Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/xaMWuZ7kA8X17tv7JPD3cAO2gaQ.roa
File:                     xaMWuZ7kA8X17tv7JPD3cAO2gaQ.roa (raw, json)
Hash identifier:          ATONBIDi86t/gP28VGMYu3coL6c7BDeaABl8Z6IklbE=
Subject key identifier:   C5:A3:16:B9:9E:E4:03:C5:F5:EE:DB:FB:24:F0:F7:70:03:B6:81:A4
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       019420681B27F0DB8C563D2501C8ED3D1D39
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/xaMWuZ7kA8X17tv7JPD3cAO2gaQ.roa
Signing time:             Wed 01 Jan 2025 05:48:01 +0000
ROA not before:           Wed 01 Jan 2025 05:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        5.39.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:1b:27:f0:db:8c:56:3d:25:01:c8:ed:3d:1d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Jan  1 05:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5a316b99ee403c5f5eedbfb24f0f77003b681a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f7:e0:fa:81:1a:21:f1:e9:a6:57:a8:f7:fe:
                    4b:06:7d:d0:25:53:33:b0:49:da:02:78:89:7e:6b:
                    a2:c6:33:31:c6:d1:42:d6:28:73:0a:38:7f:f4:a3:
                    e1:97:f2:91:ca:84:d3:a8:d1:ec:81:e8:ef:ec:55:
                    24:02:b3:11:09:43:ef:54:31:ac:73:8b:d2:bc:57:
                    78:08:ff:e2:e8:bf:11:ca:ea:a9:af:0c:ec:02:0c:
                    03:0e:52:04:fd:2e:14:31:e5:cd:b2:2c:95:8c:37:
                    e5:e9:bd:89:f7:6e:cc:fd:f4:4a:ea:1e:06:ed:42:
                    8c:d4:9d:58:f2:1e:0d:51:81:63:4f:92:80:c4:c6:
                    7f:f3:65:cc:0e:33:be:d4:79:9a:83:6c:f6:15:43:
                    f3:d8:fa:e8:57:c4:86:1d:fc:29:f1:ea:05:6c:75:
                    bd:2a:0c:36:c6:04:d5:65:49:af:61:dd:d1:a5:20:
                    ee:0b:6d:6e:70:90:ab:ae:c8:e0:ad:d2:6e:63:49:
                    93:67:95:2a:7b:f7:f9:52:d4:1f:3d:6d:92:e9:12:
                    96:78:17:23:2c:d3:70:91:c1:17:62:44:67:93:b0:
                    0b:c4:ab:3e:d2:96:96:3e:7b:14:c2:82:8c:a8:98:
                    1a:df:5e:e3:22:42:bd:20:ed:b8:50:20:b0:3c:0e:
                    1e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A3:16:B9:9E:E4:03:C5:F5:EE:DB:FB:24:F0:F7:70:03:B6:81:A4
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/xaMWuZ7kA8X17tv7JPD3cAO2gaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:5b:af:e1:80:27:29:78:eb:84:0a:9f:7d:2e:1f:a8:0e:1f:
         40:5a:a9:8a:09:f2:ee:a3:59:d1:3c:95:b6:fb:ec:6d:0f:46:
         bc:40:3d:3d:5d:06:8c:f7:e6:b8:01:8c:a7:7e:60:66:e0:e0:
         05:e1:24:17:11:83:2d:ab:b8:d6:68:16:5d:b7:b1:e6:0e:4d:
         50:af:c7:2e:5b:9a:20:7e:b9:7d:62:eb:f5:48:0a:a9:0c:3e:
         98:88:ec:b4:e2:f7:4d:6c:fb:7c:1a:9a:0c:4a:b3:3f:fe:f5:
         69:45:ff:b8:23:10:39:aa:66:ea:43:61:6d:0b:75:c9:dd:aa:
         a3:ae:62:71:17:99:72:f9:be:ad:48:4b:0f:ed:6c:b0:b8:5b:
         e1:cc:7d:59:91:6e:de:f6:24:00:aa:7a:86:44:1a:98:c2:1e:
         b4:08:02:f1:09:6b:d4:fa:75:fd:8b:03:7e:99:67:2a:39:c3:
         77:45:d2:3b:8c:0a:8f:c0:e2:26:85:6d:fc:69:6a:f4:85:ec:
         1a:6f:3f:2d:1d:3f:6b:ab:a7:1b:bb:78:44:e7:53:0e:7d:19:
         b9:d3:12:ba:18:e0:5b:4c:83:c5:93:9f:9c:07:1f:23:eb:d8:
         ef:b2:d5:a5:65:7c:8e:97:45:ba:a8:15:47:a8:f4:ad:d7:72:
         8e:47:7f:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaBsn8NuMVj0lAcjtPR05MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjUwMTAxMDU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWEzMTZiOTllZTQwM2M1ZjVlZWRiZmIyNGYwZjc3MDAzYjY4MWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApffg+oEaIfHppleo9/5LBn3QJVMz
sEnaAniJfmuixjMxxtFC1ihzCjh/9KPhl/KRyoTTqNHsgejv7FUkArMRCUPvVDGs
c4vSvFd4CP/i6L8RyuqprwzsAgwDDlIE/S4UMeXNsiyVjDfl6b2J927M/fRK6h4G
7UKM1J1Y8h4NUYFjT5KAxMZ/82XMDjO+1Hmag2z2FUPz2ProV8SGHfwp8eoFbHW9
Kgw2xgTVZUmvYd3RpSDuC21ucJCrrsjgrdJuY0mTZ5Uqe/f5UtQfPW2S6RKWeBcj
LNNwkcEXYkRnk7ALxKs+0paWPnsUwoKMqJga317jIkK9IO24UCCwPA4ecQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWjFrme5APF9e7b+yTw93ADtoGkMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEveGFNV3VaN2tBOFgxN3R2N0pQRDNjQU8yZ2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBSfAMA0G
CSqGSIb3DQEBCwUAA4IBAQBbW6/hgCcpeOuECp99Lh+oDh9AWqmKCfLuo1nRPJW2
++xtD0a8QD09XQaM9+a4AYynfmBm4OAF4SQXEYMtq7jWaBZdt7HmDk1Qr8cuW5og
frl9Yuv1SAqpDD6YiOy04vdNbPt8GpoMSrM//vVpRf+4IxA5qmbqQ2FtC3XJ3aqj
rmJxF5ly+b6tSEsP7WywuFvhzH1ZkW7e9iQAqnqGRBqYwh60CALxCWvU+nX9iwN+
mWcqOcN3RdI7jAqPwOImhW38aWr0hewabz8tHT9rq6cbu3hE51MOfRm50xK6GOBb
TIPFk5+cBx8j69jvstWlZXyOl0W6qBVHqPSt13KOR3+2
-----END CERTIFICATE-----