Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/5bIFsErhPSlmM37nhrp-eU9l5Y4.roa
File:                     5bIFsErhPSlmM37nhrp-eU9l5Y4.roa (raw, json)
Hash identifier:          W0LEviwE6sQ3/HTSMFGMNopeuLD+ieboT1WS/XkZF1E=
Subject key identifier:   E5:B2:05:B0:4A:E1:3D:29:66:33:7E:E7:86:BA:7E:79:4F:65:E5:8E
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       0194236A0BAFA6AF274C1FC3BB416D762270
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/5bIFsErhPSlmM37nhrp-eU9l5Y4.roa
Signing time:             Wed 01 Jan 2025 19:48:59 +0000
ROA not before:           Wed 01 Jan 2025 19:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42708
IP address blocks:        91.198.200.0/24 maxlen: 24
                          178.212.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:0b:af:a6:af:27:4c:1f:c3:bb:41:6d:76:22:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: Jan  1 19:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5b205b04ae13d2966337ee786ba7e794f65e58e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:74:60:90:46:a3:29:9a:5a:19:f6:20:d8:77:
                    09:68:95:18:75:25:a8:0a:25:76:80:27:b2:8a:50:
                    73:b8:81:85:9d:6a:f2:3b:50:a6:54:e4:62:da:41:
                    f3:83:9c:b6:c1:0d:d8:c6:5b:a0:37:03:6b:14:0d:
                    e4:7a:80:17:9c:2b:e1:f9:85:c5:6f:c9:06:f5:ba:
                    17:54:05:f1:30:ea:fd:27:03:35:5e:f4:a1:66:dc:
                    5c:8d:21:a5:0f:f9:f2:b8:e6:0a:e1:7a:b1:f1:30:
                    00:53:41:59:0c:53:66:a7:77:2f:7a:24:b9:ed:4a:
                    f2:7c:5b:0b:6d:2d:bb:9a:69:e1:b7:04:34:05:6f:
                    bd:09:a1:2c:bb:b4:62:2f:03:46:ed:48:35:e5:16:
                    50:79:5a:a4:40:57:38:8a:69:29:59:26:50:db:b9:
                    d8:c4:46:8e:0d:3f:16:db:72:d5:45:0c:66:53:5c:
                    a1:09:24:4c:a3:91:12:89:7d:5d:85:65:52:65:c4:
                    84:13:ec:cb:85:91:cb:9c:36:7e:41:7e:a1:1e:8f:
                    62:44:a6:19:11:87:4b:47:ec:64:62:e3:79:3f:41:
                    b6:a0:bd:cb:0b:16:3f:5c:20:4d:df:bc:07:d8:ab:
                    01:0d:6d:10:38:cc:42:60:74:17:d3:3d:52:5d:fe:
                    1f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:B2:05:B0:4A:E1:3D:29:66:33:7E:E7:86:BA:7E:79:4F:65:E5:8E
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/5bIFsErhPSlmM37nhrp-eU9l5Y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.200.0/24
                  178.212.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:e6:5a:5b:a3:eb:03:9c:15:78:b5:d9:a2:43:59:25:73:c3:
         b3:e1:70:8d:93:c4:f6:2c:e5:87:32:52:39:02:98:80:fb:69:
         2b:dc:e4:30:e6:56:69:64:5c:d9:65:e3:ef:ae:83:5d:4d:45:
         dd:d3:e2:17:5c:21:d8:e5:4c:cc:e5:5d:0c:e1:0c:c8:a1:c7:
         9e:b4:7b:b2:10:4c:4b:fd:0d:ca:c5:6b:23:6c:20:8f:28:a7:
         eb:18:3f:76:35:cd:4d:e3:f1:a8:72:eb:42:5d:bd:af:60:fd:
         3e:0a:ae:c2:47:97:78:eb:1d:e2:46:49:4e:17:d9:02:47:b0:
         2d:0d:e6:78:a3:f3:a7:65:97:5d:08:fa:70:0e:18:55:bc:64:
         e2:b2:3f:c9:08:3b:ce:59:40:7c:34:78:93:a6:52:28:34:76:
         04:c5:15:22:0f:e4:22:b8:58:be:55:05:51:42:09:03:db:d7:
         39:fc:28:17:da:86:22:f7:04:18:cd:90:ad:61:60:3c:ab:b5:
         42:15:a2:41:30:5a:50:ba:99:1f:da:db:44:fd:ca:51:d6:68:
         e7:c4:25:81:ea:8f:7e:f1:03:53:ae:d7:49:5b:d0:18:ef:57:
         0f:9a:90:49:58:ed:5b:0e:13:19:a8:90:32:00:6a:d6:c2:4c:
         85:d7:55:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjaguvpq8nTB/Du0FtdiJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjUwMTAxMTk0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWIyMDViMDRhZTEzZDI5NjYzMzdlZTc4NmJhN2U3OTRmNjVlNThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XRgkEajKZpaGfYg2HcJaJUYdSWo
CiV2gCeyilBzuIGFnWryO1CmVORi2kHzg5y2wQ3YxlugNwNrFA3keoAXnCvh+YXF
b8kG9boXVAXxMOr9JwM1XvShZtxcjSGlD/nyuOYK4Xqx8TAAU0FZDFNmp3cveiS5
7UryfFsLbS27mmnhtwQ0BW+9CaEsu7RiLwNG7Ug15RZQeVqkQFc4imkpWSZQ27nY
xEaODT8W23LVRQxmU1yhCSRMo5ESiX1dhWVSZcSEE+zLhZHLnDZ+QX6hHo9iRKYZ
EYdLR+xkYuN5P0G2oL3LCxY/XCBN37wH2KsBDW0QOMxCYHQX0z1SXf4fhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOWyBbBK4T0pZjN+54a6fnlPZeWOMB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvNWJJRnNFcmhQU2xtTTM3bmhycC1lVTlsNVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8bIAwQA
stTgMA0GCSqGSIb3DQEBCwUAA4IBAQA75lpbo+sDnBV4tdmiQ1klc8Oz4XCNk8T2
LOWHMlI5ApiA+2kr3OQw5lZpZFzZZePvroNdTUXd0+IXXCHY5UzM5V0M4QzIocee
tHuyEExL/Q3KxWsjbCCPKKfrGD92Nc1N4/GocutCXb2vYP0+Cq7CR5d46x3iRklO
F9kCR7AtDeZ4o/OnZZddCPpwDhhVvGTisj/JCDvOWUB8NHiTplIoNHYExRUiD+Qi
uFi+VQVRQgkD29c5/CgX2oYi9wQYzZCtYWA8q7VCFaJBMFpQupkf2ttE/cpR1mjn
xCWB6o9+8QNTrtdJW9AY71cPmpBJWO1bDhMZqJAyAGrWwkyF11Vn
-----END CERTIFICATE-----