Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/SO_HUTd0-Gl9BaYzrqlfSWa_QVQ.roa
File:                     SO_HUTd0-Gl9BaYzrqlfSWa_QVQ.roa (raw, json)
Hash identifier:          EkHZRdEzR6KVt391UlNURvABOCf18xzs/st+hIUFqMI=
Subject key identifier:   48:EF:C7:51:37:74:F8:69:7D:05:A6:33:AE:A9:5F:49:66:BF:41:54
Certificate issuer:       /CN=f2ee5b6849c8c81f5a763595588a6ba6821e767b
Certificate serial:       0190558B6ABC13D1B601384F1ADDA08EE0BE
Authority key identifier: F2:EE:5B:68:49:C8:C8:1F:5A:76:35:95:58:8A:6B:A6:82:1E:76:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8u5baEnIyB9adjWVWIprpoIedns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/SO_HUTd0-Gl9BaYzrqlfSWa_QVQ.roa
Signing time:             Wed 26 Jun 2024 17:15:18 +0000
ROA not before:           Wed 26 Jun 2024 17:15:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212559
IP address blocks:        5.252.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/8u5baEnIyB9adjWVWIprpoIedns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/8u5baEnIyB9adjWVWIprpoIedns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8u5baEnIyB9adjWVWIprpoIedns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:55:8b:6a:bc:13:d1:b6:01:38:4f:1a:dd:a0:8e:e0:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2ee5b6849c8c81f5a763595588a6ba6821e767b
        Validity
            Not Before: Jun 26 17:15:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48efc7513774f8697d05a633aea95f4966bf4154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:67:7f:9c:11:d7:67:63:7e:d3:45:d8:ed:17:
                    df:7d:88:9e:15:07:12:a1:ea:5b:5f:6a:86:26:88:
                    94:9b:2c:ae:5a:2f:3e:9f:9f:77:01:56:e0:e3:d1:
                    f7:b6:ad:28:77:44:de:f4:5a:99:fe:92:28:70:03:
                    ac:65:f7:c4:8a:02:0c:ea:af:ce:37:35:92:c1:e2:
                    a1:27:bd:ae:66:d9:f8:f0:02:03:68:08:6e:dd:25:
                    b9:09:11:38:b6:28:59:f4:58:6a:c7:fd:10:75:33:
                    01:0b:a2:84:8a:70:1e:e9:ac:8a:88:d7:c9:e8:18:
                    cd:87:d7:56:f5:64:e6:bf:8c:61:86:82:ab:1f:d3:
                    d5:98:eb:bf:25:eb:6a:73:de:8c:f9:45:5d:c9:ed:
                    11:a3:ab:f0:70:c1:bc:54:f7:47:6e:b2:7e:ba:ce:
                    f2:f1:f2:d3:d3:29:2b:9d:15:94:09:f1:cc:c9:56:
                    df:ce:f3:5f:bf:86:c2:3b:be:0e:f3:93:83:45:48:
                    70:f0:0a:92:2d:20:a5:73:07:76:4e:db:5a:d3:63:
                    6c:8d:18:3e:b1:c4:7e:c6:44:32:26:cf:2d:34:dc:
                    f3:ac:b3:57:ad:18:3f:bf:2a:12:1e:ab:af:1f:17:
                    a3:ea:43:b2:4f:52:8c:d4:83:21:6a:24:aa:73:67:
                    be:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:EF:C7:51:37:74:F8:69:7D:05:A6:33:AE:A9:5F:49:66:BF:41:54
            X509v3 Authority Key Identifier:
