Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/uUPx_cMqIM_PKJQ7ZhuZzapT-_8.roa
File:                     uUPx_cMqIM_PKJQ7ZhuZzapT-_8.roa (raw, json)
Hash identifier:          WaVxbJpwd7CxDJ+kHTNGdXrn2kmcA7TEwyZR65DTwhA=
Subject key identifier:   B9:43:F1:FD:C3:2A:20:CF:CF:28:94:3B:66:1B:99:CD:AA:53:FB:FF
Certificate issuer:       /CN=d56c5074e66f43ce578a3d4a2e7bcc215cb5e960
Certificate serial:       019421B21B689F1E6BE35B262553921BF5D6
Authority key identifier: D5:6C:50:74:E6:6F:43:CE:57:8A:3D:4A:2E:7B:CC:21:5C:B5:E9:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WxQdOZvQ85Xij1KLnvMIVy16WA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/uUPx_cMqIM_PKJQ7ZhuZzapT-_8.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209426
IP address blocks:        5.253.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/1WxQdOZvQ85Xij1KLnvMIVy16WA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/1WxQdOZvQ85Xij1KLnvMIVy16WA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WxQdOZvQ85Xij1KLnvMIVy16WA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1b:68:9f:1e:6b:e3:5b:26:25:53:92:1b:f5:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56c5074e66f43ce578a3d4a2e7bcc215cb5e960
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b943f1fdc32a20cfcf28943b661b99cdaa53fbff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e5:d0:35:64:f4:b6:5d:06:4b:38:78:30:40:
                    4b:3c:39:c9:cd:d8:70:e8:38:ed:c1:57:ed:aa:2f:
                    6c:d6:e5:47:ec:84:8e:3b:7a:6a:d1:82:05:1b:36:
                    2d:7f:e8:a5:6d:7d:64:3c:a6:79:3d:fe:9c:a2:a2:
                    b3:54:9e:20:1f:d9:19:d3:3d:33:7a:b6:da:c3:2f:
                    a8:1c:11:7f:bb:ed:e3:2d:7e:dc:69:96:2d:f1:b6:
                    92:7b:37:4a:75:3e:7c:43:dd:10:58:63:fc:53:ee:
                    7e:07:41:9f:80:45:35:1e:81:c7:02:cb:ce:19:5f:
                    a8:cf:0a:c5:e2:2e:0e:6a:05:dd:88:0c:1b:21:fb:
                    c5:8a:4c:28:81:bc:fb:76:a0:72:f0:3e:e4:c0:74:
                    30:63:ec:03:95:72:e7:23:4a:a2:3c:32:e0:86:b5:
                    ff:48:37:aa:83:42:92:2f:38:2d:c2:17:76:d9:5c:
                    5c:58:d0:41:c5:68:15:6b:50:89:06:b4:38:f8:ba:
                    f2:b8:3c:5d:f6:ce:d5:34:03:41:7f:a1:9d:27:c4:
                    14:98:b1:4d:72:cd:5e:dd:c7:82:80:de:2c:f2:5b:
                    84:28:aa:b5:5a:19:2f:d9:35:6b:eb:92:b0:f8:8d:
                    74:60:dc:a1:39:82:29:7d:e3:fd:ab:04:4b:aa:0c:
                    02:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:43:F1:FD:C3:2A:20:CF:CF:28:94:3B:66:1B:99:CD:AA:53:FB:FF
            X509v3 Authority Key Identifier:
