Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/oi_n1Va3IGPAcBfd-0AP3-FX77M.roa
File:                     oi_n1Va3IGPAcBfd-0AP3-FX77M.roa (raw, json)
Hash identifier:          szdc2nWaBES7VDGsxzr+xrQOccNyUqGV5KOPHZLY5gM=
Subject key identifier:   A2:2F:E7:D5:56:B7:20:63:C0:70:17:DD:FB:40:0F:DF:E1:57:EF:B3
Certificate issuer:       /CN=715b885c3b302fd50e6c22647a33dc47727fea95
Certificate serial:       0194221FACFB7273FE78F294547CE4F6995C
Authority key identifier: 71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/oi_n1Va3IGPAcBfd-0AP3-FX77M.roa
Signing time:             Wed 01 Jan 2025 13:48:08 +0000
ROA not before:           Wed 01 Jan 2025 13:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133480
IP address blocks:        5.62.22.0/24 maxlen: 24
                          5.62.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 22:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ac:fb:72:73:fe:78:f2:94:54:7c:e4:f6:99:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=715b885c3b302fd50e6c22647a33dc47727fea95
        Validity
            Not Before: Jan  1 13:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a22fe7d556b72063c07017ddfb400fdfe157efb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e2:a0:d7:e0:8c:33:fe:aa:06:ab:b7:e8:ac:
                    b8:65:8b:75:ef:7b:93:29:54:be:0b:7f:4e:27:f2:
                    5c:02:2c:d7:32:2c:29:f8:01:2b:e9:45:32:9d:ba:
                    43:e3:80:4d:c3:9c:c2:31:7c:5b:01:89:9d:f8:3e:
                    82:c1:f6:ab:1a:06:83:ff:06:4c:9e:ff:5c:be:cb:
                    d0:33:26:90:d5:40:f4:b8:4b:5b:83:fb:d0:74:bd:
                    07:64:20:d1:cc:16:1d:39:d2:54:45:50:e0:2a:08:
                    58:ca:9b:fe:37:af:0b:f1:d5:c3:b6:e2:45:13:20:
                    47:ce:fc:04:2c:3c:80:f3:fc:77:7d:86:4f:72:38:
                    d1:4a:35:cf:a5:5b:32:4a:8a:43:0b:ec:6a:1a:a1:
                    23:75:b4:84:29:2c:16:97:25:0f:0c:13:a3:2c:65:
                    da:e2:91:0c:43:e6:8a:8d:a5:75:f9:07:a3:5f:3a:
                    b8:de:43:14:94:75:c9:af:6f:62:eb:66:cb:53:7a:
                    f5:6d:f3:af:7a:02:6a:e9:fb:89:17:53:a8:88:1e:
                    2f:ae:36:ca:fd:d7:bb:de:ac:3b:de:5d:de:73:8a:
                    2f:04:00:0d:62:aa:fd:3b:07:81:85:75:f9:6b:41:
                    20:f7:82:41:a2:7f:20:8e:e2:fb:74:53:5a:c2:9d:
                    5d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:2F:E7:D5:56:B7:20:63:C0:70:17:DD:FB:40:0F:DF:E1:57:EF:B3
            X509v3 Authority Key Identifier:
                keyid:71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/oi_n1Va3IGPAcBfd-0AP3-FX77M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:ef:bd:6c:a8:6d:58:c3:31:12:9b:30:7e:a2:6e:81:b6:74:
         88:c6:62:f5:d4:ca:d7:0b:f0:c5:90:0e:84:21:70:bd:44:ed:
         5c:9a:31:81:42:5e:98:2c:c8:d2:a6:d2:2b:02:de:ab:cd:40:
         09:b5:29:f0:b1:55:08:45:cb:92:6f:06:af:56:41:b2:51:2e:
         ed:65:d3:ac:c8:b9:96:5a:4b:62:c6:80:fd:40:85:b2:b9:3e:
         74:6f:bf:dd:99:c1:95:1f:93:03:34:d4:29:39:37:cf:30:23:
         a4:28:05:5f:ee:1f:62:f5:b6:28:52:df:85:da:d1:69:c9:25:
         79:77:79:4d:8d:e0:ce:eb:3a:cc:fb:05:cb:b3:f1:ed:cf:cc:
         a8:40:bd:a2:eb:b3:3c:05:c2:3c:fe:52:03:1f:41:7c:01:a9:
         20:ac:e6:58:b1:3b:44:72:7c:74:27:9d:68:1a:c9:59:94:7e:
         d9:0d:9e:9b:2c:d6:56:1d:44:a9:8f:be:17:de:bd:e6:0a:84:
         48:3a:46:80:e2:2d:54:23:29:38:b3:34:7e:fd:16:1b:91:49:
         1f:a0:37:9c:4d:93:ad:5d:d0:a2:b1:3a:2d:3c:4b:64:0a:4a:
         1f:16:fa:3e:6d:af:8b:ad:64:2e:2f:43:fe:44:3b:8f:24:6b:
         44:47:63:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6z7cnP+ePKUVHzk9plcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNWI4ODVjM2IzMDJmZDUwZTZjMjI2NDdhMzNkYzQ3NzI3
ZmVhOTUwHhcNMjUwMTAxMTM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjJmZTdkNTU2YjcyMDYzYzA3MDE3ZGRmYjQwMGZkZmUxNTdlZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OKg1+CMM/6qBqu36Ky4ZYt173uT
KVS+C39OJ/JcAizXMiwp+AEr6UUynbpD44BNw5zCMXxbAYmd+D6CwfarGgaD/wZM
nv9cvsvQMyaQ1UD0uEtbg/vQdL0HZCDRzBYdOdJURVDgKghYypv+N68L8dXDtuJF
EyBHzvwELDyA8/x3fYZPcjjRSjXPpVsySopDC+xqGqEjdbSEKSwWlyUPDBOjLGXa
4pEMQ+aKjaV1+QejXzq43kMUlHXJr29i62bLU3r1bfOvegJq6fuJF1OoiB4vrjbK
/de73qw73l3ec4ovBAANYqr9OweBhXX5a0Eg94JBon8gjuL7dFNawp1dHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIv59VWtyBjwHAX3ftAD9/hV++zMB8GA1UdIwQY
MBaAFHFbiFw7MC/VDmwiZHoz3Edyf+qVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYt
MmE5MjMzM2Y5ZGY2LzEvb2lfbjFWYTNJR1BBY0JmZC0wQVAzLUZYNzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYtMmE5MjMzM2Y5ZGY2
LzEvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBT4WMA0G
CSqGSIb3DQEBCwUAA4IBAQA5771sqG1YwzESmzB+om6BtnSIxmL11MrXC/DFkA6E
IXC9RO1cmjGBQl6YLMjSptIrAt6rzUAJtSnwsVUIRcuSbwavVkGyUS7tZdOsyLmW
WktixoD9QIWyuT50b7/dmcGVH5MDNNQpOTfPMCOkKAVf7h9i9bYoUt+F2tFpySV5
d3lNjeDO6zrM+wXLs/Htz8yoQL2i67M8BcI8/lIDH0F8AakgrOZYsTtEcnx0J51o
GslZlH7ZDZ6bLNZWHUSpj74X3r3mCoRIOkaA4i1UIyk4szR+/RYbkUkfoDecTZOt
XdCisTotPEtkCkofFvo+ba+LrWQuL0P+RDuPJGtER2Ng
-----END CERTIFICATE-----