Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/5rE7-I7gVfn9UB3Wal0MYmMSNhI.roa
File:                     5rE7-I7gVfn9UB3Wal0MYmMSNhI.roa (raw, json)
Hash identifier:          d54v7S3s82Jw66vW0W9RPxiVpD7BU+aHtuMC1ZquvYo=
Subject key identifier:   E6:B1:3B:F8:8E:E0:55:F9:FD:50:1D:D6:6A:5D:0C:62:63:12:36:12
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD54F57CEE51E61CF0DF1553BED1E5
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/5rE7-I7gVfn9UB3Wal0MYmMSNhI.roa
Signing time:             Thu 02 Jan 2025 07:49:06 +0000
ROA not before:           Thu 02 Jan 2025 07:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44704
IP address blocks:        193.232.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:54:f5:7c:ee:51:e6:1c:f0:df:15:53:be:d1:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6b13bf88ee055f9fd501dd66a5d0c6263123612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3a:98:80:77:84:3d:35:d3:0f:77:e0:70:e5:
                    a7:02:17:60:5f:b7:8c:e1:1f:b4:64:bf:7f:13:ba:
                    ce:5f:99:cb:96:5f:e8:8e:bf:d5:ee:1d:ce:36:b7:
                    a0:c4:37:99:db:ff:6f:5a:04:53:bb:0c:c2:ae:20:
                    56:ab:10:3f:32:07:d9:c8:73:bd:47:19:ce:e3:94:
                    50:67:29:a3:b9:c8:47:cb:3e:4c:cb:c0:3e:c8:20:
                    42:1b:ff:37:fe:4b:5a:68:4c:0e:b9:f3:db:a5:d5:
                    cb:7e:c0:d8:69:d4:5b:9e:f7:01:80:c9:a1:cc:91:
                    c1:44:0e:1a:b5:c0:63:7d:f5:a0:a3:b0:6b:3c:88:
                    33:82:29:c7:96:5b:18:02:b0:2b:2d:36:1a:c3:02:
                    f6:51:c8:e3:c4:c7:3f:5f:cd:6d:b5:31:f3:49:f4:
                    67:c6:5d:d8:ef:70:ce:c6:eb:8d:42:9e:d8:c4:d6:
                    16:5b:d1:7e:99:b9:19:47:b4:43:cf:c9:e9:97:30:
                    da:4f:7c:2a:d9:c4:62:a0:4f:ad:70:56:7b:2f:1f:
                    86:ba:66:e6:e5:34:18:0c:29:cf:48:26:03:ef:44:
                    fa:dd:56:0c:81:bd:a7:b0:9c:d5:e6:2a:cd:ff:f3:
                    64:d3:f3:fd:b6:11:a8:f5:5a:2e:79:74:d9:8b:cd:
                    29:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:B1:3B:F8:8E:E0:55:F9:FD:50:1D:D6:6A:5D:0C:62:63:12:36:12
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/5rE7-I7gVfn9UB3Wal0MYmMSNhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:28:b9:b4:17:d8:9e:d5:a8:8a:5c:c7:95:dd:1d:09:bb:61:
         99:cf:4a:ba:51:ae:c2:b5:a9:af:55:7e:7e:b4:e3:ac:02:8c:
         4c:a7:4f:77:13:f9:79:a5:f2:d6:5e:8d:a1:9d:7c:28:30:0d:
         4c:ed:27:c1:02:dc:83:4e:52:af:71:5a:47:8b:46:89:a1:6e:
         99:6d:d7:78:50:58:29:05:8c:69:d4:04:ac:01:bb:cb:bb:f4:
         41:03:85:20:f6:ab:d6:a9:1e:4e:a3:32:e5:4f:09:d6:f6:68:
         4b:fe:76:3d:2e:aa:a7:30:d3:ec:ec:b7:d6:a5:07:4a:bb:45:
         f3:8e:99:bd:d0:d7:29:90:22:90:18:49:c8:af:de:97:63:4a:
         36:d3:b8:74:8f:4e:b8:78:4d:e6:df:76:2e:e3:35:13:43:90:
         7e:ac:fc:af:20:97:a2:27:69:7d:80:3d:a3:36:bf:2b:db:70:
         cc:2a:ae:8d:74:1d:af:e3:45:bb:ae:3b:6d:a9:6f:24:47:ab:
         3a:b9:41:dd:f4:38:00:93:e6:05:ea:14:b0:52:a1:c8:9a:3e:
         20:b8:f5:0c:38:c3:69:3a:be:50:fe:6f:87:e3:a2:82:39:4c:
         0e:17:6c:91:92:46:a9:a7:ce:74:a3:dc:11:9c:66:c3:a5:61:
         fe:2b:1c:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/VT1fO5R5hzw3xVTvtHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmIxM2JmODhlZTA1NWY5ZmQ1MDFkZDY2YTVkMGM2MjYzMTIzNjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjqYgHeEPTXTD3fgcOWnAhdgX7eM
4R+0ZL9/E7rOX5nLll/ojr/V7h3ONregxDeZ2/9vWgRTuwzCriBWqxA/MgfZyHO9
RxnO45RQZymjuchHyz5My8A+yCBCG/83/ktaaEwOufPbpdXLfsDYadRbnvcBgMmh
zJHBRA4atcBjffWgo7BrPIgzginHllsYArArLTYawwL2UcjjxMc/X81ttTHzSfRn
xl3Y73DOxuuNQp7YxNYWW9F+mbkZR7RDz8nplzDaT3wq2cRioE+tcFZ7Lx+Gumbm
5TQYDCnPSCYD70T63VYMgb2nsJzV5irN//Nk0/P9thGo9VoueXTZi80pRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaxO/iO4FX5/VAd1mpdDGJjEjYSMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvNXJFNy1JN2dWZm45VUIzV2FsME1ZbU1TTmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwehsMA0G
CSqGSIb3DQEBCwUAA4IBAQC0KLm0F9ie1aiKXMeV3R0Ju2GZz0q6Ua7CtamvVX5+
tOOsAoxMp093E/l5pfLWXo2hnXwoMA1M7SfBAtyDTlKvcVpHi0aJoW6Zbdd4UFgp
BYxp1ASsAbvLu/RBA4Ug9qvWqR5OozLlTwnW9mhL/nY9LqqnMNPs7LfWpQdKu0Xz
jpm90NcpkCKQGEnIr96XY0o207h0j064eE3m33Yu4zUTQ5B+rPyvIJeiJ2l9gD2j
Nr8r23DMKq6NdB2v40W7rjttqW8kR6s6uUHd9DgAk+YF6hSwUqHImj4guPUMOMNp
Or5Q/m+H46KCOUwOF2yRkkapp850o9wRnGbDpWH+Kxyp
-----END CERTIFICATE-----