Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/JH5Q15rYm3yauoa5O0AtnaEF5T8.roa
File:                     JH5Q15rYm3yauoa5O0AtnaEF5T8.roa (raw, json)
Hash identifier:          P8bh12UacYgaXKXWnxHFtSknccP/NWYvpFtt4o+MFnQ=
Subject key identifier:   24:7E:50:D7:9A:D8:9B:7C:9A:BA:86:B9:3B:40:2D:9D:A1:05:E5:3F
Certificate issuer:       /CN=2ec121e1545df3e5bb86e9188f2825fad7477f75
Certificate serial:       01941FFA9460ED4AC7A3311ED42FBEBA9F70
Authority key identifier: 2E:C1:21:E1:54:5D:F3:E5:BB:86:E9:18:8F:28:25:FA:D7:47:7F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/JH5Q15rYm3yauoa5O0AtnaEF5T8.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39886
IP address blocks:        109.94.32.0/19 maxlen: 24
                          213.111.0.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:94:60:ed:4a:c7:a3:31:1e:d4:2f:be:ba:9f:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ec121e1545df3e5bb86e9188f2825fad7477f75
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=247e50d79ad89b7c9aba86b93b402d9da105e53f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:48:52:e6:48:45:c0:f0:7c:2a:73:e9:59:d6:
                    53:a4:44:30:db:ab:51:26:7b:ad:17:67:9d:cd:3a:
                    a3:b3:a2:63:3f:73:3b:0e:4f:b8:49:f0:2e:c9:bc:
                    f3:62:79:2c:f0:a9:15:5b:59:2f:12:6f:c9:71:2a:
                    e1:89:c4:1a:91:61:e5:ce:b7:b6:51:40:aa:83:c3:
                    a9:49:4f:a6:7c:7b:66:cc:5d:ff:c1:ae:e8:55:82:
                    a9:25:8d:34:99:11:58:78:2a:c1:33:d1:4e:3d:9d:
                    96:c2:1b:c1:4a:14:e3:11:41:45:db:f1:29:a7:aa:
                    e6:14:d4:b2:04:a0:dd:03:ae:8f:f4:d4:7c:73:4f:
                    96:bc:94:00:47:59:52:d2:66:bd:71:a7:4e:18:37:
                    82:d2:5d:8f:98:8e:cb:6d:dd:51:8e:1a:f6:5a:7a:
                    ba:d0:ea:59:00:98:83:d2:fb:1b:88:bd:d5:fd:50:
                    47:68:15:64:ad:20:5c:a4:23:92:83:51:3c:70:db:
                    a4:a1:ea:06:c3:d1:2a:c4:29:e3:a0:c9:e2:3f:36:
                    53:11:37:31:e4:75:0b:c1:63:25:cd:51:b1:88:2f:
                    f4:13:97:ec:d0:3b:3f:cb:3b:19:71:4d:c8:17:32:
                    48:24:90:18:33:cc:70:f8:e1:20:a7:de:28:9d:37:
                    8a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:7E:50:D7:9A:D8:9B:7C:9A:BA:86:B9:3B:40:2D:9D:A1:05:E5:3F
            X509v3 Authority Key Identifier:
                keyid:2E:C1:21:E1:54:5D:F3:E5:BB:86:E9:18:8F:28:25:FA:D7:47:7F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/JH5Q15rYm3yauoa5O0AtnaEF5T8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.94.32.0/19
