Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/U98Pywp0SW8RSqZF3Ge6Si9krK0.roa
File:                     U98Pywp0SW8RSqZF3Ge6Si9krK0.roa (raw, json)
Hash identifier:          O0xR8BO72Q1293Dodh+ahx0zgwd8SQ9b7GDuhK6uN4w=
Subject key identifier:   53:DF:0F:CB:0A:74:49:6F:11:4A:A6:45:DC:67:BA:4A:2F:64:AC:AD
Certificate issuer:       /CN=27f958c3b759b2c7896f5ed663e807781f3ff5a2
Certificate serial:       019424B273B1C662AC8E497D2F3DDC8DCBB0
Authority key identifier: 27:F9:58:C3:B7:59:B2:C7:89:6F:5E:D6:63:E8:07:78:1F:3F:F5:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_lYw7dZsseJb17WY-gHeB8_9aI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/U98Pywp0SW8RSqZF3Ge6Si9krK0.roa
Signing time:             Thu 02 Jan 2025 01:47:42 +0000
ROA not before:           Thu 02 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210168
IP address blocks:        5.1.127.0/24 maxlen: 24
                          2a02:e747::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/J_lYw7dZsseJb17WY-gHeB8_9aI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/J_lYw7dZsseJb17WY-gHeB8_9aI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_lYw7dZsseJb17WY-gHeB8_9aI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:73:b1:c6:62:ac:8e:49:7d:2f:3d:dc:8d:cb:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27f958c3b759b2c7896f5ed663e807781f3ff5a2
        Validity
            Not Before: Jan  2 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53df0fcb0a74496f114aa645dc67ba4a2f64acad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:53:90:f4:e6:b8:a6:48:4f:7c:e6:ec:37:fe:
                    6f:ff:76:74:c2:64:fe:1d:ac:61:bf:13:0f:e1:87:
                    19:df:93:7f:3e:03:5d:8f:dd:c0:d2:66:29:89:4e:
                    a9:59:94:3e:eb:78:ed:0c:e4:2e:7d:14:19:8f:a7:
                    73:1e:15:9e:da:1b:17:7f:8c:d7:9f:76:46:d2:7c:
                    e4:c8:dd:96:c4:a1:0f:d5:1c:89:b5:42:e0:ae:f7:
                    03:81:aa:f9:aa:88:db:60:11:3d:84:ac:7f:46:f6:
                    8a:6f:c1:ea:21:3b:45:51:44:4d:48:6a:66:5a:a5:
                    fd:aa:15:4e:8b:f3:a1:92:47:fd:93:96:ba:21:bd:
                    74:1e:7e:3d:0d:14:13:31:86:bf:22:30:b6:51:1c:
                    e3:ad:3e:42:ed:e7:93:5b:c2:de:3f:2f:41:75:c3:
                    37:a4:f7:d7:1a:f9:48:6b:c6:39:ce:26:2e:22:fc:
                    b8:89:b8:2b:09:b1:0a:e6:3f:c4:71:71:8b:9b:72:
                    9e:82:0d:b8:db:39:ec:0c:25:70:2f:c0:6c:69:43:
                    3d:0b:8d:d8:f9:56:55:2c:6f:c7:50:d2:26:59:84:
                    d2:98:f6:77:d1:26:d7:17:f3:12:90:2a:d1:ac:5b:
                    6a:da:6c:7c:6c:15:3b:1b:66:bb:6a:db:d1:07:9a:
                    96:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:DF:0F:CB:0A:74:49:6F:11:4A:A6:45:DC:67:BA:4A:2F:64:AC:AD
            X509v3 Authority Key Identifier:
