Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/2etIb7Rnc-HqeeBf3zVt1jLWUNA.roa
File:                     2etIb7Rnc-HqeeBf3zVt1jLWUNA.roa (raw, json)
Hash identifier:          OC17SOEObLk3HsIqjo4SamQfndEYttT241yoTEhMhMM=
Subject key identifier:   D9:EB:48:6F:B4:67:73:E1:EA:79:E0:5F:DF:35:6D:D6:32:D6:50:D0
Certificate issuer:       /CN=715b885c3b302fd50e6c22647a33dc47727fea95
Certificate serial:       0194221FAE72C369DE01C247C391F77A261E
Authority key identifier: 71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/2etIb7Rnc-HqeeBf3zVt1jLWUNA.roa
Signing time:             Wed 01 Jan 2025 13:48:08 +0000
ROA not before:           Wed 01 Jan 2025 13:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206334
IP address blocks:        5.62.52.0/24 maxlen: 24
                          5.62.53.0/24 maxlen: 24
                          5.62.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ae:72:c3:69:de:01:c2:47:c3:91:f7:7a:26:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=715b885c3b302fd50e6c22647a33dc47727fea95
        Validity
            Not Before: Jan  1 13:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9eb486fb46773e1ea79e05fdf356dd632d650d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:dd:0e:7f:0f:7b:d6:e7:c7:cf:18:56:eb:dc:
                    84:1e:35:eb:6f:4d:c3:0e:32:9b:69:d1:c1:3b:1c:
                    ef:7e:3a:4a:26:cd:fd:63:18:95:e9:d8:d5:2f:b4:
                    f9:9a:96:2f:e4:9f:77:23:82:b2:2f:df:5f:31:b6:
                    0e:5a:94:4f:5e:95:10:2c:2b:ad:a5:7f:05:d3:bb:
                    fd:22:60:08:b8:21:58:35:19:a4:f3:c0:5e:8d:20:
                    99:2f:0a:2b:aa:8b:46:62:8f:bf:20:14:2d:1f:98:
                    09:02:07:a4:a1:c5:41:27:4f:c9:d0:25:98:75:1f:
                    34:a8:57:13:05:f1:27:34:06:84:44:bc:2f:eb:74:
                    7c:e6:fe:b0:dd:5c:c2:f3:f7:00:93:6c:71:b6:66:
                    b0:db:60:5a:a6:a3:fe:34:94:38:24:39:8a:de:8c:
                    09:98:fa:6d:98:86:ec:3e:b6:85:19:5c:ca:09:98:
                    c5:3a:b1:53:39:a6:26:3b:f0:b5:20:41:09:1f:28:
                    34:f8:1b:04:bd:d5:ef:20:8c:2e:dc:d0:41:b7:6a:
                    84:db:cb:db:7a:a5:ea:6a:31:6f:dc:6d:23:64:06:
                    0c:4b:7c:34:5f:91:d2:4e:1c:1e:42:de:a8:4f:98:
                    15:9f:e2:5b:47:39:f4:db:ab:48:b0:4d:7f:57:5f:
                    1b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:EB:48:6F:B4:67:73:E1:EA:79:E0:5F:DF:35:6D:D6:32:D6:50:D0
            X509v3 Authority Key Identifier:
                keyid:71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/2etIb7Rnc-HqeeBf3zVt1jLWUNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.52.0-5.62.54.255

    Signature Algorithm: sha256WithRSAEncryption
         73:f6:2d:41:5f:11:d1:38:ef:be:87:46:4b:ee:65:dd:d0:da:
         f2:05:56:f8:fa:1e:71:b4:0e:61:24:de:09:25:f2:02:5a:dc:
         20:db:41:09:52:39:e6:8c:f8:b3:3d:e8:44:6d:c1:c8:42:5c:
         de:dd:18:00:cb:6c:6c:67:8f:3d:e5:c4:32:67:e4:64:1d:87:
         48:52:f8:da:92:3e:7c:7e:d6:07:f7:e1:be:8a:fe:db:88:97:
         1d:a6:e6:5f:2b:93:63:f2:be:d8:df:bc:07:38:a3:de:13:0b:
         ec:85:10:02:88:9b:8f:09:fa:64:77:46:e8:50:06:94:83:84:
         9e:35:0e:2c:9b:cd:08:0d:0c:29:a4:07:2a:3e:ad:07:22:1f:
         30:ee:2d:ad:e8:5d:07:0a:cc:c4:9e:0d:cc:ea:1e:f9:43:34:
         a6:55:c8:ef:79:ea:39:71:d9:c2:af:39:17:ab:f1:27:07:4b:
         0a:99:13:06:21:b1:6f:e6:d0:9a:37:68:35:f3:33:58:78:da:
         0a:24:3c:09:81:0a:7d:67:e1:16:c0:21:f7:05:5d:1f:39:db:
         18:36:ea:00:65:b9:dd:f0:df:6b:03:34:d6:57:e6:1e:d3:84:
         84:a1:45:eb:90:c6:75:54:4a:f8:15:e7:57:bb:d5:d1:bf:ab:
         89:51:a8:c5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQiH65yw2neAcJHw5H3eiYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNWI4ODVjM2IzMDJmZDUwZTZjMjI2NDdhMzNkYzQ3NzI3
ZmVhOTUwHhcNMjUwMTAxMTM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWViNDg2ZmI0Njc3M2UxZWE3OWUwNWZkZjM1NmRkNjMyZDY1MGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkN0Ofw971ufHzxhW69yEHjXrb03D
DjKbadHBOxzvfjpKJs39YxiV6djVL7T5mpYv5J93I4KyL99fMbYOWpRPXpUQLCut
pX8F07v9ImAIuCFYNRmk88BejSCZLworqotGYo+/IBQtH5gJAgekocVBJ0/J0CWY
dR80qFcTBfEnNAaERLwv63R85v6w3VzC8/cAk2xxtmaw22BapqP+NJQ4JDmK3owJ
mPptmIbsPraFGVzKCZjFOrFTOaYmO/C1IEEJHyg0+BsEvdXvIIwu3NBBt2qE28vb
eqXqajFv3G0jZAYMS3w0X5HSThweQt6oT5gVn+JbRzn026tIsE1/V18bNwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNnrSG+0Z3Ph6nngX981bdYy1lDQMB8GA1UdIwQY
MBaAFHFbiFw7MC/VDmwiZHoz3Edyf+qVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYt
MmE5MjMzM2Y5ZGY2LzEvMmV0SWI3Um5jLUhxZWVCZjN6VnQxakxXVU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYtMmE5MjMzM2Y5ZGY2
LzEvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAIFPjQD
BAAFPjYwDQYJKoZIhvcNAQELBQADggEBAHP2LUFfEdE4776HRkvuZd3Q2vIFVvj6
HnG0DmEk3gkl8gJa3CDbQQlSOeaM+LM96ERtwchCXN7dGADLbGxnjz3lxDJn5GQd
h0hS+NqSPnx+1gf34b6K/tuIlx2m5l8rk2PyvtjfvAc4o94TC+yFEAKIm48J+mR3
RuhQBpSDhJ41DiybzQgNDCmkByo+rQciHzDuLa3oXQcKzMSeDczqHvlDNKZVyO95
6jlx2cKvORer8ScHSwqZEwYhsW/m0Jo3aDXzM1h42gokPAmBCn1n4RbAIfcFXR85
2xg26gBlud3w32sDNNZX5h7ThIShReuQxnVUSvgV51e71dG/q4lRqMU=
-----END CERTIFICATE-----