Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/eZ5u-8wwxCdHotHwnuGWbAgC9R8.roa
File:                     eZ5u-8wwxCdHotHwnuGWbAgC9R8.roa (raw, json)
Hash identifier:          Xl/hFGT7/aCJumEXLtHP6REwsMC5Mye18vgtTFfduyE=
Subject key identifier:   79:9E:6E:FB:CC:30:C4:27:47:A2:D1:F0:9E:E1:96:6C:08:02:F5:1F
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFA9CD0E190860BBBF44FFEFD2F376A
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/eZ5u-8wwxCdHotHwnuGWbAgC9R8.roa
Signing time:             Wed 01 Jan 2025 03:48:25 +0000
ROA not before:           Wed 01 Jan 2025 03:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60005
IP address blocks:        141.101.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9c:d0:e1:90:86:0b:bb:f4:4f:fe:fd:2f:37:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=799e6efbcc30c42747a2d1f09ee1966c0802f51f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:41:c4:83:a6:f2:db:01:91:9b:ee:9b:44:bf:
                    f8:a0:31:39:7a:90:f2:24:d2:45:ec:91:ba:5f:db:
                    8c:c0:48:dd:24:d1:74:98:64:e0:bf:e2:67:eb:ae:
                    fe:5d:01:ab:21:bf:5a:7d:63:47:71:6c:28:17:4f:
                    d6:2b:75:b1:86:22:ad:97:9a:98:d0:6b:6a:18:92:
                    8d:7f:b3:56:85:5b:8f:05:98:f7:19:56:e3:fa:57:
                    63:02:b4:cc:71:a6:27:5b:e3:84:f8:43:bd:41:b5:
                    94:fc:17:95:59:e2:3f:03:4d:3a:c7:f3:06:8c:48:
                    44:75:7c:16:f2:aa:e9:bb:81:0b:be:49:c3:53:73:
                    35:f4:a6:62:57:99:d4:a5:58:a7:ac:55:b1:98:4f:
                    cb:a5:3a:28:a2:7b:84:67:a5:91:5a:df:90:89:67:
                    5b:ec:b1:57:e8:90:df:4c:da:d7:23:63:ee:23:b7:
                    98:c6:4f:73:33:79:bc:5b:65:13:26:ad:54:e5:18:
                    22:6c:22:e5:c6:52:9f:d2:d0:e5:92:f1:1a:ad:6a:
                    00:62:a3:07:69:b8:df:11:91:ad:e9:ab:b4:e9:8c:
                    6b:ed:7b:82:52:97:79:26:db:23:59:a8:a0:5a:51:
                    7b:58:d0:ad:39:e8:1f:a5:ca:cd:d2:82:81:27:02:
                    ae:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:9E:6E:FB:CC:30:C4:27:47:A2:D1:F0:9E:E1:96:6C:08:02:F5:1F
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/eZ5u-8wwxCdHotHwnuGWbAgC9R8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:54:79:4b:22:74:82:0e:83:54:c7:1f:ee:df:f5:df:01:1c:
         f1:8c:60:75:c0:d1:78:a0:ca:de:5f:e2:11:70:61:19:bb:d7:
         70:18:b3:56:50:c3:9a:14:ed:44:94:d8:62:67:d3:46:ef:18:
         66:a7:a0:91:41:bc:ff:53:67:8d:16:f7:d3:2d:bb:37:2c:f2:
         f8:ce:66:73:01:55:1f:b8:26:b9:7a:9c:e8:cf:ad:f1:23:65:
         ad:77:18:29:03:a6:c2:2b:98:5c:cb:df:0f:9f:5f:63:95:c8:
         b6:e5:60:1f:d8:3a:9a:3e:4f:2b:bf:29:c0:c1:43:28:32:6f:
         ab:90:67:70:06:63:ca:2b:e3:ed:a4:4b:30:9f:89:17:e0:7e:
         ae:86:d5:bd:62:b4:6e:0b:3d:7c:d5:cb:af:9c:2a:b9:71:6a:
         18:4b:2c:64:04:fe:ee:98:94:bb:c1:b8:24:95:f6:79:71:41:
         29:35:42:bb:5f:12:d0:da:0c:01:55:ba:32:8e:f3:3d:1f:b7:
         71:97:e0:15:64:b4:d9:ee:30:b8:96:76:a2:a9:19:7e:d7:5d:
         87:ee:8f:da:38:00:de:99:ee:b4:90:48:f0:88:8c:0b:2e:4e:
         cb:4f:0b:47:c8:c9:76:13:05:63:12:5a:05:af:d7:d1:8e:47:
         bf:96:50:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pzQ4ZCGC7v0T/79LzdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTllNmVmYmNjMzBjNDI3NDdhMmQxZjA5ZWUxOTY2YzA4MDJmNTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykHEg6by2wGRm+6bRL/4oDE5epDy
JNJF7JG6X9uMwEjdJNF0mGTgv+Jn667+XQGrIb9afWNHcWwoF0/WK3WxhiKtl5qY
0GtqGJKNf7NWhVuPBZj3GVbj+ldjArTMcaYnW+OE+EO9QbWU/BeVWeI/A006x/MG
jEhEdXwW8qrpu4ELvknDU3M19KZiV5nUpVinrFWxmE/LpTooonuEZ6WRWt+QiWdb
7LFX6JDfTNrXI2PuI7eYxk9zM3m8W2UTJq1U5RgibCLlxlKf0tDlkvEarWoAYqMH
abjfEZGt6au06Yxr7XuCUpd5JtsjWaigWlF7WNCtOegfpcrN0oKBJwKuLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmebvvMMMQnR6LR8J7hlmwIAvUfMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvZVo1dS04d3d4Q2RIb3RId251R1diQWdDOVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWWwMA0G
CSqGSIb3DQEBCwUAA4IBAQBQVHlLInSCDoNUxx/u3/XfARzxjGB1wNF4oMreX+IR
cGEZu9dwGLNWUMOaFO1ElNhiZ9NG7xhmp6CRQbz/U2eNFvfTLbs3LPL4zmZzAVUf
uCa5epzoz63xI2WtdxgpA6bCK5hcy98Pn19jlci25WAf2DqaPk8rvynAwUMoMm+r
kGdwBmPKK+PtpEswn4kX4H6uhtW9YrRuCz181cuvnCq5cWoYSyxkBP7umJS7wbgk
lfZ5cUEpNUK7XxLQ2gwBVboyjvM9H7dxl+AVZLTZ7jC4lnaiqRl+112H7o/aOADe
me60kEjwiIwLLk7LTwtHyMl2EwVjEloFr9fRjke/llCL
-----END CERTIFICATE-----