Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/5_wrTSOzkEFkkNCOm-aPJQ6g-ks.roa
File:                     5_wrTSOzkEFkkNCOm-aPJQ6g-ks.roa (raw, json)
Hash identifier:          MnzABlRB9zAfXgr3KOIwgG+mPu7rINrzCKmSJs1qoHs=
Subject key identifier:   E7:FC:2B:4D:23:B3:90:41:64:90:D0:8E:9B:E6:8F:25:0E:A0:FA:4B
Certificate issuer:       /CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
Certificate serial:       0194F0FD5002280028E74D2D702A58301D99
Authority key identifier: 24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/5_wrTSOzkEFkkNCOm-aPJQ6g-ks.roa
Signing time:             Mon 10 Feb 2025 17:52:00 +0000
ROA not before:           Mon 10 Feb 2025 17:52:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4637
IP address blocks:        37.153.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f0:fd:50:02:28:00:28:e7:4d:2d:70:2a:58:30:1d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
        Validity
            Not Before: Feb 10 17:52:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7fc2b4d23b390416490d08e9be68f250ea0fa4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:80:dc:6c:69:4d:78:db:3e:5f:18:58:5a:ce:
                    4e:6c:6d:70:3a:92:12:c9:65:77:6d:1d:ad:ad:5b:
                    e2:9f:6f:ca:d6:1e:36:e6:73:7c:86:24:f9:5d:f9:
                    44:90:52:7c:fb:08:da:85:e5:00:2a:fe:4c:ea:bb:
                    e4:44:eb:39:ed:56:66:84:c4:b6:23:bf:e8:b4:d1:
                    43:51:f9:64:6d:dd:d4:0d:f3:5b:a1:b9:f6:57:33:
                    48:74:30:5d:4b:07:ba:d3:07:1c:aa:99:7d:a7:95:
                    3d:18:d0:7c:60:58:94:73:dd:5b:4b:e4:d0:1a:54:
                    38:54:65:cb:20:71:e9:e5:e0:5f:e4:49:36:fe:9b:
                    26:6d:84:8e:d6:5a:cf:30:fa:ca:d3:1c:0f:91:c1:
                    c2:77:46:54:f5:a6:3d:16:29:32:92:1c:f9:0e:d9:
                    73:3b:b0:ee:ff:f2:65:09:d9:11:54:5c:5e:f6:15:
                    e3:93:7e:dd:d3:be:a9:a1:1c:47:7a:9d:fd:d9:d4:
                    06:9c:ad:ed:4b:81:c4:b4:2a:45:9a:67:96:3c:15:
                    74:ef:b7:bc:f1:c3:4e:20:71:7b:8d:cf:2b:7b:1c:
                    24:0f:d1:ef:f8:30:04:0c:fe:a8:32:cb:cd:04:00:
                    e5:41:9d:60:06:72:a8:c9:80:38:78:3f:76:07:db:
                    6f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:FC:2B:4D:23:B3:90:41:64:90:D0:8E:9B:E6:8F:25:0E:A0:FA:4B
            X509v3 Authority Key Identifier:
                keyid:24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/5_wrTSOzkEFkkNCOm-aPJQ6g-ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:7d:ba:6a:8d:56:a7:90:76:16:eb:65:5c:6f:63:66:1c:87:
         9a:08:a3:d5:32:4c:0d:56:2f:c4:8d:9e:f4:ad:a6:cd:6f:59:
         23:86:f2:4e:49:2f:af:96:c9:10:69:fd:9b:5e:dc:d2:69:3b:
         84:22:2e:a9:bc:f1:d8:48:f2:d9:ad:b8:63:da:bb:68:5c:b9:
         0c:10:83:23:9a:fa:53:55:0d:c5:a3:03:b8:a6:ef:dd:71:2e:
         04:86:05:33:66:78:81:24:9d:5e:c6:50:c8:59:fe:da:18:d7:
         99:fe:15:15:a8:73:03:67:4e:89:0c:0f:50:3f:24:e0:6a:82:
         4f:68:a0:0b:c0:08:5b:af:07:b7:6e:4b:61:ee:d1:de:86:72:
         a2:93:b3:80:67:c5:9f:c6:9e:cf:5a:9b:7c:0f:77:2d:19:fa:
         ab:72:83:99:79:35:60:a4:15:bf:94:40:e9:d9:1f:d3:47:d2:
         ab:03:b6:25:57:f3:52:f2:28:5a:88:3d:bd:b2:bb:80:d0:3f:
         de:4b:c8:6e:75:4f:a6:b0:1e:d0:59:90:15:f6:ef:e8:63:06:
         96:1f:2b:bc:fd:4a:55:d6:4f:86:9d:1a:e8:40:4c:40:bf:9f:
         5f:4a:48:d6:57:62:54:06:fa:d2:fc:88:4e:7e:57:20:6e:24:
         2a:6b:61:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTw/VACKAAo500tcCpYMB2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTViZjljNjFjODVkYjdjOTlhYzRjZGY3OTI1N2U3OTk3
YWI3N2MwHhcNMjUwMjEwMTc1MjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2ZjMmI0ZDIzYjM5MDQxNjQ5MGQwOGU5YmU2OGYyNTBlYTBmYTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04DcbGlNeNs+XxhYWs5ObG1wOpIS
yWV3bR2trVvin2/K1h425nN8hiT5XflEkFJ8+wjaheUAKv5M6rvkROs57VZmhMS2
I7/otNFDUflkbd3UDfNbobn2VzNIdDBdSwe60wccqpl9p5U9GNB8YFiUc91bS+TQ
GlQ4VGXLIHHp5eBf5Ek2/psmbYSO1lrPMPrK0xwPkcHCd0ZU9aY9Fikykhz5Dtlz
O7Du//JlCdkRVFxe9hXjk37d076poRxHep392dQGnK3tS4HEtCpFmmeWPBV077e8
8cNOIHF7jc8rexwkD9Hv+DAEDP6oMsvNBADlQZ1gBnKoyYA4eD92B9tv5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOf8K00js5BBZJDQjpvmjyUOoPpLMB8GA1UdIwQY
MBaAFCQVv5xhyF23yZrEzfeSV+eZerd8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMt
NmExOGRjODgxNmRiLzEvNV93clRTT3prRUZra05DT20tYVBKUTZnLWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMtNmExOGRjODgxNmRi
LzEvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmYMA0G
CSqGSIb3DQEBCwUAA4IBAQB7fbpqjVankHYW62Vcb2NmHIeaCKPVMkwNVi/EjZ70
rabNb1kjhvJOSS+vlskQaf2bXtzSaTuEIi6pvPHYSPLZrbhj2rtoXLkMEIMjmvpT
VQ3FowO4pu/dcS4EhgUzZniBJJ1exlDIWf7aGNeZ/hUVqHMDZ06JDA9QPyTgaoJP
aKALwAhbrwe3bkth7tHehnKik7OAZ8Wfxp7PWpt8D3ctGfqrcoOZeTVgpBW/lEDp
2R/TR9KrA7YlV/NS8ihaiD29sruA0D/eS8hudU+msB7QWZAV9u/oYwaWHyu8/UpV
1k+GnRroQExAv59fSkjWV2JUBvrS/IhOflcgbiQqa2EK
-----END CERTIFICATE-----