Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UOHSmJkFyt_4-hhVMiOloNl9Vzo.roa
File:                     UOHSmJkFyt_4-hhVMiOloNl9Vzo.roa (raw, json)
Hash identifier:          F8hWyrIPmkewHZV68B8plrBrx5aWPovBAV7Nh2s3d0M=
Subject key identifier:   50:E1:D2:98:99:05:CA:DF:F8:FA:18:55:32:23:A5:A0:D9:7D:57:3A
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B248955A4BBABD40E55CD116EA5EA7
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UOHSmJkFyt_4-hhVMiOloNl9Vzo.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207633
IP address blocks:        5.180.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:48:95:5a:4b:ba:bd:40:e5:5c:d1:16:ea:5e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50e1d2989905cadff8fa18553223a5a0d97d573a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:80:df:d0:c0:98:d1:e4:fd:d4:7d:49:51:64:
                    35:dd:b8:f8:19:f6:f6:1e:02:d3:41:3c:46:30:24:
                    e0:1b:a8:30:17:24:52:64:17:4c:7f:92:f9:ab:08:
                    68:09:ec:f7:ea:41:f4:01:d7:a1:4e:1e:d9:6e:75:
                    65:92:71:03:b2:9f:0e:91:c6:1e:ea:ee:0f:56:f6:
                    f9:d8:64:fd:c2:b5:35:e1:a1:b2:bd:65:e7:6e:39:
                    43:1c:09:80:20:38:f6:28:12:3f:c6:48:bc:20:0d:
                    d2:bc:a4:f8:d5:84:b3:5f:61:6a:dc:3a:6b:40:5a:
                    b7:93:dd:59:74:87:93:c9:e6:2d:ec:d9:75:33:8c:
                    c2:05:ef:d5:ba:db:d3:a8:f3:d5:0f:42:33:db:07:
                    a9:ec:e5:ed:72:73:d2:84:0b:3a:6e:60:09:10:fd:
                    9e:10:43:dd:ec:0a:81:b0:37:77:3a:e3:1a:95:24:
                    37:58:f6:f7:73:ef:b9:08:0d:3e:4b:d7:cf:68:6e:
                    85:aa:a4:b8:cc:66:da:d6:47:d6:12:d5:9f:44:41:
                    dd:b9:cc:cf:f7:96:d9:7d:be:fc:60:b3:f7:e2:70:
                    9b:96:fc:2b:c3:a2:a4:e3:70:2e:42:dc:da:47:71:
                    37:8e:ad:53:b7:a2:91:8c:06:13:42:23:80:3b:70:
                    09:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E1:D2:98:99:05:CA:DF:F8:FA:18:55:32:23:A5:A0:D9:7D:57:3A
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/UOHSmJkFyt_4-hhVMiOloNl9Vzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:bd:c7:08:00:ad:d1:ce:6d:be:58:7b:ec:c9:e3:4a:61:6d:
         b9:23:5a:50:f1:5c:e3:67:f0:e9:b7:d6:98:18:2a:e3:49:99:
         76:3e:50:78:8a:ee:73:37:87:35:fe:3c:aa:ba:66:2f:c0:0e:
         5d:f7:e8:19:db:8e:e0:74:c6:31:8d:74:e6:4c:27:6a:cc:56:
         ef:70:c5:86:d5:02:76:d6:d3:52:ca:3a:84:39:55:f6:86:63:
         4a:db:4a:47:af:2e:0f:0e:1e:d2:ba:5a:60:79:16:33:7b:cc:
         0b:4c:bd:9e:82:b0:aa:ae:3d:fc:24:b9:4c:ac:f1:b5:6b:90:
         7a:44:7e:cb:4b:3a:1a:81:a1:0e:b4:c3:4f:8c:93:94:21:6b:
         4b:a7:8c:66:18:85:70:25:f6:41:2b:85:81:1a:00:30:30:5b:
         2f:04:95:dc:c4:ef:10:a9:e4:aa:48:de:40:02:12:ea:b0:38:
         2d:b2:1c:cb:4b:28:46:4c:a6:9f:1c:1d:2c:85:fc:d7:0f:7f:
         e0:66:d0:2a:f0:2d:51:40:c2:70:fa:98:79:1f:76:df:f9:04:
         43:be:5b:e9:b9:85:b1:24:f3:bd:43:e9:10:61:bb:0b:69:b8:
         b3:94:01:bc:8c:c4:21:f3:29:fa:2e:9a:51:8b:c1:de:58:78:
         33:b7:ed:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskiVWku6vUDlXNEW6l6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGUxZDI5ODk5MDVjYWRmZjhmYTE4NTUzMjIzYTVhMGQ5N2Q1NzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoDf0MCY0eT91H1JUWQ13bj4Gfb2
HgLTQTxGMCTgG6gwFyRSZBdMf5L5qwhoCez36kH0AdehTh7ZbnVlknEDsp8OkcYe
6u4PVvb52GT9wrU14aGyvWXnbjlDHAmAIDj2KBI/xki8IA3SvKT41YSzX2Fq3Dpr
QFq3k91ZdIeTyeYt7Nl1M4zCBe/VutvTqPPVD0Iz2wep7OXtcnPShAs6bmAJEP2e
EEPd7AqBsDd3OuMalSQ3WPb3c++5CA0+S9fPaG6FqqS4zGba1kfWEtWfREHduczP
95bZfb78YLP34nCblvwrw6Kk43AuQtzaR3E3jq1Tt6KRjAYTQiOAO3AJGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDh0piZBcrf+PoYVTIjpaDZfVc6MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvVU9IU21Ka0Z5dF80LWhoVk1pT2xvTmw5VnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQgMA0G
CSqGSIb3DQEBCwUAA4IBAQCIvccIAK3Rzm2+WHvsyeNKYW25I1pQ8VzjZ/Dpt9aY
GCrjSZl2PlB4iu5zN4c1/jyqumYvwA5d9+gZ247gdMYxjXTmTCdqzFbvcMWG1QJ2
1tNSyjqEOVX2hmNK20pHry4PDh7SulpgeRYze8wLTL2egrCqrj38JLlMrPG1a5B6
RH7LSzoagaEOtMNPjJOUIWtLp4xmGIVwJfZBK4WBGgAwMFsvBJXcxO8QqeSqSN5A
AhLqsDgtshzLSyhGTKafHB0shfzXD3/gZtAq8C1RQMJw+ph5H3bf+QRDvlvpuYWx
JPO9Q+kQYbsLabizlAG8jMQh8yn6LppRi8HeWHgzt+1f
-----END CERTIFICATE-----