                keyid:F2:EE:5B:68:49:C8:C8:1F:5A:76:35:95:58:8A:6B:A6:82:1E:76:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8u5baEnIyB9adjWVWIprpoIedns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/SO_HUTd0-Gl9BaYzrqlfSWa_QVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/8u5baEnIyB9adjWVWIprpoIedns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:32:c6:fc:eb:25:66:d7:2e:c9:3b:b0:de:a8:26:cc:47:1f:
         62:3c:a4:7b:52:66:85:17:48:2c:a5:ad:72:9d:f9:4a:1f:16:
         d7:1e:e8:4b:9a:e9:b0:69:89:fd:3e:7e:26:71:c0:cc:bd:4d:
         16:3d:27:66:67:b0:eb:30:11:df:d3:25:8f:dc:6a:a8:fa:ef:
         e4:77:3c:f8:c3:a1:aa:69:6b:94:7b:3f:0e:ec:c3:0c:ce:e4:
         de:57:58:a5:16:4d:db:a3:56:e2:c9:b0:55:de:48:1f:db:25:
         44:4a:21:c1:80:a5:bd:f4:4d:8c:3a:1c:c8:78:47:65:ba:ab:
         d3:fe:83:89:1b:47:d3:5b:7a:01:9f:40:24:7a:38:6c:4d:af:
         43:58:06:b2:5f:38:06:b6:3a:c1:32:e4:6c:e7:4f:17:88:64:
         7a:a4:46:00:ef:6b:0d:14:4d:8b:2a:0c:ce:59:34:67:3c:2e:
         ad:8b:ef:58:60:ab:0c:71:57:f7:10:b4:2c:3b:f4:65:7c:3b:
         6d:14:87:6d:a4:b3:89:a4:92:93:66:57:a8:3b:19:1f:ae:74:
         ad:a1:cc:a2:a8:5d:6d:08:c0:45:5f:28:a6:ef:d4:43:92:fa:
         99:97:fb:fa:70:f3:a4:c6:a9:cd:87:d7:62:8b:d3:0b:0e:04:
         1c:94:51:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBVi2q8E9G2AThPGt2gjuC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZWU1YjY4NDljOGM4MWY1YTc2MzU5NTU4OGE2YmE2ODIx
ZTc2N2IwHhcNMjQwNjI2MTcxNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGVmYzc1MTM3NzRmODY5N2QwNWE2MzNhZWE5NWY0OTY2YmY0MTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1md/nBHXZ2N+00XY7RfffYieFQcS
oepbX2qGJoiUmyyuWi8+n593AVbg49H3tq0od0Te9FqZ/pIocAOsZffEigIM6q/O
NzWSweKhJ72uZtn48AIDaAhu3SW5CRE4tihZ9Fhqx/0QdTMBC6KEinAe6ayKiNfJ
6BjNh9dW9WTmv4xhhoKrH9PVmOu/Jetqc96M+UVdye0Ro6vwcMG8VPdHbrJ+us7y
8fLT0ykrnRWUCfHMyVbfzvNfv4bCO74O85ODRUhw8AqSLSClcwd2Ttta02NsjRg+
scR+xkQyJs8tNNzzrLNXrRg/vyoSHquvHxej6kOyT1KM1IMhaiSqc2e+tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEjvx1E3dPhpfQWmM66pX0lmv0FUMB8GA1UdIwQY
MBaAFPLuW2hJyMgfWnY1lViKa6aCHnZ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHU1YmFFbkl5QjlhZGpXVldJcHJwb0llZG5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wMDJhODgtM2E4NS00NzZmLWI0NTIt
NjBhMDM5ZGQxYmNhLzEvU09fSFVUZDAtR2w5QmFZenJxbGZTV2FfUVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wMDJhODgtM2E4NS00NzZmLWI0NTItNjBhMDM5ZGQxYmNh
LzEvOHU1YmFFbkl5QjlhZGpXVldJcHJwb0llZG5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfwSMA0G
CSqGSIb3DQEBCwUAA4IBAQAZMsb86yVm1y7JO7DeqCbMRx9iPKR7UmaFF0gspa1y
nflKHxbXHuhLmumwaYn9Pn4mccDMvU0WPSdmZ7DrMBHf0yWP3Gqo+u/kdzz4w6Gq
aWuUez8O7MMMzuTeV1ilFk3bo1biybBV3kgf2yVESiHBgKW99E2MOhzIeEdluqvT
/oOJG0fTW3oBn0AkejhsTa9DWAayXzgGtjrBMuRs508XiGR6pEYA72sNFE2LKgzO
WTRnPC6ti+9YYKsMcVf3ELQsO/RlfDttFIdtpLOJpJKTZleoOxkfrnStocyiqF1t
CMBFXyim79RDkvqZl/v6cPOkxqnNh9dii9MLDgQclFF6
-----END CERTIFICATE-----