Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/5NknPZb2YFjtunQlHWI_QMzdlKY.roa
File:                     5NknPZb2YFjtunQlHWI_QMzdlKY.roa (raw, json)
Hash identifier:          MgsBbLyiXdRHwov9hAncLGKeKv45suA9La+rVSC/C8U=
Subject key identifier:   E4:D9:27:3D:96:F6:60:58:ED:BA:74:25:1D:62:3F:40:CC:DD:94:A6
Certificate issuer:       /CN=b8d251c4bfd526da062d4ce2af56b6e46e925117
Certificate serial:       01942825980B07E8720138088CA971E082D5
Authority key identifier: B8:D2:51:C4:BF:D5:26:DA:06:2D:4C:E2:AF:56:B6:E4:6E:92:51:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/5NknPZb2YFjtunQlHWI_QMzdlKY.roa
Signing time:             Thu 02 Jan 2025 17:52:19 +0000
ROA not before:           Thu 02 Jan 2025 17:52:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        132.75.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:98:0b:07:e8:72:01:38:08:8c:a9:71:e0:82:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d251c4bfd526da062d4ce2af56b6e46e925117
        Validity
            Not Before: Jan  2 17:52:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4d9273d96f66058edba74251d623f40ccdd94a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1d:89:b8:23:77:61:71:19:8a:3c:1d:31:c0:
                    9b:8b:e8:22:04:09:1b:b1:1e:33:2e:42:17:0b:6c:
                    8d:7d:6c:33:1a:06:2f:c1:ff:dc:98:b1:a3:b4:e3:
                    b5:cf:86:04:ed:e5:56:84:95:a0:b6:61:6c:4c:a8:
                    4c:b1:24:2e:93:02:1f:54:51:7f:c5:78:e9:a2:d7:
                    47:6a:2b:a6:cf:2d:8b:50:6b:82:7b:4f:4c:b0:a9:
                    ed:59:33:6d:a1:84:d6:56:73:f4:c9:2c:11:25:25:
                    49:1c:97:27:14:74:80:8c:1d:8d:64:dd:c5:90:6e:
                    6e:92:3f:19:1f:36:71:93:c6:29:d8:a4:f5:c2:1a:
                    80:4b:d8:ad:21:9b:f4:42:ac:ba:ea:8a:4c:de:0e:
                    36:91:9b:75:a8:b6:82:ec:2e:96:5d:bb:d5:80:03:
                    32:fd:8a:41:fc:92:fc:6d:a7:3b:bd:b0:e0:8e:00:
                    ce:46:d2:ee:f3:fe:45:29:62:4e:96:83:9a:ec:24:
                    57:36:33:e1:0b:fe:01:8e:1e:ff:fe:bd:1d:8d:0a:
                    bc:7a:f6:1e:de:83:3f:3a:5e:25:d6:c7:1c:76:40:
                    95:87:ec:77:4c:6e:b9:6a:da:cf:99:97:a0:c6:02:
                    f6:e1:b7:c5:9f:30:4f:ad:04:10:e2:30:7d:7d:04:
                    2c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D9:27:3D:96:F6:60:58:ED:BA:74:25:1D:62:3F:40:CC:DD:94:A6
            X509v3 Authority Key Identifier:
                keyid:B8:D2:51:C4:BF:D5:26:DA:06:2D:4C:E2:AF:56:B6:E4:6E:92:51:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/5NknPZb2YFjtunQlHWI_QMzdlKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.75.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:1e:a4:c8:ad:2b:61:84:5d:ff:68:41:fc:b1:be:cf:a0:1a:
