Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/iBqitwZ6-OIp_TooJrpzxuQbCcQ.roa
File:                     iBqitwZ6-OIp_TooJrpzxuQbCcQ.roa (raw, json)
Hash identifier:          ZA9+hJ8TouCIIrAPnC/0K55U3HwjLD4QaiRJceDF4kg=
Subject key identifier:   88:1A:A2:B7:06:7A:F8:E2:29:FD:3A:28:26:BA:73:C6:E4:1B:09:C4
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019527B97ED1D55A3394193666F914071368
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/iBqitwZ6-OIp_TooJrpzxuQbCcQ.roa
Signing time:             Fri 21 Feb 2025 08:57:02 +0000
ROA not before:           Fri 21 Feb 2025 08:57:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213613
IP address blocks:        5.180.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:27:b9:7e:d1:d5:5a:33:94:19:36:66:f9:14:07:13:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Feb 21 08:57:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=881aa2b7067af8e229fd3a2826ba73c6e41b09c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ff:35:54:10:e1:3b:21:22:86:f2:5e:62:fa:
                    ef:d9:11:52:bd:b0:42:b7:da:bf:6e:a9:55:5d:9b:
                    d4:f3:25:6f:77:bc:3c:02:56:60:55:b0:57:7f:a4:
                    a6:6b:bb:4c:b4:ae:36:bb:8c:c9:c9:3f:4d:72:96:
                    58:d8:c8:0e:a2:a4:fe:b1:17:3a:44:c5:6c:d0:d1:
                    96:e6:eb:28:96:79:64:ef:7d:aa:b0:01:91:57:e0:
                    ec:71:6b:13:4b:6a:35:63:ec:c1:61:7a:ab:39:7d:
                    29:49:4d:5c:ed:ea:df:18:b2:74:63:9e:6a:3f:00:
                    81:12:43:e5:e5:75:09:69:95:54:5f:d7:70:26:b8:
                    75:4a:01:37:87:2c:ef:2b:cb:94:e7:10:23:b3:9d:
                    b8:00:28:25:e9:e4:34:ad:38:4c:ea:97:f6:52:3e:
                    7d:cd:8b:a5:b3:eb:18:0c:a8:5d:e3:b4:dd:6c:3f:
                    57:e2:49:81:e5:aa:53:19:c2:26:f6:2f:04:46:d3:
                    b2:2f:44:c7:2c:9c:9c:85:45:db:5c:7f:48:c3:bc:
                    5f:1b:5f:e3:c8:9e:22:0b:e6:78:f9:94:60:f3:a9:
                    3c:29:ae:f6:13:de:4a:74:d1:b7:db:a4:be:8d:62:
                    8d:1b:22:da:74:8e:ae:a0:57:a2:ee:3a:3c:76:fc:
                    59:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:1A:A2:B7:06:7A:F8:E2:29:FD:3A:28:26:BA:73:C6:E4:1B:09:C4
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/iBqitwZ6-OIp_TooJrpzxuQbCcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d0:79:10:6f:62:5b:a6:06:45:f8:85:b2:4c:f7:81:a1:5b:
         e1:52:a8:4d:a5:aa:62:32:19:19:5c:d6:63:8d:ba:e6:60:26:
         c1:88:d1:17:be:2d:2b:8d:bb:db:3c:aa:e7:12:8d:c5:ac:92:
         45:41:4c:c3:55:b1:68:35:a7:7f:f8:34:05:03:8a:27:82:2b:
         4b:61:d9:21:bf:2d:6b:bf:0d:ea:ed:43:bb:3a:80:3f:4e:32:
         bb:17:eb:21:5b:84:2b:24:b0:4f:9e:71:f0:b6:09:f4:f4:92:
         0d:c8:6b:14:34:e4:ce:e0:b4:b7:e1:32:66:0e:fe:bd:75:06:
         32:9b:12:30:76:f8:0d:63:1d:75:7b:56:45:28:28:a0:d2:0c:
         1f:ac:9e:2e:d9:5c:8c:f2:e7:00:eb:8a:c3:27:82:06:e9:0a:
         15:d4:b4:c3:3d:5b:94:8a:9c:55:08:a1:46:44:a3:12:f1:73:
         f9:07:7d:e8:3e:3d:c5:b6:2c:7a:0d:d9:c9:0e:58:8b:ca:18:
         72:04:58:92:bc:a1:52:76:59:7f:56:b5:88:84:ac:50:4f:7c:
         32:6a:27:c8:6c:52:21:e6:c5:92:97:29:e7:01:a9:dd:3c:b0:
         5f:29:5e:1c:af:d6:0b:f8:e3:21:a3:2f:9b:f3:b1:c7:bc:01:
         f7:d8:cb:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUnuX7R1VozlBk2ZvkUBxNoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMjIxMDg1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODFhYTJiNzA2N2FmOGUyMjlmZDNhMjgyNmJhNzNjNmU0MWIwOWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf81VBDhOyEihvJeYvrv2RFSvbBC
t9q/bqlVXZvU8yVvd7w8AlZgVbBXf6Sma7tMtK42u4zJyT9NcpZY2MgOoqT+sRc6
RMVs0NGW5usolnlk732qsAGRV+DscWsTS2o1Y+zBYXqrOX0pSU1c7erfGLJ0Y55q
PwCBEkPl5XUJaZVUX9dwJrh1SgE3hyzvK8uU5xAjs524ACgl6eQ0rThM6pf2Uj59
zYuls+sYDKhd47TdbD9X4kmB5apTGcIm9i8ERtOyL0THLJychUXbXH9Iw7xfG1/j
yJ4iC+Z4+ZRg86k8Ka72E95KdNG326S+jWKNGyLadI6uoFei7jo8dvxZ4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgaorcGevjiKf06KCa6c8bkGwnEMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvaUJxaXR3WjYtT0lwX1Rvb0pycHp4dVFiQ2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQhMA0G
CSqGSIb3DQEBCwUAA4IBAQAw0HkQb2JbpgZF+IWyTPeBoVvhUqhNpapiMhkZXNZj
jbrmYCbBiNEXvi0rjbvbPKrnEo3FrJJFQUzDVbFoNad/+DQFA4ongitLYdkhvy1r
vw3q7UO7OoA/TjK7F+shW4QrJLBPnnHwtgn09JINyGsUNOTO4LS34TJmDv69dQYy
mxIwdvgNYx11e1ZFKCig0gwfrJ4u2VyM8ucA64rDJ4IG6QoV1LTDPVuUipxVCKFG
RKMS8XP5B33oPj3Ftix6DdnJDliLyhhyBFiSvKFSdll/VrWIhKxQT3wyaifIbFIh
5sWSlynnAandPLBfKV4cr9YL+OMhoy+b87HHvAH32MtW
-----END CERTIFICATE-----