Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/UuK3HXxMCh37g6d3LBH8pLQfhkw.roa
File:                     UuK3HXxMCh37g6d3LBH8pLQfhkw.roa (raw, json)
Hash identifier:          gwRDu4mIj3MzGWkeYSwx8sHHZwsCX42WxQrLPWRXccM=
Subject key identifier:   52:E2:B7:1D:7C:4C:0A:1D:FB:83:A7:77:2C:11:FC:A4:B4:1F:86:4C
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       019424B3D06D3871093132B3149FE22DD283
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/UuK3HXxMCh37g6d3LBH8pLQfhkw.roa
Signing time:             Thu 02 Jan 2025 01:49:11 +0000
ROA not before:           Thu 02 Jan 2025 01:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215501
IP address blocks:        5.134.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:d0:6d:38:71:09:31:32:b3:14:9f:e2:2d:d2:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  2 01:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52e2b71d7c4c0a1dfb83a7772c11fca4b41f864c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:81:01:7e:2f:f1:ed:a5:6a:11:fc:c5:4e:f0:
                    f7:e8:98:4e:1b:b9:d4:a4:5e:52:c2:4e:02:53:18:
                    f2:cf:4f:85:90:30:ca:05:cb:d2:16:da:9d:a7:dc:
                    0f:d5:60:aa:5e:d6:5f:cf:e2:03:e5:db:73:c7:85:
                    5f:5c:59:32:6c:fe:a9:b6:e1:53:0a:78:ea:77:d9:
                    ef:69:e4:52:d3:f8:4e:1d:5f:f9:cc:8d:66:45:00:
                    c9:3b:46:1b:46:5d:8c:9e:60:46:b1:90:1f:bf:19:
                    5c:b1:46:9f:3b:bc:1b:f6:f1:58:8d:ca:43:9c:52:
                    10:9d:12:14:b8:4f:44:98:a1:c5:0d:fd:19:6f:73:
                    15:91:4d:44:c4:b6:8e:9d:ce:92:20:50:c7:c0:d6:
                    42:32:22:72:28:a2:35:38:e8:c8:86:d3:ff:98:28:
                    4d:14:6b:31:c8:a0:69:7e:b0:fc:02:ac:11:c2:a1:
                    6a:42:b7:a3:09:fd:32:10:db:62:cc:9b:cc:ea:5d:
                    37:65:ee:bb:f7:ca:c5:22:f6:35:bb:d9:54:d7:13:
                    b2:0e:c3:2b:92:11:58:18:ea:12:ff:fe:b3:69:01:
                    1d:72:cb:39:4c:99:1b:d1:09:c7:e3:31:8c:8e:ed:
                    d9:ec:bf:7d:f6:96:f5:a2:7e:40:a6:4a:e6:82:a6:
                    b2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E2:B7:1D:7C:4C:0A:1D:FB:83:A7:77:2C:11:FC:A4:B4:1F:86:4C
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/UuK3HXxMCh37g6d3LBH8pLQfhkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.134.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:c7:1c:09:59:49:9c:ed:b5:1e:20:9a:2b:67:f2:36:30:19:
         0f:c7:4e:1e:3d:a5:3b:c9:28:93:e3:31:c9:c2:61:89:35:eb:
         62:02:48:aa:d2:16:8b:60:e0:d8:ff:ea:67:57:6c:23:1d:aa:
         34:64:09:ea:87:32:38:8c:0e:6b:8f:17:fc:92:ca:ed:56:40:
         ef:88:e1:f7:0a:e5:d3:2e:aa:b2:01:a0:6f:f5:fe:4e:cd:ac:
         61:cc:5b:00:88:b8:b0:9a:71:11:f0:19:5c:9d:53:cf:a5:52:
         13:ae:71:e8:17:65:66:0c:1e:d0:ee:70:9c:15:dc:30:b7:1c:
         1c:28:0b:25:fd:3e:64:04:13:65:75:6f:04:0f:95:9f:c4:20:
         5a:3f:32:0f:2d:2e:f9:22:94:6f:93:6c:40:cc:d4:eb:8e:2d:
         7e:10:36:ac:cb:4a:56:91:4d:05:20:89:bb:b1:6c:49:f4:de:
         05:e0:04:dc:c1:d2:8e:8f:62:e5:fe:3c:14:05:6d:9b:ae:fc:
         32:26:60:ac:93:49:8b:71:7e:ee:d4:81:4e:de:9c:34:e8:2a:
         ff:1d:c3:84:7e:70:df:1f:2b:13:e9:8d:29:b4:19:ba:f7:95:
         7d:e1:2f:0a:95:a0:fe:15:45:52:b4:d3:ec:4b:95:19:4b:be:
         3a:83:42:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks9BtOHEJMTKzFJ/iLdKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjUwMTAyMDE0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmUyYjcxZDdjNGMwYTFkZmI4M2E3NzcyYzExZmNhNGI0MWY4NjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoEBfi/x7aVqEfzFTvD36JhOG7nU
pF5Swk4CUxjyz0+FkDDKBcvSFtqdp9wP1WCqXtZfz+ID5dtzx4VfXFkybP6ptuFT
Cnjqd9nvaeRS0/hOHV/5zI1mRQDJO0YbRl2MnmBGsZAfvxlcsUafO7wb9vFYjcpD
nFIQnRIUuE9EmKHFDf0Zb3MVkU1ExLaOnc6SIFDHwNZCMiJyKKI1OOjIhtP/mChN
FGsxyKBpfrD8AqwRwqFqQrejCf0yENtizJvM6l03Ze6798rFIvY1u9lU1xOyDsMr
khFYGOoS//6zaQEdcss5TJkb0QnH4zGMju3Z7L999pb1on5Apkrmgqay+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLitx18TAod+4OndywR/KS0H4ZMMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvVXVLM0hYeE1DaDM3ZzZkM0xCSDhwTFFmaGt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYZWMA0G
CSqGSIb3DQEBCwUAA4IBAQC0xxwJWUmc7bUeIJorZ/I2MBkPx04ePaU7ySiT4zHJ
wmGJNetiAkiq0haLYODY/+pnV2wjHao0ZAnqhzI4jA5rjxf8ksrtVkDviOH3CuXT
LqqyAaBv9f5OzaxhzFsAiLiwmnER8BlcnVPPpVITrnHoF2VmDB7Q7nCcFdwwtxwc
KAsl/T5kBBNldW8ED5WfxCBaPzIPLS75IpRvk2xAzNTrji1+EDasy0pWkU0FIIm7
sWxJ9N4F4ATcwdKOj2Ll/jwUBW2brvwyJmCsk0mLcX7u1IFO3pw06Cr/HcOEfnDf
HysT6Y0ptBm695V94S8KlaD+FUVStNPsS5UZS746g0Ll
-----END CERTIFICATE-----