                keyid:D5:6C:50:74:E6:6F:43:CE:57:8A:3D:4A:2E:7B:CC:21:5C:B5:E9:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WxQdOZvQ85Xij1KLnvMIVy16WA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/uUPx_cMqIM_PKJQ7ZhuZzapT-_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/1WxQdOZvQ85Xij1KLnvMIVy16WA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:2b:fb:a8:37:9e:2a:62:de:fd:83:25:5b:e1:4b:16:c5:c9:
         c7:48:de:47:93:69:b7:97:e0:e8:34:36:c7:fa:d3:63:e6:39:
         30:f4:f1:80:23:3f:6a:7e:92:3c:89:f3:38:37:68:a0:ad:34:
         f2:16:07:0f:ff:12:9a:9c:66:9f:fb:36:eb:8a:18:3a:e2:13:
         04:55:8f:f2:34:86:2d:32:90:5f:83:f8:09:20:77:39:3b:d5:
         88:42:ea:b8:42:92:2b:32:25:da:16:d2:ae:4a:ff:a8:47:43:
         02:47:58:3c:c9:cc:16:de:bb:c7:6b:43:39:94:09:51:2a:67:
         02:4b:30:4f:be:c2:89:48:f0:c5:73:fc:c6:6e:f8:15:a2:ff:
         ae:e8:fc:35:aa:32:4e:e2:02:29:3c:c9:ff:0c:b6:c2:77:7c:
         2f:a1:2d:11:30:c0:1f:5b:d6:ca:39:14:cc:b5:5d:2e:1c:38:
         aa:ff:90:7e:b9:e9:5a:fe:ef:13:91:a2:89:4d:c8:53:c9:e7:
         42:e4:d2:1d:90:19:3d:b8:38:b0:48:3c:1f:fc:4c:03:e6:98:
         92:4d:39:53:54:70:12:64:05:d3:d3:e4:9d:90:38:96:cd:c0:
         0c:30:fc:35:d8:81:e8:8c:c8:06:99:7b:cb:35:11:b9:d6:f9:
         58:55:c6:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshtonx5r41smJVOSG/XWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmM1MDc0ZTY2ZjQzY2U1NzhhM2Q0YTJlN2JjYzIxNWNi
NWU5NjAwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTQzZjFmZGMzMmEyMGNmY2YyODk0M2I2NjFiOTljZGFhNTNmYmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+XQNWT0tl0GSzh4MEBLPDnJzdhw
6DjtwVftqi9s1uVH7ISOO3pq0YIFGzYtf+ilbX1kPKZ5Pf6coqKzVJ4gH9kZ0z0z
erbawy+oHBF/u+3jLX7caZYt8baSezdKdT58Q90QWGP8U+5+B0GfgEU1HoHHAsvO
GV+ozwrF4i4OagXdiAwbIfvFikwogbz7dqBy8D7kwHQwY+wDlXLnI0qiPDLghrX/
SDeqg0KSLzgtwhd22VxcWNBBxWgVa1CJBrQ4+LryuDxd9s7VNANBf6GdJ8QUmLFN
cs1e3ceCgN4s8luEKKq1Whkv2TVr65Kw+I10YNyhOYIpfeP9qwRLqgwCoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlD8f3DKiDPzyiUO2Ybmc2qU/v/MB8GA1UdIwQY
MBaAFNVsUHTmb0POV4o9Si57zCFctelgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVd4UWRPWnZRODVYaWoxS0xudk1JVnkxNldBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xNzUyN2ItZWNjMi00NDk4LTkyMDgt
ZTIyYjhjMGExNzI2LzEvdVVQeF9jTXFJTV9QS0pRN1podVp6YXBULV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xNzUyN2ItZWNjMi00NDk4LTkyMDgtZTIyYjhjMGExNzI2
LzEvMVd4UWRPWnZRODVYaWoxS0xudk1JVnkxNldBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf2HMA0G
CSqGSIb3DQEBCwUAA4IBAQAwK/uoN54qYt79gyVb4UsWxcnHSN5Hk2m3l+DoNDbH
+tNj5jkw9PGAIz9qfpI8ifM4N2igrTTyFgcP/xKanGaf+zbrihg64hMEVY/yNIYt
MpBfg/gJIHc5O9WIQuq4QpIrMiXaFtKuSv+oR0MCR1g8ycwW3rvHa0M5lAlRKmcC
SzBPvsKJSPDFc/zGbvgVov+u6Pw1qjJO4gIpPMn/DLbCd3wvoS0RMMAfW9bKORTM
tV0uHDiq/5B+uela/u8TkaKJTchTyedC5NIdkBk9uDiwSDwf/EwD5piSTTlTVHAS
ZAXT0+SdkDiWzcAMMPw12IHojMgGmXvLNRG51vlYVcZS
-----END CERTIFICATE-----