Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/SJHvhaCpGVpEu19gR74F4_s00OM.roa
File:                     SJHvhaCpGVpEu19gR74F4_s00OM.roa (raw, json)
Hash identifier:          QYvmEj267N2mBcF32kZnO8aAG/fQkwII3VAx268JC6k=
Subject key identifier:   48:91:EF:85:A0:A9:19:5A:44:BB:5F:60:47:BE:05:E3:FB:34:D0:E3
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0194266C2E8847CD5D9C9DDDA166BEC29EE5
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/SJHvhaCpGVpEu19gR74F4_s00OM.roa
Signing time:             Thu 02 Jan 2025 09:50:11 +0000
ROA not before:           Thu 02 Jan 2025 09:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212815
IP address blocks:        5.178.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:2e:88:47:cd:5d:9c:9d:dd:a1:66:be:c2:9e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  2 09:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4891ef85a0a9195a44bb5f6047be05e3fb34d0e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:90:e2:c9:fc:a1:0e:8e:46:de:a7:aa:a8:a7:
                    69:bf:54:48:8e:ed:08:e3:da:a1:61:bc:50:bb:ce:
                    9d:18:90:d1:13:be:83:1a:39:47:a7:3a:45:6f:63:
                    9b:e6:5f:78:84:a4:53:d6:15:ff:46:6a:81:a3:54:
                    8b:c1:1b:be:f6:a4:ec:51:f1:16:e2:fb:4d:3f:3d:
                    14:79:21:3b:98:1d:b4:35:92:2d:b7:fc:0d:2b:35:
                    2f:ad:72:27:0c:6a:49:fa:8a:4d:76:e8:ca:a5:ed:
                    cf:79:08:30:a3:b2:ac:a5:40:f3:cc:4d:29:7c:e5:
                    c9:84:2f:76:dd:9d:dc:83:1f:44:e8:18:9e:8f:08:
                    91:a0:5a:44:ec:04:4e:42:c4:ac:f1:b9:b8:f0:43:
                    c8:21:1b:28:e2:23:0e:b0:d3:52:f0:2e:e0:69:99:
                    5f:71:81:b8:19:02:06:f5:41:36:95:fc:b2:ad:27:
                    8d:cf:6e:2d:5a:d3:aa:62:42:d4:7f:b3:4e:d2:c7:
                    f5:9d:3b:b1:57:77:50:51:5c:36:24:d9:63:ca:ec:
                    e6:6c:bb:8a:d9:9f:33:8e:f1:ef:22:15:8a:32:88:
                    1b:10:a2:4a:8e:48:80:78:9d:04:3f:b2:38:88:a8:
                    0d:6c:92:65:fa:7c:a2:50:02:77:e8:bf:a3:4a:b6:
                    49:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:91:EF:85:A0:A9:19:5A:44:BB:5F:60:47:BE:05:E3:FB:34:D0:E3
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/SJHvhaCpGVpEu19gR74F4_s00OM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:40:4a:1d:ed:2d:5f:f5:40:ca:73:34:87:c2:72:6b:60:86:
         09:43:14:fd:9e:92:5a:e9:95:78:85:42:a3:ef:51:97:45:1f:
         2d:26:6c:2c:41:63:16:f6:ec:f8:42:ed:f7:84:8d:51:17:49:
         2b:4b:aa:52:2f:6b:be:70:d8:75:38:72:06:a9:53:4a:db:25:
         c0:f5:73:c0:19:81:e4:d0:65:12:f2:b6:a0:e4:96:d8:85:71:
         75:8f:bd:70:ad:20:e7:04:f6:79:a0:f8:4c:65:d6:2e:0f:48:
         36:c5:02:9e:85:71:46:ee:6f:54:50:2f:74:ef:51:0f:75:c0:
         10:e0:91:14:dc:33:ff:03:f1:cc:f5:e0:b0:3f:ae:27:4a:ae:
         c4:60:bc:52:51:c3:76:85:88:a9:23:ad:5a:db:83:7c:79:11:
         68:66:0e:3f:64:db:a0:4c:a7:54:8b:4f:ea:6d:4d:a4:52:45:
         5e:95:b0:29:ba:ca:3f:75:fd:c9:c6:b9:9a:4b:26:72:ca:8a:
         34:28:be:a3:f0:8f:94:c9:3b:57:cd:49:5c:eb:f2:b1:3d:a2:
         20:71:dc:15:ca:24:28:ce:53:53:2e:5c:0d:cc:4c:9a:c0:cd:
         8b:05:6b:e6:2d:97:59:4e:26:18:cb:7d:74:ea:7f:99:20:27:
         b5:22:b7:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbC6IR81dnJ3doWa+wp7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwMTAyMDk1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODkxZWY4NWEwYTkxOTVhNDRiYjVmNjA0N2JlMDVlM2ZiMzRkMGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJDiyfyhDo5G3qeqqKdpv1RIju0I
49qhYbxQu86dGJDRE76DGjlHpzpFb2Ob5l94hKRT1hX/RmqBo1SLwRu+9qTsUfEW
4vtNPz0UeSE7mB20NZItt/wNKzUvrXInDGpJ+opNdujKpe3PeQgwo7KspUDzzE0p
fOXJhC923Z3cgx9E6BiejwiRoFpE7AROQsSs8bm48EPIIRso4iMOsNNS8C7gaZlf
cYG4GQIG9UE2lfyyrSeNz24tWtOqYkLUf7NO0sf1nTuxV3dQUVw2JNljyuzmbLuK
2Z8zjvHvIhWKMogbEKJKjkiAeJ0EP7I4iKgNbJJl+nyiUAJ36L+jSrZJywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEiR74WgqRlaRLtfYEe+BeP7NNDjMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvU0pIdmhhQ3BHVnBFdTE5Z1I3NEY0X3MwME9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJlMA0G
CSqGSIb3DQEBCwUAA4IBAQBXQEod7S1f9UDKczSHwnJrYIYJQxT9npJa6ZV4hUKj
71GXRR8tJmwsQWMW9uz4Qu33hI1RF0krS6pSL2u+cNh1OHIGqVNK2yXA9XPAGYHk
0GUS8rag5JbYhXF1j71wrSDnBPZ5oPhMZdYuD0g2xQKehXFG7m9UUC9071EPdcAQ
4JEU3DP/A/HM9eCwP64nSq7EYLxSUcN2hYipI61a24N8eRFoZg4/ZNugTKdUi0/q
bU2kUkVelbApuso/df3JxrmaSyZyyoo0KL6j8I+UyTtXzUlc6/KxPaIgcdwVyiQo
zlNTLlwNzEyawM2LBWvmLZdZTiYYy3106n+ZICe1Ird/
-----END CERTIFICATE-----