Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/D8q3zZybrkkTxQ66z-bvyVnna6E.roa
File:                     D8q3zZybrkkTxQ66z-bvyVnna6E.roa (raw, json)
Hash identifier:          LTQ6bdwzOLtEATCcAV7gj7XVypFsof5F2Jlq1M3S9uM=
Subject key identifier:   0F:CA:B7:CD:9C:9B:AE:49:13:C5:0E:BA:CF:E6:EF:C9:59:E7:6B:A1
Certificate issuer:       /CN=55959b0bda0a0f591f968408539f331810bb2534
Certificate serial:       019425FC621C7266F691F3C35DC29FAD08EE
Authority key identifier: 55:95:9B:0B:DA:0A:0F:59:1F:96:84:08:53:9F:33:18:10:BB:25:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZWbC9oKD1kfloQIU58zGBC7JTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/D8q3zZybrkkTxQ66z-bvyVnna6E.roa
Signing time:             Thu 02 Jan 2025 07:48:04 +0000
ROA not before:           Thu 02 Jan 2025 07:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212589
IP address blocks:        5.133.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/VZWbC9oKD1kfloQIU58zGBC7JTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/VZWbC9oKD1kfloQIU58zGBC7JTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZWbC9oKD1kfloQIU58zGBC7JTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:62:1c:72:66:f6:91:f3:c3:5d:c2:9f:ad:08:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55959b0bda0a0f591f968408539f331810bb2534
        Validity
            Not Before: Jan  2 07:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fcab7cd9c9bae4913c50ebacfe6efc959e76ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:6c:aa:b9:c9:92:3d:82:98:20:be:54:2d:
                    cd:00:f5:e9:48:d9:33:c5:c2:05:d4:52:76:58:0e:
                    67:6f:ce:32:84:6f:31:1d:df:83:e1:03:2b:30:ee:
                    c5:09:4f:11:dc:fe:d8:f8:bf:0c:df:6f:79:42:63:
                    a8:c9:5f:99:4a:be:3f:8f:56:65:13:da:fe:53:95:
                    65:5c:96:39:ec:15:b7:cc:f2:c1:f0:a1:af:98:0b:
                    02:51:bc:a5:61:0f:18:1b:25:c8:db:12:60:40:ab:
                    33:8d:94:98:cc:76:d4:61:f7:58:e3:a1:1d:05:50:
                    93:a6:eb:41:d7:03:97:a6:fc:87:e0:80:13:a0:e2:
                    3a:fa:59:7b:d2:f2:7d:e3:bd:01:43:4c:6f:2b:25:
                    a0:71:2a:63:d3:c2:d3:35:26:5d:8e:43:b7:23:b3:
                    27:ee:b5:35:4d:c1:b5:e0:09:c3:7c:b1:46:5e:45:
                    bc:85:52:7a:6c:b9:98:21:99:ca:73:53:07:4e:1c:
                    1b:59:62:19:d3:c8:e3:26:73:77:cf:f9:63:6b:f5:
                    e8:d2:b4:7e:7e:64:12:81:c3:04:d5:b6:33:1c:59:
                    f8:24:72:04:78:d8:fb:09:e2:1a:b1:7b:ad:9e:58:
                    95:6e:d7:a0:0d:8e:c8:04:12:73:7e:1e:0a:8d:6e:
                    60:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:CA:B7:CD:9C:9B:AE:49:13:C5:0E:BA:CF:E6:EF:C9:59:E7:6B:A1
            X509v3 Authority Key Identifier:
                keyid:55:95:9B:0B:DA:0A:0F:59:1F:96:84:08:53:9F:33:18:10:BB:25:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZWbC9oKD1kfloQIU58zGBC7JTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/D8q3zZybrkkTxQ66z-bvyVnna6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/VZWbC9oKD1kfloQIU58zGBC7JTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:53:cc:6e:dc:81:e9:5a:a1:b7:30:6c:c2:f5:42:7d:e0:a7:
         74:22:ad:1b:ed:2d:9c:40:80:0b:79:fe:04:ce:9a:8b:17:1c:
         0d:97:ec:16:76:3f:cb:d7:be:39:00:83:3b:69:72:cb:45:5b:
         85:5d:37:cd:34:66:9f:38:2c:a3:8d:7c:5b:10:23:a8:33:97:
         50:26:a2:01:82:60:f5:83:94:54:96:b6:5e:11:7c:c4:68:f0:
         dd:b8:61:31:15:72:4b:11:37:30:a1:f4:de:b9:27:ff:d2:79:
         b0:34:55:68:ce:72:75:d4:1b:88:14:b1:2f:64:03:08:4d:f1:
         1d:d1:15:c8:d1:16:fc:86:ae:84:fc:82:23:34:6e:3a:47:8b:
         f0:0f:7e:1a:4e:fd:d9:60:04:25:00:74:0a:2e:5c:7f:c3:0d:
         c4:ab:8a:eb:3d:db:84:47:e5:a0:8a:24:4d:de:40:6b:8b:a2:
         85:bb:49:1e:a1:72:e1:47:10:d8:07:4e:13:60:e5:5b:48:f9:
         a3:85:cc:de:95:84:29:ad:f0:8f:00:4d:3b:ae:07:4a:5d:ae:
         4e:5a:77:39:e0:19:a2:51:40:bb:28:83:1d:9a:53:75:f1:2e:
         74:fd:15:3b:35:4b:94:4c:02:6d:5d:5a:12:1b:a2:f1:e1:8f:
         fb:37:95:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/GIccmb2kfPDXcKfrQjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OTU5YjBiZGEwYTBmNTkxZjk2ODQwODUzOWYzMzE4MTBi
YjI1MzQwHhcNMjUwMTAyMDc0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmNhYjdjZDljOWJhZTQ5MTNjNTBlYmFjZmU2ZWZjOTU5ZTc2YmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjdsqrnJkj2CmCC+VC3NAPXpSNkz
xcIF1FJ2WA5nb84yhG8xHd+D4QMrMO7FCU8R3P7Y+L8M3295QmOoyV+ZSr4/j1Zl
E9r+U5VlXJY57BW3zPLB8KGvmAsCUbylYQ8YGyXI2xJgQKszjZSYzHbUYfdY46Ed
BVCTputB1wOXpvyH4IAToOI6+ll70vJ9470BQ0xvKyWgcSpj08LTNSZdjkO3I7Mn
7rU1TcG14AnDfLFGXkW8hVJ6bLmYIZnKc1MHThwbWWIZ08jjJnN3z/lja/Xo0rR+
fmQSgcME1bYzHFn4JHIEeNj7CeIasXutnliVbtegDY7IBBJzfh4KjW5gSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/Kt82cm65JE8UOus/m78lZ52uhMB8GA1UdIwQY
MBaAFFWVmwvaCg9ZH5aECFOfMxgQuyU0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlpXYkM5b0tEMWtmbG9RSVU1OHpHQkM3SlRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8xM2ZjNTktM2I0Zi00NTJjLTgxZDQt
MTQxNTI4NjY0ZDBiLzEvRDhxM3paeWJya2tUeFE2NnotYnZ5Vm5uYTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8xM2ZjNTktM2I0Zi00NTJjLTgxZDQtMTQxNTI4NjY0ZDBi
LzEvVlpXYkM5b0tEMWtmbG9RSVU1OHpHQkM3SlRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVxMA0G
CSqGSIb3DQEBCwUAA4IBAQA+U8xu3IHpWqG3MGzC9UJ94Kd0Iq0b7S2cQIALef4E
zpqLFxwNl+wWdj/L1745AIM7aXLLRVuFXTfNNGafOCyjjXxbECOoM5dQJqIBgmD1
g5RUlrZeEXzEaPDduGExFXJLETcwofTeuSf/0nmwNFVoznJ11BuIFLEvZAMITfEd
0RXI0Rb8hq6E/IIjNG46R4vwD34aTv3ZYAQlAHQKLlx/ww3Eq4rrPduER+WgiiRN
3kBri6KFu0keoXLhRxDYB04TYOVbSPmjhczelYQprfCPAE07rgdKXa5OWnc54Bmi
UUC7KIMdmlN18S50/RU7NUuUTAJtXVoSG6Lx4Y/7N5XQ
-----END CERTIFICATE-----