Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/I9g59Q96k92OTClsMDNsDdnBrnA.roa
File:                     I9g59Q96k92OTClsMDNsDdnBrnA.roa (raw, json)
Hash identifier:          BxnC6rCXxSxum8ljLbocaJ2bpsRPBbwIXtSguReqEh8=
Subject key identifier:   23:D8:39:F5:0F:7A:93:DD:8E:4C:29:6C:30:33:6C:0D:D9:C1:AE:70
Certificate issuer:       /CN=ae29751a0ac81a657190546ea4780cd86140dc9f
Certificate serial:       018CC7274D5A73DBAC490821F60E26A26ABC
Authority key identifier: AE:29:75:1A:0A:C8:1A:65:71:90:54:6E:A4:78:0C:D8:61:40:DC:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ril1GgrIGmVxkFRupHgM2GFA3J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/I9g59Q96k92OTClsMDNsDdnBrnA.roa
Signing time:             Mon 01 Jan 2024 22:31:30 +0000
ROA not before:           Mon 01 Jan 2024 22:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        5.252.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/ril1GgrIGmVxkFRupHgM2GFA3J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/ril1GgrIGmVxkFRupHgM2GFA3J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ril1GgrIGmVxkFRupHgM2GFA3J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4d:5a:73:db:ac:49:08:21:f6:0e:26:a2:6a:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae29751a0ac81a657190546ea4780cd86140dc9f
        Validity
            Not Before: Jan  1 22:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23d839f50f7a93dd8e4c296c30336c0dd9c1ae70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:48:f1:bb:51:35:10:3f:f4:c5:ab:e6:4e:6e:
                    55:b3:37:17:b2:a6:7c:16:8e:40:54:1b:ad:58:b2:
                    51:82:e2:6c:70:9f:6f:bd:5e:29:35:a8:ff:ef:41:
                    bf:e5:b9:57:42:a8:28:1c:ef:19:98:27:a3:cb:41:
                    58:4d:a3:3e:ae:49:49:98:eb:d8:97:bb:03:af:2b:
                    8e:8a:7f:52:e5:11:29:18:53:ac:36:8f:3e:e3:7a:
                    7e:af:cb:e8:33:d7:a2:90:ff:1f:88:76:b4:48:fe:
                    2b:0b:cb:10:66:15:6d:b4:e7:5a:e8:d8:6a:05:f4:
                    37:95:30:be:44:e9:90:9a:d0:31:7f:ca:0a:8f:b9:
                    8b:b6:a4:41:6d:73:60:89:0d:c6:e1:e0:4c:05:d2:
                    3e:03:1a:1d:80:62:7c:b4:03:30:65:0a:80:77:85:
                    ce:62:81:29:f5:88:ad:13:c0:e1:b7:0d:e5:cb:1d:
                    b4:69:ca:44:da:eb:01:fc:d7:41:69:29:f5:60:86:
                    f6:fd:dd:5d:b0:6f:e1:64:13:2e:a5:b5:1e:67:4d:
                    7b:ff:4d:cd:a0:6e:e0:54:52:e1:b4:6c:f1:8c:b4:
                    eb:1f:61:71:97:6a:15:62:cd:69:f5:27:fa:7f:14:
                    14:2b:8e:44:3e:66:1d:fa:67:e8:a6:2a:90:e0:c0:
                    f0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D8:39:F5:0F:7A:93:DD:8E:4C:29:6C:30:33:6C:0D:D9:C1:AE:70
            X509v3 Authority Key Identifier:
