Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/g7m9yx1NW8SRIFbI1YMp1R07s_U.roa
File:                     g7m9yx1NW8SRIFbI1YMp1R07s_U.roa (raw, json)
Hash identifier:          j5HohraLr+uvJe+BKNjv5aVmggl6w9ivQvztm8iHfjI=
Subject key identifier:   83:B9:BD:CB:1D:4D:5B:C4:91:20:56:C8:D5:83:29:D5:1D:3B:B3:F5
Certificate issuer:       /CN=ef5082d37fbc81998bfcf948a5bbdda63edfdee0
Certificate serial:       0194221FE284EFA463BD05B2FD4F5450A29D
Authority key identifier: EF:50:82:D3:7F:BC:81:99:8B:FC:F9:48:A5:BB:DD:A6:3E:DF:DE:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/g7m9yx1NW8SRIFbI1YMp1R07s_U.roa
Signing time:             Wed 01 Jan 2025 13:48:22 +0000
ROA not before:           Wed 01 Jan 2025 13:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198977
IP address blocks:        5.104.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e2:84:ef:a4:63:bd:05:b2:fd:4f:54:50:a2:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef5082d37fbc81998bfcf948a5bbdda63edfdee0
        Validity
            Not Before: Jan  1 13:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83b9bdcb1d4d5bc4912056c8d58329d51d3bb3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1e:c3:71:a9:de:b3:13:6e:60:c8:21:4e:c3:
                    6a:a0:a2:b5:dc:34:a4:a6:3a:a2:8a:f5:fd:cb:e1:
                    cc:fc:6d:d2:64:3d:5b:81:80:4a:25:39:6c:16:b9:
                    c0:09:ea:cb:f6:27:5c:90:b0:31:16:d8:15:de:b0:
                    a6:f3:24:17:37:1e:45:9f:35:33:af:e3:0e:bf:0c:
                    c3:4d:a0:07:4e:f5:e1:74:b9:ac:28:f6:a4:9e:b3:
                    a0:c5:8e:f8:fe:32:e3:5f:0f:01:33:38:0d:2e:dd:
                    66:10:86:a2:01:fd:75:94:74:96:74:da:3b:b2:41:
                    65:79:b6:a1:f4:ee:ac:e5:b6:b4:43:7f:6f:5f:2e:
                    4d:b6:bc:c6:2e:da:61:05:4d:ea:33:bf:a2:97:48:
                    4d:52:e4:8d:08:34:30:ad:46:5d:46:ae:ab:60:4b:
                    e1:6a:42:fd:43:c5:38:10:c1:c2:8e:72:46:fb:a4:
                    f1:82:be:d6:ae:c1:32:04:ac:5f:42:9c:d9:47:c9:
                    9f:16:e6:2c:3c:26:4d:17:ae:ea:00:10:43:bf:4e:
                    55:96:75:3e:8d:cc:74:1c:5c:62:05:19:97:3f:04:
                    f4:4d:c1:7e:6a:4b:01:1f:50:ed:69:86:e6:2f:38:
                    03:8a:90:c7:03:d8:8c:fa:ed:9e:a0:8b:28:05:1b:
                    71:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B9:BD:CB:1D:4D:5B:C4:91:20:56:C8:D5:83:29:D5:1D:3B:B3:F5
            X509v3 Authority Key Identifier:
                keyid:EF:50:82:D3:7F:BC:81:99:8B:FC:F9:48:A5:BB:DD:A6:3E:DF:DE:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/g7m9yx1NW8SRIFbI1YMp1R07s_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         23:2a:47:99:82:95:de:72:37:ad:a0:03:ee:f3:08:12:25:4e:
