Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/uSHLXPxvBbd6Xd5e9Tr_5J3NjoQ.roa
File:                     uSHLXPxvBbd6Xd5e9Tr_5J3NjoQ.roa (raw, json)
Hash identifier:          wtpGxNSJ15I0I1R1mpyeIIqZdT9Ax0SulCxphRn2VCY=
Subject key identifier:   B9:21:CB:5C:FC:6F:05:B7:7A:5D:DE:5E:F5:3A:FF:E4:9D:CD:8E:84
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B244147A3F685AE0D55491A5B2ADB5
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/uSHLXPxvBbd6Xd5e9Tr_5J3NjoQ.roa
Signing time:             Wed 01 Jan 2025 11:48:38 +0000
ROA not before:           Wed 01 Jan 2025 11:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198607
IP address blocks:        5.180.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:44:14:7a:3f:68:5a:e0:d5:54:91:a5:b2:ad:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b921cb5cfc6f05b77a5dde5ef53affe49dcd8e84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:68:d7:41:2c:dd:7e:01:cb:05:fa:88:a2:b1:
                    92:8d:58:d2:2f:6c:2b:22:de:a0:fc:1e:a9:bc:32:
                    7e:d8:ad:6e:2e:a4:6f:0f:53:9e:95:48:c4:42:63:
                    db:e2:91:29:0f:b9:e8:c0:93:26:92:e8:8c:93:3d:
                    a9:6e:7f:f0:e7:fc:1f:7b:e3:84:97:38:e3:6a:82:
                    8a:bf:93:56:44:fc:44:09:03:ea:31:ae:58:57:2d:
                    0b:53:ae:7a:fa:fa:c4:e4:26:bd:77:28:58:91:4e:
                    2b:ff:98:b6:bb:73:88:ef:43:a5:60:4c:86:61:7b:
                    7a:85:12:ce:00:46:f1:84:03:99:76:b2:a4:fa:9a:
                    0c:c7:59:f9:1b:99:09:d0:b9:e9:24:d0:71:af:4f:
                    86:f2:06:e3:b1:b7:03:d6:f8:d3:b3:3b:22:19:a3:
                    0f:69:d4:81:dc:2c:e8:c8:46:70:29:53:a6:1e:18:
                    c2:c2:40:0a:e6:66:35:29:69:73:34:dd:a6:ca:59:
                    37:6f:35:13:a0:dc:a3:c1:f3:9b:43:91:77:a7:c7:
                    79:73:8d:b8:25:87:6a:fb:97:ad:29:6e:15:62:63:
                    34:27:98:20:18:0d:ff:01:9a:15:4f:ea:db:5e:9c:
                    2f:51:18:ce:d8:af:0a:ff:80:eb:b2:03:30:28:e0:
                    38:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:21:CB:5C:FC:6F:05:B7:7A:5D:DE:5E:F5:3A:FF:E4:9D:CD:8E:84
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/uSHLXPxvBbd6Xd5e9Tr_5J3NjoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:ae:5a:20:8e:4b:d2:6f:d7:da:07:b7:ad:b8:55:2f:8f:f6:
         4d:61:8a:f8:0e:d2:3a:96:63:6e:56:8f:7f:4b:13:4f:fb:48:
         bd:02:79:a2:c1:4a:56:af:d0:96:0d:5c:aa:34:37:0a:99:69:
         24:be:9d:d6:30:8d:d0:3f:56:af:90:75:c0:36:2a:8a:c6:77:
         a2:51:39:80:6a:bd:e3:1a:07:ec:ea:1c:c8:8b:6b:7f:b2:b4:
         e9:11:7c:0a:55:54:d7:44:cf:02:94:ff:f2:b9:8a:51:43:a4:
         35:0e:67:3d:92:33:69:7e:26:60:41:67:a0:31:49:33:ad:ad:
         a7:1c:c8:90:35:f2:31:21:36:6e:f9:f9:05:f7:da:dd:6c:39:
         5d:2b:74:13:bd:22:03:0b:07:dd:7b:83:b0:4c:fd:0f:f5:ca:
         93:59:2d:00:5d:88:9c:ee:fb:f6:65:fb:1e:94:9c:fd:25:14:
         de:d1:b2:7d:ac:93:9e:3b:1a:a5:25:73:e8:fd:46:2e:c2:aa:
         df:47:d4:02:22:4b:ea:de:e4:f0:c8:01:9b:9e:be:04:e3:e6:
         1b:a3:57:fe:48:65:65:d7:68:7b:ef:e4:31:aa:19:fa:f3:dc:
         2b:27:ad:5f:af:c8:3d:02:d4:d6:17:07:a6:5c:e8:f2:b0:a4:
         bd:37:77:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskQUej9oWuDVVJGlsq21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTIxY2I1Y2ZjNmYwNWI3N2E1ZGRlNWVmNTNhZmZlNDlkY2Q4ZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4WjXQSzdfgHLBfqIorGSjVjSL2wr
It6g/B6pvDJ+2K1uLqRvD1OelUjEQmPb4pEpD7nowJMmkuiMkz2pbn/w5/wfe+OE
lzjjaoKKv5NWRPxECQPqMa5YVy0LU656+vrE5Ca9dyhYkU4r/5i2u3OI70OlYEyG
YXt6hRLOAEbxhAOZdrKk+poMx1n5G5kJ0LnpJNBxr0+G8gbjsbcD1vjTszsiGaMP
adSB3CzoyEZwKVOmHhjCwkAK5mY1KWlzNN2mylk3bzUToNyjwfObQ5F3p8d5c424
JYdq+5etKW4VYmM0J5ggGA3/AZoVT+rbXpwvURjO2K8K/4DrsgMwKOA4tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkhy1z8bwW3el3eXvU6/+SdzY6EMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvdVNITFhQeHZCYmQ2WGQ1ZTlUcl81SjNOam9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQxMA0G
CSqGSIb3DQEBCwUAA4IBAQC+rlogjkvSb9faB7etuFUvj/ZNYYr4DtI6lmNuVo9/
SxNP+0i9AnmiwUpWr9CWDVyqNDcKmWkkvp3WMI3QP1avkHXANiqKxneiUTmAar3j
Ggfs6hzIi2t/srTpEXwKVVTXRM8ClP/yuYpRQ6Q1Dmc9kjNpfiZgQWegMUkzra2n
HMiQNfIxITZu+fkF99rdbDldK3QTvSIDCwfde4OwTP0P9cqTWS0AXYic7vv2Zfse
lJz9JRTe0bJ9rJOeOxqlJXPo/UYuwqrfR9QCIkvq3uTwyAGbnr4E4+Ybo1f+SGVl
12h77+Qxqhn689wrJ61fr8g9AtTWFwemXOjysKS9N3dm
-----END CERTIFICATE-----