Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UZ9fzuPrquX6_Ftn_WGZjVEg_po.roa
File:                     UZ9fzuPrquX6_Ftn_WGZjVEg_po.roa (raw, json)
Hash identifier:          Y0KdOMn1Hql8iPmk4RQmsejACyFByQQNnYI7w3/SUTw=
Subject key identifier:   51:9F:5F:CE:E3:EB:AA:E5:FA:FC:5B:67:FD:61:99:8D:51:20:FE:9A
Certificate issuer:       /CN=50980fb6ade858f2652e736993126c85759f06d9
Certificate serial:       018CC727276CD3371A963E61F3B940D3FF4D
Authority key identifier: 50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UZ9fzuPrquX6_Ftn_WGZjVEg_po.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        5.252.191.0/24 maxlen: 24
                          5.252.190.0/24 maxlen: 24
                          5.252.189.0/24 maxlen: 24
                          5.252.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:27:6c:d3:37:1a:96:3e:61:f3:b9:40:d3:ff:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50980fb6ade858f2652e736993126c85759f06d9
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=519f5fcee3ebaae5fafc5b67fd61998d5120fe9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:2b:d5:11:43:64:1b:01:96:87:ad:e9:8e:00:
                    ac:e6:41:d9:4d:a6:df:e9:20:d5:fc:b2:ba:63:a4:
                    8c:ae:06:aa:cf:e8:d6:6e:12:df:e1:45:cc:f5:8c:
                    4e:15:7f:d9:af:fc:cb:e3:88:bf:70:95:05:cd:97:
                    27:ba:84:a4:3c:38:37:21:76:be:65:fd:d3:9e:18:
                    6c:69:24:d2:8a:ac:58:dd:45:b9:1c:86:80:c6:67:
                    42:dc:e0:19:06:bd:13:a2:0a:ec:cb:e4:ab:3c:64:
                    26:fa:5e:c4:fe:8b:14:1f:d8:26:98:26:9d:e8:32:
                    34:51:29:fa:d0:e6:c7:55:87:8a:69:8c:83:5a:3c:
                    1b:64:60:50:e6:38:98:52:f8:8d:97:ab:1c:06:80:
                    e5:43:8d:10:9d:7f:13:c5:9f:e6:4c:17:fb:dc:2f:
                    c9:ec:2a:47:dd:a1:44:cf:c8:c8:f0:93:8e:eb:64:
                    96:73:44:6c:84:3c:86:10:04:72:ba:66:12:34:a3:
                    71:83:11:83:aa:b3:fe:8f:ad:9e:59:8c:16:1c:9e:
                    b1:1d:6e:f5:c4:28:ae:fa:00:33:ef:3c:71:a6:81:
                    63:0f:65:13:bf:53:f1:d3:d4:33:c3:4b:0b:f4:0d:
                    15:d8:3b:2f:f7:d0:71:12:6c:4c:a4:d3:7d:a7:4f:
                    8e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:9F:5F:CE:E3:EB:AA:E5:FA:FC:5B:67:FD:61:99:8D:51:20:FE:9A
            X509v3 Authority Key Identifier:
                keyid:50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UZ9fzuPrquX6_Ftn_WGZjVEg_po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:77:9b:3b:6b:12:77:20:0c:f0:f2:20:20:49:dd:ed:94:9d:
         a1:98:d7:35:14:28:dd:c6:9a:8b:75:c2:98:27:af:bd:dc:2e:
         9c:6b:d3:69:af:16:b4:92:82:41:6f:b2:3d:50:b3:c7:53:c2:
         62:d4:fe:97:ad:81:3f:d8:91:6f:d1:86:29:0c:0f:6b:2e:ad:
         28:41:6b:7c:0d:52:bd:1c:1e:13:95:35:a8:dd:36:dd:5e:a8:
         3f:51:33:5e:70:fe:83:55:21:7d:ea:38:08:7b:54:0f:f6:6a:
         35:82:d9:4c:fe:62:9b:2b:88:90:a1:79:1c:e4:89:92:24:64:
         8e:3c:3e:6a:c1:9e:04:39:44:18:f5:15:19:c1:a7:6a:cf:7b:
         90:eb:0f:81:9d:42:a9:6f:57:6f:f1:84:60:34:b3:a8:5b:ae:
         2c:7d:9d:96:93:3f:18:cb:6e:03:94:a2:00:9c:ab:26:b9:6d:
         cb:82:23:02:6a:7b:cc:1b:19:f0:f3:2d:e0:0d:6f:a0:34:6e:
         81:56:2b:19:c0:b7:43:7e:7a:95:a1:64:1b:7c:9d:e3:cf:ed:
         1c:38:9c:1f:57:57:50:dd:45:7a:1e:8f:59:23:0a:be:c4:9c:
         7d:1d:01:e7:92:e3:8b:64:a4:28:1d:65:68:fd:fb:03:f9:81:
         3a:2f:fc:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyds0zcalj5h87lA0/9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOTgwZmI2YWRlODU4ZjI2NTJlNzM2OTkzMTI2Yzg1NzU5
ZjA2ZDkwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTlmNWZjZWUzZWJhYWU1ZmFmYzViNjdmZDYxOTk4ZDUxMjBmZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SvVEUNkGwGWh63pjgCs5kHZTabf
6SDV/LK6Y6SMrgaqz+jWbhLf4UXM9YxOFX/Zr/zL44i/cJUFzZcnuoSkPDg3IXa+
Zf3TnhhsaSTSiqxY3UW5HIaAxmdC3OAZBr0Togrsy+SrPGQm+l7E/osUH9gmmCad
6DI0USn60ObHVYeKaYyDWjwbZGBQ5jiYUviNl6scBoDlQ40QnX8TxZ/mTBf73C/J
7CpH3aFEz8jI8JOO62SWc0RshDyGEARyumYSNKNxgxGDqrP+j62eWYwWHJ6xHW71
xCiu+gAz7zxxpoFjD2UTv1Px09Qzw0sL9A0V2Dsv99BxEmxMpNN9p0+OlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGfX87j66rl+vxbZ/1hmY1RIP6aMB8GA1UdIwQY
MBaAFFCYD7at6FjyZS5zaZMSbIV1nwbZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEt
Y2NhNzlhNjk4MjBhLzEvVVo5Znp1UHJxdVg2X0Z0bl9XR1pqVkVnX3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEtY2NhNzlhNjk4MjBh
LzEvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfy8MA0G
CSqGSIb3DQEBCwUAA4IBAQBrd5s7axJ3IAzw8iAgSd3tlJ2hmNc1FCjdxpqLdcKY
J6+93C6ca9Nprxa0koJBb7I9ULPHU8Ji1P6XrYE/2JFv0YYpDA9rLq0oQWt8DVK9
HB4TlTWo3TbdXqg/UTNecP6DVSF96jgIe1QP9mo1gtlM/mKbK4iQoXkc5ImSJGSO
PD5qwZ4EOUQY9RUZwadqz3uQ6w+BnUKpb1dv8YRgNLOoW64sfZ2Wkz8Yy24DlKIA
nKsmuW3LgiMCanvMGxnw8y3gDW+gNG6BVisZwLdDfnqVoWQbfJ3jz+0cOJwfV1dQ
3UV6Ho9ZIwq+xJx9HQHnkuOLZKQoHWVo/fsD+YE6L/z8
-----END CERTIFICATE-----