                  213.111.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         55:db:25:1e:05:42:ff:bf:11:78:22:2b:27:2d:2d:88:4f:87:
         6b:0d:45:3d:50:d9:cc:8f:38:10:53:85:92:f6:10:59:10:1f:
         12:f9:10:28:0e:33:1b:76:70:00:b6:1e:71:37:1b:23:82:58:
         c6:4a:a0:71:50:11:bd:de:48:10:b8:19:c6:11:2a:65:c7:ab:
         8e:5b:b5:1f:f5:eb:66:8f:d7:1d:59:2c:58:1b:f0:e7:79:aa:
         83:9a:19:ec:c0:75:35:df:5d:3b:ff:ea:db:0f:78:b3:64:ea:
         ad:98:b3:24:a8:d8:b4:7f:60:cf:fb:c2:63:ac:ae:e2:5c:1a:
         b4:d1:b5:d8:8a:3f:f1:70:85:94:81:cc:39:f7:e9:5f:ec:f5:
         ad:9c:7b:59:1a:10:06:b4:e1:79:aa:2c:a1:89:81:77:8e:78:
         39:98:2e:2a:f5:c9:36:61:db:13:49:f8:c3:2d:ca:ce:a3:48:
         af:34:e4:e3:16:1a:be:26:06:37:95:a9:3a:67:12:e6:59:14:
         f2:c6:c7:0a:71:28:67:37:bd:30:bf:02:4c:1e:29:40:94:b5:
         bd:d3:5b:88:2a:bb:12:8f:37:37:ab:55:6b:6e:71:a5:3d:09:
         66:0b:c2:2b:a2:45:60:ec:b3:0c:7e:c2:d4:82:9a:05:2a:bd:
         84:6c:02:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+pRg7UrHozEe1C++up9wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYzEyMWUxNTQ1ZGYzZTViYjg2ZTkxODhmMjgyNWZhZDc0
NzdmNzUwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDdlNTBkNzlhZDg5YjdjOWFiYTg2YjkzYjQwMmQ5ZGExMDVlNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkhS5khFwPB8KnPpWdZTpEQw26tR
JnutF2edzTqjs6JjP3M7Dk+4SfAuybzzYnks8KkVW1kvEm/JcSrhicQakWHlzre2
UUCqg8OpSU+mfHtmzF3/wa7oVYKpJY00mRFYeCrBM9FOPZ2WwhvBShTjEUFF2/Ep
p6rmFNSyBKDdA66P9NR8c0+WvJQAR1lS0ma9cadOGDeC0l2PmI7Lbd1Rjhr2Wnq6
0OpZAJiD0vsbiL3V/VBHaBVkrSBcpCOSg1E8cNukoeoGw9EqxCnjoMniPzZTETcx
5HULwWMlzVGxiC/0E5fs0Ds/yzsZcU3IFzJIJJAYM8xw+OEgp94onTeKWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCR+UNea2Jt8mrqGuTtALZ2hBeU/MB8GA1UdIwQY
MBaAFC7BIeFUXfPlu4bpGI8oJfrXR391MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHNFaDRWUmQ4LVc3aHVrWWp5Z2wtdGRIZjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xZWQyN2MtMmQ4Yy00MDgwLWE0NTgt
OWY1MjJhMjg0NTk1LzEvSkg1UTE1clltM3lhdW9hNU8wQXRuYUVGNVQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xZWQyN2MtMmQ4Yy00MDgwLWE0NTgtOWY1MjJhMjg0NTk1
LzEvTHNFaDRWUmQ4LVc3aHVrWWp5Z2wtdGRIZjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFbV4gAwQG
1W8AMA0GCSqGSIb3DQEBCwUAA4IBAQBV2yUeBUL/vxF4IisnLS2IT4drDUU9UNnM
jzgQU4WS9hBZEB8S+RAoDjMbdnAAth5xNxsjgljGSqBxUBG93kgQuBnGESplx6uO
W7Uf9etmj9cdWSxYG/DneaqDmhnswHU13107/+rbD3izZOqtmLMkqNi0f2DP+8Jj
rK7iXBq00bXYij/xcIWUgcw59+lf7PWtnHtZGhAGtOF5qiyhiYF3jng5mC4q9ck2
YdsTSfjDLcrOo0ivNOTjFhq+JgY3lak6ZxLmWRTyxscKcShnN70wvwJMHilAlLW9
01uIKrsSjzc3q1VrbnGlPQlmC8IrokVg7LMMfsLUgpoFKr2EbALx
-----END CERTIFICATE-----