Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/JnGkFGgKAJwRzHf28338JLK4Z1Q.roa
File:                     JnGkFGgKAJwRzHf28338JLK4Z1Q.roa (raw, json)
Hash identifier:          i0iJdr42DHOtMFIAtYSeNO8wHodTDAjTb2jTJJAH1GU=
Subject key identifier:   26:71:A4:14:68:0A:00:9C:11:CC:77:F6:F3:7D:FC:24:B2:B8:67:54
Certificate issuer:       /CN=bd252a75c961ad338fd91147d461dd8b3d20cf51
Certificate serial:       0192F7FACCFC6FB361CFA497827F04230A28
Authority key identifier: BD:25:2A:75:C9:61:AD:33:8F:D9:11:47:D4:61:DD:8B:3D:20:CF:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/JnGkFGgKAJwRzHf28338JLK4Z1Q.roa
Signing time:             Mon 04 Nov 2024 16:21:01 +0000
ROA not before:           Mon 04 Nov 2024 16:21:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        5.182.152.0/24 maxlen: 24
                          2a0e:900:d001::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f7:fa:cc:fc:6f:b3:61:cf:a4:97:82:7f:04:23:0a:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd252a75c961ad338fd91147d461dd8b3d20cf51
        Validity
            Not Before: Nov  4 16:21:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2671a414680a009c11cc77f6f37dfc24b2b86754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6c:8d:97:dd:18:42:00:85:77:ba:9f:ef:8b:
                    8e:e2:1e:1f:50:95:3b:b1:02:d2:2a:c9:24:aa:55:
                    f9:e8:4a:9a:d8:78:15:f6:e2:ef:94:ea:d6:30:f9:
                    41:b8:59:91:9e:5f:0b:0e:53:62:53:18:83:92:9c:
                    a7:f4:73:c6:8f:fd:31:38:dc:84:90:d9:75:58:1c:
                    b5:be:91:00:6c:eb:9d:2d:52:c2:7c:28:20:e6:75:
                    cf:8f:32:b5:47:51:15:e9:25:86:0e:37:22:ec:85:
                    3c:9d:ad:12:f7:b7:ab:bb:a8:99:50:2f:3d:85:ae:
                    39:69:0a:a8:95:06:14:f6:f7:91:48:c5:fc:c6:9b:
                    ff:81:47:52:24:6a:8e:13:63:a6:ff:d1:51:3c:3f:
                    ea:88:33:f7:bf:67:23:8c:0b:e1:08:3b:62:52:c7:
                    a9:16:0a:0d:bc:13:39:3e:be:82:cb:a9:39:1e:88:
                    dd:45:78:6c:d6:2f:cf:67:09:76:0b:c5:c3:49:cc:
                    24:4d:d1:c8:e0:23:b6:cd:a6:61:3b:b2:c8:98:de:
                    11:9b:d8:e8:f2:67:f0:c6:0f:b3:10:f7:61:bf:68:
                    6b:3e:e3:ba:77:bf:16:af:27:82:54:0a:67:0a:88:
                    35:85:3c:d3:bc:db:1b:dc:45:74:e7:2d:38:55:fc:
                    d3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:71:A4:14:68:0A:00:9C:11:CC:77:F6:F3:7D:FC:24:B2:B8:67:54
            X509v3 Authority Key Identifier:
                keyid:BD:25:2A:75:C9:61:AD:33:8F:D9:11:47:D4:61:DD:8B:3D:20:CF:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/JnGkFGgKAJwRzHf28338JLK4Z1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.152.0/24
