Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/77pjzO5PZ5ItmPVN4WdOy8HOVwE.roa
File:                     77pjzO5PZ5ItmPVN4WdOy8HOVwE.roa (raw, json)
Hash identifier:          W5gUFTkAHezFnIfl5TqP9s5C+O2pC/vocXkyo6uTolQ=
Subject key identifier:   EF:BA:63:CC:EE:4F:67:92:2D:98:F5:4D:E1:67:4E:CB:C1:CE:57:01
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B2492455B4CA60F765697E18DA36D3
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/77pjzO5PZ5ItmPVN4WdOy8HOVwE.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207994
IP address blocks:        5.253.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:49:24:55:b4:ca:60:f7:65:69:7e:18:da:36:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efba63ccee4f67922d98f54de1674ecbc1ce5701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:91:78:fd:9a:80:2c:42:11:14:92:00:69:56:
                    48:db:81:4a:55:bb:97:f2:72:7b:68:71:24:b5:0b:
                    e1:d3:b7:ee:7c:88:74:f0:46:33:32:08:18:6f:1f:
                    35:4c:5a:a1:e3:83:83:ef:70:63:b2:4a:1b:86:97:
                    e3:4d:05:28:bf:25:9e:e8:8b:e2:0b:e1:82:c2:12:
                    da:bc:db:d5:8a:f3:e5:26:a1:00:a4:f6:7a:d7:f0:
                    e5:03:5f:5a:75:6b:0f:87:1d:19:18:e3:56:59:be:
                    fa:5f:8b:e9:09:33:bd:e9:c7:25:c0:65:72:65:c5:
                    24:a9:4a:ad:b5:54:c5:4f:2b:4f:35:e5:19:cd:66:
                    e2:d4:27:8a:8b:5e:e5:9d:54:53:b1:86:09:66:b8:
                    ef:57:93:c2:68:0f:13:c4:3d:3e:c1:a6:af:c9:53:
                    ce:8f:dc:1c:ac:90:ce:05:fd:33:7b:d8:5a:14:4e:
                    97:ab:00:b8:53:e9:0d:26:a8:af:dc:ba:33:02:b2:
                    60:e1:86:f2:7b:67:39:9f:d6:17:d5:e3:12:68:85:
                    3d:09:6a:73:ac:33:fc:d7:d5:8e:c6:6d:7a:6d:2a:
                    51:0d:3f:e2:ba:26:f2:96:a5:0b:1d:ab:2a:e2:7a:
                    f2:33:84:12:24:3e:74:b5:cf:35:40:d4:53:15:f0:
                    da:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:BA:63:CC:EE:4F:67:92:2D:98:F5:4D:E1:67:4E:CB:C1:CE:57:01
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/77pjzO5PZ5ItmPVN4WdOy8HOVwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:7c:c6:fc:2a:fe:d4:31:73:02:be:48:8e:b8:39:09:96:7f:
         23:a4:50:16:34:b7:79:c6:80:2c:e0:8e:3d:4a:c6:95:d5:80:
         e6:5f:93:91:9a:f8:ce:ec:6b:a3:0b:86:a0:18:88:16:0d:9f:
         36:84:77:61:40:85:0f:9f:3b:bf:09:38:77:e6:26:bb:e7:eb:
         3f:19:7f:2d:2c:78:9c:cc:8e:ac:18:7d:e6:f5:66:2f:c1:4a:
         cd:eb:22:9b:7d:4e:72:5b:69:12:8d:8b:d3:8e:38:7c:76:e2:
         05:0b:5b:26:17:69:29:c4:bf:97:d2:ae:01:d5:b2:6b:ce:44:
         3b:c6:c4:28:17:31:5e:04:04:c3:e0:a5:8a:1b:40:ed:42:9e:
         8f:68:fd:e6:51:22:2d:5a:db:2d:34:d4:c9:55:29:d6:68:1c:
         93:13:f4:a0:bf:ce:12:38:43:4f:16:a7:d3:72:16:9c:e4:82:
         28:e0:3b:d8:4f:13:e6:36:e9:53:10:3c:ba:a7:da:03:7c:21:
         e7:c2:e2:55:d9:71:73:58:a2:85:71:fc:f2:9a:4f:f7:73:fe:
         04:69:a0:5e:87:af:c1:3b:25:95:94:f7:84:d0:3c:9f:62:bf:
         d3:54:c0:ea:f2:24:7d:98:15:e9:e5:52:43:cf:dc:76:d1:87:
         9b:92:0c:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskkkVbTKYPdlaX4Y2jbTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmJhNjNjY2VlNGY2NzkyMmQ5OGY1NGRlMTY3NGVjYmMxY2U1NzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5F4/ZqALEIRFJIAaVZI24FKVbuX
8nJ7aHEktQvh07fufIh08EYzMggYbx81TFqh44OD73BjskobhpfjTQUovyWe6Ivi
C+GCwhLavNvVivPlJqEApPZ61/DlA19adWsPhx0ZGONWWb76X4vpCTO96cclwGVy
ZcUkqUqttVTFTytPNeUZzWbi1CeKi17lnVRTsYYJZrjvV5PCaA8TxD0+waavyVPO
j9wcrJDOBf0ze9haFE6XqwC4U+kNJqiv3LozArJg4Ybye2c5n9YX1eMSaIU9CWpz
rDP819WOxm16bSpRDT/iuibylqULHasq4nryM4QSJD50tc81QNRTFfDaYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+6Y8zuT2eSLZj1TeFnTsvBzlcBMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvNzdwanpPNVBaNUl0bVBWTjRXZE95OEhPVndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf0lMA0G
CSqGSIb3DQEBCwUAA4IBAQCifMb8Kv7UMXMCvkiOuDkJln8jpFAWNLd5xoAs4I49
SsaV1YDmX5ORmvjO7GujC4agGIgWDZ82hHdhQIUPnzu/CTh35ia75+s/GX8tLHic
zI6sGH3m9WYvwUrN6yKbfU5yW2kSjYvTjjh8duIFC1smF2kpxL+X0q4B1bJrzkQ7
xsQoFzFeBATD4KWKG0DtQp6PaP3mUSItWtstNNTJVSnWaByTE/Sgv84SOENPFqfT
chac5IIo4DvYTxPmNulTEDy6p9oDfCHnwuJV2XFzWKKFcfzymk/3c/4EaaBeh6/B
OyWVlPeE0DyfYr/TVMDq8iR9mBXp5VJDz9x20Yebkgyp
-----END CERTIFICATE-----