Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/CIz2bcgC32mB_MGjmhwZdbOLczM.roa
File:                     CIz2bcgC32mB_MGjmhwZdbOLczM.roa (raw, json)
Hash identifier:          h+nk60L6kRkoz6QgShWNUa7Il9dkamIstqMyr1fgh2g=
Subject key identifier:   08:8C:F6:6D:C8:02:DF:69:81:FC:C1:A3:9A:1C:19:75:B3:8B:73:33
Certificate issuer:       /CN=597b44c4a7931c66a6ff9e92dbb32ca723d4ccf7
Certificate serial:       018CC50050BE410D579E0FFA116A3FE73C6E
Authority key identifier: 59:7B:44:C4:A7:93:1C:66:A6:FF:9E:92:DB:B3:2C:A7:23:D4:CC:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXtExKeTHGam_56S27MspyPUzPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/CIz2bcgC32mB_MGjmhwZdbOLczM.roa
Signing time:             Mon 01 Jan 2024 12:29:41 +0000
ROA not before:           Mon 01 Jan 2024 12:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39743
IP address blocks:        5.254.28.0/24 maxlen: 24
                          5.254.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/WXtExKeTHGam_56S27MspyPUzPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/WXtExKeTHGam_56S27MspyPUzPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXtExKeTHGam_56S27MspyPUzPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:50:be:41:0d:57:9e:0f:fa:11:6a:3f:e7:3c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597b44c4a7931c66a6ff9e92dbb32ca723d4ccf7
        Validity
            Not Before: Jan  1 12:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=088cf66dc802df6981fcc1a39a1c1975b38b7333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0f:c3:67:a1:67:92:ea:d5:a2:e3:d3:da:5f:
                    ea:4a:82:37:b8:d1:3f:d7:88:9f:1b:c8:33:c2:01:
                    d1:83:3d:25:aa:f8:b2:29:b5:5c:86:84:8a:58:3f:
                    8e:fd:6b:b1:2b:c3:3c:a2:b0:79:67:a0:a0:79:0a:
                    8b:7d:15:37:62:ca:13:41:5c:f1:73:83:7c:f5:ef:
                    c5:70:c6:c2:1c:38:38:9a:42:f5:a2:85:57:2d:85:
                    6c:5d:c1:a8:a3:70:ce:43:61:a0:6c:86:27:ee:f6:
                    01:9e:3f:31:31:f7:b4:e1:b1:11:59:82:ed:b7:c3:
                    1d:2f:50:f6:3a:85:03:74:73:95:32:bb:33:06:e5:
                    f7:2d:8d:5a:cd:d7:a9:aa:92:57:8a:0b:25:36:f8:
                    e2:4f:0a:1d:f7:0e:88:87:ef:09:b1:1f:77:85:fd:
                    18:14:da:97:4f:62:23:6c:7f:6f:81:ad:fe:c2:e3:
                    be:c8:bb:94:4a:19:0a:95:23:35:93:92:3a:b3:86:
                    15:78:b3:b5:ae:02:95:80:d2:76:47:24:6e:c4:ec:
                    75:8d:e6:3e:17:f8:ef:8e:52:7d:c9:83:49:f0:8c:
                    5d:34:2b:3c:78:14:62:39:37:06:80:53:df:2e:96:
                    da:f7:b5:8d:3d:04:70:fb:8b:90:f7:37:3d:bf:bd:
                    da:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:8C:F6:6D:C8:02:DF:69:81:FC:C1:A3:9A:1C:19:75:B3:8B:73:33
            X509v3 Authority Key Identifier:
