Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/s1AjbUJ8flHhzJzb6iz5z8RYum4.roa
File:                     s1AjbUJ8flHhzJzb6iz5z8RYum4.roa (raw, json)
Hash identifier:          5eBSOeVacCWcPo2DJzprnuXzxSgaZd2/89V1SjPZZHo=
Subject key identifier:   B3:50:23:6D:42:7C:7E:51:E1:CC:9C:DB:EA:2C:F9:CF:C4:58:BA:6E
Certificate issuer:       /CN=374f6f3e3cb973bac8a43f6c0b806b3d11c9adc3
Certificate serial:       01941F8C2075B40068429455747839C269A0
Authority key identifier: 37:4F:6F:3E:3C:B9:73:BA:C8:A4:3F:6C:0B:80:6B:3D:11:C9:AD:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/s1AjbUJ8flHhzJzb6iz5z8RYum4.roa
Signing time:             Wed 01 Jan 2025 01:47:44 +0000
ROA not before:           Wed 01 Jan 2025 01:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210392
IP address blocks:        5.22.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:20:75:b4:00:68:42:94:55:74:78:39:c2:69:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374f6f3e3cb973bac8a43f6c0b806b3d11c9adc3
        Validity
            Not Before: Jan  1 01:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b350236d427c7e51e1cc9cdbea2cf9cfc458ba6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a3:73:ca:9f:37:8e:a2:a3:03:bc:74:8e:9c:
                    9f:b7:2e:60:0f:e4:d7:4a:3c:20:7a:e8:57:ed:3c:
                    74:db:a4:b2:79:99:f8:d2:5e:4b:72:b5:c4:23:4c:
                    4d:06:7c:9a:37:78:d1:6c:30:f7:9a:65:22:7b:c7:
                    72:f5:62:97:3c:42:a2:9e:90:d4:bd:60:26:89:70:
                    7f:bf:9f:f6:c3:be:fb:eb:75:bb:4e:13:6d:f1:eb:
                    ac:1e:f8:a3:75:63:ec:b7:8d:40:4b:22:37:69:ca:
                    a1:75:a9:8b:ff:0f:27:35:97:f7:e8:1e:ef:8b:a8:
                    3a:3a:80:90:fe:c7:3f:27:44:63:94:a4:25:a5:8d:
                    fc:38:46:9c:e6:7d:9b:42:b2:d0:be:9b:20:c0:d8:
                    a7:b4:62:69:7b:5b:49:4c:b5:5c:68:df:1b:36:aa:
                    00:a7:40:54:c5:29:b1:8e:a9:2c:fb:98:b6:61:1a:
                    de:ce:db:59:84:08:06:d8:63:7a:f3:0e:d7:2d:0a:
                    0c:80:65:78:67:1c:a4:4c:0f:09:64:6b:99:43:7b:
                    58:cb:45:9d:1a:73:cf:c8:9f:1d:9c:a7:11:6b:ff:
                    b3:aa:e9:1f:a5:fe:21:91:3c:b8:99:15:9f:65:45:
                    1d:91:13:9d:79:bd:c4:6a:70:91:28:30:1a:ae:db:
                    03:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:50:23:6D:42:7C:7E:51:E1:CC:9C:DB:EA:2C:F9:CF:C4:58:BA:6E
            X509v3 Authority Key Identifier:
                keyid:37:4F:6F:3E:3C:B9:73:BA:C8:A4:3F:6C:0B:80:6B:3D:11:C9:AD:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/s1AjbUJ8flHhzJzb6iz5z8RYum4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:5a:dd:e2:d2:ac:9a:cd:d2:5b:f1:db:9f:9a:1e:cc:7b:d5:
