Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/IuxDHR_CV3eNS1S5clbvfJ1hK_k.roa
File:                     IuxDHR_CV3eNS1S5clbvfJ1hK_k.roa (raw, json)
Hash identifier:          Hz3aDArINU9rGaWmuAjDTNSRDFd5qodJqjOuXUvn7hM=
Subject key identifier:   22:EC:43:1D:1F:C2:57:77:8D:4B:54:B9:72:56:EF:7C:9D:61:2B:F9
Certificate issuer:       /CN=449e4252bcb22ea2c6cfb3924c8f84bdde7a7471
Certificate serial:       0194274817C3EBFCD683AB93422131AA29C0
Authority key identifier: 44:9E:42:52:BC:B2:2E:A2:C6:CF:B3:92:4C:8F:84:BD:DE:7A:74:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RJ5CUryyLqLGz7OSTI-Evd56dHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/IuxDHR_CV3eNS1S5clbvfJ1hK_k.roa
Signing time:             Thu 02 Jan 2025 13:50:23 +0000
ROA not before:           Thu 02 Jan 2025 13:50:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59407
IP address blocks:        5.134.16.0/21 maxlen: 21
                          91.192.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/RJ5CUryyLqLGz7OSTI-Evd56dHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/RJ5CUryyLqLGz7OSTI-Evd56dHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RJ5CUryyLqLGz7OSTI-Evd56dHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:17:c3:eb:fc:d6:83:ab:93:42:21:31:aa:29:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=449e4252bcb22ea2c6cfb3924c8f84bdde7a7471
        Validity
            Not Before: Jan  2 13:50:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22ec431d1fc257778d4b54b97256ef7c9d612bf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:51:f3:53:b4:ae:c0:69:e6:bd:3a:57:4b:ea:
                    7c:24:92:27:d1:70:06:01:75:d3:cd:5a:59:d5:50:
                    ed:52:9d:17:00:24:05:06:10:23:8b:8f:d4:0b:de:
                    a7:2e:c1:a1:ad:b2:a1:cb:70:55:9d:b5:5e:c2:be:
                    11:cf:98:0a:6b:cf:fc:68:56:fc:e1:02:76:cc:d8:
                    14:d0:d6:16:08:04:3b:9f:6d:5c:69:90:d4:dd:46:
                    cb:8c:66:86:bb:57:55:2e:a7:fc:2d:3e:29:1e:ff:
                    a7:35:fa:bf:71:e6:a1:9f:64:ae:3e:02:bc:ca:13:
                    44:28:f7:e9:4f:c6:27:c2:6a:f9:83:f6:df:4d:0c:
                    c7:27:f6:81:a0:16:3b:a0:9e:32:72:ff:f1:2f:47:
                    10:90:1a:6d:ee:a9:c7:6c:88:4e:4d:10:48:5e:4e:
                    b3:e3:19:54:66:18:4e:2a:7d:2e:ae:24:4f:f9:00:
                    37:79:f4:b2:dd:fa:2e:fb:39:ac:bc:22:71:60:e6:
                    92:f1:5a:77:20:06:3d:97:74:db:0e:65:4d:d2:d8:
                    47:09:97:ef:9a:df:38:88:df:32:97:2a:4c:fd:87:
                    7c:9b:d3:6f:71:db:5b:91:fa:9f:aa:bc:0f:09:c0:
                    ec:46:09:b9:7b:87:fb:75:bf:35:66:0c:8d:36:f9:
                    1f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:EC:43:1D:1F:C2:57:77:8D:4B:54:B9:72:56:EF:7C:9D:61:2B:F9
            X509v3 Authority Key Identifier:
