0ZjQ3ZTU5MDcyZjdlNmQxMTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy08KzuFTXTHXFjAXC8sb9oKw7VD2
DHC7tNQ3TYkE0EWBjm3bgs3yn63JHC7uMp42sTZcysytHid16o8nuJVHeA33do/j
7vqTYsZSaX9EB/a4+wPe9l1aLNEFfdwwcMbbqilyDEd4IP+HpWKNvcm5mwyDxUa7
NlGi4jXLiD59gDriGwknR2NzZISz596ikCloZiGBtXKjuyQhI3SvINup/H49ZxH9
51BWdLWW2xhQ1cG4g9c0BLukMSlhJdzNf4euYsc7o+jheG0S99uSE8DbXGwoOXyP
VCuE+7NneU8pBEcbDR0qpOsBTIFU/0rDYRGhUUf4PmIfHqRQMlOz1jrb0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPe/ctXsIvu0hJv09H5ZBy9+bRF0MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvOTc5eTFld2ktN1NFbV9UMGZsa0hMMzV0RVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSf9MA0G
CSqGSIb3DQEBCwUAA4IBAQBz+qgaCwQLD0V/QXykP5hX+NA7DBxATD1rCTTusPj0
RobhvAYqQzMLo9VP5AJsgHtTm31B/vboHtW5ETHacTmUggoplCPBVeEQieH0tU3S
eLe7mbiwQzpEaNYuwodNLCPN6GGypgENnToUFSsiA9noROT4ATrzcJ9BqbUxScyY
NJfl7/IJxB+JyRWqQBjKFjnjZDgImsWC+vMty9kLlNSywZ30vP0Cb6A1ZEb6Fn7i
PrN+VOM7324dW8GXYVwa+M7lBFGukHbKI183rck8WYyiiYgY98HPb5Y5ARn9eBDL
jpCzwKfxKc5EJuBh+iursPUVenyFHqA8ZzZ8jWuVx3aa
-----END CERTIFICATE-----