Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/IWHxNStdjrSROqwuZe7sT7LT4Nk.roa
File:                     IWHxNStdjrSROqwuZe7sT7LT4Nk.roa (raw, json)
Hash identifier:          S/bzV1Gz+VxqpXjM3Pl83zzxF5vyuBSuFK0LxiEoibw=
Subject key identifier:   21:61:F1:35:2B:5D:8E:B4:91:3A:AC:2E:65:EE:EC:4F:B2:D3:E0:D9
Certificate issuer:       /CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
Certificate serial:       019424456352697C258F6650C43735F774B6
Authority key identifier: 1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/IWHxNStdjrSROqwuZe7sT7LT4Nk.roa
Signing time:             Wed 01 Jan 2025 23:48:34 +0000
ROA not before:           Wed 01 Jan 2025 23:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31400
IP address blocks:        5.132.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:63:52:69:7c:25:8f:66:50:c4:37:35:f7:74:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
        Validity
            Not Before: Jan  1 23:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2161f1352b5d8eb4913aac2e65eeec4fb2d3e0d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:77:07:52:6a:49:14:d3:f4:72:4b:09:6f:cf:
                    0d:74:8d:36:1e:b5:5c:44:56:e9:8d:1b:69:76:3a:
                    a7:57:95:5f:12:05:b0:96:7f:07:ee:37:41:fa:cd:
                    99:4b:2e:29:da:da:c5:cf:41:78:16:22:ef:05:6e:
                    ab:c4:3c:49:95:51:42:df:ba:69:08:24:ca:5d:98:
                    ac:32:d9:68:c5:ee:c1:66:4a:cc:3d:8c:b3:2b:37:
                    5e:c6:7e:0c:3a:df:01:9b:dc:9d:6e:1f:c2:4a:a8:
                    7a:be:c0:4a:cd:78:b4:31:44:d9:84:d4:7e:d9:4d:
                    e3:3e:fe:8e:a2:63:61:3a:e8:c8:92:b0:a5:52:9a:
                    dd:2f:99:8d:2f:0b:54:42:51:38:dc:30:9b:7f:8b:
                    90:77:24:b3:05:f3:61:68:93:b2:4b:95:5a:70:c6:
                    0d:41:15:01:f7:98:04:fe:a8:62:37:0d:16:9b:53:
                    2a:3d:dd:ed:6a:ba:a8:db:54:aa:70:e3:49:b4:ac:
                    65:f8:9f:8b:d7:24:4e:a4:98:66:f1:91:fd:b7:2b:
                    ce:2f:5f:f3:b5:3b:74:cc:ea:87:0a:75:ff:68:2b:
                    01:64:02:85:15:52:b0:d0:de:02:46:52:dc:85:cf:
                    4c:e5:3e:43:a3:98:24:c9:23:95:4f:5d:05:85:7c:
                    19:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:61:F1:35:2B:5D:8E:B4:91:3A:AC:2E:65:EE:EC:4F:B2:D3:E0:D9
            X509v3 Authority Key Identifier:
                keyid:1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/IWHxNStdjrSROqwuZe7sT7LT4Nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.132.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:e5:9b:a6:29:b7:a0:7a:d0:7e:05:e9:49:66:92:30:9f:6c:
         10:e4:de:cc:09:fb:b0:db:c5:f3:96:a2:ab:9e:63:ac:56:34:
         14:18:5f:af:91:52:c9:36:bb:dc:b6:4e:8f:f2:1a:fe:60:db:
         91:ed:20:19:13:34:60:1e:a5:0b:17:89:26:ea:6d:4f:aa:a0:
         e1:a8:78:8e:c5:d3:28:ed:44:59:ea:51:09:be:42:e5:41:38:
         37:95:fb:5e:93:df:14:a2:06:41:d5:48:8a:d9:3a:e1:b0:b2:
         78:00:50:a1:61:ed:47:61:61:90:e6:85:cc:66:ea:98:6c:21:
         44:42:62:40:31:36:3e:97:15:be:03:8f:90:5b:88:79:20:bc:
         02:b4:1d:7a:58:5a:8e:0b:12:08:30:28:d0:60:6e:12:82:eb:
         1f:95:63:f3:2b:78:ae:2c:44:a9:7a:0f:b8:f4:62:45:2d:af:
         f8:2a:31:61:e7:d8:8c:ba:6e:a1:4b:38:1d:02:00:69:fb:73:
         fe:a9:f0:ad:85:8b:70:7e:7b:57:a3:82:a7:32:90:b2:52:26:
         41:05:f9:eb:5b:4a:d9:cc:da:e4:b2:42:fc:3d:7f:6e:a4:d2:
         96:14:b9:50:2e:86:5e:0b:4d:fa:54:41:95:8d:eb:0f:1b:c0:
         5f:1f:a7:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRWNSaXwlj2ZQxDc193S2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNGEyMDIwYjgyZDAyOTRlOTBhMmQ2YjJjMGYyOGQxMTcz
YjY0NjUwHhcNMjUwMTAxMjM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTYxZjEzNTJiNWQ4ZWI0OTEzYWFjMmU2NWVlZWM0ZmIyZDNlMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHcHUmpJFNP0cksJb88NdI02HrVc
RFbpjRtpdjqnV5VfEgWwln8H7jdB+s2ZSy4p2trFz0F4FiLvBW6rxDxJlVFC37pp
CCTKXZisMtloxe7BZkrMPYyzKzdexn4MOt8Bm9ydbh/CSqh6vsBKzXi0MUTZhNR+
2U3jPv6OomNhOujIkrClUprdL5mNLwtUQlE43DCbf4uQdySzBfNhaJOyS5VacMYN
QRUB95gE/qhiNw0Wm1MqPd3tarqo21SqcONJtKxl+J+L1yROpJhm8ZH9tyvOL1/z
tTt0zOqHCnX/aCsBZAKFFVKw0N4CRlLchc9M5T5Do5gkySOVT10FhXwZ1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFh8TUrXY60kTqsLmXu7E+y0+DZMB8GA1UdIwQY
MBaAFB5KICC4LQKU6QotaywPKNEXO2RlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQt
NTMwNDQwYzRmYTI5LzEvSVdIeE5TdGRqclNST3F3dVplN3NUN0xUNE5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQtNTMwNDQwYzRmYTI5
LzEvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYSeMA0G
CSqGSIb3DQEBCwUAA4IBAQB05ZumKbegetB+BelJZpIwn2wQ5N7MCfuw28XzlqKr
nmOsVjQUGF+vkVLJNrvctk6P8hr+YNuR7SAZEzRgHqULF4km6m1PqqDhqHiOxdMo
7URZ6lEJvkLlQTg3lftek98UogZB1UiK2TrhsLJ4AFChYe1HYWGQ5oXMZuqYbCFE
QmJAMTY+lxW+A4+QW4h5ILwCtB16WFqOCxIIMCjQYG4SgusflWPzK3iuLESpeg+4
9GJFLa/4KjFh59iMum6hSzgdAgBp+3P+qfCthYtwfntXo4KnMpCyUiZBBfnrW0rZ
zNrkskL8PX9upNKWFLlQLoZeC036VEGVjesPG8BfH6cl
-----END CERTIFICATE-----