Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/5-LdegbBxKQtUzYhU_eCIvPEaSU.roa
File:                     5-LdegbBxKQtUzYhU_eCIvPEaSU.roa (raw, json)
Hash identifier:          P+UUaet9A3DPospwlQybCpBsJ5DTQfNPoHJlQgfKeB4=
Subject key identifier:   E7:E2:DD:7A:06:C1:C4:A4:2D:53:36:21:53:F7:82:22:F3:C4:69:25
Certificate issuer:       /CN=542d971ad3c2e438d4a312d1a1de751810aca4e0
Certificate serial:       01941F8C45080AB8199DDEDF2440412DC45B
Authority key identifier: 54:2D:97:1A:D3:C2:E4:38:D4:A3:12:D1:A1:DE:75:18:10:AC:A4:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VC2XGtPC5DjUoxLRod51GBCspOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/5-LdegbBxKQtUzYhU_eCIvPEaSU.roa
Signing time:             Wed 01 Jan 2025 01:47:53 +0000
ROA not before:           Wed 01 Jan 2025 01:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209490
IP address blocks:        171.22.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/VC2XGtPC5DjUoxLRod51GBCspOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/VC2XGtPC5DjUoxLRod51GBCspOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VC2XGtPC5DjUoxLRod51GBCspOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:45:08:0a:b8:19:9d:de:df:24:40:41:2d:c4:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=542d971ad3c2e438d4a312d1a1de751810aca4e0
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7e2dd7a06c1c4a42d53362153f78222f3c46925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5e:5e:66:24:e8:aa:7d:9c:e0:a8:17:7e:57:
                    3b:10:dc:24:b8:17:dc:0c:4d:5a:4b:cb:c7:71:09:
                    ae:43:4a:07:68:46:a4:a0:74:06:23:2b:e2:b8:2a:
                    a4:0d:a2:34:a7:88:86:94:c9:47:84:53:44:27:23:
                    f0:8a:91:b0:13:38:c9:3c:a2:34:80:23:c3:cf:30:
                    26:7c:50:77:21:e3:a7:7d:65:27:7b:55:ea:1d:0c:
                    3e:16:4a:25:e7:c5:3d:91:2d:5e:dd:64:ec:ee:c3:
                    d0:c3:4c:84:28:fa:af:45:d2:da:de:52:2f:2e:10:
                    a7:68:ed:26:8e:51:59:4f:e5:9e:f5:20:d0:08:03:
                    1d:35:b5:79:cc:85:89:d9:53:91:d8:b1:a8:b3:7f:
                    76:5d:9c:95:43:42:fb:68:55:84:b7:9b:f8:97:4b:
                    15:0b:a3:2b:bc:31:c9:e5:61:cd:81:f7:ff:df:9b:
                    0c:fa:19:c8:f0:2e:14:39:32:be:cf:ee:95:70:cc:
                    df:8f:43:19:43:c7:f2:a6:2a:a6:05:10:85:af:2b:
                    73:8d:97:c4:4a:60:6a:bf:11:23:b2:fe:9f:7f:5c:
                    ae:e4:a9:04:c8:33:51:20:66:75:47:09:fe:5d:dc:
                    f4:1d:56:fe:12:34:e1:e0:68:5c:bd:15:e4:74:a0:
                    c2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E2:DD:7A:06:C1:C4:A4:2D:53:36:21:53:F7:82:22:F3:C4:69:25
            X509v3 Authority Key Identifier:
