Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Xr9pef6wt6oZMj86bb13WyfgjzU.roa
File:                     Xr9pef6wt6oZMj86bb13WyfgjzU.roa (raw, json)
Hash identifier:          hxedRL6/r15pw12lUSQwQ/PVriArCwJCc90hVD0tU2Y=
Subject key identifier:   5E:BF:69:79:FE:B0:B7:AA:19:32:3F:3A:6D:BD:77:5B:27:E0:8F:35
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       01942143D1AB096509328E31A7805C68124F
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Xr9pef6wt6oZMj86bb13WyfgjzU.roa
Signing time:             Wed 01 Jan 2025 09:48:00 +0000
ROA not before:           Wed 01 Jan 2025 09:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200252
IP address blocks:        5.160.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d1:ab:09:65:09:32:8e:31:a7:80:5c:68:12:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: Jan  1 09:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ebf6979feb0b7aa19323f3a6dbd775b27e08f35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:bf:89:0b:00:2d:12:e0:f8:6f:b3:58:cb:e5:
                    7b:02:24:db:8d:46:85:82:8c:30:be:b5:6f:3c:bd:
                    9d:4c:05:4e:49:27:9f:1e:de:40:97:23:c4:e6:42:
                    9d:63:cd:8c:a9:74:c9:4c:ca:aa:30:a4:82:b2:6d:
                    22:93:40:40:ae:80:0a:19:85:99:85:6b:8f:eb:eb:
                    7d:52:d4:bb:18:8f:09:c1:05:6b:8e:72:ca:fb:e8:
                    f6:9e:b5:97:f0:03:5b:de:2c:35:95:56:33:18:eb:
                    2a:f6:a2:ef:f1:83:88:ec:7d:80:12:16:0c:6e:f3:
                    06:95:66:c4:60:d1:f3:21:50:44:1c:fe:a3:a5:f7:
                    68:c2:e0:fb:a3:1e:f6:5d:ce:aa:87:e3:2a:90:c3:
                    82:10:5f:3e:94:68:50:6d:a0:dc:ae:d6:7b:f3:06:
                    ca:7c:42:f4:c0:96:42:e8:84:66:69:ec:e8:68:d2:
                    8d:9b:fc:66:fe:25:a9:a4:fb:c9:f5:59:19:a0:f0:
                    ea:86:4b:65:b2:94:d0:ab:b8:55:f1:36:16:c2:59:
                    2a:79:e3:d9:b2:ff:9e:93:6f:de:b2:ca:c0:ec:c5:
                    27:b4:5b:90:b1:35:77:67:62:4b:ab:dc:4a:04:c3:
                    95:a5:aa:a0:b1:6f:36:aa:06:8d:f3:db:d0:bd:b6:
                    4d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:BF:69:79:FE:B0:B7:AA:19:32:3F:3A:6D:BD:77:5B:27:E0:8F:35
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Xr9pef6wt6oZMj86bb13WyfgjzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:cf:5b:4a:25:4c:bc:ae:70:16:96:06:77:39:9a:d4:74:09:
         67:d6:e5:31:9e:e7:15:9b:9b:ce:d3:d2:70:16:5a:ce:c4:5f:
         1b:28:a5:00:d6:3e:34:6b:aa:4b:e6:c3:9e:52:e0:d7:d6:fd:
         e7:8f:ab:76:bb:76:ac:5e:d6:13:05:a8:68:76:5d:a6:45:db:
         bc:63:cc:89:64:04:94:e5:a6:17:60:8a:2a:eb:18:5e:d9:1d:
         4c:31:63:93:b3:3d:b5:38:31:0c:8a:62:54:e3:09:ec:8c:ea:
         e9:f9:d2:9d:22:81:ac:a5:22:02:33:db:89:04:3a:66:bd:df:
         11:33:d4:d6:c8:1a:34:14:bd:44:c7:99:f1:93:d5:09:1e:ee:
         c7:7e:89:90:24:37:f1:6b:fd:d1:aa:83:59:45:cb:17:bd:72:
         19:c7:81:24:00:e9:3a:ad:80:9f:22:16:e1:0e:8e:d7:42:26:
         8a:07:62:b9:98:99:db:8a:53:a1:bf:06:2d:1f:f4:89:c1:37:
         fb:b3:2a:3d:b9:57:e2:b0:49:12:1d:5a:dd:a6:02:fa:cc:80:
         52:24:f7:32:2e:2a:6d:a8:61:52:8c:f7:b2:20:bf:5f:85:84:
         99:82:42:94:22:da:9a:e5:61:6f:c8:bf:5b:74:04:2d:7a:ed:
         e8:b2:73:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9GrCWUJMo4xp4BcaBJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjUwMTAxMDk0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWJmNjk3OWZlYjBiN2FhMTkzMjNmM2E2ZGJkNzc1YjI3ZTA4ZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArL+JCwAtEuD4b7NYy+V7AiTbjUaF
gowwvrVvPL2dTAVOSSefHt5AlyPE5kKdY82MqXTJTMqqMKSCsm0ik0BAroAKGYWZ
hWuP6+t9UtS7GI8JwQVrjnLK++j2nrWX8ANb3iw1lVYzGOsq9qLv8YOI7H2AEhYM
bvMGlWbEYNHzIVBEHP6jpfdowuD7ox72Xc6qh+MqkMOCEF8+lGhQbaDcrtZ78wbK
fEL0wJZC6IRmaezoaNKNm/xm/iWppPvJ9VkZoPDqhktlspTQq7hV8TYWwlkqeePZ
sv+ek2/essrA7MUntFuQsTV3Z2JLq9xKBMOVpaqgsW82qgaN89vQvbZNZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6/aXn+sLeqGTI/Om29d1sn4I81MB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvWHI5cGVmNnd0Nm9aTWo4NmJiMTNXeWZnanpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaB1MA0G
CSqGSIb3DQEBCwUAA4IBAQBcz1tKJUy8rnAWlgZ3OZrUdAln1uUxnucVm5vO09Jw
FlrOxF8bKKUA1j40a6pL5sOeUuDX1v3nj6t2u3asXtYTBahodl2mRdu8Y8yJZASU
5aYXYIoq6xhe2R1MMWOTsz21ODEMimJU4wnsjOrp+dKdIoGspSICM9uJBDpmvd8R
M9TWyBo0FL1Ex5nxk9UJHu7HfomQJDfxa/3RqoNZRcsXvXIZx4EkAOk6rYCfIhbh
Do7XQiaKB2K5mJnbilOhvwYtH/SJwTf7syo9uVfisEkSHVrdpgL6zIBSJPcyLipt
qGFSjPeyIL9fhYSZgkKUItqa5WFvyL9bdAQteu3osnO5
-----END CERTIFICATE-----