Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/2mYmMGy7Ti_KyOuLpac8P0aJo-o.roa
File:                     2mYmMGy7Ti_KyOuLpac8P0aJo-o.roa (raw, json)
Hash identifier:          7Oo3zdyOE/QV+f77eDuuxUjf5TpkVbKXCVJzZ0cucSE=
Subject key identifier:   DA:66:26:30:6C:BB:4E:2F:CA:C8:EB:8B:A5:A7:3C:3F:46:89:A3:EA
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       0194228D173D44DDE1EBA87FAA3EF42CE6E6
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/2mYmMGy7Ti_KyOuLpac8P0aJo-o.roa
Signing time:             Wed 01 Jan 2025 15:47:39 +0000
ROA not before:           Wed 01 Jan 2025 15:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41081
IP address blocks:        5.153.182.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:17:3d:44:dd:e1:eb:a8:7f:aa:3e:f4:2c:e6:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: Jan  1 15:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da6626306cbb4e2fcac8eb8ba5a73c3f4689a3ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:31:64:a7:eb:81:bc:3b:27:d9:48:d9:4c:2e:
                    89:65:25:f2:8d:c2:f7:46:36:b7:94:05:e0:99:04:
                    ef:86:fc:f4:ad:c1:63:56:66:3a:07:7b:c3:14:20:
                    dd:55:30:36:0b:f6:1e:52:e2:21:96:38:80:51:6c:
                    e7:fb:ee:91:3f:22:64:b8:cb:98:36:7b:10:ac:ce:
                    9c:d9:65:6b:92:5f:f7:71:09:38:e1:b0:a6:e9:6e:
                    d6:2a:53:f3:27:11:d4:46:e9:08:50:60:71:29:4e:
                    25:67:0b:b4:bf:7c:c2:6e:63:7c:99:0e:42:cb:da:
                    59:8f:70:97:0c:61:ad:ca:11:f3:70:9d:f5:7a:7e:
                    76:fd:8c:3d:7e:57:ba:b5:e6:ab:bc:c7:65:3b:83:
                    20:65:6f:fb:d7:70:e4:b4:bb:14:5d:36:df:c5:ae:
                    86:ab:30:df:0f:a8:5d:5e:9f:95:bd:18:9c:dd:f2:
                    05:19:ce:4b:16:49:ba:05:be:9b:31:03:db:9e:67:
                    10:0f:b3:7d:69:43:e3:ab:58:42:14:c7:5a:66:5b:
                    1b:19:48:55:0b:ef:04:57:ab:96:23:5d:36:4f:bc:
                    a0:81:05:3d:34:f3:46:f3:4f:1d:d4:e1:d3:c6:7f:
                    87:94:ec:f1:fa:4b:bb:40:d7:b5:b6:a7:05:80:88:
                    c3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:66:26:30:6C:BB:4E:2F:CA:C8:EB:8B:A5:A7:3C:3F:46:89:A3:EA
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/2mYmMGy7Ti_KyOuLpac8P0aJo-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.153.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:06:be:78:df:60:3c:73:d4:2b:6f:77:99:4a:71:fb:8c:b9:
         d7:18:69:71:93:5e:59:c8:53:61:69:ee:be:80:a4:b7:93:7f:
         43:3e:ff:e3:ca:67:7b:fb:26:f2:1e:92:5e:e9:f4:f2:85:b1:
         ef:81:be:3f:33:f5:53:44:1f:e5:74:9c:ab:92:df:98:17:ab:
         71:a5:55:15:cf:1d:3b:05:11:e6:3d:3c:30:95:d4:12:e1:1b:
         d7:48:c5:03:91:1a:2a:5c:ba:50:a0:86:68:3b:c3:2e:94:66:
         8e:f8:83:2b:53:82:24:0c:fb:5d:64:1d:e5:f9:99:03:8b:d5:
         93:3f:5e:db:8f:83:99:b2:3e:4f:4c:b3:79:e9:20:58:7b:89:
         b4:b6:44:f6:2e:a7:6f:f7:52:3e:bc:16:62:1a:99:ad:c1:5a:
         57:eb:56:a2:ce:ae:bd:42:29:8e:62:90:f8:31:a6:1e:a7:db:
         8a:73:6c:0b:1f:c6:0b:1b:79:b3:bb:4a:bc:af:c8:9d:aa:7b:
         62:ed:24:c1:e9:e4:5a:7b:bc:c8:18:f4:0e:ee:61:e8:46:e4:
         75:26:01:8d:1e:41:1e:f8:55:ce:1d:5b:37:1a:f0:a3:76:a6:
         a3:78:70:80:08:b3:71:c2:be:72:69:f6:cd:ec:7f:e6:9a:27:
         38:37:a3:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijRc9RN3h66h/qj70LObmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjUwMTAxMTU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTY2MjYzMDZjYmI0ZTJmY2FjOGViOGJhNWE3M2MzZjQ2ODlhM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTFkp+uBvDsn2UjZTC6JZSXyjcL3
Rja3lAXgmQTvhvz0rcFjVmY6B3vDFCDdVTA2C/YeUuIhljiAUWzn++6RPyJkuMuY
NnsQrM6c2WVrkl/3cQk44bCm6W7WKlPzJxHURukIUGBxKU4lZwu0v3zCbmN8mQ5C
y9pZj3CXDGGtyhHzcJ31en52/Yw9fle6tearvMdlO4MgZW/713DktLsUXTbfxa6G
qzDfD6hdXp+VvRic3fIFGc5LFkm6Bb6bMQPbnmcQD7N9aUPjq1hCFMdaZlsbGUhV
C+8EV6uWI102T7yggQU9NPNG808d1OHTxn+HlOzx+ku7QNe1tqcFgIjDYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpmJjBsu04vysjri6WnPD9GiaPqMB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvMm1ZbU1HeTdUaV9LeU91THBhYzhQMGFKby1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBZm2MA0G
CSqGSIb3DQEBCwUAA4IBAQCdBr5432A8c9Qrb3eZSnH7jLnXGGlxk15ZyFNhae6+
gKS3k39DPv/jymd7+ybyHpJe6fTyhbHvgb4/M/VTRB/ldJyrkt+YF6txpVUVzx07
BRHmPTwwldQS4RvXSMUDkRoqXLpQoIZoO8MulGaO+IMrU4IkDPtdZB3l+ZkDi9WT
P17bj4OZsj5PTLN56SBYe4m0tkT2Lqdv91I+vBZiGpmtwVpX61aizq69QimOYpD4
MaYep9uKc2wLH8YLG3mzu0q8r8idqnti7STB6eRae7zIGPQO7mHoRuR1JgGNHkEe
+FXOHVs3GvCjdqajeHCACLNxwr5yafbN7H/mmic4N6O/
-----END CERTIFICATE-----