                IPv6:
                  2a0e:900:d001::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:87:df:ca:56:4c:2f:ad:38:ad:56:ea:f7:82:e3:71:b2:7f:
         56:39:e8:5f:cb:91:b7:09:1e:66:64:f6:6a:ef:15:2c:26:5d:
         aa:69:22:7c:e8:d6:25:8a:08:0c:92:3a:5a:65:ad:a6:a0:4d:
         41:ec:ea:1b:22:da:0f:39:a9:a7:f1:b7:38:40:0c:7a:8f:de:
         79:f7:ce:ed:fb:eb:9c:db:83:b6:d4:76:34:f4:43:12:53:7f:
         a8:78:5e:c9:77:8d:ab:74:f2:43:4e:72:30:a6:9b:51:e0:59:
         fa:1a:0f:fd:ad:1a:6b:85:0b:65:78:70:c1:3a:04:2b:1c:2b:
         8e:5f:1a:1a:cd:9e:e3:29:ca:43:2e:ba:46:a2:7a:97:b4:22:
         6e:10:64:70:79:94:31:53:cc:38:76:9c:22:bf:6a:16:0b:20:
         8e:4c:c9:f0:6e:bb:7b:20:28:55:d0:35:d2:16:f2:4d:14:e9:
         26:c6:42:7c:0e:0d:ec:8b:bc:32:52:d7:97:9d:22:54:6e:e5:
         08:ef:95:ef:02:80:7b:24:03:52:1b:2e:67:d4:0c:da:b9:e2:
         ba:44:a5:d2:7b:ea:5f:3c:d9:a0:06:e5:62:44:07:f9:94:4f:
         4b:c3:4f:e6:fb:c2:e2:a5:cd:b7:9c:1a:6c:d6:f3:ff:cc:66:
         a3:b3:9c:ee
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZL3+sz8b7Nhz6SXgn8EIwooMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMjUyYTc1Yzk2MWFkMzM4ZmQ5MTE0N2Q0NjFkZDhiM2Qy
MGNmNTEwHhcNMjQxMTA0MTYyMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjcxYTQxNDY4MGEwMDljMTFjYzc3ZjZmMzdkZmMyNGIyYjg2NzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmyNl90YQgCFd7qf74uO4h4fUJU7
sQLSKskkqlX56Eqa2HgV9uLvlOrWMPlBuFmRnl8LDlNiUxiDkpyn9HPGj/0xONyE
kNl1WBy1vpEAbOudLVLCfCgg5nXPjzK1R1EV6SWGDjci7IU8na0S97eru6iZUC89
ha45aQqolQYU9veRSMX8xpv/gUdSJGqOE2Om/9FRPD/qiDP3v2cjjAvhCDtiUsep
FgoNvBM5Pr6Cy6k5HojdRXhs1i/PZwl2C8XDScwkTdHI4CO2zaZhO7LImN4Rm9jo
8mfwxg+zEPdhv2hrPuO6d78WryeCVApnCog1hTzTvNsb3EV05y04VfzTGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCZxpBRoCgCcEcx39vN9/CSyuGdUMB8GA1UdIwQY
MBaAFL0lKnXJYa0zj9kRR9Rh3Ys9IM9RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlNVcWRjbGhyVE9QMlJGSDFHSGRpejBnejFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kMWM3MGUtMjI2YS00NzgxLWI2NjIt
NzQxYWI5Mjk5N2QwLzEvSm5Ha0ZHZ0tBSndSekhmMjgzMzhKTEs0WjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kMWM3MGUtMjI2YS00NzgxLWI2NjItNzQxYWI5Mjk5N2Qw
LzEvdlNVcWRjbGhyVE9QMlJGSDFHSGRpejBnejFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABbaYMA8E
AgACMAkDBwAqDgkA0AEwDQYJKoZIhvcNAQELBQADggEBAFKH38pWTC+tOK1W6veC
43Gyf1Y56F/LkbcJHmZk9mrvFSwmXappInzo1iWKCAySOlplraagTUHs6hsi2g85
qafxtzhADHqP3nn3zu3765zbg7bUdjT0QxJTf6h4Xsl3jat08kNOcjCmm1HgWfoa
D/2tGmuFC2V4cME6BCscK45fGhrNnuMpykMuukaiepe0Im4QZHB5lDFTzDh2nCK/
ahYLII5MyfBuu3sgKFXQNdIW8k0U6SbGQnwODeyLvDJS15edIlRu5Qjvle8CgHsk
A1IbLmfUDNq54rpEpdJ76l882aAG5WJEB/mUT0vDT+b7wuKlzbecGmzW8//MZqOz
nO4=
-----END CERTIFICATE-----