                keyid:54:2D:97:1A:D3:C2:E4:38:D4:A3:12:D1:A1:DE:75:18:10:AC:A4:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC2XGtPC5DjUoxLRod51GBCspOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/5-LdegbBxKQtUzYhU_eCIvPEaSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/VC2XGtPC5DjUoxLRod51GBCspOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:6f:38:7c:2e:10:1a:9a:06:81:72:50:da:1c:49:3b:98:33:
         7b:20:b7:05:0c:e1:71:52:4e:8c:13:d9:4e:f0:b6:a2:e8:db:
         59:3d:08:7f:7c:9d:9a:46:c8:4a:7c:ca:fe:56:d3:86:35:3c:
         39:56:34:c8:f7:8e:60:95:1d:48:ba:fa:7f:52:5b:0b:c5:c0:
         fe:0d:3c:04:6c:84:21:ef:3a:49:ee:94:1a:c1:c5:94:2b:b6:
         61:83:47:4b:e4:89:21:c9:e1:a0:ef:50:d5:ca:50:f8:37:40:
         83:b9:23:f4:ae:7e:ef:fa:39:cf:d2:2c:99:9d:a6:22:1d:f5:
         ab:2c:eb:48:68:6c:c9:5a:fb:5b:3d:89:9d:be:3b:5e:3d:4c:
         aa:e7:17:63:51:6b:b5:75:4c:bf:95:54:7e:1a:0c:60:25:69:
         d9:6b:0b:e7:ab:1b:39:d4:35:17:36:e5:aa:a6:e8:cf:56:0a:
         38:ad:af:78:f8:8a:e0:d8:1f:25:c0:fc:da:23:59:04:7d:c2:
         c1:75:b7:61:d7:a6:b0:13:fc:d1:3c:c2:6a:21:61:f3:5a:73:
         61:5b:d2:ca:09:2d:c7:b4:18:2a:60:6c:b3:69:f2:7d:fd:c2:
         eb:73:f5:aa:fa:85:d6:32:a9:47:25:e1:29:d6:62:8e:3c:af:
         0b:52:f3:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjEUICrgZnd7fJEBBLcRbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmQ5NzFhZDNjMmU0MzhkNGEzMTJkMWExZGU3NTE4MTBh
Y2E0ZTAwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2UyZGQ3YTA2YzFjNGE0MmQ1MzM2MjE1M2Y3ODIyMmYzYzQ2OTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF5eZiToqn2c4KgXflc7ENwkuBfc
DE1aS8vHcQmuQ0oHaEakoHQGIyviuCqkDaI0p4iGlMlHhFNEJyPwipGwEzjJPKI0
gCPDzzAmfFB3IeOnfWUne1XqHQw+Fkol58U9kS1e3WTs7sPQw0yEKPqvRdLa3lIv
LhCnaO0mjlFZT+We9SDQCAMdNbV5zIWJ2VOR2LGos392XZyVQ0L7aFWEt5v4l0sV
C6MrvDHJ5WHNgff/35sM+hnI8C4UOTK+z+6VcMzfj0MZQ8fypiqmBRCFrytzjZfE
SmBqvxEjsv6ff1yu5KkEyDNRIGZ1Rwn+Xdz0HVb+EjTh4GhcvRXkdKDC4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfi3XoGwcSkLVM2IVP3giLzxGklMB8GA1UdIwQY
MBaAFFQtlxrTwuQ41KMS0aHedRgQrKTgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkMyWEd0UEM1RGpVb3hMUm9kNTFHQkNzcE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85ZGRjOWQtNjBjNy00YmNiLTkxOWEt
MzQwODA4OWVkYzQ1LzEvNS1MZGVnYkJ4S1F0VXpZaFVfZUNJdlBFYVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85ZGRjOWQtNjBjNy00YmNiLTkxOWEtMzQwODA4OWVkYzQ1
LzEvVkMyWEd0UEM1RGpVb3hMUm9kNTFHQkNzcE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqxY4MA0G
CSqGSIb3DQEBCwUAA4IBAQBJbzh8LhAamgaBclDaHEk7mDN7ILcFDOFxUk6ME9lO
8Lai6NtZPQh/fJ2aRshKfMr+VtOGNTw5VjTI945glR1Iuvp/UlsLxcD+DTwEbIQh
7zpJ7pQawcWUK7Zhg0dL5IkhyeGg71DVylD4N0CDuSP0rn7v+jnP0iyZnaYiHfWr
LOtIaGzJWvtbPYmdvjtePUyq5xdjUWu1dUy/lVR+GgxgJWnZawvnqxs51DUXNuWq
pujPVgo4ra94+Irg2B8lwPzaI1kEfcLBdbdh16awE/zRPMJqIWHzWnNhW9LKCS3H
tBgqYGyzafJ9/cLrc/Wq+oXWMqlHJeEp1mKOPK8LUvN9
-----END CERTIFICATE-----