Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/sxau4rUZhG7Q9xIkJxBQu-xkeSU.roa
File:                     sxau4rUZhG7Q9xIkJxBQu-xkeSU.roa (raw, json)
Hash identifier:          ctG6VV1pfhXOfLu0mRvNnknxeTvtp07di/jt2d0S1nM=
Subject key identifier:   B3:16:AE:E2:B5:19:84:6E:D0:F7:12:24:27:10:50:BB:EC:64:79:25
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019540BBC76F3A77397F0FB4BD906C133D48
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/sxau4rUZhG7Q9xIkJxBQu-xkeSU.roa
Signing time:             Wed 26 Feb 2025 05:30:02 +0000
ROA not before:           Wed 26 Feb 2025 05:30:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200239
IP address blocks:        5.180.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:40:bb:c7:6f:3a:77:39:7f:0f:b4:bd:90:6c:13:3d:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Feb 26 05:30:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b316aee2b519846ed0f71224271050bbec647925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3b:10:c1:7f:a2:ce:f3:fb:ef:e6:a4:fc:77:
                    ad:c0:03:67:f9:84:0f:ef:b2:ef:03:1b:2c:28:98:
                    53:e9:18:08:f4:ee:9f:9d:98:ab:c1:d1:37:30:36:
                    19:1f:a7:28:7d:88:45:08:1b:e4:5c:e2:c5:e5:ae:
                    d4:8d:23:f7:33:fa:a5:6f:b8:36:8c:73:19:4f:a8:
                    60:3b:87:e9:a7:36:30:26:57:b9:e2:81:ab:76:66:
                    dd:3b:42:1c:b8:8b:10:f9:7b:a5:f0:8a:e1:d5:0b:
                    7e:ae:0d:76:7b:b5:8c:fd:86:e4:22:42:90:3a:cc:
                    16:ff:95:1d:4a:af:a5:39:98:be:11:21:2a:e7:68:
                    14:43:e2:e7:03:65:63:25:bf:09:92:e3:7f:01:c6:
                    31:f6:90:0e:97:6f:3f:39:9e:3a:ca:ff:9e:ba:eb:
                    64:aa:69:81:55:3c:eb:31:9c:1b:4c:0c:c6:86:8b:
                    ac:5a:e9:bd:32:d3:a1:72:7d:6a:ea:fd:cc:83:41:
                    d9:ce:3e:83:45:7c:ca:29:23:3d:3f:8c:e4:11:2b:
                    26:d8:47:2e:55:04:b2:1b:6a:e5:dd:44:2d:c1:6f:
                    bd:cf:f1:41:59:16:93:d3:f1:15:1b:2b:4c:0f:f5:
                    fb:c5:32:a8:92:14:82:a3:4c:96:08:ba:e4:cd:1a:
                    2f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:16:AE:E2:B5:19:84:6E:D0:F7:12:24:27:10:50:BB:EC:64:79:25
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/sxau4rUZhG7Q9xIkJxBQu-xkeSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e5:18:b1:d3:c5:91:e7:82:3d:20:0b:2b:e5:14:36:09:ea:
         51:8c:34:a6:0e:99:21:11:3a:39:55:02:7d:1c:bb:7b:0a:7f:
         b5:6b:b5:ca:6c:89:9d:8c:84:eb:47:10:2f:69:1c:52:00:d2:
         f6:bf:e7:5c:5c:b5:dc:bf:5f:1a:1c:4c:b3:28:aa:bb:93:be:
         34:f2:b9:8f:49:d3:6c:44:29:27:4b:c7:8d:3a:df:a7:7a:a1:
         a4:02:a3:b5:50:b5:92:4e:de:57:99:5e:d8:b0:42:31:0a:c7:
         2d:f0:e6:4c:ee:79:78:08:bd:9b:cc:49:a5:66:f5:ec:d6:15:
         c7:2e:98:1a:c2:0d:61:6a:84:f5:0e:3b:9b:cf:8d:fd:6a:95:
         c6:a6:89:4e:36:68:96:dc:ef:76:51:30:35:6f:90:e4:e3:76:
         9b:ab:b2:39:0e:6b:c2:9b:58:da:24:bb:69:b3:dd:1a:a1:80:
         92:3c:a4:81:96:c9:eb:0f:c3:b8:ca:e6:ef:f5:86:a8:7f:ab:
         78:b9:29:0e:44:d2:50:71:66:b7:e3:a6:76:9d:87:15:0f:5f:
         ad:91:47:30:b6:3f:ad:08:c9:74:c8:81:55:cc:dc:a5:0e:ca:
         41:66:a8:c6:37:af:15:8e:50:99:71:25:4f:2a:39:0d:07:98:
         90:5b:bb:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVAu8dvOnc5fw+0vZBsEz1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMjI2MDUzMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzE2YWVlMmI1MTk4NDZlZDBmNzEyMjQyNzEwNTBiYmVjNjQ3OTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTsQwX+izvP77+ak/HetwANn+YQP
77LvAxssKJhT6RgI9O6fnZirwdE3MDYZH6cofYhFCBvkXOLF5a7UjSP3M/qlb7g2
jHMZT6hgO4fppzYwJle54oGrdmbdO0IcuIsQ+Xul8Irh1Qt+rg12e7WM/YbkIkKQ
OswW/5UdSq+lOZi+ESEq52gUQ+LnA2VjJb8JkuN/AcYx9pAOl28/OZ46yv+euutk
qmmBVTzrMZwbTAzGhousWum9MtOhcn1q6v3Mg0HZzj6DRXzKKSM9P4zkESsm2Ecu
VQSyG2rl3UQtwW+9z/FBWRaT0/EVGytMD/X7xTKokhSCo0yWCLrkzRov6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMWruK1GYRu0PcSJCcQULvsZHklMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvc3hhdTRyVVpoRzdROXhJa0p4QlF1LXhrZVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQgMA0G
CSqGSIb3DQEBCwUAA4IBAQCs5Rix08WR54I9IAsr5RQ2CepRjDSmDpkhETo5VQJ9
HLt7Cn+1a7XKbImdjITrRxAvaRxSANL2v+dcXLXcv18aHEyzKKq7k7408rmPSdNs
RCknS8eNOt+neqGkAqO1ULWSTt5XmV7YsEIxCsct8OZM7nl4CL2bzEmlZvXs1hXH
Lpgawg1haoT1Djubz439apXGpolONmiW3O92UTA1b5Dk43abq7I5DmvCm1jaJLtp
s90aoYCSPKSBlsnrD8O4yubv9Yaof6t4uSkORNJQcWa346Z2nYcVD1+tkUcwtj+t
CMl0yIFVzNylDspBZqjGN68VjlCZcSVPKjkNB5iQW7uz
-----END CERTIFICATE-----