Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/CdeUO5lE0N2fT2_EzVgUShBQUfw.roa
File:                     CdeUO5lE0N2fT2_EzVgUShBQUfw.roa (raw, json)
Hash identifier:          5QYHZjRe3bJxNEM9+Up1DmDYXBfttVA0jHNgVLuugyM=
Subject key identifier:   09:D7:94:3B:99:44:D0:DD:9F:4F:6F:C4:CD:58:14:4A:10:50:51:FC
Certificate issuer:       /CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
Certificate serial:       019205CEC238CEF34B7B682CF031804112B7
Authority key identifier: 5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/CdeUO5lE0N2fT2_EzVgUShBQUfw.roa
Signing time:             Wed 18 Sep 2024 15:44:49 +0000
ROA not before:           Wed 18 Sep 2024 15:44:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214172
IP address blocks:        5.253.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:05:ce:c2:38:ce:f3:4b:7b:68:2c:f0:31:80:41:12:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
        Validity
            Not Before: Sep 18 15:44:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09d7943b9944d0dd9f4f6fc4cd58144a105051fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5b:7a:33:62:48:f0:75:8c:39:b3:12:66:2d:
                    61:2c:d0:f1:ef:f5:cd:e5:e6:9b:06:63:02:07:37:
                    a1:f5:cc:2c:dc:10:ef:85:af:79:4f:66:85:b5:d4:
                    3a:f9:21:51:b3:5b:d6:d6:06:a9:c1:d6:15:60:61:
                    9e:76:b8:65:d5:58:65:78:69:29:64:6f:0c:39:e5:
                    f4:09:6f:1f:15:db:37:7c:da:f9:0b:07:e9:5f:3a:
                    73:b4:ec:1c:10:e3:2f:bf:c4:b5:6a:3e:95:6b:5b:
                    f9:6d:1a:fc:c2:45:97:c2:eb:82:73:ae:64:88:3c:
                    cb:20:86:f1:a3:34:f3:7c:e5:91:21:2d:43:3e:65:
                    ec:92:f2:52:c6:55:d0:ed:5b:55:a8:7e:d0:40:69:
                    b1:8c:c5:38:4d:14:6c:9f:7b:5f:11:8d:93:ca:4e:
                    23:73:a7:43:e6:88:2f:a6:61:6d:dd:38:66:1b:39:
                    d6:79:33:25:a4:22:45:d7:84:f5:13:18:d2:53:27:
                    9c:d5:3f:3c:df:12:66:a8:7c:e7:a4:f4:77:19:72:
                    d3:87:a6:84:f5:42:97:c4:cb:84:60:c7:31:ac:fc:
                    f0:07:26:9e:2f:32:4c:05:86:3c:af:58:51:f2:84:
                    ab:94:05:49:76:07:48:7f:0e:76:f0:49:cd:fa:82:
                    24:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D7:94:3B:99:44:D0:DD:9F:4F:6F:C4:CD:58:14:4A:10:50:51:FC
            X509v3 Authority Key Identifier:
                keyid:5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/CdeUO5lE0N2fT2_EzVgUShBQUfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:1a:0a:c3:4d:2a:51:08:0d:2f:26:ac:6c:41:f0:a6:f0:e2:
         45:54:5c:23:64:f5:3a:1f:b5:d7:eb:06:d7:9f:bd:e1:28:a3:
         13:0e:ad:02:cd:23:b8:6b:2c:8f:3e:7d:48:4b:96:cf:36:8b:
         89:af:60:f2:c2:b5:98:58:0a:b1:c6:5d:d8:97:78:49:2e:28:
         c3:95:38:9b:78:f4:25:9a:c6:10:f2:8a:1a:b2:ad:95:7f:f9:
         58:07:56:06:90:63:a0:5d:d7:f6:47:64:13:40:88:b2:43:c4:
         37:6c:ab:a4:79:70:c1:14:87:57:16:69:70:7f:41:a1:c8:be:
         cc:09:44:09:68:f3:5c:8e:48:fd:db:2a:18:70:4b:49:c0:38:
         36:52:e9:1d:03:35:5d:bd:4f:8c:ce:50:1b:1c:49:40:04:fa:
         4f:f3:91:96:1c:6c:72:a8:f7:06:da:22:49:94:d2:79:85:52:
         e1:07:f1:25:e7:31:53:75:2c:a5:fd:63:79:13:11:5b:36:e7:
         48:ac:bc:69:83:84:b7:4f:0d:3b:ef:07:89:37:c8:a3:5d:55:
         91:6d:cc:7c:5c:06:77:76:83:23:d7:67:25:e6:66:56:a4:f4:
         99:c8:b3:d3:d3:61:be:7e:20:b6:88:6c:a3:83:55:db:7e:44:
         fd:05:33:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIFzsI4zvNLe2gs8DGAQRK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODZjNDdkYTZkOTA3OTM0N2I2MGYwNGVkNWM1NTU3ZmU5
ODNlYjgwHhcNMjQwOTE4MTU0NDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWQ3OTQzYjk5NDRkMGRkOWY0ZjZmYzRjZDU4MTQ0YTEwNTA1MWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1t6M2JI8HWMObMSZi1hLNDx7/XN
5eabBmMCBzeh9cws3BDvha95T2aFtdQ6+SFRs1vW1gapwdYVYGGedrhl1VhleGkp
ZG8MOeX0CW8fFds3fNr5CwfpXzpztOwcEOMvv8S1aj6Va1v5bRr8wkWXwuuCc65k
iDzLIIbxozTzfOWRIS1DPmXskvJSxlXQ7VtVqH7QQGmxjMU4TRRsn3tfEY2Tyk4j
c6dD5ogvpmFt3ThmGznWeTMlpCJF14T1ExjSUyec1T883xJmqHznpPR3GXLTh6aE
9UKXxMuEYMcxrPzwByaeLzJMBYY8r1hR8oSrlAVJdgdIfw528EnN+oIkqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnXlDuZRNDdn09vxM1YFEoQUFH8MB8GA1UdIwQY
MBaAFF2GxH2m2QeTR7YPBO1cVVf+mD64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYt
ZmM2MzI4NDFiYTNlLzEvQ2RlVU81bEUwTjJmVDJfRXpWZ1VTaEJRVWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYtZmM2MzI4NDFiYTNl
LzEvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf28MA0G
CSqGSIb3DQEBCwUAA4IBAQBkGgrDTSpRCA0vJqxsQfCm8OJFVFwjZPU6H7XX6wbX
n73hKKMTDq0CzSO4ayyPPn1IS5bPNouJr2DywrWYWAqxxl3Yl3hJLijDlTibePQl
msYQ8ooasq2Vf/lYB1YGkGOgXdf2R2QTQIiyQ8Q3bKukeXDBFIdXFmlwf0GhyL7M
CUQJaPNcjkj92yoYcEtJwDg2UukdAzVdvU+MzlAbHElABPpP85GWHGxyqPcG2iJJ
lNJ5hVLhB/El5zFTdSyl/WN5ExFbNudIrLxpg4S3Tw077weJN8ijXVWRbcx8XAZ3
doMj12cl5mZWpPSZyLPT02G+fiC2iGyjg1XbfkT9BTM0
-----END CERTIFICATE-----