                keyid:59:7B:44:C4:A7:93:1C:66:A6:FF:9E:92:DB:B3:2C:A7:23:D4:CC:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXtExKeTHGam_56S27MspyPUzPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/CIz2bcgC32mB_MGjmhwZdbOLczM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/95ff8f-66bc-4b11-98f0-0ab21b2f2754/1/WXtExKeTHGam_56S27MspyPUzPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.254.28.0/24
                  5.254.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:1d:0a:b5:b9:1e:2e:c2:5e:ee:fd:27:32:6a:95:bd:51:f3:
         17:e8:2b:bd:37:b0:ce:79:b0:2c:7b:91:13:2a:98:d8:30:8d:
         bb:45:24:0f:57:e5:11:9b:e1:46:55:d2:91:79:62:72:99:47:
         60:89:99:42:a3:4d:2a:26:18:a1:12:4a:e2:54:f2:c8:62:ca:
         b0:18:ae:d7:6b:3c:3c:86:6a:13:78:b1:b1:cb:07:a0:63:e3:
         86:14:2e:cd:df:53:48:72:41:c8:08:84:98:6b:37:b7:d7:5d:
         d9:a8:9e:b0:15:3b:04:cd:12:fe:ea:24:f5:68:28:31:e2:e2:
         06:a4:86:ff:02:a8:52:9d:b0:bc:0f:11:e1:49:9d:87:ca:91:
         13:3f:d2:6f:3e:25:d0:c2:5d:cb:8f:ed:5d:db:ef:1b:bd:b5:
         6e:6a:03:4f:f8:35:4c:00:0c:55:96:31:b3:2c:fc:f5:35:4b:
         40:22:33:ee:cd:ca:f7:c8:a9:22:8c:e0:a9:52:03:8e:d2:17:
         a2:74:13:56:ad:ca:1f:18:ec:d7:5e:cb:53:ba:18:4c:93:01:
         f9:d1:b0:51:43:41:92:cc:a4:86:11:2e:8c:a4:a4:fb:60:ee:
         2e:61:e6:93:ee:64:06:00:f9:60:40:a2:b8:7e:a4:d4:76:94:
         68:06:68:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAFC+QQ1Xng/6EWo/5zxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5N2I0NGM0YTc5MzFjNjZhNmZmOWU5MmRiYjMyY2E3MjNk
NGNjZjcwHhcNMjQwMTAxMTIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODhjZjY2ZGM4MDJkZjY5ODFmY2MxYTM5YTFjMTk3NWIzOGI3MzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog/DZ6FnkurVouPT2l/qSoI3uNE/
14ifG8gzwgHRgz0lqviyKbVchoSKWD+O/WuxK8M8orB5Z6CgeQqLfRU3YsoTQVzx
c4N89e/FcMbCHDg4mkL1ooVXLYVsXcGoo3DOQ2GgbIYn7vYBnj8xMfe04bERWYLt
t8MdL1D2OoUDdHOVMrszBuX3LY1azdepqpJXigslNvjiTwod9w6Ih+8JsR93hf0Y
FNqXT2IjbH9vga3+wuO+yLuUShkKlSM1k5I6s4YVeLO1rgKVgNJ2RyRuxOx1jeY+
F/jvjlJ9yYNJ8IxdNCs8eBRiOTcGgFPfLpba97WNPQRw+4uQ9zc9v73aOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAiM9m3IAt9pgfzBo5ocGXWzi3MzMB8GA1UdIwQY
MBaAFFl7RMSnkxxmpv+ektuzLKcj1Mz3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1h0RXhLZVRIR2FtXzU2UzI3TXNweVBVelBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85NWZmOGYtNjZiYy00YjExLTk4ZjAt
MGFiMjFiMmYyNzU0LzEvQ0l6MmJjZ0MzMm1CX01Ham1od1pkYk9MY3pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85NWZmOGYtNjZiYy00YjExLTk4ZjAtMGFiMjFiMmYyNzU0
LzEvV1h0RXhLZVRIR2FtXzU2UzI3TXNweVBVelBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABf4cAwQA
Bf4xMA0GCSqGSIb3DQEBCwUAA4IBAQBNHQq1uR4uwl7u/ScyapW9UfMX6Cu9N7DO
ebAse5ETKpjYMI27RSQPV+URm+FGVdKReWJymUdgiZlCo00qJhihEkriVPLIYsqw
GK7Xazw8hmoTeLGxywegY+OGFC7N31NIckHICISYaze3113ZqJ6wFTsEzRL+6iT1
aCgx4uIGpIb/AqhSnbC8DxHhSZ2HypETP9JvPiXQwl3Lj+1d2+8bvbVuagNP+DVM
AAxVljGzLPz1NUtAIjPuzcr3yKkijOCpUgOO0heidBNWrcofGOzXXstTuhhMkwH5
0bBRQ0GSzKSGES6MpKT7YO4uYeaT7mQGAPlgQKK4fqTUdpRoBmhf
-----END CERTIFICATE-----