Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/jCfDa1o9-67BNQODivTRRldEbdY.roa
File:                     jCfDa1o9-67BNQODivTRRldEbdY.roa (raw, json)
Hash identifier:          8Y6qhIf9Ka0kdUNg/SnNbfjipainSlycgW7SSV7AHSU=
Subject key identifier:   8C:27:C3:6B:5A:3D:FB:AE:C1:35:03:83:8A:F4:D1:46:57:44:6D:D6
Certificate issuer:       /CN=2fcf619ccecf836f56a72010e82fb7dd240402f9
Certificate serial:       019424B3656B557E458098E80CB3DBAC6E41
Authority key identifier: 2F:CF:61:9C:CE:CF:83:6F:56:A7:20:10:E8:2F:B7:DD:24:04:02:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L89hnM7Pg29WpyAQ6C-33SQEAvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/jCfDa1o9-67BNQODivTRRldEbdY.roa
Signing time:             Thu 02 Jan 2025 01:48:44 +0000
ROA not before:           Thu 02 Jan 2025 01:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61026
IP address blocks:        5.182.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/L89hnM7Pg29WpyAQ6C-33SQEAvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/L89hnM7Pg29WpyAQ6C-33SQEAvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L89hnM7Pg29WpyAQ6C-33SQEAvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:65:6b:55:7e:45:80:98:e8:0c:b3:db:ac:6e:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fcf619ccecf836f56a72010e82fb7dd240402f9
        Validity
            Not Before: Jan  2 01:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c27c36b5a3dfbaec13503838af4d14657446dd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:24:a4:a3:89:3f:9d:07:ff:60:4b:dd:33:fb:
                    3d:46:19:35:5e:7f:2a:52:66:ea:d6:cd:91:f3:56:
                    e7:cd:79:59:36:5d:9e:7e:94:e2:1f:90:fc:36:25:
                    27:11:2b:5f:0c:c2:a0:ab:a7:f5:6c:d7:87:d9:72:
                    9b:be:64:81:2a:a2:a2:af:bd:0c:f5:19:9f:64:53:
                    43:5d:2b:6b:e9:9c:e3:d8:f0:a4:53:23:d2:b4:45:
                    73:c6:98:b4:6f:16:eb:fc:77:69:b6:cc:bb:3b:f7:
                    b8:31:0a:47:20:df:f5:68:f8:28:7b:04:7e:ae:8c:
                    20:ef:c5:39:8f:8d:61:1e:a5:f1:d8:62:26:25:14:
                    7b:26:6e:2a:59:f6:af:d7:c0:9d:50:c3:01:8e:65:
                    92:ae:43:cc:c8:5a:fc:32:ba:e2:7d:40:99:2f:be:
                    2f:4a:03:90:a1:cb:cb:b6:24:66:63:4d:dc:94:94:
                    2f:31:4f:c9:ea:52:e4:3e:af:69:9c:c9:ac:05:12:
                    3c:e3:c8:fc:07:09:77:93:45:42:db:1f:a9:30:52:
                    1c:70:5c:f7:33:38:af:15:1a:de:37:6b:3c:2d:a5:
                    49:26:93:59:41:ef:25:25:85:0a:3f:f0:c3:44:7c:
                    10:fa:5c:37:7e:66:60:a9:f3:5f:2d:09:ec:75:b8:
                    ee:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:27:C3:6B:5A:3D:FB:AE:C1:35:03:83:8A:F4:D1:46:57:44:6D:D6
            X509v3 Authority Key Identifier:
                keyid:2F:CF:61:9C:CE:CF:83:6F:56:A7:20:10:E8:2F:B7:DD:24:04:02:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L89hnM7Pg29WpyAQ6C-33SQEAvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/jCfDa1o9-67BNQODivTRRldEbdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/L89hnM7Pg29WpyAQ6C-33SQEAvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:cf:25:ec:93:b1:ec:9b:e8:39:32:0e:49:6b:5d:88:2b:4f:
         77:4f:7e:20:19:03:b9:c1:dc:e6:99:d3:3c:22:7d:cc:27:9e:
         29:c9:16:ff:27:87:c3:52:df:97:20:ca:73:04:21:ee:b6:d5:
         11:02:67:cb:ee:4c:2a:91:75:12:b0:34:36:d7:f8:32:3c:88:
         a5:20:a9:6c:0d:6e:db:ad:fa:03:a7:b6:0e:18:46:e9:be:3a:
         9d:cf:ce:b4:85:0b:fe:6b:18:62:36:e8:cb:7c:e9:a9:0c:38:
         d6:3d:19:a4:9d:03:1a:a5:ce:28:75:bd:2f:e7:ad:a9:44:05:
         54:ce:5c:e2:bb:eb:04:fc:36:3c:85:a1:44:87:69:a2:65:ef:
         f3:59:fb:f5:db:66:36:a0:42:c2:0f:ab:f0:63:3c:72:cb:fb:
         0f:38:a3:43:c4:52:3e:8c:b8:2d:4b:4f:48:50:33:24:f3:15:
         0d:0e:9d:6a:ce:5e:40:ae:3f:c4:e1:de:3a:3c:be:3a:e0:5f:
         de:2d:2b:f6:40:f7:e7:73:6f:4e:78:4c:6c:ef:fe:3e:c2:bf:
         73:92:7f:ff:86:2f:bd:cf:91:5b:20:07:a4:8f:46:bc:21:67:
         7f:32:c1:10:a3:c2:1a:b2:d3:0e:65:26:72:60:ad:29:7c:58:
         96:a5:5b:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks2VrVX5FgJjoDLPbrG5BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmY2Y2MTljY2VjZjgzNmY1NmE3MjAxMGU4MmZiN2RkMjQw
NDAyZjkwHhcNMjUwMTAyMDE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzI3YzM2YjVhM2RmYmFlYzEzNTAzODM4YWY0ZDE0NjU3NDQ2ZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiSko4k/nQf/YEvdM/s9Rhk1Xn8q
Umbq1s2R81bnzXlZNl2efpTiH5D8NiUnEStfDMKgq6f1bNeH2XKbvmSBKqKir70M
9RmfZFNDXStr6Zzj2PCkUyPStEVzxpi0bxbr/Hdptsy7O/e4MQpHIN/1aPgoewR+
rowg78U5j41hHqXx2GImJRR7Jm4qWfav18CdUMMBjmWSrkPMyFr8MrrifUCZL74v
SgOQocvLtiRmY03clJQvMU/J6lLkPq9pnMmsBRI848j8Bwl3k0VC2x+pMFIccFz3
MzivFRreN2s8LaVJJpNZQe8lJYUKP/DDRHwQ+lw3fmZgqfNfLQnsdbjupwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwnw2taPfuuwTUDg4r00UZXRG3WMB8GA1UdIwQY
MBaAFC/PYZzOz4NvVqcgEOgvt90kBAL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDg5aG5NN1BnMjlXcHlBUTZDLTMzU1FFQXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9jNWRjNzMtOWJlMi00NTAzLTgyODEt
NGIzNTBlYWNjODZiLzEvakNmRGExbzktNjdCTlFPRGl2VFJSbGRFYmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9jNWRjNzMtOWJlMi00NTAzLTgyODEtNGIzNTBlYWNjODZi
LzEvTDg5aG5NN1BnMjlXcHlBUTZDLTMzU1FFQXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbaIMA0G
CSqGSIb3DQEBCwUAA4IBAQBbzyXsk7Hsm+g5Mg5Ja12IK093T34gGQO5wdzmmdM8
In3MJ54pyRb/J4fDUt+XIMpzBCHuttURAmfL7kwqkXUSsDQ21/gyPIilIKlsDW7b
rfoDp7YOGEbpvjqdz860hQv+axhiNujLfOmpDDjWPRmknQMapc4odb0v562pRAVU
zlziu+sE/DY8haFEh2miZe/zWfv122Y2oELCD6vwYzxyy/sPOKNDxFI+jLgtS09I
UDMk8xUNDp1qzl5Arj/E4d46PL464F/eLSv2QPfnc29OeExs7/4+wr9zkn//hi+9
z5FbIAekj0a8IWd/MsEQo8IastMOZSZyYK0pfFiWpVvg
-----END CERTIFICATE-----