Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/2P1yuhNiwzpuhAGqzfrj2lRnpyw.roa
File:                     2P1yuhNiwzpuhAGqzfrj2lRnpyw.roa (raw, json)
Hash identifier:          v8vqWZlajCWSPPZWElULKYnskyo39/+jmGLteoM9Mq8=
Subject key identifier:   D8:FD:72:BA:13:62:C3:3A:6E:84:01:AA:CD:FA:E3:DA:54:67:A7:2C
Certificate issuer:       /CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
Certificate serial:       0194228E1687929E945CA413BF5FF4048167
Authority key identifier: 5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/2P1yuhNiwzpuhAGqzfrj2lRnpyw.roa
Signing time:             Wed 01 Jan 2025 15:48:44 +0000
ROA not before:           Wed 01 Jan 2025 15:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214172
IP address blocks:        5.253.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:16:87:92:9e:94:5c:a4:13:bf:5f:f4:04:81:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
        Validity
            Not Before: Jan  1 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8fd72ba1362c33a6e8401aacdfae3da5467a72c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:60:81:f1:55:c8:92:a9:c6:ea:cd:70:4d:40:
                    19:4f:db:23:c7:ba:f8:d3:e3:00:0c:c9:b7:96:07:
                    ea:71:39:31:76:38:0b:a1:77:d4:4f:e2:cb:68:8f:
                    71:6a:c9:5c:65:03:0c:7f:7d:dd:64:ca:05:88:43:
                    9e:1a:f0:49:c3:5e:b4:f4:43:11:ae:47:6e:19:52:
                    76:8b:b7:3f:1f:f6:d9:4b:d1:05:bb:63:a2:2c:c5:
                    0a:2c:f3:44:76:df:39:62:7f:f4:2a:68:e7:69:bd:
                    a2:c6:79:e1:d5:d1:03:18:45:ba:98:37:8e:0c:3b:
                    7f:f9:d3:31:df:b2:ac:8f:06:46:44:0f:1c:ea:29:
                    24:7b:54:ef:69:6b:c5:48:d9:8b:2d:79:be:56:8f:
                    fd:62:2c:b1:53:a0:b1:65:7f:e2:c9:1e:f1:85:5c:
                    6e:d4:f5:64:23:dc:68:d7:9b:8a:c7:c7:08:98:2d:
                    dd:97:93:45:ee:fd:75:ad:e0:f9:05:27:c1:f1:6d:
                    1b:89:0e:34:32:e2:5a:08:a1:9b:07:89:dd:a5:34:
                    40:25:c9:1d:55:e4:ce:5c:22:8a:98:91:26:be:ff:
                    08:37:30:23:a8:a9:fa:20:21:aa:7c:25:d6:fb:62:
                    64:b9:a5:d8:d9:cf:a4:0f:44:e8:e9:57:fa:03:51:
                    77:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:FD:72:BA:13:62:C3:3A:6E:84:01:AA:CD:FA:E3:DA:54:67:A7:2C
            X509v3 Authority Key Identifier:
                keyid:5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/2P1yuhNiwzpuhAGqzfrj2lRnpyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:7c:2a:22:58:3c:50:7d:eb:7f:e0:20:31:61:38:32:ef:8d:
         8d:38:b4:7f:5b:15:eb:4d:f2:58:88:ae:65:19:13:02:c8:9f:
         29:f9:a2:ca:4e:c6:e3:75:ea:0e:0e:ea:b4:ca:97:fe:32:1e:
         0b:08:6f:56:7d:e8:43:6a:f8:da:10:fe:86:6c:d6:25:c7:cf:
         7b:9b:40:01:56:d9:4d:0d:ec:58:03:77:83:ca:30:09:d5:f0:
         0d:65:07:4c:8a:18:dd:c2:69:a0:90:c6:0d:64:00:ca:ba:f8:
         64:22:52:53:02:27:01:7c:1f:a3:80:50:0f:8a:fd:f7:0a:6b:
         2c:50:e5:85:62:28:5f:d8:ac:34:ae:90:73:c6:36:89:7e:07:
         53:9f:e2:d2:51:28:7f:c2:90:c7:4c:97:74:93:59:99:ac:e2:
         33:13:06:d8:f3:93:a8:b7:76:15:24:6e:3c:2b:03:50:54:bf:
         ba:30:8e:8c:4c:5d:a9:82:49:1f:5b:ed:f0:7c:f0:4f:d0:03:
         9b:f9:ef:0d:c5:a5:bf:1d:ef:ec:98:7a:7b:f6:47:23:e7:45:
         3c:39:a7:38:91:a6:73:2a:09:37:be:1e:50:a0:a3:3a:1f:ce:
         6a:ab:98:ea:f9:3c:48:7d:dc:8b:b1:99:ac:50:33:14:af:86:
         9e:34:56:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijhaHkp6UXKQTv1/0BIFnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODZjNDdkYTZkOTA3OTM0N2I2MGYwNGVkNWM1NTU3ZmU5
ODNlYjgwHhcNMjUwMTAxMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGZkNzJiYTEzNjJjMzNhNmU4NDAxYWFjZGZhZTNkYTU0NjdhNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8WCB8VXIkqnG6s1wTUAZT9sjx7r4
0+MADMm3lgfqcTkxdjgLoXfUT+LLaI9xaslcZQMMf33dZMoFiEOeGvBJw1609EMR
rkduGVJ2i7c/H/bZS9EFu2OiLMUKLPNEdt85Yn/0Kmjnab2ixnnh1dEDGEW6mDeO
DDt/+dMx37KsjwZGRA8c6ikke1TvaWvFSNmLLXm+Vo/9YiyxU6CxZX/iyR7xhVxu
1PVkI9xo15uKx8cImC3dl5NF7v11reD5BSfB8W0biQ40MuJaCKGbB4ndpTRAJckd
VeTOXCKKmJEmvv8INzAjqKn6ICGqfCXW+2JkuaXY2c+kD0To6Vf6A1F3MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNj9croTYsM6boQBqs3649pUZ6csMB8GA1UdIwQY
MBaAFF2GxH2m2QeTR7YPBO1cVVf+mD64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYt
ZmM2MzI4NDFiYTNlLzEvMlAxeXVoTml3enB1aEFHcXpmcmoybFJucHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYtZmM2MzI4NDFiYTNl
LzEvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf28MA0G
CSqGSIb3DQEBCwUAA4IBAQCIfCoiWDxQfet/4CAxYTgy742NOLR/WxXrTfJYiK5l
GRMCyJ8p+aLKTsbjdeoODuq0ypf+Mh4LCG9WfehDavjaEP6GbNYlx897m0ABVtlN
DexYA3eDyjAJ1fANZQdMihjdwmmgkMYNZADKuvhkIlJTAicBfB+jgFAPiv33Cmss
UOWFYihf2Kw0rpBzxjaJfgdTn+LSUSh/wpDHTJd0k1mZrOIzEwbY85Oot3YVJG48
KwNQVL+6MI6MTF2pgkkfW+3wfPBP0AOb+e8NxaW/He/smHp79kcj50U8Oac4kaZz
Kgk3vh5QoKM6H85qq5jq+TxIfdyLsZmsUDMUr4aeNFZy
-----END CERTIFICATE-----