Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/mxajRPj2DyjQc11L9tjm3bxKLcU.roa
File:                     mxajRPj2DyjQc11L9tjm3bxKLcU.roa (raw, json)
Hash identifier:          kHfuDNQWpwzCMQE29w2unIxo3IuWFxB0XBzSXPJyQWM=
Subject key identifier:   9B:16:A3:44:F8:F6:0F:28:D0:73:5D:4B:F6:D8:E6:DD:BC:4A:2D:C5
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       01905362AE22D55F4B6FBFC54FF3CA7C229A
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/mxajRPj2DyjQc11L9tjm3bxKLcU.roa
Signing time:             Wed 26 Jun 2024 07:11:34 +0000
ROA not before:           Wed 26 Jun 2024 07:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135391
IP address blocks:        202.50.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:62:ae:22:d5:5f:4b:6f:bf:c5:4f:f3:ca:7c:22:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Jun 26 07:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b16a344f8f60f28d0735d4bf6d8e6ddbc4a2dc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:08:ee:66:94:6a:da:61:d4:14:3f:d7:65:d5:
                    39:73:e9:08:fd:d4:0d:36:2b:57:04:15:89:b5:5c:
                    1d:44:3b:1e:3e:1b:fd:f6:7b:e5:88:80:8f:c3:6f:
                    b3:24:7c:44:b2:b1:9f:ac:e3:ee:45:a6:05:9b:66:
                    8d:69:87:19:41:ab:7d:6d:41:e7:b5:60:fc:24:b9:
                    10:e0:bf:b4:7c:b5:7f:c1:36:b4:c2:57:f3:c3:cb:
                    b1:34:88:65:ca:de:e7:82:3e:d4:54:1b:a0:4a:03:
                    1a:db:6d:34:48:c8:85:8b:6b:55:aa:71:05:58:ca:
                    08:57:46:80:48:51:81:19:10:f1:d2:6c:d1:db:26:
                    95:b6:f3:e6:c5:95:cd:75:1a:85:4d:a1:51:ba:74:
                    96:56:d7:52:9a:a9:bf:35:b1:1c:4b:7f:05:57:d0:
                    60:3f:8d:5a:9c:02:26:7e:cb:96:be:94:d6:13:0d:
                    7f:47:47:cb:06:01:3b:11:3a:bc:51:97:ee:aa:ab:
                    2a:80:09:d5:9a:e6:31:c1:c2:80:ec:3d:e7:78:64:
                    8b:62:e2:a3:4d:3b:26:f9:6c:91:7c:65:ed:cf:7b:
                    7f:fb:71:e9:c4:90:d1:02:b4:86:cf:dd:bc:25:39:
                    7b:e1:ba:02:80:f1:11:7b:19:ae:10:32:26:e4:0c:
                    05:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:16:A3:44:F8:F6:0F:28:D0:73:5D:4B:F6:D8:E6:DD:BC:4A:2D:C5
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/mxajRPj2DyjQc11L9tjm3bxKLcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.50.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:e5:af:56:4f:ad:7e:99:e9:ad:4b:8f:d1:c1:73:35:f2:1c:
         b0:6c:d8:cf:df:e1:62:7a:82:39:4f:3c:01:1b:b1:fa:d4:df:
         39:d2:02:2b:51:a9:1f:35:c5:08:56:49:50:40:5d:a7:44:f1:
         95:03:bf:c1:72:80:00:b9:9a:33:0c:30:96:04:0b:3c:16:00:
         4e:08:ef:5d:d8:27:38:2b:63:a7:83:69:68:60:32:cb:99:90:
         5c:0f:b8:a4:b7:8f:b1:52:10:b1:a9:78:e8:e9:6b:0b:13:ac:
         5a:8d:42:4e:49:83:f7:c4:7c:01:dd:a8:53:55:22:f1:e8:44:
         c2:ec:24:3f:69:7b:ee:9b:1c:52:8a:2d:af:6a:b8:f2:f0:ef:
         b5:d0:0e:6c:74:10:2c:9d:a0:3c:96:43:60:be:29:9f:bf:47:
         7b:81:93:be:58:32:af:53:d0:17:4a:8d:39:c3:93:2f:73:17:
         3e:6b:0b:8e:93:2c:21:68:bf:5a:79:82:3c:fb:13:64:2c:bb:
         97:fe:c0:a5:c7:8a:d5:f1:c4:dd:95:c2:0e:09:c7:43:74:6e:
         69:5e:38:49:6d:f0:24:30:c9:6b:cf:67:06:81:8f:57:b1:8a:
         4e:2a:35:29:36:7a:6b:e3:b5:4f:34:99:31:6a:2f:f6:65:49:
         2e:6d:88:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBTYq4i1V9Lb7/FT/PKfCKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjQwNjI2MDcxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjE2YTM0NGY4ZjYwZjI4ZDA3MzVkNGJmNmQ4ZTZkZGJjNGEyZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQjuZpRq2mHUFD/XZdU5c+kI/dQN
NitXBBWJtVwdRDsePhv99nvliICPw2+zJHxEsrGfrOPuRaYFm2aNaYcZQat9bUHn
tWD8JLkQ4L+0fLV/wTa0wlfzw8uxNIhlyt7ngj7UVBugSgMa2200SMiFi2tVqnEF
WMoIV0aASFGBGRDx0mzR2yaVtvPmxZXNdRqFTaFRunSWVtdSmqm/NbEcS38FV9Bg
P41anAImfsuWvpTWEw1/R0fLBgE7ETq8UZfuqqsqgAnVmuYxwcKA7D3neGSLYuKj
TTsm+WyRfGXtz3t/+3HpxJDRArSGz928JTl74boCgPERexmuEDIm5AwFDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsWo0T49g8o0HNdS/bY5t28Si3FMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvbXhhalJQajJEeWpRYzExTDl0am0zYnhLTGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyjL9MA0G
CSqGSIb3DQEBCwUAA4IBAQBW5a9WT61+memtS4/RwXM18hywbNjP3+FieoI5TzwB
G7H61N850gIrUakfNcUIVklQQF2nRPGVA7/BcoAAuZozDDCWBAs8FgBOCO9d2Cc4
K2Ong2loYDLLmZBcD7ikt4+xUhCxqXjo6WsLE6xajUJOSYP3xHwB3ahTVSLx6ETC
7CQ/aXvumxxSii2varjy8O+10A5sdBAsnaA8lkNgvimfv0d7gZO+WDKvU9AXSo05
w5Mvcxc+awuOkywhaL9aeYI8+xNkLLuX/sClx4rV8cTdlcIOCcdDdG5pXjhJbfAk
MMlrz2cGgY9XsYpOKjUpNnpr47VPNJkxai/2ZUkubYj+
-----END CERTIFICATE-----