Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/2UmZD5yXUjtzDQkam4NgfhnnBys.roa
File:                     2UmZD5yXUjtzDQkam4NgfhnnBys.roa (raw, json)
Hash identifier:          NZpLa+AzxavmLABaIiTM2zgLWGJzoWm6r+ChjtGK1m8=
Subject key identifier:   D9:49:99:0F:9C:97:52:3B:73:0D:09:1A:9B:83:60:7E:19:E7:07:2B
Certificate issuer:       /CN=597b44c4a7931c66a6ff9e92dbb32ca723d4ccf7
Certificate serial:       018CC50050EC2D3467B340F3C087047AA2F6
Authority key identifier: 59:7B:44:C4:A7:93:1C:66:A6:FF:9E:92:DB:B3:2C:A7:23:D4:CC:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXtExKeTHGam_56S27MspyPUzPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/2UmZD5yXUjtzDQkam4NgfhnnBys.roa
Signing time:             Mon 01 Jan 2024 12:29:41 +0000
ROA not before:           Mon 01 Jan 2024 12:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60118
IP address blocks:        5.254.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/WXtExKeTHGam_56S27MspyPUzPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/WXtExKeTHGam_56S27MspyPUzPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXtExKeTHGam_56S27MspyPUzPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:50:ec:2d:34:67:b3:40:f3:c0:87:04:7a:a2:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597b44c4a7931c66a6ff9e92dbb32ca723d4ccf7
        Validity
            Not Before: Jan  1 12:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d949990f9c97523b730d091a9b83607e19e7072b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:94:69:aa:cb:d5:7d:b1:3e:fe:0a:4c:a6:7d:
                    92:a4:fa:71:72:b3:4c:ee:5d:0a:a3:f6:29:d3:5d:
                    28:b3:a0:a0:7d:bc:bb:6a:9c:8c:0e:4b:68:b8:fc:
                    dc:e1:47:31:1e:73:0d:f2:63:f9:31:14:0d:12:4c:
                    5c:61:c8:6b:28:c2:f1:0b:73:d5:17:be:28:20:05:
                    d7:37:a1:09:1e:da:01:04:5c:3b:22:8a:fb:9d:b1:
                    b5:dd:a5:61:b5:7d:4c:39:cf:81:e2:03:c9:c5:d4:
                    06:69:bb:4b:5d:aa:f5:31:29:80:94:01:30:25:2a:
                    3e:b2:1b:d1:a4:1a:e0:40:3a:81:bb:e4:86:b9:bd:
                    81:e3:c3:db:e5:c6:a9:72:8d:91:f1:88:a7:74:13:
                    3e:38:e1:aa:5d:e0:63:04:a5:a6:cb:82:34:1e:e9:
                    bf:40:a2:c5:71:1d:aa:93:a0:a8:ac:fa:1b:d3:71:
                    95:db:bd:72:a9:02:75:04:4d:3f:60:55:56:9b:98:
                    2c:4a:be:a8:a0:2c:49:75:55:4b:f5:9b:c1:d8:6d:
                    14:d6:91:41:33:48:b3:fb:b5:e7:25:32:f0:a9:72:
                    98:9a:b3:3f:29:d8:59:d3:ea:cf:06:e4:ea:68:60:
                    1b:59:f5:af:bc:3a:05:fc:89:67:05:5c:82:8a:e4:
                    35:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:49:99:0F:9C:97:52:3B:73:0D:09:1A:9B:83:60:7E:19:E7:07:2B
            X509v3 Authority Key Identifier:
