Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/U8uZttP15oZyoOdC4yJMGnc-c0U.roa
File:                     U8uZttP15oZyoOdC4yJMGnc-c0U.roa (raw, json)
Hash identifier:          T5n+Pp56XalYqTIUYU27BO7TOuaAqMSh2xkCxmvOElQ=
Subject key identifier:   53:CB:99:B6:D3:F5:E6:86:72:A0:E7:42:E3:22:4C:1A:77:3E:73:45
Certificate issuer:       /CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
Certificate serial:       0194228E163ECCE599FCE0878061D8F67E47
Authority key identifier: 5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/U8uZttP15oZyoOdC4yJMGnc-c0U.roa
Signing time:             Wed 01 Jan 2025 15:48:44 +0000
ROA not before:           Wed 01 Jan 2025 15:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59642
IP address blocks:        5.253.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:16:3e:cc:e5:99:fc:e0:87:80:61:d8:f6:7e:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
        Validity
            Not Before: Jan  1 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53cb99b6d3f5e68672a0e742e3224c1a773e7345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f6:af:f7:4f:7d:9e:f0:cf:21:c2:01:18:3b:
                    e9:66:ac:d3:32:96:00:39:71:e7:c8:ab:46:c0:e6:
                    98:c5:1a:44:e8:fe:cb:24:a6:c4:b2:eb:11:ab:b0:
                    76:6d:49:18:d4:0a:a2:1b:87:b9:64:6d:be:60:8c:
                    02:12:2c:0f:b6:e7:86:92:12:cd:6b:16:af:91:6b:
                    d3:30:14:e5:6e:d0:f9:dd:a6:cd:bc:e1:7a:fa:5e:
                    0d:83:5c:a9:09:5e:48:36:a0:05:4d:34:43:07:d1:
                    d8:d5:5b:d7:2a:81:ff:cf:76:a1:19:53:a0:95:e4:
                    83:20:9b:0c:29:7c:7f:fb:c3:bb:eb:1f:e9:a7:d0:
                    d7:f0:d8:2b:66:06:46:dc:33:d6:73:ce:97:64:42:
                    6d:df:c8:8c:78:e9:af:f8:65:69:a9:61:9f:69:91:
                    ae:9e:7d:1e:96:3e:2c:4b:60:43:94:4b:31:db:83:
                    02:84:76:0e:31:03:ee:2d:9d:77:ef:9b:ef:e1:ee:
                    c0:1d:ca:6a:90:7a:c5:a9:8b:7b:27:c6:e4:8d:02:
                    88:f4:74:76:51:f2:1e:3b:5e:1c:19:9c:c0:aa:76:
                    26:2f:58:0b:fd:d3:94:8a:12:cb:a4:f8:03:41:55:
                    a0:46:b4:fb:57:44:9a:53:45:8c:3b:65:1c:89:30:
                    8d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:CB:99:B6:D3:F5:E6:86:72:A0:E7:42:E3:22:4C:1A:77:3E:73:45
            X509v3 Authority Key Identifier:
                keyid:5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/U8uZttP15oZyoOdC4yJMGnc-c0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:0a:75:9d:98:1f:f1:f7:ae:19:38:7a:64:b5:68:f9:12:5c:
         c3:f2:0f:c7:63:a0:19:1e:36:91:08:20:79:7a:46:f9:66:55:
         57:4e:11:b6:8a:c7:1a:11:91:a1:8b:23:e1:4f:0c:67:cf:3e:
         71:bf:ac:e2:9e:93:9f:f4:89:e8:0e:a8:45:34:39:a7:4e:2c:
         82:89:8e:e7:dc:79:c6:1d:44:05:62:b2:db:a7:d0:1b:51:28:
         a2:3e:6d:88:87:c6:90:d3:de:78:c0:94:39:b9:ad:93:43:dd:
         09:c3:05:17:9d:5a:e8:0b:41:08:54:48:1a:7b:1c:fb:53:00:
         48:61:2a:a2:a0:11:fe:09:28:fb:5c:27:b1:d3:92:98:cb:23:
         72:ea:90:92:dd:f9:ea:db:54:a4:4e:ea:47:c7:8d:a8:2e:e9:
         80:59:94:03:6e:30:5e:bd:59:06:1b:6d:c5:51:85:3b:2b:9c:
         0a:fc:3c:80:3e:78:57:d5:d0:bb:27:37:d5:cc:83:ea:2a:6e:
         58:6f:2a:c3:fb:81:a0:45:52:e5:95:a6:5e:c4:c2:77:54:00:
         b3:d4:bc:92:1f:4d:99:cd:14:d2:1f:32:a7:4b:bf:fa:0f:6b:
         88:45:00:b8:82:85:d0:79:f7:de:c3:2c:e6:73:c4:b5:a0:cc:
         65:b4:da:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijhY+zOWZ/OCHgGHY9n5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODZjNDdkYTZkOTA3OTM0N2I2MGYwNGVkNWM1NTU3ZmU5
ODNlYjgwHhcNMjUwMTAxMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2NiOTliNmQzZjVlNjg2NzJhMGU3NDJlMzIyNGMxYTc3M2U3MzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Pav9099nvDPIcIBGDvpZqzTMpYA
OXHnyKtGwOaYxRpE6P7LJKbEsusRq7B2bUkY1AqiG4e5ZG2+YIwCEiwPtueGkhLN
axavkWvTMBTlbtD53abNvOF6+l4Ng1ypCV5INqAFTTRDB9HY1VvXKoH/z3ahGVOg
leSDIJsMKXx/+8O76x/pp9DX8NgrZgZG3DPWc86XZEJt38iMeOmv+GVpqWGfaZGu
nn0elj4sS2BDlEsx24MChHYOMQPuLZ1375vv4e7AHcpqkHrFqYt7J8bkjQKI9HR2
UfIeO14cGZzAqnYmL1gL/dOUihLLpPgDQVWgRrT7V0SaU0WMO2UciTCNlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPLmbbT9eaGcqDnQuMiTBp3PnNFMB8GA1UdIwQY
MBaAFF2GxH2m2QeTR7YPBO1cVVf+mD64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYt
ZmM2MzI4NDFiYTNlLzEvVTh1WnR0UDE1b1p5b09kQzR5Sk1HbmMtYzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYtZmM2MzI4NDFiYTNl
LzEvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf2/MA0G
CSqGSIb3DQEBCwUAA4IBAQAaCnWdmB/x964ZOHpktWj5ElzD8g/HY6AZHjaRCCB5
ekb5ZlVXThG2iscaEZGhiyPhTwxnzz5xv6zinpOf9InoDqhFNDmnTiyCiY7n3HnG
HUQFYrLbp9AbUSiiPm2Ih8aQ0954wJQ5ua2TQ90JwwUXnVroC0EIVEgaexz7UwBI
YSqioBH+CSj7XCex05KYyyNy6pCS3fnq21SkTupHx42oLumAWZQDbjBevVkGG23F
UYU7K5wK/DyAPnhX1dC7JzfVzIPqKm5YbyrD+4GgRVLllaZexMJ3VACz1LySH02Z
zRTSHzKnS7/6D2uIRQC4goXQeffewyzmc8S1oMxltNop
-----END CERTIFICATE-----