         3c:cb:11:32:9d:58:78:ea:6a:c6:ae:d7:6d:48:f2:90:ea:c6:
         32:24:78:54:a1:68:94:59:9d:c4:4b:a6:a6:4c:6a:19:1b:e4:
         f7:21:0b:04:37:dd:91:e8:4c:d2:1d:fc:e7:a7:00:a6:94:12:
         16:71:bf:15:72:2d:3f:6c:c0:57:09:24:9d:bf:d9:fe:18:d6:
         e5:f5:2f:c6:c4:cd:96:0f:cc:67:62:6e:32:78:43:b5:f0:2c:
         e3:1c:0f:32:28:57:22:2e:66:d8:5f:64:af:28:63:f2:1c:91:
         ae:68:0a:fc:3c:95:34:1b:e0:18:e4:55:67:5b:d9:43:19:be:
         73:f8:01:4c:98:25:98:5b:b2:cb:4e:58:c8:7d:b1:b9:ff:a6:
         1b:a3:ca:d4:0c:ad:b6:72:78:c5:78:62:8f:30:4c:2e:69:6c:
         a6:d3:b5:e2:40:ce:31:58:3b:8b:2f:79:e3:87:f7:cc:09:df:
         99:6e:3d:a7:90:69:1c:58:56:ed:1a:e1:db:97:f5:4b:5d:14:
         32:77:cd:33:f7:95:58:01:0e:cc:c5:a8:b3:91:ea:d4:f2:2d:
         3e:1a:15:01:9c:9b:4a:76:06:20:7e:ff:51:60:f1:85:c4:88:
         29:76:e8:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjCB1tABoQpRVdHg5wmmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGY2ZjNlM2NiOTczYmFjOGE0M2Y2YzBiODA2YjNkMTFj
OWFkYzMwHhcNMjUwMTAxMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzUwMjM2ZDQyN2M3ZTUxZTFjYzljZGJlYTJjZjljZmM0NThiYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKNzyp83jqKjA7x0jpyfty5gD+TX
SjwgeuhX7Tx026SyeZn40l5LcrXEI0xNBnyaN3jRbDD3mmUie8dy9WKXPEKinpDU
vWAmiXB/v5/2w77763W7ThNt8eusHvijdWPst41ASyI3acqhdamL/w8nNZf36B7v
i6g6OoCQ/sc/J0RjlKQlpY38OEac5n2bQrLQvpsgwNintGJpe1tJTLVcaN8bNqoA
p0BUxSmxjqks+5i2YRrezttZhAgG2GN68w7XLQoMgGV4ZxykTA8JZGuZQ3tYy0Wd
GnPPyJ8dnKcRa/+zqukfpf4hkTy4mRWfZUUdkROdeb3EanCRKDAartsDkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNQI21CfH5R4cyc2+os+c/EWLpuMB8GA1UdIwQY
MBaAFDdPbz48uXO6yKQ/bAuAaz0Rya3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA5dlBqeTVjN3JJcEQ5c0M0QnJQUkhKcmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi84ZDExNjctMGM0ZC00ODhmLTlhODMt
YzAxNzdkZmRhODQ3LzEvczFBamJVSjhmbEhoekp6YjZpejV6OFJZdW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi84ZDExNjctMGM0ZC00ODhmLTlhODMtYzAxNzdkZmRhODQ3
LzEvTjA5dlBqeTVjN3JJcEQ5c0M0QnJQUkhKcmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABRbKMA0G
CSqGSIb3DQEBCwUAA4IBAQAtWt3i0qyazdJb8dufmh7Me9U8yxEynVh46mrGrtdt
SPKQ6sYyJHhUoWiUWZ3ES6amTGoZG+T3IQsEN92R6EzSHfznpwCmlBIWcb8Vci0/
bMBXCSSdv9n+GNbl9S/GxM2WD8xnYm4yeEO18CzjHA8yKFciLmbYX2SvKGPyHJGu
aAr8PJU0G+AY5FVnW9lDGb5z+AFMmCWYW7LLTljIfbG5/6Ybo8rUDK22cnjFeGKP
MEwuaWym07XiQM4xWDuLL3njh/fMCd+Zbj2nkGkcWFbtGuHbl/VLXRQyd80z95VY
AQ7MxaizkerU8i0+GhUBnJtKdgYgfv9RYPGFxIgpdugT
-----END CERTIFICATE-----