                keyid:59:7B:44:C4:A7:93:1C:66:A6:FF:9E:92:DB:B3:2C:A7:23:D4:CC:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXtExKeTHGam_56S27MspyPUzPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/2UmZD5yXUjtzDQkam4NgfhnnBys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/WXtExKeTHGam_56S27MspyPUzPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.254.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:9e:10:7d:72:e6:74:b3:90:86:a9:78:9d:61:8c:43:ee:04:
         1e:cf:f5:0f:6b:83:3d:83:14:e4:e9:ff:03:f2:0f:3f:01:96:
         4b:16:d3:0b:f1:17:68:14:1a:59:91:e4:42:a5:26:86:a0:eb:
         5d:04:4f:76:7f:69:af:b4:70:88:79:ee:ce:7f:93:5f:0b:08:
         db:ca:7d:9f:45:4a:72:1c:85:7e:7a:c6:86:f1:97:eb:c7:ab:
         6a:c7:ad:55:a7:72:bf:6b:2a:8e:b0:2e:b1:f2:25:33:00:19:
         2a:55:a3:2a:0e:20:70:46:fd:90:35:3a:0c:f1:c3:7d:24:a7:
         5a:cf:b4:ab:18:31:9f:b4:f3:cf:7d:84:bd:68:22:1b:8e:f4:
         a0:7d:9d:d3:e7:1f:35:b4:db:dd:6e:f9:10:82:08:a2:53:51:
         10:88:80:74:57:b6:97:2b:a1:fc:fd:ef:52:a7:3a:a1:cb:34:
         60:1e:7c:0c:dc:b5:8c:e0:c7:5a:60:34:78:45:22:3c:ce:0a:
         45:73:f2:df:85:69:d8:b3:95:aa:f9:15:31:39:99:3a:2a:44:
         94:0b:62:4d:d7:1c:49:56:68:47:88:97:f5:76:12:7d:6d:68:
         24:06:d5:42:4d:62:69:ff:01:d3:a0:82:a7:c8:9d:93:80:3f:
         31:85:b6:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFDsLTRns0DzwIcEeqL2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5N2I0NGM0YTc5MzFjNjZhNmZmOWU5MmRiYjMyY2E3MjNk
NGNjZjcwHhcNMjQwMTAxMTIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQ5OTkwZjljOTc1MjNiNzMwZDA5MWE5YjgzNjA3ZTE5ZTcwNzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5RpqsvVfbE+/gpMpn2SpPpxcrNM
7l0Ko/Yp010os6Cgfby7apyMDktouPzc4UcxHnMN8mP5MRQNEkxcYchrKMLxC3PV
F74oIAXXN6EJHtoBBFw7Ior7nbG13aVhtX1MOc+B4gPJxdQGabtLXar1MSmAlAEw
JSo+shvRpBrgQDqBu+SGub2B48Pb5capco2R8YindBM+OOGqXeBjBKWmy4I0Hum/
QKLFcR2qk6CorPob03GV271yqQJ1BE0/YFVWm5gsSr6ooCxJdVVL9ZvB2G0U1pFB
M0iz+7XnJTLwqXKYmrM/KdhZ0+rPBuTqaGAbWfWvvDoF/IlnBVyCiuQ13wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlJmQ+cl1I7cw0JGpuDYH4Z5wcrMB8GA1UdIwQY
MBaAFFl7RMSnkxxmpv+ektuzLKcj1Mz3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1h0RXhLZVRIR2FtXzU2UzI3TXNweVBVelBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85NWZmOGYtNjZiYy00YjExLTk4ZjAt
MGFiMjFiMmYyNzU0LzEvMlVtWkQ1eVhVanR6RFFrYW00TmdmaG5uQnlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85NWZmOGYtNjZiYy00YjExLTk4ZjAtMGFiMjFiMmYyNzU0
LzEvV1h0RXhLZVRIR2FtXzU2UzI3TXNweVBVelBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf59MA0G
CSqGSIb3DQEBCwUAA4IBAQB3nhB9cuZ0s5CGqXidYYxD7gQez/UPa4M9gxTk6f8D
8g8/AZZLFtML8RdoFBpZkeRCpSaGoOtdBE92f2mvtHCIee7Of5NfCwjbyn2fRUpy
HIV+esaG8Zfrx6tqx61Vp3K/ayqOsC6x8iUzABkqVaMqDiBwRv2QNToM8cN9JKda
z7SrGDGftPPPfYS9aCIbjvSgfZ3T5x81tNvdbvkQggiiU1EQiIB0V7aXK6H8/e9S
pzqhyzRgHnwM3LWM4MdaYDR4RSI8zgpFc/LfhWnYs5Wq+RUxOZk6KkSUC2JN1xxJ
VmhHiJf1dhJ9bWgkBtVCTWJp/wHToIKnyJ2TgD8xhba5
-----END CERTIFICATE-----