Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/bVgiVwMAsGWMPapJSzgEX6Yv0OY.roa
File:                     bVgiVwMAsGWMPapJSzgEX6Yv0OY.roa (raw, json)
Hash identifier:          C9Nnu0E7D7ONKXVHS6awWhiPClqqVq9n0QLmZzo6AXM=
Subject key identifier:   6D:58:22:57:03:00:B0:65:8C:3D:AA:49:4B:38:04:5F:A6:2F:D0:E6
Certificate issuer:       /CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Certificate serial:       019427B64FEBB555E5034DF70C133A47773D
Authority key identifier: 25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/bVgiVwMAsGWMPapJSzgEX6Yv0OY.roa
Signing time:             Thu 02 Jan 2025 15:50:46 +0000
ROA not before:           Thu 02 Jan 2025 15:50:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60134
IP address blocks:        5.158.82.0/24 maxlen: 24
                          5.158.86.0/24 maxlen: 24
                          149.62.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:4f:eb:b5:55:e5:03:4d:f7:0c:13:3a:47:77:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
        Validity
            Not Before: Jan  2 15:50:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d5822570300b0658c3daa494b38045fa62fd0e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a4:53:97:a9:05:ee:9a:36:3b:36:25:3d:46:
                    90:93:04:9f:fb:96:c7:2c:d0:24:8d:93:14:05:53:
                    59:ca:68:06:31:78:3e:49:1e:75:47:c3:fc:7a:0b:
                    a8:a9:6e:66:d3:2e:e9:b7:f7:c9:b9:ef:cb:e9:02:
                    eb:15:fb:64:ab:df:30:4b:6e:6e:61:7b:22:61:a4:
                    37:aa:54:e1:7f:d1:83:67:b3:05:3f:43:61:81:76:
                    f1:31:f5:86:ee:c6:9a:d0:0e:85:f9:0c:e0:59:1f:
                    17:85:7d:80:2d:a3:f2:08:80:74:a5:7b:d2:e2:f3:
                    72:f7:8a:cb:73:40:31:46:ec:a1:07:55:04:8d:4e:
                    b0:4a:5c:6f:a4:c9:08:e9:df:d9:52:16:8c:bc:5d:
                    79:a7:3a:d3:d2:a2:83:7c:83:7e:72:c1:54:5a:a9:
                    36:96:a5:8b:f5:20:b3:78:f2:4e:13:f8:3d:fa:b6:
                    39:ff:c6:78:f7:4d:1c:b5:ef:e0:65:41:c2:e3:61:
                    b6:fa:a2:56:3b:71:36:2d:bf:9d:7f:46:65:86:77:
                    6c:fe:dd:5f:cb:78:4c:70:5d:ae:30:14:f9:c4:7b:
                    6f:a2:8d:7e:ad:03:14:fe:e8:7c:4d:7e:3e:4b:21:
                    af:01:78:7a:eb:a6:8e:da:73:59:57:bc:7a:0d:46:
                    67:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:58:22:57:03:00:B0:65:8C:3D:AA:49:4B:38:04:5F:A6:2F:D0:E6
            X509v3 Authority Key Identifier:
                keyid:25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/bVgiVwMAsGWMPapJSzgEX6Yv0OY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.82.0/24
                  5.158.86.0/24
                  149.62.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:e6:c8:31:74:e4:a7:48:54:7a:b4:eb:dd:3e:1b:96:93:a5:
         fe:c5:45:13:8a:99:25:83:0f:73:97:b3:a4:95:aa:5f:4c:f6:
         de:3b:43:55:26:fc:c4:29:ea:a5:01:d0:f7:8d:99:cb:ff:90:
         67:79:a5:1d:7a:af:2f:64:bf:d4:f5:26:e4:a0:59:94:bf:5b:
         97:90:d0:5f:8d:f5:a3:28:58:f2:72:7e:c2:86:36:22:ae:dc:
         31:83:9e:75:20:4c:a3:fa:14:82:b2:59:cc:ea:ca:41:c0:44:
         60:ec:97:25:59:c7:1a:70:42:20:38:05:12:2e:a6:5e:91:25:
         70:41:10:98:69:b2:41:bb:89:75:3c:e3:b2:6c:4f:7b:37:79:
         82:ee:67:dc:a5:15:6b:17:74:ab:89:a6:cd:4f:17:8c:3f:62:
         3e:5b:39:33:6c:a0:8a:57:ea:23:db:ec:24:47:d7:4d:f0:e3:
         95:10:b7:a1:d9:ef:81:9a:af:7a:ef:e0:1b:8b:66:75:34:8a:
         f5:18:be:df:fc:c8:01:a4:0d:d4:f9:cf:a1:ec:c6:87:4a:57:
         48:b7:cb:f2:7f:ce:ed:ed:d3:79:de:45:5e:2d:c4:0d:22:8c:
         14:7a:42:aa:90:76:8b:4c:1c:b7:45:6c:2a:03:60:f3:09:ef:
         7b:f9:9c:d7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntk/rtVXlA033DBM6R3c9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWU1NTFhZjBiYjVkNzk3N2VhNzNmNjg5NmYyNWYxZWNh
MjhmOWQwHhcNMjUwMTAyMTU1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDU4MjI1NzAzMDBiMDY1OGMzZGFhNDk0YjM4MDQ1ZmE2MmZkMGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraRTl6kF7po2OzYlPUaQkwSf+5bH
LNAkjZMUBVNZymgGMXg+SR51R8P8eguoqW5m0y7pt/fJue/L6QLrFftkq98wS25u
YXsiYaQ3qlThf9GDZ7MFP0NhgXbxMfWG7saa0A6F+QzgWR8XhX2ALaPyCIB0pXvS
4vNy94rLc0AxRuyhB1UEjU6wSlxvpMkI6d/ZUhaMvF15pzrT0qKDfIN+csFUWqk2
lqWL9SCzePJOE/g9+rY5/8Z4900cte/gZUHC42G2+qJWO3E2Lb+df0Zlhnds/t1f
y3hMcF2uMBT5xHtvoo1+rQMU/uh8TX4+SyGvAXh666aO2nNZV7x6DUZnFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG1YIlcDALBljD2qSUs4BF+mL9DmMB8GA1UdIwQY
MBaAFCWuVRrwu115d+pz9olvJfHsoo+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjkt
MjE0MmY4ZmI2NzZlLzEvYlZnaVZ3TUFzR1dNUGFwSlN6Z0VYNll2ME9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjktMjE0MmY4ZmI2NzZl
LzEvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABZ5SAwQA
BZ5WAwQAlT62MA0GCSqGSIb3DQEBCwUAA4IBAQB35sgxdOSnSFR6tOvdPhuWk6X+
xUUTipklgw9zl7OklapfTPbeO0NVJvzEKeqlAdD3jZnL/5BneaUdeq8vZL/U9Sbk
oFmUv1uXkNBfjfWjKFjycn7ChjYirtwxg551IEyj+hSCslnM6spBwERg7JclWcca
cEIgOAUSLqZekSVwQRCYabJBu4l1POOybE97N3mC7mfcpRVrF3SriabNTxeMP2I+
WzkzbKCKV+oj2+wkR9dN8OOVELeh2e+Bmq967+Abi2Z1NIr1GL7f/MgBpA3U+c+h
7MaHSldIt8vyf87t7dN53kVeLcQNIowUekKqkHaLTBy3RWwqA2DzCe97+ZzX
-----END CERTIFICATE-----