Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/kOrxmXRMoh0iVhgCI3h3ap9gzjY.roa
File:                     kOrxmXRMoh0iVhgCI3h3ap9gzjY.roa (raw, json)
Hash identifier:          UuZBkN7yMoGzAAanQfroluxDy9hZk4vWUEry2ogeBOM=
Subject key identifier:   90:EA:F1:99:74:4C:A2:1D:22:56:18:02:23:78:77:6A:9F:60:CE:36
Certificate issuer:       /CN=8ad47baa9aa6e0a20ad995a79c2a8de604f9aa37
Certificate serial:       019423D6C3BD49DE05562B67E2E94B67B5F8
Authority key identifier: 8A:D4:7B:AA:9A:A6:E0:A2:0A:D9:95:A7:9C:2A:8D:E6:04:F9:AA:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itR7qpqm4KIK2ZWnnCqN5gT5qjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/kOrxmXRMoh0iVhgCI3h3ap9gzjY.roa
Signing time:             Wed 01 Jan 2025 21:47:44 +0000
ROA not before:           Wed 01 Jan 2025 21:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60609
IP address blocks:        5.158.221.0/24 maxlen: 24
                          5.158.222.0/24 maxlen: 24
                          5.158.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/itR7qpqm4KIK2ZWnnCqN5gT5qjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/itR7qpqm4KIK2ZWnnCqN5gT5qjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itR7qpqm4KIK2ZWnnCqN5gT5qjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:c3:bd:49:de:05:56:2b:67:e2:e9:4b:67:b5:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad47baa9aa6e0a20ad995a79c2a8de604f9aa37
        Validity
            Not Before: Jan  1 21:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90eaf199744ca21d225618022378776a9f60ce36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6b:91:ab:ba:69:54:c2:95:8a:38:ae:1c:e1:
                    8d:a2:92:53:7c:46:68:fd:9f:58:36:01:48:4d:83:
                    02:85:93:e9:6b:47:d9:94:be:17:ba:d5:4a:0b:95:
                    a2:f3:b9:b2:4b:c5:c5:27:21:e6:bc:56:94:41:34:
                    17:49:f8:ef:7f:46:11:1f:7d:2a:83:f9:7c:e6:49:
                    8e:ce:fa:9f:7b:5a:e8:1d:6d:ee:a8:d5:e3:1d:92:
                    0c:0d:45:87:49:98:be:7b:81:b0:74:38:9a:8a:da:
                    30:97:41:d8:b8:eb:3d:e1:c0:66:8c:8b:84:56:cf:
                    6a:0a:db:13:fa:d7:63:99:bb:13:26:8b:e3:7b:d7:
                    97:3c:15:7b:70:8c:5b:55:78:65:17:30:9f:60:69:
                    73:12:70:6c:55:72:6f:5b:d2:77:74:b1:41:32:93:
                    c6:f4:68:44:5e:55:9c:22:7e:27:64:30:14:ed:ec:
                    39:9d:74:c5:b6:ef:2a:50:2f:39:19:6d:3f:b1:52:
                    4c:63:23:0d:ec:2e:8a:8d:61:9e:8c:d3:80:d0:86:
                    42:d1:ba:f7:d2:70:10:8e:83:68:e2:39:36:12:d8:
                    38:22:03:c2:3a:dd:8a:bb:fd:23:ad:c4:b2:47:95:
                    52:b0:0a:62:38:94:6d:ef:f1:d5:62:b2:c4:55:f9:
                    f7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:EA:F1:99:74:4C:A2:1D:22:56:18:02:23:78:77:6A:9F:60:CE:36
            X509v3 Authority Key Identifier:
