Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/5Ut0b0NCsET_SBcrRZDGmpxguZ8.roa
File:                     5Ut0b0NCsET_SBcrRZDGmpxguZ8.roa (raw, json)
Hash identifier:          yFP/8VV88RGdYS/1gMV2xguqReDrDsPUy9So1+AmUlY=
Subject key identifier:   E5:4B:74:6F:43:42:B0:44:FF:48:17:2B:45:90:C6:9A:9C:60:B9:9F
Certificate issuer:       /CN=382e533033b3ce95e4972bf2382ddac293c2dc01
Certificate serial:       01944BA345E6FE444D297ECD7D431222C0A9
Authority key identifier: 38:2E:53:30:33:B3:CE:95:E4:97:2B:F2:38:2D:DA:C2:93:C2:DC:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OC5TMDOzzpXklyvyOC3awpPC3AE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/5Ut0b0NCsET_SBcrRZDGmpxguZ8.roa
Signing time:             Thu 09 Jan 2025 15:16:18 +0000
ROA not before:           Thu 09 Jan 2025 15:16:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        5.63.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/OC5TMDOzzpXklyvyOC3awpPC3AE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/OC5TMDOzzpXklyvyOC3awpPC3AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OC5TMDOzzpXklyvyOC3awpPC3AE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4b:a3:45:e6:fe:44:4d:29:7e:cd:7d:43:12:22:c0:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=382e533033b3ce95e4972bf2382ddac293c2dc01
        Validity
            Not Before: Jan  9 15:16:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e54b746f4342b044ff48172b4590c69a9c60b99f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1a:df:1e:25:69:5d:cb:db:f5:89:b3:0c:a5:
                    91:03:1d:96:7b:49:13:bf:98:d5:e6:21:95:69:22:
                    db:cd:e3:f7:fa:cd:e0:0c:14:8b:08:d9:e3:3a:ef:
                    9e:0a:a7:78:1b:a2:e5:70:91:2f:f6:c7:42:58:1d:
                    34:0c:08:4a:45:79:92:b4:c1:de:aa:b0:82:a4:1e:
                    b7:3f:8e:ff:06:fd:be:f0:b1:15:ed:33:45:31:ba:
                    65:ca:ce:11:b8:25:4a:2c:20:a3:aa:c1:de:65:7b:
                    cd:15:2a:b7:74:f8:e5:7f:5e:cc:42:31:08:53:88:
                    2f:6a:2b:8a:f8:b5:b4:8b:e2:96:45:e9:b3:39:80:
                    a1:8a:b3:63:35:bb:7f:ca:3e:44:05:0b:f8:c5:37:
                    50:d4:ab:c7:69:a1:1c:ca:9d:94:e0:6e:d6:fc:c7:
                    a1:a0:07:a3:f1:e7:05:88:49:8c:f1:03:9b:96:cd:
                    88:21:aa:de:52:f9:35:40:f5:b3:e5:5f:f4:d3:1d:
                    fa:49:9e:0a:58:72:b2:1e:70:55:08:1e:06:01:2e:
                    59:af:b4:d9:e4:16:06:ba:ee:b4:0b:e4:37:3d:9a:
                    71:40:ec:f6:b9:f6:b2:28:85:14:da:48:9b:2b:27:
                    ee:9e:e6:e1:d4:9b:f9:43:94:46:88:31:f9:ca:3e:
                    56:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:4B:74:6F:43:42:B0:44:FF:48:17:2B:45:90:C6:9A:9C:60:B9:9F
            X509v3 Authority Key Identifier:
                keyid:38:2E:53:30:33:B3:CE:95:E4:97:2B:F2:38:2D:DA:C2:93:C2:DC:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OC5TMDOzzpXklyvyOC3awpPC3AE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/5Ut0b0NCsET_SBcrRZDGmpxguZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/OC5TMDOzzpXklyvyOC3awpPC3AE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:d7:03:26:57:23:f3:b0:67:01:80:17:82:fe:1b:9e:18:62:
         db:2d:7b:ad:78:a0:b4:2b:44:fa:56:83:26:76:b7:b0:90:d0:
         c5:20:c1:f6:53:8f:4a:4f:3c:a7:6a:c6:fd:25:39:0d:d1:e4:
         11:77:c6:84:92:ee:54:f0:10:c1:22:fd:19:ee:f1:ec:cf:19:
         eb:a9:ac:ee:38:97:43:9d:3d:07:93:9a:b1:ba:e4:e7:94:6d:
         05:c8:c3:6e:29:d8:79:86:7e:67:c0:a3:0d:15:64:9a:7e:29:
         56:82:d4:55:3d:93:f2:45:e3:d9:e8:83:ef:f6:44:82:63:42:
         ce:9b:2d:cc:fd:8a:4b:e4:0f:6e:6b:47:55:c9:0c:30:61:5d:
         0c:1b:43:11:d8:dc:c7:72:2c:18:77:cf:f8:f0:fd:be:ea:e2:
         18:2f:4d:c3:23:7d:96:e4:89:ff:0f:06:37:a5:0d:34:28:47:
         2f:bf:fb:fa:cb:8c:a6:bb:0a:51:2d:0f:c9:5c:98:a6:53:5e:
         f1:24:4e:fe:24:c7:45:2a:c0:b3:c6:45:b2:6c:53:71:3c:28:
         40:80:0f:19:d6:cd:e8:34:96:a8:51:e2:a6:59:37:44:16:82:
         7f:9e:91:02:5c:93:29:c3:1d:3a:0d:be:c0:20:82:2a:80:24:
         aa:37:81:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRLo0Xm/kRNKX7NfUMSIsCpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MmU1MzMwMzNiM2NlOTVlNDk3MmJmMjM4MmRkYWMyOTNj
MmRjMDEwHhcNMjUwMTA5MTUxNjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTRiNzQ2ZjQzNDJiMDQ0ZmY0ODE3MmI0NTkwYzY5YTljNjBiOTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBrfHiVpXcvb9YmzDKWRAx2We0kT
v5jV5iGVaSLbzeP3+s3gDBSLCNnjOu+eCqd4G6LlcJEv9sdCWB00DAhKRXmStMHe
qrCCpB63P47/Bv2+8LEV7TNFMbplys4RuCVKLCCjqsHeZXvNFSq3dPjlf17MQjEI
U4gvaiuK+LW0i+KWRemzOYChirNjNbt/yj5EBQv4xTdQ1KvHaaEcyp2U4G7W/Meh
oAej8ecFiEmM8QObls2IIareUvk1QPWz5V/00x36SZ4KWHKyHnBVCB4GAS5Zr7TZ
5BYGuu60C+Q3PZpxQOz2ufayKIUU2kibKyfunubh1Jv5Q5RGiDH5yj5WJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVLdG9DQrBE/0gXK0WQxpqcYLmfMB8GA1UdIwQY
MBaAFDguUzAzs86V5Jcr8jgt2sKTwtwBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0M1VE1ET3p6cFhrbHl2eU9DM2F3cFBDM0FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9hMGZhZTEtNDBlZS00MTkxLWIyZDQt
ZWFhMDkwNTE0YjUyLzEvNVV0MGIwTkNzRVRfU0JjclJaREdtcHhndVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9hMGZhZTEtNDBlZS00MTkxLWIyZDQtZWFhMDkwNTE0YjUy
LzEvT0M1VE1ET3p6cFhrbHl2eU9DM2F3cFBDM0FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT8TMA0G
CSqGSIb3DQEBCwUAA4IBAQCR1wMmVyPzsGcBgBeC/hueGGLbLXuteKC0K0T6VoMm
drewkNDFIMH2U49KTzynasb9JTkN0eQRd8aEku5U8BDBIv0Z7vHszxnrqazuOJdD
nT0Hk5qxuuTnlG0FyMNuKdh5hn5nwKMNFWSafilWgtRVPZPyRePZ6IPv9kSCY0LO
my3M/YpL5A9ua0dVyQwwYV0MG0MR2NzHciwYd8/48P2+6uIYL03DI32W5In/DwY3
pQ00KEcvv/v6y4ymuwpRLQ/JXJimU17xJE7+JMdFKsCzxkWybFNxPChAgA8Z1s3o
NJaoUeKmWTdEFoJ/npECXJMpwx06Db7AIIIqgCSqN4E/
-----END CERTIFICATE-----