Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/14pido6o0wqfomgXR8pucw1gPzU.roa
File:                     14pido6o0wqfomgXR8pucw1gPzU.roa (raw, json)
Hash identifier:          jgQtihM0UCn7BbKxbmBUgDGUKYz/W0MyqwuDhDbNzpY=
Subject key identifier:   D7:8A:62:76:8E:A8:D3:0A:9F:A2:68:17:47:CA:6E:73:0D:60:3F:35
Certificate issuer:       /CN=715b885c3b302fd50e6c22647a33dc47727fea95
Certificate serial:       0194221FAF77DA7ECD42232C63859C37D56B
Authority key identifier: 71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/14pido6o0wqfomgXR8pucw1gPzU.roa
Signing time:             Wed 01 Jan 2025 13:48:09 +0000
ROA not before:           Wed 01 Jan 2025 13:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        5.62.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:af:77:da:7e:cd:42:23:2c:63:85:9c:37:d5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=715b885c3b302fd50e6c22647a33dc47727fea95
        Validity
            Not Before: Jan  1 13:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d78a62768ea8d30a9fa2681747ca6e730d603f35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b6:14:05:54:5b:34:ea:81:58:c6:63:28:18:
                    11:0a:7f:56:8f:f8:0a:53:0b:1d:da:eb:59:3d:78:
                    97:a0:b2:ab:1f:f8:cb:3a:18:0e:e3:41:97:c6:5d:
                    94:d5:6d:52:c5:1c:0e:3f:1b:31:36:3f:3c:b7:ef:
                    3f:dd:9f:c2:78:c8:d0:f7:15:26:41:d3:43:85:45:
                    02:23:9c:25:cb:03:6f:50:0e:7a:1c:2a:12:85:36:
                    a5:ad:29:2f:41:89:bd:90:74:16:78:de:3c:70:8c:
                    63:e0:84:f3:a9:84:a3:06:a4:a2:ad:77:b9:04:bc:
                    e0:fc:03:b6:5d:a9:b9:27:e8:d2:df:38:7e:b1:3f:
                    38:24:c7:97:d0:d6:24:7d:d4:bb:69:c4:7f:7a:9c:
                    08:c7:5a:f8:b4:b9:87:48:6e:8e:d0:40:8a:b4:95:
                    67:70:5e:91:f4:0c:ad:e6:d2:04:dd:25:45:5d:5b:
                    aa:20:1d:6d:70:33:a7:11:9d:19:85:70:0f:de:bd:
                    f9:6c:58:d1:d0:f6:fd:33:f1:96:04:40:97:52:90:
                    65:b1:2f:fa:25:46:cd:f5:ac:45:9a:6c:14:66:11:
                    ee:5d:b3:9c:9d:fe:7e:9b:92:0f:8d:0e:6d:1d:a5:
                    88:43:82:f5:6f:3e:19:70:e0:fa:88:a9:45:ee:00:
                    98:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:8A:62:76:8E:A8:D3:0A:9F:A2:68:17:47:CA:6E:73:0D:60:3F:35
            X509v3 Authority Key Identifier:
                keyid:71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/14pido6o0wqfomgXR8pucw1gPzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:0a:3b:ac:7b:ab:bc:71:dc:32:75:85:89:75:37:9e:b4:52:
         72:ae:2e:f6:56:11:1c:85:c3:83:6f:1c:59:84:13:0f:61:e9:
         c5:1e:62:2a:a6:44:e4:fc:22:f3:13:c8:99:15:e2:16:fb:f2:
         99:80:f7:d1:2d:26:15:9c:7e:a6:ad:37:c6:00:6f:3c:1b:c7:
         8b:ea:b4:e7:ed:94:02:cb:5e:ca:29:0f:4a:ac:ed:13:24:88:
         2a:7d:6a:8a:c8:ae:4c:c7:49:b5:85:6f:ce:41:61:b0:63:48:
         b3:99:55:8a:4f:27:74:4e:56:8b:66:79:96:55:f8:e1:9c:65:
         8b:2a:e8:ca:9c:52:8d:b0:96:62:ec:d9:f0:91:f5:eb:e2:c0:
         4b:48:2d:71:81:1c:9b:86:a6:9c:eb:0e:a6:27:a2:13:5c:2a:
         9d:f9:2a:0f:24:f9:31:59:71:ae:eb:d8:f3:15:01:91:f3:be:
         ff:89:a2:cc:75:c6:38:24:0c:3a:e2:21:3f:01:73:0e:c1:5d:
         b7:f4:98:e6:fa:dc:0a:c6:de:58:55:21:cd:47:2b:c4:71:3f:
         cf:c6:76:a6:1e:c5:2f:a2:93:5d:36:c4:9a:21:95:83:d5:de:
         66:bb:6d:fc:56:9b:d8:ad:72:b6:45:c1:28:2e:6a:1f:7f:22:
         0b:29:48:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6932n7NQiMsY4WcN9VrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNWI4ODVjM2IzMDJmZDUwZTZjMjI2NDdhMzNkYzQ3NzI3
ZmVhOTUwHhcNMjUwMTAxMTM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzhhNjI3NjhlYThkMzBhOWZhMjY4MTc0N2NhNmU3MzBkNjAzZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLYUBVRbNOqBWMZjKBgRCn9Wj/gK
Uwsd2utZPXiXoLKrH/jLOhgO40GXxl2U1W1SxRwOPxsxNj88t+8/3Z/CeMjQ9xUm
QdNDhUUCI5wlywNvUA56HCoShTalrSkvQYm9kHQWeN48cIxj4ITzqYSjBqSirXe5
BLzg/AO2Xam5J+jS3zh+sT84JMeX0NYkfdS7acR/epwIx1r4tLmHSG6O0ECKtJVn
cF6R9Ayt5tIE3SVFXVuqIB1tcDOnEZ0ZhXAP3r35bFjR0Pb9M/GWBECXUpBlsS/6
JUbN9axFmmwUZhHuXbOcnf5+m5IPjQ5tHaWIQ4L1bz4ZcOD6iKlF7gCYVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNeKYnaOqNMKn6JoF0fKbnMNYD81MB8GA1UdIwQY
MBaAFHFbiFw7MC/VDmwiZHoz3Edyf+qVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYt
MmE5MjMzM2Y5ZGY2LzEvMTRwaWRvNm8wd3Fmb21nWFI4cHVjdzFnUHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYtMmE5MjMzM2Y5ZGY2
LzEvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT4VMA0G
CSqGSIb3DQEBCwUAA4IBAQALCjuse6u8cdwydYWJdTeetFJyri72VhEchcODbxxZ
hBMPYenFHmIqpkTk/CLzE8iZFeIW+/KZgPfRLSYVnH6mrTfGAG88G8eL6rTn7ZQC
y17KKQ9KrO0TJIgqfWqKyK5Mx0m1hW/OQWGwY0izmVWKTyd0TlaLZnmWVfjhnGWL
KujKnFKNsJZi7NnwkfXr4sBLSC1xgRybhqac6w6mJ6ITXCqd+SoPJPkxWXGu69jz
FQGR877/iaLMdcY4JAw64iE/AXMOwV239Jjm+twKxt5YVSHNRyvEcT/PxnamHsUv
opNdNsSaIZWD1d5mu238VpvYrXK2RcEoLmoffyILKUi6
-----END CERTIFICATE-----