         a7:90:14:8d:dd:19:43:15:97:11:c9:81:e7:66:ab:8d:e6:29:
         e2:0c:46:79:0e:7f:53:7d:87:aa:94:57:1c:44:05:26:d9:c7:
         7f:e2:a4:7c:42:32:9d:fb:e3:34:16:d8:8a:04:a2:d9:a3:89:
         84:c5:99:56:15:28:00:7c:c9:80:63:40:82:f7:d7:35:05:50:
         3d:82:bf:07:b8:51:81:a0:93:b4:d4:27:72:41:d0:30:a9:a5:
         1e:71:7e:1b:39:9f:40:9f:9f:82:4a:48:71:bc:39:e9:03:20:
         cd:46:92:6d:2c:c4:e4:9c:f0:16:31:55:e4:93:98:19:64:f5:
         d2:92:a8:09:56:32:aa:b9:48:ef:54:80:ea:59:bd:b2:6f:22:
         9a:53:45:3a:d4:2e:b6:45:b8:24:d6:f4:73:06:ee:83:7c:85:
         4f:14:e7:f5:63:3c:24:99:13:f2:0f:4f:a0:50:07:1e:b5:5c:
         62:6d:13:1d:b6:5a:97:4f:74:d5:b9:39:58:6d:a1:c3:f0:8a:
         17:eb:0d:68:c2:1e:ad:e1:f1:db:25:2a:2b:d1:27:96:8f:b2:
         1c:58:44:96:82:78:da:d7:70:ec:6b:72:d9:98:a5:51:1a:80:
         71:c1:c0:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH+KE76RjvQWy/U9UUKKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTA4MmQzN2ZiYzgxOTk4YmZjZjk0OGE1YmJkZGE2M2Vk
ZmRlZTAwHhcNMjUwMTAxMTM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2I5YmRjYjFkNGQ1YmM0OTEyMDU2YzhkNTgzMjlkNTFkM2JiM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAox7DcanesxNuYMghTsNqoKK13DSk
pjqiivX9y+HM/G3SZD1bgYBKJTlsFrnACerL9idckLAxFtgV3rCm8yQXNx5FnzUz
r+MOvwzDTaAHTvXhdLmsKPaknrOgxY74/jLjXw8BMzgNLt1mEIaiAf11lHSWdNo7
skFlebah9O6s5ba0Q39vXy5NtrzGLtphBU3qM7+il0hNUuSNCDQwrUZdRq6rYEvh
akL9Q8U4EMHCjnJG+6Txgr7WrsEyBKxfQpzZR8mfFuYsPCZNF67qABBDv05VlnU+
jcx0HFxiBRmXPwT0TcF+aksBH1DtaYbmLzgDipDHA9iM+u2eoIsoBRtxkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIO5vcsdTVvEkSBWyNWDKdUdO7P1MB8GA1UdIwQY
MBaAFO9QgtN/vIGZi/z5SKW73aY+397gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFDQzAzLThnWm1MX1BsSXBidmRwajdmM3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wYzNjNGQtMDFkMi00NDBhLWE1MWYt
OTE5NWQwMmRlZDU1LzEvZzdtOXl4MU5XOFNSSUZiSTFZTXAxUjA3c19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wYzNjNGQtMDFkMi00NDBhLWE1MWYtOTE5NWQwMmRlZDU1
LzEvNzFDQzAzLThnWm1MX1BsSXBidmRwajdmM3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBWgQMA0G
CSqGSIb3DQEBCwUAA4IBAQAjKkeZgpXecjetoAPu8wgSJU6nkBSN3RlDFZcRyYHn
ZquN5iniDEZ5Dn9TfYeqlFccRAUm2cd/4qR8QjKd++M0FtiKBKLZo4mExZlWFSgA
fMmAY0CC99c1BVA9gr8HuFGBoJO01CdyQdAwqaUecX4bOZ9An5+CSkhxvDnpAyDN
RpJtLMTknPAWMVXkk5gZZPXSkqgJVjKquUjvVIDqWb2ybyKaU0U61C62Rbgk1vRz
Bu6DfIVPFOf1YzwkmRPyD0+gUAcetVxibRMdtlqXT3TVuTlYbaHD8IoX6w1owh6t
4fHbJSor0SeWj7IcWESWgnja13Dsa3LZmKVRGoBxwcC4
-----END CERTIFICATE-----