Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/5xOfslnPq8-oHcDS47I_csGpD8Q.roa
File:                     5xOfslnPq8-oHcDS47I_csGpD8Q.roa (raw, json)
Hash identifier:          4dFQELulj6P8yjTGdV2+DXhC0ieIeLQi8X9meQWips0=
Subject key identifier:   E7:13:9F:B2:59:CF:AB:CF:A8:1D:C0:D2:E3:B2:3F:72:C1:A9:0F:C4
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       01942444A5A00FEB4C807553CA37F0047499
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/5xOfslnPq8-oHcDS47I_csGpD8Q.roa
Signing time:             Wed 01 Jan 2025 23:47:46 +0000
ROA not before:           Wed 01 Jan 2025 23:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39263
IP address blocks:        217.150.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:a5:a0:0f:eb:4c:80:75:53:ca:37:f0:04:74:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jan  1 23:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7139fb259cfabcfa81dc0d2e3b23f72c1a90fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c9:01:7e:82:63:33:9b:21:8c:b9:97:52:93:
                    f7:aa:9c:bd:e7:30:c9:98:64:85:17:88:de:34:33:
                    46:c5:fa:2f:70:65:99:95:fc:df:f5:76:66:17:2d:
                    b4:e5:d4:64:be:f0:1b:71:80:7f:55:41:79:f3:c9:
                    b6:5a:13:47:39:15:cd:33:77:bb:13:9b:9b:cb:93:
                    94:35:cc:f1:98:81:ae:56:c1:b0:eb:24:3a:12:98:
                    88:2a:00:79:ea:a0:dc:f6:84:30:d3:06:c5:9f:7f:
                    58:75:eb:57:1d:4f:e0:06:23:4d:33:63:58:d6:d3:
                    82:70:20:24:87:c5:e6:58:79:2b:49:10:ad:6e:4b:
                    69:1a:4c:7e:1b:6f:57:e2:69:5e:43:89:89:3c:e2:
                    7f:af:77:9d:dd:b8:29:ed:d3:cb:04:22:1a:4d:32:
                    b0:ef:1e:ea:77:2f:27:96:c3:ea:28:d2:3f:1d:99:
                    37:b2:f1:2c:b5:dd:89:82:61:03:a8:7a:5c:6c:25:
                    c3:14:e4:51:bd:b9:54:a3:ec:f4:76:c1:2f:16:b0:
                    e6:ea:cc:86:f4:d4:0a:ae:ef:c6:8c:91:2d:a0:f3:
                    1f:c4:f4:c3:43:31:49:4a:d3:bc:f9:3a:5e:5d:10:
                    f6:f5:fe:49:76:b3:3a:90:40:e7:56:d0:b9:60:86:
                    a8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:13:9F:B2:59:CF:AB:CF:A8:1D:C0:D2:E3:B2:3F:72:C1:A9:0F:C4
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/5xOfslnPq8-oHcDS47I_csGpD8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.150.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:e7:7d:d5:e8:5c:d6:1d:08:38:12:c2:fb:ab:14:b6:73:55:
         3e:5b:a5:dd:d7:fa:10:75:c0:96:c3:28:64:3e:c6:0e:3c:9e:
         bd:fc:77:bd:5f:d8:1b:21:d2:dd:1c:9f:d0:b5:af:97:6d:53:
         21:9f:0b:db:3c:54:b7:fa:f2:95:82:a5:43:66:0b:1b:c5:07:
         c6:b1:17:ff:17:68:ed:5d:30:84:4c:53:d5:f5:87:68:c7:7e:
         66:0f:cc:33:e2:ac:92:fc:d1:75:dd:83:66:2a:e7:8b:a7:90:
         60:e3:b6:9a:c8:8b:e0:2c:dc:aa:62:34:8c:ca:78:d1:3b:dc:
         65:e8:57:77:d2:6d:dd:d7:a7:79:84:bd:11:f1:49:72:97:d0:
         a5:73:c9:09:26:2a:88:65:a6:5f:2d:18:d8:a7:b6:95:c9:72:
         69:79:79:12:be:3e:36:6b:fb:e1:41:45:b9:fa:17:09:ee:d4:
         13:13:dd:d1:10:8b:f7:2f:6d:57:ea:85:df:e0:1d:ab:ca:1e:
         21:e8:ff:c0:ed:d5:37:8a:5d:df:ee:b8:82:0a:22:6f:be:46:
         c8:7c:d5:35:2f:ce:0c:78:b5:48:01:8d:16:7d:96:37:0b:99:
         31:75:97:98:43:42:42:e9:71:7d:92:f6:dc:f7:50:11:16:07:
         9a:59:9b:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRKWgD+tMgHVTyjfwBHSZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjUwMTAxMjM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzEzOWZiMjU5Y2ZhYmNmYTgxZGMwZDJlM2IyM2Y3MmMxYTkwZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwskBfoJjM5shjLmXUpP3qpy95zDJ
mGSFF4jeNDNGxfovcGWZlfzf9XZmFy205dRkvvAbcYB/VUF588m2WhNHORXNM3e7
E5uby5OUNczxmIGuVsGw6yQ6EpiIKgB56qDc9oQw0wbFn39YdetXHU/gBiNNM2NY
1tOCcCAkh8XmWHkrSRCtbktpGkx+G29X4mleQ4mJPOJ/r3ed3bgp7dPLBCIaTTKw
7x7qdy8nlsPqKNI/HZk3svEstd2JgmEDqHpcbCXDFORRvblUo+z0dsEvFrDm6syG
9NQKru/GjJEtoPMfxPTDQzFJStO8+TpeXRD29f5JdrM6kEDnVtC5YIaoAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcTn7JZz6vPqB3A0uOyP3LBqQ/EMB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEvNXhPZnNsblBxOC1vSGNEUzQ3SV9jc0dwRDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZbRMA0G
CSqGSIb3DQEBCwUAA4IBAQAz533V6FzWHQg4EsL7qxS2c1U+W6Xd1/oQdcCWwyhk
PsYOPJ69/He9X9gbIdLdHJ/Qta+XbVMhnwvbPFS3+vKVgqVDZgsbxQfGsRf/F2jt
XTCETFPV9Ydox35mD8wz4qyS/NF13YNmKueLp5Bg47aayIvgLNyqYjSMynjRO9xl
6Fd30m3d16d5hL0R8Ulyl9Clc8kJJiqIZaZfLRjYp7aVyXJpeXkSvj42a/vhQUW5
+hcJ7tQTE93REIv3L21X6oXf4B2ryh4h6P/A7dU3il3f7riCCiJvvkbIfNU1L84M
eLVIAY0WfZY3C5kxdZeYQ0JC6XF9kvbc91ARFgeaWZss
-----END CERTIFICATE-----