Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/M5_00Z7BlRlBNolje_Skf3mnwdM.roa
File:                     M5_00Z7BlRlBNolje_Skf3mnwdM.roa (raw, json)
Hash identifier:          aoe6giv8gaJwKUo/cQH6MFnFzScH3BReKPSbg9yEspU=
Subject key identifier:   33:9F:F4:D1:9E:C1:95:19:41:36:89:63:7B:F4:A4:7F:79:A7:C1:D3
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BDDF992B58CE394E634BEF63F8012
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/M5_00Z7BlRlBNolje_Skf3mnwdM.roa
Signing time:             Thu 02 Jan 2025 09:49:50 +0000
ROA not before:           Thu 02 Jan 2025 09:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57321
IP address blocks:        85.202.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:dd:f9:92:b5:8c:e3:94:e6:34:be:f6:3f:80:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=339ff4d19ec19519413689637bf4a47f79a7c1d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ff:20:3f:25:bc:67:48:45:65:bb:d6:0b:df:
                    4f:fd:9e:e7:12:ff:8f:e7:22:98:8c:51:1f:9d:47:
                    0b:6f:42:c8:a4:a8:1a:6d:88:83:c4:f3:d3:10:63:
                    bc:e9:1e:78:1a:b7:7e:89:44:07:23:71:db:7b:10:
                    b7:3e:47:b4:90:a7:fe:9f:ba:5f:e1:15:70:45:83:
                    af:20:58:2d:1d:77:4a:87:d1:0b:3b:f8:49:ea:5f:
                    87:fd:0f:3f:16:9d:a6:d0:07:50:cd:62:8c:6e:f9:
                    47:ae:dd:21:bd:55:06:e1:a9:c1:15:31:1e:d9:9e:
                    dd:5f:dd:2a:ae:9f:57:2b:e1:01:a2:e5:cb:4d:68:
                    97:5a:86:be:ab:a1:c2:8c:5a:7b:cf:d3:13:d2:9b:
                    73:07:2e:b4:c3:1e:bb:f3:c3:08:4f:ab:cf:b6:5e:
                    0a:26:a7:8f:55:13:b6:9f:fa:62:25:64:64:c2:52:
                    c7:09:57:19:e1:30:e1:57:6f:36:27:2c:4a:d2:3b:
                    fe:65:fa:bb:0d:73:4d:d7:0e:27:be:1b:4b:1d:42:
                    9b:de:d5:16:18:a5:55:78:2c:e0:d5:72:12:67:3c:
                    aa:48:a6:f5:6e:05:03:0a:65:2b:69:41:8d:ce:77:
                    07:3a:24:d3:8c:0b:28:76:1e:7d:86:9b:4e:a7:da:
                    d6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:9F:F4:D1:9E:C1:95:19:41:36:89:63:7B:F4:A4:7F:79:A7:C1:D3
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/M5_00Z7BlRlBNolje_Skf3mnwdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:fd:19:66:ee:f8:84:d4:00:19:04:f3:1a:ae:50:50:fb:7f:
         c8:cb:26:9b:4e:5c:6a:e4:6c:9c:c5:30:7f:8c:a3:07:8e:cf:
         c4:0d:f8:26:60:a5:cd:c4:a5:36:39:f7:66:89:13:ee:d8:78:
         5e:93:5f:08:1e:fc:ec:2b:a1:2c:0c:df:48:60:18:e6:8b:62:
         47:4b:e8:47:80:4c:a7:d2:59:49:56:14:87:f7:9f:e8:42:91:
         c3:ab:6a:e0:8e:d0:69:e8:8d:dd:ce:d0:cd:86:89:05:6a:1c:
         ce:d1:4e:02:e8:56:ca:1a:f7:b5:31:70:76:ff:24:5d:eb:aa:
         0e:51:eb:b1:c4:c2:59:a9:df:59:30:5c:e8:08:15:47:12:c6:
         45:da:8b:98:b7:cf:c7:2d:84:f9:13:4d:f5:83:90:da:81:f9:
         ba:df:81:9f:5b:ca:31:11:8c:c0:e4:c5:3f:74:96:6c:61:df:
         a1:c3:84:74:32:05:23:46:66:fc:da:5d:15:95:2a:0a:2a:07:
         9b:49:da:24:73:e7:7b:f7:82:61:e9:8a:d2:ef:10:b9:32:2b:
         86:af:20:9a:32:8c:25:80:96:6c:1a:3f:ad:2e:0f:94:71:91:
         eb:92:19:43:60:59:d8:c7:1e:2d:8f:8f:52:bf:91:b7:b0:ed:
         b4:11:af:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma935krWM45TmNL72P4ASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzlmZjRkMTllYzE5NTE5NDEzNjg5NjM3YmY0YTQ3Zjc5YTdjMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP8gPyW8Z0hFZbvWC99P/Z7nEv+P
5yKYjFEfnUcLb0LIpKgabYiDxPPTEGO86R54Grd+iUQHI3HbexC3Pke0kKf+n7pf
4RVwRYOvIFgtHXdKh9ELO/hJ6l+H/Q8/Fp2m0AdQzWKMbvlHrt0hvVUG4anBFTEe
2Z7dX90qrp9XK+EBouXLTWiXWoa+q6HCjFp7z9MT0ptzBy60wx6788MIT6vPtl4K
JqePVRO2n/piJWRkwlLHCVcZ4TDhV282JyxK0jv+Zfq7DXNN1w4nvhtLHUKb3tUW
GKVVeCzg1XISZzyqSKb1bgUDCmUraUGNzncHOiTTjAsodh59hptOp9rWOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOf9NGewZUZQTaJY3v0pH95p8HTMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvTTVfMDBaN0JsUmxCTm9samVfU2tmM21ud2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVco0MA0G
CSqGSIb3DQEBCwUAA4IBAQBB/Rlm7viE1AAZBPMarlBQ+3/IyyabTlxq5GycxTB/
jKMHjs/EDfgmYKXNxKU2OfdmiRPu2Hhek18IHvzsK6EsDN9IYBjmi2JHS+hHgEyn
0llJVhSH95/oQpHDq2rgjtBp6I3dztDNhokFahzO0U4C6FbKGve1MXB2/yRd66oO
UeuxxMJZqd9ZMFzoCBVHEsZF2ouYt8/HLYT5E031g5Dagfm634GfW8oxEYzA5MU/
dJZsYd+hw4R0MgUjRmb82l0VlSoKKgebSdokc+d794Jh6YrS7xC5MiuGryCaMowl
gJZsGj+tLg+UcZHrkhlDYFnYxx4tj49Sv5G3sO20Ea+d
-----END CERTIFICATE-----