         67:35:63:b1:f1:8b:ce:21:40:86:4b:2f:ab:b3:6c:df:88:8a:
         57:e1:95:d2:e4:73:bc:bb:6c:08:fd:98:0b:3b:56:84:fa:5c:
         1b:c9:64:f5:b0:29:9d:84:7b:2f:b7:39:f2:f3:8f:df:85:8e:
         89:b7:d9:a7:cc:af:67:58:54:f6:f3:4d:0b:78:3a:3f:ec:1b:
         1d:22:0f:37:57:ae:e0:4e:34:87:20:57:5d:46:f9:54:e0:e7:
         fd:7d:f6:f5:cf:56:cb:5d:51:4a:80:a2:cb:8f:74:1b:28:a8:
         b4:ec:c0:c2:c1:2e:f0:77:d9:05:6e:6b:2e:97:e2:69:80:03:
         ad:ea:98:13:a4:44:c9:c2:f2:b0:b4:db:f1:58:fb:d6:0b:0f:
         67:68:a1:e7:03:94:29:b9:95:fb:63:69:f5:1c:2c:ab:ab:16:
         3b:2e:60:74:15:11:de:ee:f3:fe:c4:c9:be:ad:29:7d:40:d2:
         16:39:ee:90:ca:64:da:ba:7c:58:aa:9d:4c:ae:a5:bd:bd:9c:
         45:a1:c8:6d:1d:cd:de:34:78:03:8c:b7:f0:d8:e7:58:b8:1d:
         62:b3:f8:30:04:31:d4:b3:bb:51:4d:2d:2c:f2:ef:be:f7:87:
         69:33:e2:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJZgLB+hyATgIjKlx4ILVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDI1MWM0YmZkNTI2ZGEwNjJkNGNlMmFmNTZiNmU0NmU5
MjUxMTcwHhcNMjUwMTAyMTc1MjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGQ5MjczZDk2ZjY2MDU4ZWRiYTc0MjUxZDYyM2Y0MGNjZGQ5NGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnB2JuCN3YXEZijwdMcCbi+giBAkb
sR4zLkIXC2yNfWwzGgYvwf/cmLGjtOO1z4YE7eVWhJWgtmFsTKhMsSQukwIfVFF/
xXjpotdHaiumzy2LUGuCe09MsKntWTNtoYTWVnP0ySwRJSVJHJcnFHSAjB2NZN3F
kG5ukj8ZHzZxk8Yp2KT1whqAS9itIZv0Qqy66opM3g42kZt1qLaC7C6WXbvVgAMy
/YpB/JL8bac7vbDgjgDORtLu8/5FKWJOloOa7CRXNjPhC/4Bjh7//r0djQq8evYe
3oM/Ol4l1sccdkCVh+x3TG65atrPmZegxgL24bfFnzBPrQQQ4jB9fQQsKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTZJz2W9mBY7bp0JR1iP0DM3ZSmMB8GA1UdIwQY
MBaAFLjSUcS/1SbaBi1M4q9WtuRuklEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5KUnhMX1ZKdG9HTFV6aXIxYTI1RzZTVVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi82MjE5NDEtZjUzYy00NDhmLWJkMzAt
NDJiM2Q2OGI1Njc2LzEvNU5rblBaYjJZRmp0dW5RbEhXSV9RTXpkbEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi82MjE5NDEtZjUzYy00NDhmLWJkMzAtNDJiM2Q2OGI1Njc2
LzEvdU5KUnhMX1ZKdG9HTFV6aXIxYTI1RzZTVVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhEtgMA0G
CSqGSIb3DQEBCwUAA4IBAQA0HqTIrSthhF3/aEH8sb7PoBpnNWOx8YvOIUCGSy+r
s2zfiIpX4ZXS5HO8u2wI/ZgLO1aE+lwbyWT1sCmdhHsvtzny84/fhY6Jt9mnzK9n
WFT2800LeDo/7BsdIg83V67gTjSHIFddRvlU4Of9ffb1z1bLXVFKgKLLj3QbKKi0
7MDCwS7wd9kFbmsul+JpgAOt6pgTpETJwvKwtNvxWPvWCw9naKHnA5QpuZX7Y2n1
HCyrqxY7LmB0FRHe7vP+xMm+rSl9QNIWOe6QymTaunxYqp1MrqW9vZxFochtHc3e
NHgDjLfw2OdYuB1is/gwBDHUs7tRTS0s8u++94dpM+Kl
-----END CERTIFICATE-----