Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/X4-iqILOHdE2x3lzGuxeTnuxiRY.roa
File:                     X4-iqILOHdE2x3lzGuxeTnuxiRY.roa (raw, json)
Hash identifier:          NutQwkFlxPZvokdW7BKJ4KofMLyP6ZsRoASo8ePMHvQ=
Subject key identifier:   5F:8F:A2:A8:82:CE:1D:D1:36:C7:79:73:1A:EC:5E:4E:7B:B1:89:16
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019424448C8A14FE9C0BE07CD3F7F2BAFEEF
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/X4-iqILOHdE2x3lzGuxeTnuxiRY.roa
Signing time:             Wed 01 Jan 2025 23:47:39 +0000
ROA not before:           Wed 01 Jan 2025 23:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40065
IP address blocks:        5.253.16.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8c:8a:14:fe:9c:0b:e0:7c:d3:f7:f2:ba:fe:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 23:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f8fa2a882ce1dd136c779731aec5e4e7bb18916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8c:22:7e:12:23:56:25:51:58:75:9a:56:62:
                    7c:d9:80:5e:e4:96:e5:fd:05:cf:46:9d:93:c3:61:
                    19:05:12:1e:7d:6c:cd:f3:c9:c2:ad:6d:96:24:48:
                    dc:12:31:6f:9b:f5:39:87:f5:6d:a2:ed:16:7c:e6:
                    da:a2:c7:cb:ee:09:a2:d5:96:25:7e:e4:39:57:cb:
                    9e:34:63:8c:f4:fa:be:12:c7:3b:fd:3a:de:2e:62:
                    6a:dc:47:54:4e:6d:39:e1:03:de:4f:80:4b:b2:cc:
                    3e:4d:dc:80:ad:9c:ad:49:2e:ab:2b:1c:29:6c:71:
                    dd:dd:c7:89:ca:41:55:6d:91:f7:97:de:92:85:37:
                    3f:57:43:e3:bf:f8:de:80:b3:35:c6:b0:93:3f:e4:
                    59:53:c3:5d:26:57:59:5c:83:07:ef:84:71:1f:8c:
                    96:7f:c0:aa:22:f7:d7:cb:11:71:48:c4:98:60:dd:
                    6c:bb:05:45:8c:42:74:3e:71:db:ab:46:45:e7:c2:
                    9e:fd:b6:6e:cd:33:ba:89:ee:fa:c6:77:0f:bd:f9:
                    b8:bb:a3:76:75:50:8b:a7:36:f5:e4:b7:42:9e:2c:
                    62:18:7d:4f:51:e0:09:1d:84:b1:3e:fd:80:9d:bb:
                    f4:63:2c:8c:83:c6:d7:27:70:0f:3c:7d:f7:59:c8:
                    b0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:8F:A2:A8:82:CE:1D:D1:36:C7:79:73:1A:EC:5E:4E:7B:B1:89:16
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/X4-iqILOHdE2x3lzGuxeTnuxiRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:0e:ee:dd:df:24:1f:26:b9:1e:71:49:4b:b2:42:ad:23:db:
         ff:8e:ff:c0:1d:0d:59:eb:bb:fb:c3:41:04:80:54:6a:c7:6d:
         4d:fb:4e:da:14:12:e4:f4:6f:5f:94:5e:92:8f:fa:c2:bb:30:
         35:f6:d1:7f:31:6a:9d:30:49:e5:49:78:f9:af:69:4d:e0:0f:
         98:4a:c6:1d:f2:5e:90:e1:a0:c8:14:cf:2f:fb:5b:47:05:a5:
         b2:55:29:e3:d9:a8:2c:65:9b:1e:62:82:78:17:de:b2:0c:e4:
         89:ce:17:cc:10:cc:d5:0d:76:7e:f5:f4:17:a6:7e:76:0f:eb:
         e4:9f:20:5d:3b:e2:ad:fa:3c:64:71:1d:dd:ca:07:a7:17:88:
         43:d7:a7:f3:46:d8:e6:7e:3b:e4:3e:a1:fb:84:95:bf:52:6a:
         71:af:27:0c:a6:a0:e0:31:6c:88:3f:2f:88:f7:e6:97:8a:76:
         3f:7e:7f:fc:8d:84:fb:10:ba:c8:43:92:42:e1:05:8a:be:2e:
         27:3e:55:2b:8d:22:dd:85:f5:6a:de:b6:ca:b4:5c:6b:39:00:
         a1:91:a5:3f:4e:95:15:f2:9a:02:6f:6e:13:a9:86:60:69:2f:
         67:d8:36:40:f5:74:c0:29:d1:4c:f5:6a:0c:e6:9c:ad:67:d4:
         09:c2:e5:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRIyKFP6cC+B80/fyuv7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwMTAxMjM0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjhmYTJhODgyY2UxZGQxMzZjNzc5NzMxYWVjNWU0ZTdiYjE4OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4wifhIjViVRWHWaVmJ82YBe5Jbl
/QXPRp2Tw2EZBRIefWzN88nCrW2WJEjcEjFvm/U5h/Vtou0WfObaosfL7gmi1ZYl
fuQ5V8ueNGOM9Pq+Esc7/TreLmJq3EdUTm054QPeT4BLssw+TdyArZytSS6rKxwp
bHHd3ceJykFVbZH3l96ShTc/V0Pjv/jegLM1xrCTP+RZU8NdJldZXIMH74RxH4yW
f8CqIvfXyxFxSMSYYN1suwVFjEJ0PnHbq0ZF58Ke/bZuzTO6ie76xncPvfm4u6N2
dVCLpzb15LdCnixiGH1PUeAJHYSxPv2Anbv0YyyMg8bXJ3APPH33Wciw+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+PoqiCzh3RNsd5cxrsXk57sYkWMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvWDQtaXFJTE9IZEUyeDNsekd1eGVUbnV4aVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBf0QMA0G
CSqGSIb3DQEBCwUAA4IBAQCRDu7d3yQfJrkecUlLskKtI9v/jv/AHQ1Z67v7w0EE
gFRqx21N+07aFBLk9G9flF6Sj/rCuzA19tF/MWqdMEnlSXj5r2lN4A+YSsYd8l6Q
4aDIFM8v+1tHBaWyVSnj2agsZZseYoJ4F96yDOSJzhfMEMzVDXZ+9fQXpn52D+vk
nyBdO+Kt+jxkcR3dygenF4hD16fzRtjmfjvkPqH7hJW/UmpxrycMpqDgMWyIPy+I
9+aXinY/fn/8jYT7ELrIQ5JC4QWKvi4nPlUrjSLdhfVq3rbKtFxrOQChkaU/TpUV
8poCb24TqYZgaS9n2DZA9XTAKdFM9WoM5pytZ9QJwuUN
-----END CERTIFICATE-----