Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/5wn1MUshvBmc6ME2IzD6zIe1XZE.roa
File:                     5wn1MUshvBmc6ME2IzD6zIe1XZE.roa (raw, json)
Hash identifier:          QLmy/h6humsEGtFs5Q8B+FIkOzKvZzOF/LsQEEuh7mQ=
Subject key identifier:   E7:09:F5:31:4B:21:BC:19:9C:E8:C1:36:23:30:FA:CC:87:B5:5D:91
Certificate issuer:       /CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
Certificate serial:       019420D61D696361C900F7CD4055B4EEEEFA
Authority key identifier: B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/5wn1MUshvBmc6ME2IzD6zIe1XZE.roa
Signing time:             Wed 01 Jan 2025 07:48:10 +0000
ROA not before:           Wed 01 Jan 2025 07:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29404
IP address blocks:        217.73.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:1d:69:63:61:c9:00:f7:cd:40:55:b4:ee:ee:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
        Validity
            Not Before: Jan  1 07:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e709f5314b21bc199ce8c1362330facc87b55d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e2:4e:2d:ab:36:f8:ae:2f:04:8c:f1:1a:55:
                    d3:11:4f:9b:9d:59:2d:26:15:75:8b:e3:14:11:55:
                    db:39:8c:85:8a:57:10:78:36:c8:3e:e5:c9:5e:4d:
                    31:9a:fa:c7:a8:12:79:96:77:b1:52:6d:88:18:59:
                    bc:7b:89:ea:93:e4:95:f7:ba:60:8c:eb:28:a4:fb:
                    51:53:aa:20:01:a0:8a:c4:cb:18:59:83:d3:6e:55:
                    98:17:b9:f0:3b:d1:f7:2b:16:c7:76:1f:77:9d:5a:
                    a0:c3:27:cf:93:8e:ed:2c:e3:ed:5f:5b:c6:20:82:
                    37:d1:9f:41:c1:7f:39:84:5d:ce:fc:f5:b7:6a:cb:
                    ea:53:57:be:86:29:d0:a3:3b:71:9f:73:18:6a:94:
                    2e:14:cc:9d:b5:7a:e8:85:46:a7:13:8e:d7:56:be:
                    9f:6e:1d:b7:79:8a:82:c7:a2:4a:ee:9d:a8:3f:a8:
                    c2:ef:20:2d:4e:86:44:a6:e4:89:71:c7:29:79:28:
                    75:b8:39:d3:d3:44:56:6c:9a:63:15:df:cc:b6:52:
                    98:c5:b1:86:60:33:89:4a:99:08:b9:19:fc:9e:0c:
                    b8:fa:91:36:14:b3:fb:61:20:33:39:28:e1:e7:f4:
                    8d:b5:67:c2:ad:7a:74:93:dd:47:d1:54:17:0d:0e:
                    39:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:09:F5:31:4B:21:BC:19:9C:E8:C1:36:23:30:FA:CC:87:B5:5D:91
            X509v3 Authority Key Identifier:
                keyid:B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/5wn1MUshvBmc6ME2IzD6zIe1XZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.73.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:8d:43:ac:c5:6e:42:5b:68:23:76:08:2a:97:fc:5f:5d:01:
         11:89:8a:0c:e3:1d:76:73:0c:3e:18:03:3f:a2:e5:a5:34:39:
         41:a0:6e:df:36:5e:60:68:20:4f:89:0b:2b:54:88:28:38:ec:
         2e:ce:0c:cc:19:67:f5:38:02:7d:56:43:fa:72:8a:47:0f:10:
         00:c7:00:16:c6:89:b5:bc:1b:d2:87:cd:59:1a:89:0d:0e:9b:
         1d:0c:cb:24:3c:e1:78:a8:da:79:a7:6f:9f:25:53:f3:60:70:
         e2:c1:c5:e6:98:18:39:56:dc:23:e6:f6:9d:84:94:87:f7:8c:
         85:95:95:02:9f:2a:93:37:7f:de:dc:d8:a5:5a:68:94:d5:46:
         29:cf:2d:29:e3:b1:0d:26:4b:2d:28:35:06:9c:de:0a:4d:be:
         49:b6:d7:0e:51:a7:2f:8f:83:5b:62:f1:49:0b:e9:5a:1e:e2:
         60:90:f4:8a:2c:51:f0:9f:13:56:cd:45:98:2d:39:4d:d2:97:
         c7:2b:13:8a:11:4e:6b:72:1c:34:22:c7:e8:05:2b:9c:90:99:
         7e:14:72:d6:71:a7:66:41:24:bc:a5:e7:8d:96:1a:e4:b8:9a:
         e5:52:57:6f:68:b6:d2:6a:d7:5e:56:d2:a6:cf:23:ef:c7:9a:
         2e:9e:78:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1h1pY2HJAPfNQFW07u76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjJiODVhMWQyYzUxZDk5MDY5Y2EzYTVhZmY1MmVjYzZh
OWFhYjQwHhcNMjUwMTAxMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzA5ZjUzMTRiMjFiYzE5OWNlOGMxMzYyMzMwZmFjYzg3YjU1ZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOJOLas2+K4vBIzxGlXTEU+bnVkt
JhV1i+MUEVXbOYyFilcQeDbIPuXJXk0xmvrHqBJ5lnexUm2IGFm8e4nqk+SV97pg
jOsopPtRU6ogAaCKxMsYWYPTblWYF7nwO9H3KxbHdh93nVqgwyfPk47tLOPtX1vG
III30Z9BwX85hF3O/PW3asvqU1e+hinQoztxn3MYapQuFMydtXrohUanE47XVr6f
bh23eYqCx6JK7p2oP6jC7yAtToZEpuSJcccpeSh1uDnT00RWbJpjFd/MtlKYxbGG
YDOJSpkIuRn8ngy4+pE2FLP7YSAzOSjh5/SNtWfCrXp0k91H0VQXDQ45hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcJ9TFLIbwZnOjBNiMw+syHtV2RMB8GA1UdIwQY
MBaAFLhiuFodLFHZkGnKOlr/UuzGqaq0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2Yt
Mjc4ZmQ0NzVmM2ZiLzEvNXduMU1Vc2h2Qm1jNk1FMkl6RDZ6SWUxWFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2YtMjc4ZmQ0NzVmM2Zi
LzEvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2UmQMA0G
CSqGSIb3DQEBCwUAA4IBAQBSjUOsxW5CW2gjdggql/xfXQERiYoM4x12cww+GAM/
ouWlNDlBoG7fNl5gaCBPiQsrVIgoOOwuzgzMGWf1OAJ9VkP6copHDxAAxwAWxom1
vBvSh81ZGokNDpsdDMskPOF4qNp5p2+fJVPzYHDiwcXmmBg5Vtwj5vadhJSH94yF
lZUCnyqTN3/e3NilWmiU1UYpzy0p47ENJkstKDUGnN4KTb5JttcOUacvj4NbYvFJ
C+laHuJgkPSKLFHwnxNWzUWYLTlN0pfHKxOKEU5rchw0IsfoBSuckJl+FHLWcadm
QSS8peeNlhrkuJrlUldvaLbSatdeVtKmzyPvx5ounnjJ
-----END CERTIFICATE-----