                keyid:27:F9:58:C3:B7:59:B2:C7:89:6F:5E:D6:63:E8:07:78:1F:3F:F5:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_lYw7dZsseJb17WY-gHeB8_9aI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/U98Pywp0SW8RSqZF3Ge6Si9krK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/J_lYw7dZsseJb17WY-gHeB8_9aI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.127.0/24
                IPv6:
                  2a02:e747::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:40:67:45:39:88:54:d9:e6:a5:15:16:b7:40:56:b8:7f:aa:
         73:15:60:74:df:9e:48:ad:6c:92:a0:42:29:ab:35:bc:40:be:
         fa:ad:58:9e:a6:08:26:e6:05:f7:09:c1:a1:0a:4b:86:49:ee:
         ec:89:23:04:b3:71:86:e4:e7:ef:d4:d3:54:55:96:b5:2c:4c:
         41:fa:e7:d3:04:92:f4:22:13:2c:54:29:ec:ba:cd:93:5f:8b:
         9a:db:4a:54:58:b1:94:14:10:45:94:1a:7c:8f:25:42:84:7b:
         5b:3a:45:23:f3:43:fc:7d:85:61:14:d3:63:21:f3:7b:1b:f8:
         99:a1:28:4d:9d:b0:51:4b:d0:34:a7:fe:85:57:9d:ee:4a:55:
         75:e4:e4:15:c4:d2:47:88:84:00:3e:73:2e:53:6f:99:0f:62:
         3a:24:38:11:58:14:d7:a4:28:c3:7e:4c:88:99:97:f2:8d:d5:
         98:31:14:9c:43:a9:bd:b6:df:29:d6:8f:d8:52:ad:50:9a:1a:
         af:bc:14:8d:9c:47:a3:0d:7b:fd:15:f7:93:cc:cb:0c:3c:eb:
         26:19:a3:6a:06:e7:d2:f3:da:fc:01:bc:72:f5:98:0b:49:93:
         7f:59:64:ac:ca:9f:0d:2c:e8:77:75:df:46:d2:0a:76:ad:5c:
         22:9b:bd:fe
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQksnOxxmKsjkl9Lz3cjcuwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3Zjk1OGMzYjc1OWIyYzc4OTZmNWVkNjYzZTgwNzc4MWYz
ZmY1YTIwHhcNMjUwMTAyMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2RmMGZjYjBhNzQ0OTZmMTE0YWE2NDVkYzY3YmE0YTJmNjRhY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVOQ9Oa4pkhPfObsN/5v/3Z0wmT+
HaxhvxMP4YcZ35N/PgNdj93A0mYpiU6pWZQ+63jtDOQufRQZj6dzHhWe2hsXf4zX
n3ZG0nzkyN2WxKEP1RyJtULgrvcDgar5qojbYBE9hKx/RvaKb8HqITtFUURNSGpm
WqX9qhVOi/Ohkkf9k5a6Ib10Hn49DRQTMYa/IjC2URzjrT5C7eeTW8LePy9BdcM3
pPfXGvlIa8Y5ziYuIvy4ibgrCbEK5j/EcXGLm3Kegg242znsDCVwL8BsaUM9C43Y
+VZVLG/HUNImWYTSmPZ30SbXF/MSkCrRrFtq2mx8bBU7G2a7atvRB5qWlQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFPfD8sKdElvEUqmRdxnukovZKytMB8GA1UdIwQY
MBaAFCf5WMO3WbLHiW9e1mPoB3gfP/WiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl9sWXc3ZFpzc2VKYjE3V1ktZ0hlQjhfOWFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9jZGJmYmQtZWQ2Ny00NGI3LTllMWYt
YjI5MTA3Yjk4YWNjLzEvVTk4UHl3cDBTVzhSU3FaRjNHZTZTaTlrckswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9jZGJmYmQtZWQ2Ny00NGI3LTllMWYtYjI5MTA3Yjk4YWNj
LzEvSl9sWXc3ZFpzc2VKYjE3V1ktZ0hlQjhfOWFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABQF/MA8E
AgACMAkDBwAqAudHAAAwDQYJKoZIhvcNAQELBQADggEBAAdAZ0U5iFTZ5qUVFrdA
Vrh/qnMVYHTfnkitbJKgQimrNbxAvvqtWJ6mCCbmBfcJwaEKS4ZJ7uyJIwSzcYbk
5+/U01RVlrUsTEH659MEkvQiEyxUKey6zZNfi5rbSlRYsZQUEEWUGnyPJUKEe1s6
RSPzQ/x9hWEU02Mh83sb+JmhKE2dsFFL0DSn/oVXne5KVXXk5BXE0keIhAA+cy5T
b5kPYjokOBFYFNekKMN+TIiZl/KN1ZgxFJxDqb223ynWj9hSrVCaGq+8FI2cR6MN
e/0V95PMyww86yYZo2oG59Lz2vwBvHL1mAtJk39ZZKzKnw0s6Hd130bSCnatXCKb
vf4=
-----END CERTIFICATE-----