                keyid:AE:29:75:1A:0A:C8:1A:65:71:90:54:6E:A4:78:0C:D8:61:40:DC:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ril1GgrIGmVxkFRupHgM2GFA3J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/I9g59Q96k92OTClsMDNsDdnBrnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/ril1GgrIGmVxkFRupHgM2GFA3J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:de:f1:4c:f2:0a:1e:8f:0b:05:ad:8e:6c:f0:cf:ab:a1:44:
         9c:6c:45:54:29:6b:2b:91:c1:32:92:dc:4f:79:28:10:98:26:
         c5:38:a3:2a:07:f6:dd:d0:07:da:4a:c8:e6:94:a9:c0:ae:18:
         2f:bc:a6:0d:5c:09:bf:dd:75:17:3e:f2:42:8a:d0:04:12:5f:
         9f:b1:84:37:4c:e5:f6:c0:83:0f:d8:a1:aa:26:07:33:47:a1:
         d8:d6:98:7a:08:6a:82:5d:31:24:5a:2b:cf:94:13:78:c6:e7:
         cb:90:34:a9:fc:ef:bf:f4:26:a7:4b:4e:44:8e:56:78:30:91:
         0f:fa:e1:97:c4:0a:40:da:03:e9:f5:b9:1b:b8:28:3a:2c:4b:
         e2:73:0e:0f:7e:f7:ed:8c:0b:1b:86:3b:09:25:e6:6e:ec:e9:
         cc:8e:75:1d:34:cb:49:bc:cd:58:24:1a:69:55:b0:62:a4:61:
         80:50:79:31:1b:ae:49:8d:ed:61:ce:8c:22:6d:c4:d7:8d:b1:
         81:c6:ac:33:19:c1:9d:39:7a:ab:73:fc:c0:ee:e0:20:21:6e:
         1d:01:23:6c:d9:5e:3e:9b:4b:e8:c0:b6:24:17:70:a8:87:0a:
         11:93:59:60:4c:c5:f4:53:54:d2:cb:50:74:67:87:ad:ec:02:
         09:2e:f0:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ01ac9usSQgh9g4momq8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMjk3NTFhMGFjODFhNjU3MTkwNTQ2ZWE0NzgwY2Q4NjE0
MGRjOWYwHhcNMjQwMTAxMjIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Q4MzlmNTBmN2E5M2RkOGU0YzI5NmMzMDMzNmMwZGQ5YzFhZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEjxu1E1ED/0xavmTm5VszcXsqZ8
Fo5AVButWLJRguJscJ9vvV4pNaj/70G/5blXQqgoHO8ZmCejy0FYTaM+rklJmOvY
l7sDryuOin9S5REpGFOsNo8+43p+r8voM9eikP8fiHa0SP4rC8sQZhVttOda6Nhq
BfQ3lTC+ROmQmtAxf8oKj7mLtqRBbXNgiQ3G4eBMBdI+AxodgGJ8tAMwZQqAd4XO
YoEp9YitE8Dhtw3lyx20acpE2usB/NdBaSn1YIb2/d1dsG/hZBMupbUeZ017/03N
oG7gVFLhtGzxjLTrH2Fxl2oVYs1p9Sf6fxQUK45EPmYd+mfopiqQ4MDwDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPYOfUPepPdjkwpbDAzbA3Zwa5wMB8GA1UdIwQY
MBaAFK4pdRoKyBplcZBUbqR4DNhhQNyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmlsMUdncklHbVZ4a0ZSdXBIZ00yR0ZBM0o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy83NWUzNmMtZGIxZi00ODNlLWIwZWYt
MjI5MDUxODc5Yjc0LzEvSTlnNTlROTZrOTJPVENsc01ETnNEZG5Ccm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy83NWUzNmMtZGIxZi00ODNlLWIwZWYtMjI5MDUxODc5Yjc0
LzEvcmlsMUdncklHbVZ4a0ZSdXBIZ00yR0ZBM0o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfwAMA0G
CSqGSIb3DQEBCwUAA4IBAQCt3vFM8goejwsFrY5s8M+roUScbEVUKWsrkcEyktxP
eSgQmCbFOKMqB/bd0AfaSsjmlKnArhgvvKYNXAm/3XUXPvJCitAEEl+fsYQ3TOX2
wIMP2KGqJgczR6HY1ph6CGqCXTEkWivPlBN4xufLkDSp/O+/9CanS05EjlZ4MJEP
+uGXxApA2gPp9bkbuCg6LEvicw4PfvftjAsbhjsJJeZu7OnMjnUdNMtJvM1YJBpp
VbBipGGAUHkxG65Jje1hzowibcTXjbGBxqwzGcGdOXqrc/zA7uAgIW4dASNs2V4+
m0vowLYkF3CohwoRk1lgTMX0U1TSy1B0Z4et7AIJLvAa
-----END CERTIFICATE-----