Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/BS_uFjltIa2QdarHmlrjr-N1lfU.roa
File:                     BS_uFjltIa2QdarHmlrjr-N1lfU.roa (raw, json)
Hash identifier:          In6YLEFgpwciZfoYuJdlvQqiCYVNTfn1vSODPqF0a14=
Subject key identifier:   05:2F:EE:16:39:6D:21:AD:90:75:AA:C7:9A:5A:E3:AF:E3:75:95:F5
Certificate issuer:       /CN=aee08d9336f2e6cd165eb730297fe6d20c83c39a
Certificate serial:       019420683BDE8731BEE596258A6A3F5B4CB0
Authority key identifier: AE:E0:8D:93:36:F2:E6:CD:16:5E:B7:30:29:7F:E6:D2:0C:83:C3:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/BS_uFjltIa2QdarHmlrjr-N1lfU.roa
Signing time:             Wed 01 Jan 2025 05:48:09 +0000
ROA not before:           Wed 01 Jan 2025 05:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57588
IP address blocks:        5.149.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3b:de:87:31:be:e5:96:25:8a:6a:3f:5b:4c:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aee08d9336f2e6cd165eb730297fe6d20c83c39a
        Validity
            Not Before: Jan  1 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=052fee16396d21ad9075aac79a5ae3afe37595f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e3:cd:65:32:e8:2a:c6:82:d0:b2:25:38:4f:
                    9f:00:6f:20:ec:09:03:fa:c6:03:94:5a:9f:9f:3d:
                    91:a1:cf:58:34:60:3f:76:cd:b0:e5:09:99:79:65:
                    c9:87:fa:5a:32:1e:46:e5:ae:37:d8:9b:08:58:22:
                    ed:ce:fe:55:8c:12:1d:f4:f3:3e:29:a6:46:07:2a:
                    39:60:b2:71:8d:70:e6:96:41:0e:ac:cf:32:01:9c:
                    98:a2:f5:13:77:b5:15:e7:79:34:ca:a5:53:7f:ad:
                    1f:7e:b3:54:c0:ba:a6:3f:de:42:09:53:51:d5:87:
                    6f:0f:0b:50:f5:20:1a:ff:0d:a3:50:8c:01:8a:13:
                    08:07:ad:2c:fd:39:79:4b:77:c2:49:e8:f8:bc:ab:
                    75:33:0a:94:5d:03:02:25:f0:54:ca:13:43:ce:de:
                    ef:55:8c:16:51:92:09:49:5a:97:4e:50:f5:32:e3:
                    34:3e:c7:e5:fd:9a:65:b5:75:e9:ec:b5:a8:e5:bd:
                    4f:10:a6:d8:e4:a1:02:80:75:2a:eb:10:82:c5:8b:
                    95:ff:ad:7f:b9:6f:79:8c:b2:d2:9d:37:1a:05:e3:
                    fc:7e:60:16:85:2e:2d:93:7a:d7:e4:18:7b:af:73:
                    68:2d:9b:00:94:32:b7:31:f6:ee:da:49:0d:6f:e7:
                    d5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:2F:EE:16:39:6D:21:AD:90:75:AA:C7:9A:5A:E3:AF:E3:75:95:F5
            X509v3 Authority Key Identifier:
                keyid:AE:E0:8D:93:36:F2:E6:CD:16:5E:B7:30:29:7F:E6:D2:0C:83:C3:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ruCNkzby5s0WXrcwKX_m0gyDw5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/BS_uFjltIa2QdarHmlrjr-N1lfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/f853f8-2071-49de-b6a0-497bedd71eb9/1/ruCNkzby5s0WXrcwKX_m0gyDw5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:09:22:9a:dd:19:fa:0e:58:63:82:64:05:7c:53:2c:47:91:
         cc:cb:c7:bd:ef:d4:46:05:3a:3a:ff:a0:56:db:60:95:db:62:
         63:15:52:53:b7:3a:fd:df:bb:d5:c3:ea:3e:a3:0d:7e:d3:6b:
         b3:4e:a9:2d:4a:61:17:71:00:08:b7:cc:5b:d1:59:41:9c:84:
         71:10:a6:d8:3a:01:df:f9:c3:d6:81:53:8a:21:82:bc:3b:d3:
         5d:bd:46:ad:b2:06:8c:dc:a3:35:47:cc:69:cc:0f:f2:23:be:
         a2:ae:06:ce:d8:7c:30:3e:ac:3b:6e:dd:bf:c9:d4:23:fe:79:
         5c:ea:be:9f:ab:f3:e4:34:61:f3:7b:d8:34:ab:72:d8:d4:43:
         aa:f4:ac:55:d4:03:ff:59:46:6e:35:67:18:4f:ea:43:ad:e6:
         aa:ab:64:53:5e:65:6e:72:67:ba:a7:79:aa:96:9b:83:b4:bc:
         e3:23:7d:14:b1:18:bf:3f:2a:a2:9e:85:5d:5b:e5:36:c6:e8:
         b6:bc:dd:30:ef:f0:7e:34:23:02:b7:25:3b:b3:d9:6f:d6:2d:
         35:92:59:2f:d1:ef:25:40:c8:fb:71:d9:8c:27:8a:33:c2:4b:
         d7:d1:8a:f4:59:cb:92:e8:96:89:20:bb:3d:02:cf:5c:1d:c0:
         74:d0:ce:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaDvehzG+5ZYlimo/W0ywMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZTA4ZDkzMzZmMmU2Y2QxNjVlYjczMDI5N2ZlNmQyMGM4
M2MzOWEwHhcNMjUwMTAxMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTJmZWUxNjM5NmQyMWFkOTA3NWFhYzc5YTVhZTNhZmUzNzU5NWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsePNZTLoKsaC0LIlOE+fAG8g7AkD
+sYDlFqfnz2Roc9YNGA/ds2w5QmZeWXJh/paMh5G5a432JsIWCLtzv5VjBId9PM+
KaZGByo5YLJxjXDmlkEOrM8yAZyYovUTd7UV53k0yqVTf60ffrNUwLqmP95CCVNR
1YdvDwtQ9SAa/w2jUIwBihMIB60s/Tl5S3fCSej4vKt1MwqUXQMCJfBUyhNDzt7v
VYwWUZIJSVqXTlD1MuM0Psfl/ZpltXXp7LWo5b1PEKbY5KECgHUq6xCCxYuV/61/
uW95jLLSnTcaBeP8fmAWhS4tk3rX5Bh7r3NoLZsAlDK3Mfbu2kkNb+fViQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUv7hY5bSGtkHWqx5pa46/jdZX1MB8GA1UdIwQY
MBaAFK7gjZM28ubNFl63MCl/5tIMg8OaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnVDTmt6Ynk1czBXWHJjd0tYX20wZ3lEdzVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9mODUzZjgtMjA3MS00OWRlLWI2YTAt
NDk3YmVkZDcxZWI5LzEvQlNfdUZqbHRJYTJRZGFySG1scmpyLU4xbGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9mODUzZjgtMjA3MS00OWRlLWI2YTAtNDk3YmVkZDcxZWI5
LzEvcnVDTmt6Ynk1czBXWHJjd0tYX20wZ3lEdzVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZVmMA0G
CSqGSIb3DQEBCwUAA4IBAQCWCSKa3Rn6DlhjgmQFfFMsR5HMy8e979RGBTo6/6BW
22CV22JjFVJTtzr937vVw+o+ow1+02uzTqktSmEXcQAIt8xb0VlBnIRxEKbYOgHf
+cPWgVOKIYK8O9NdvUatsgaM3KM1R8xpzA/yI76irgbO2HwwPqw7bt2/ydQj/nlc
6r6fq/PkNGHze9g0q3LY1EOq9KxV1AP/WUZuNWcYT+pDreaqq2RTXmVucme6p3mq
lpuDtLzjI30UsRi/PyqinoVdW+U2xui2vN0w7/B+NCMCtyU7s9lv1i01klkv0e8l
QMj7cdmMJ4ozwkvX0Yr0WcuS6JaJILs9As9cHcB00M7P
-----END CERTIFICATE-----