                keyid:44:9E:42:52:BC:B2:2E:A2:C6:CF:B3:92:4C:8F:84:BD:DE:7A:74:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RJ5CUryyLqLGz7OSTI-Evd56dHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/IuxDHR_CV3eNS1S5clbvfJ1hK_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/RJ5CUryyLqLGz7OSTI-Evd56dHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.134.16.0/21
                  91.192.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:88:dc:0c:40:8b:78:11:ac:f8:f3:3b:99:93:78:92:de:dc:
         87:65:7d:0a:0e:aa:57:dd:b0:70:e1:8e:11:4a:1c:d9:39:23:
         c6:d6:0e:97:4f:3b:e2:35:f4:50:be:3d:b6:fb:be:ba:9e:d0:
         b9:64:9c:e7:a2:88:dd:92:58:af:3f:60:d5:2f:8e:d9:6d:74:
         9c:0c:36:1e:34:23:c8:b7:b4:fb:9d:ca:f2:5e:9c:eb:b2:89:
         69:99:16:e7:e9:d3:d6:a2:89:94:f1:22:7b:6e:a3:78:d7:7e:
         a0:18:39:56:92:0f:95:b8:ec:3f:b3:28:02:89:0f:6c:cb:8d:
         bc:3c:e7:5b:ad:83:cb:8a:d3:fc:2d:bb:5c:d1:13:de:83:1f:
         ff:7b:2a:a7:de:2e:0f:24:fc:5c:f6:26:76:97:12:2b:f0:6b:
         6f:41:e3:5c:04:b5:e5:5d:c7:06:f7:e7:f5:f7:a8:9a:b5:53:
         ad:c7:7a:3d:0c:e0:19:b5:a1:0d:02:67:18:a1:61:98:af:fb:
         5b:e7:bb:8b:99:60:0f:25:ae:ef:3c:62:55:3d:30:87:98:46:
         4a:97:c6:c1:a2:d4:32:89:d2:50:1a:a7:10:bd:e2:a1:fb:ce:
         4b:08:ed:ef:6e:c6:16:a2:9c:86:c5:fa:86:84:da:23:2d:d3:
         58:3f:44:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSBfD6/zWg6uTQiExqinAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0OWU0MjUyYmNiMjJlYTJjNmNmYjM5MjRjOGY4NGJkZGU3
YTc0NzEwHhcNMjUwMTAyMTM1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmVjNDMxZDFmYzI1Nzc3OGQ0YjU0Yjk3MjU2ZWY3YzlkNjEyYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lHzU7SuwGnmvTpXS+p8JJIn0XAG
AXXTzVpZ1VDtUp0XACQFBhAji4/UC96nLsGhrbKhy3BVnbVewr4Rz5gKa8/8aFb8
4QJ2zNgU0NYWCAQ7n21caZDU3UbLjGaGu1dVLqf8LT4pHv+nNfq/ceahn2SuPgK8
yhNEKPfpT8Ynwmr5g/bfTQzHJ/aBoBY7oJ4ycv/xL0cQkBpt7qnHbIhOTRBIXk6z
4xlUZhhOKn0uriRP+QA3efSy3fou+zmsvCJxYOaS8Vp3IAY9l3TbDmVN0thHCZfv
mt84iN8ylypM/Yd8m9NvcdtbkfqfqrwPCcDsRgm5e4f7db81ZgyNNvkfuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCLsQx0fwld3jUtUuXJW73ydYSv5MB8GA1UdIwQY
MBaAFESeQlK8si6ixs+zkkyPhL3eenRxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUko1Q1VyeXlMcUxHejdPU1RJLUV2ZDU2ZEhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZTk1NTktOGYzYy00NWQwLTg1MWMt
NjhmMjE3NGM3OWVlLzEvSXV4REhSX0NWM2VOUzFTNWNsYnZmSjFoS19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZTk1NTktOGYzYy00NWQwLTg1MWMtNjhmMjE3NGM3OWVl
LzEvUko1Q1VyeXlMcUxHejdPU1RJLUV2ZDU2ZEhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBYYQAwQB
W8DKMA0GCSqGSIb3DQEBCwUAA4IBAQAJiNwMQIt4Eaz48zuZk3iS3tyHZX0KDqpX
3bBw4Y4RShzZOSPG1g6XTzviNfRQvj22+766ntC5ZJznoojdklivP2DVL47ZbXSc
DDYeNCPIt7T7ncryXpzrsolpmRbn6dPWoomU8SJ7bqN4136gGDlWkg+VuOw/sygC
iQ9sy428POdbrYPLitP8Lbtc0RPegx//eyqn3i4PJPxc9iZ2lxIr8GtvQeNcBLXl
XccG9+f196iatVOtx3o9DOAZtaENAmcYoWGYr/tb57uLmWAPJa7vPGJVPTCHmEZK
l8bBotQyidJQGqcQveKh+85LCO3vbsYWopyGxfqGhNojLdNYP0Sp
-----END CERTIFICATE-----