                keyid:8A:D4:7B:AA:9A:A6:E0:A2:0A:D9:95:A7:9C:2A:8D:E6:04:F9:AA:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itR7qpqm4KIK2ZWnnCqN5gT5qjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/kOrxmXRMoh0iVhgCI3h3ap9gzjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/itR7qpqm4KIK2ZWnnCqN5gT5qjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.221.0-5.158.223.255

    Signature Algorithm: sha256WithRSAEncryption
         46:db:bb:5f:56:fa:87:b6:a3:91:1e:4a:32:b9:43:d5:ba:ba:
         da:1e:9c:c5:84:88:ba:04:51:ff:72:6a:82:37:b6:fd:ca:ff:
         a3:fd:f1:22:49:a4:53:23:4e:ea:66:61:ce:6a:ab:83:a1:21:
         7b:1a:4b:95:ac:e4:07:28:dc:1e:a5:00:fb:66:fc:ad:59:dc:
         60:e0:91:5c:fe:12:5e:a9:f5:37:6b:c6:7e:2a:18:c2:ed:5b:
         aa:d4:a7:1d:a5:1b:6f:a0:16:a5:77:25:9f:5f:d5:5e:a1:cb:
         32:76:8b:64:68:e9:06:5e:7f:17:a4:6c:7e:2c:3d:ba:7a:09:
         8f:dc:3e:82:43:61:95:fa:d9:9d:77:d2:26:58:11:c1:32:c6:
         3a:1f:82:fd:95:b3:9c:41:76:15:3e:fe:ec:fc:b0:44:d4:18:
         d5:7c:8a:f4:e7:0e:db:47:25:6e:58:e1:9e:fc:fb:b9:e4:f3:
         18:44:39:18:c2:c0:10:86:14:43:27:9f:62:ae:07:da:49:00:
         ea:26:53:53:77:80:cb:80:78:cd:b2:d3:3f:9a:f5:3d:fc:eb:
         47:0c:16:80:b0:bb:ae:f9:54:b3:e2:9b:3c:b8:9a:1e:a9:90:
         aa:72:96:ee:94:2a:b5:29:dd:70:72:33:e3:6c:a3:31:3c:0a:
         69:15:ff:a2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQj1sO9Sd4FVitn4ulLZ7X4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDQ3YmFhOWFhNmUwYTIwYWQ5OTVhNzljMmE4ZGU2MDRm
OWFhMzcwHhcNMjUwMTAxMjE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGVhZjE5OTc0NGNhMjFkMjI1NjE4MDIyMzc4Nzc2YTlmNjBjZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmuRq7ppVMKVijiuHOGNopJTfEZo
/Z9YNgFITYMChZPpa0fZlL4XutVKC5Wi87myS8XFJyHmvFaUQTQXSfjvf0YRH30q
g/l85kmOzvqfe1roHW3uqNXjHZIMDUWHSZi+e4GwdDiaitowl0HYuOs94cBmjIuE
Vs9qCtsT+tdjmbsTJovje9eXPBV7cIxbVXhlFzCfYGlzEnBsVXJvW9J3dLFBMpPG
9GhEXlWcIn4nZDAU7ew5nXTFtu8qUC85GW0/sVJMYyMN7C6KjWGejNOA0IZC0br3
0nAQjoNo4jk2Etg4IgPCOt2Ku/0jrcSyR5VSsApiOJRt7/HVYrLEVfn3RwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJDq8Zl0TKIdIlYYAiN4d2qfYM42MB8GA1UdIwQY
MBaAFIrUe6qapuCiCtmVp5wqjeYE+ao3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRSN3FwcW00S0lLMlpXbm5DcU41Z1Q1cWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85MzU1YjktNzNkNC00YzRjLTk2MDEt
ZjAxYTJmNThlZjg4LzEva09yeG1YUk1vaDBpVmhnQ0kzaDNhcDlnempZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85MzU1YjktNzNkNC00YzRjLTk2MDEtZjAxYTJmNThlZjg4
LzEvaXRSN3FwcW00S0lLMlpXbm5DcU41Z1Q1cWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAFnt0D
BAUFnsAwDQYJKoZIhvcNAQELBQADggEBAEbbu19W+oe2o5EeSjK5Q9W6utoenMWE
iLoEUf9yaoI3tv3K/6P98SJJpFMjTupmYc5qq4OhIXsaS5Ws5Aco3B6lAPtm/K1Z
3GDgkVz+El6p9Tdrxn4qGMLtW6rUpx2lG2+gFqV3JZ9f1V6hyzJ2i2Ro6QZefxek
bH4sPbp6CY/cPoJDYZX62Z130iZYEcEyxjofgv2Vs5xBdhU+/uz8sETUGNV8ivTn
DttHJW5Y4Z78+7nk8xhEORjCwBCGFEMnn2KuB9pJAOomU1N3gMuAeM2y0z+a9T38
60cMFoCwu675VLPimzy4mh6pkKpylu6UKrUp3XByM+NsozE8CmkV/6I=
-----END CERTIFICATE-----