Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/ISwu8WB7qyBLfmKkrp_dDZ3x_1U.roa
File:                     ISwu8WB7qyBLfmKkrp_dDZ3x_1U.roa (raw, json)
Hash identifier:          qQJXsssGcHnCv5RADljHJRBio84QXVcGD1FkE+MM62U=
Subject key identifier:   21:2C:2E:F1:60:7B:AB:20:4B:7E:62:A4:AE:9F:DD:0D:9D:F1:FF:55
Certificate issuer:       /CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
Certificate serial:       0194228E1495B59D38D704C29A48A073469C
Authority key identifier: 5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/ISwu8WB7qyBLfmKkrp_dDZ3x_1U.roa
Signing time:             Wed 01 Jan 2025 15:48:44 +0000
ROA not before:           Wed 01 Jan 2025 15:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16125
IP address blocks:        5.253.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:14:95:b5:9d:38:d7:04:c2:9a:48:a0:73:46:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
        Validity
            Not Before: Jan  1 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=212c2ef1607bab204b7e62a4ae9fdd0d9df1ff55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:98:2d:25:60:68:3a:15:ff:80:65:d4:7f:3f:
                    35:c9:2d:c1:c4:78:aa:69:34:2b:5d:1e:82:0d:8d:
                    ff:c1:32:33:55:8e:66:37:d2:1b:15:95:1c:59:c2:
                    c8:87:d3:f4:4e:36:cd:32:98:f8:d0:b1:64:f6:d8:
                    4c:ec:9f:0a:2e:ba:ee:23:2f:44:40:42:05:96:a5:
                    64:07:b1:bc:50:39:11:a3:fb:8d:2e:83:23:7e:94:
                    17:c5:19:34:d8:ed:d4:70:90:44:47:38:d8:d9:d7:
                    52:44:97:eb:ed:fb:34:a8:18:74:72:f4:cb:75:47:
                    69:01:84:8c:07:05:bd:a1:a5:34:76:90:0c:15:b1:
                    1a:0d:ad:aa:74:d9:ab:68:11:d1:ae:e6:12:0d:67:
                    57:ec:f9:b6:0e:65:51:85:0a:d5:3f:7e:95:34:cf:
                    49:a6:2f:d5:9c:39:d5:a5:64:f9:1c:28:81:dd:e2:
                    d1:83:28:86:7f:5d:0f:8b:8d:9d:e1:33:0d:e7:e5:
                    d2:45:d7:2b:8b:41:7f:a5:39:6c:a0:d9:35:4f:02:
                    25:f5:4b:a4:44:e0:f8:36:36:f5:3d:69:f4:36:58:
                    ac:e5:4e:e7:50:8c:0d:68:5f:7f:3c:b6:bf:b2:a8:
                    69:e6:c1:41:39:6c:5c:c0:5d:67:c9:be:ea:00:a9:
                    c5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:2C:2E:F1:60:7B:AB:20:4B:7E:62:A4:AE:9F:DD:0D:9D:F1:FF:55
            X509v3 Authority Key Identifier:
                keyid:5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/ISwu8WB7qyBLfmKkrp_dDZ3x_1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:90:c0:b1:df:41:2b:df:15:45:ab:32:5f:40:41:fb:4b:b5:
         47:49:8c:49:a5:93:63:4f:04:4d:bc:d4:60:10:ea:b8:91:6d:
         ba:38:c7:b5:9b:ff:7e:4c:c3:2b:09:68:ae:68:97:0c:33:c1:
         25:e7:1b:5c:21:86:00:a4:99:6d:65:56:a1:c4:85:38:4b:d2:
         13:e3:cc:6f:26:96:86:2d:ef:a4:ff:b4:cf:c0:6b:41:a2:1c:
         58:24:81:13:00:43:2d:c8:ef:b4:64:85:96:76:6e:71:25:8f:
         19:83:dc:b8:77:b3:7b:ce:71:f0:3f:09:48:b3:e9:d3:d7:33:
         86:dc:c1:83:6a:77:b0:68:36:30:2f:1d:40:05:32:ba:23:7a:
         24:ba:c1:62:e3:9a:c6:f7:ea:c8:92:c4:24:32:a2:58:76:39:
         35:d4:3b:a0:ab:c7:16:6a:5a:63:22:da:af:a4:84:9e:36:aa:
         dc:49:52:c3:54:0b:8b:a9:46:4f:1a:1a:fe:0a:33:ab:43:d9:
         6a:e1:d4:cd:55:86:92:30:e8:62:66:17:8f:12:4f:65:82:3b:
         aa:00:40:db:5f:de:7d:44:e9:67:89:45:fa:59:0d:32:64:48:
         54:b3:3a:98:7b:13:09:fb:dd:8f:3b:b3:ec:0c:f2:04:86:b8:
         7c:c4:02:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijhSVtZ041wTCmkigc0acMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODZjNDdkYTZkOTA3OTM0N2I2MGYwNGVkNWM1NTU3ZmU5
ODNlYjgwHhcNMjUwMTAxMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTJjMmVmMTYwN2JhYjIwNGI3ZTYyYTRhZTlmZGQwZDlkZjFmZjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5gtJWBoOhX/gGXUfz81yS3BxHiq
aTQrXR6CDY3/wTIzVY5mN9IbFZUcWcLIh9P0TjbNMpj40LFk9thM7J8KLrruIy9E
QEIFlqVkB7G8UDkRo/uNLoMjfpQXxRk02O3UcJBERzjY2ddSRJfr7fs0qBh0cvTL
dUdpAYSMBwW9oaU0dpAMFbEaDa2qdNmraBHRruYSDWdX7Pm2DmVRhQrVP36VNM9J
pi/VnDnVpWT5HCiB3eLRgyiGf10Pi42d4TMN5+XSRdcri0F/pTlsoNk1TwIl9Uuk
ROD4Njb1PWn0Nlis5U7nUIwNaF9/PLa/sqhp5sFBOWxcwF1nyb7qAKnFgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEsLvFge6sgS35ipK6f3Q2d8f9VMB8GA1UdIwQY
MBaAFF2GxH2m2QeTR7YPBO1cVVf+mD64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYt
ZmM2MzI4NDFiYTNlLzEvSVN3dThXQjdxeUJMZm1La3JwX2REWjN4XzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYtZmM2MzI4NDFiYTNl
LzEvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf2/MA0G
CSqGSIb3DQEBCwUAA4IBAQA7kMCx30Er3xVFqzJfQEH7S7VHSYxJpZNjTwRNvNRg
EOq4kW26OMe1m/9+TMMrCWiuaJcMM8El5xtcIYYApJltZVahxIU4S9IT48xvJpaG
Le+k/7TPwGtBohxYJIETAEMtyO+0ZIWWdm5xJY8Zg9y4d7N7znHwPwlIs+nT1zOG
3MGDanewaDYwLx1ABTK6I3okusFi45rG9+rIksQkMqJYdjk11Dugq8cWalpjItqv
pISeNqrcSVLDVAuLqUZPGhr+CjOrQ9lq4dTNVYaSMOhiZhePEk9lgjuqAEDbX959
ROlniUX6WQ0yZEhUszqYexMJ+92PO7PsDPIEhrh8xAJX
-----END CERTIFICATE-----