Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/sq5AEY7QJIys2vGMgSgXE7FeRjY.roa
File:                     sq5AEY7QJIys2vGMgSgXE7FeRjY.roa (raw, json)
Hash identifier:          aCGTeZMaEctcz9l1gB+wzw0eDWMxaeU9DQux69bQvFE=
Subject key identifier:   B2:AE:40:11:8E:D0:24:8C:AC:DA:F1:8C:81:28:17:13:B1:5E:46:36
Certificate issuer:       /CN=5259e000c991f78f243fde5980cd5cef649409e6
Certificate serial:       01941F8CA660444516F8D2A8A5E07D272630
Authority key identifier: 52:59:E0:00:C9:91:F7:8F:24:3F:DE:59:80:CD:5C:EF:64:94:09:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UlngAMmR948kP95ZgM1c72SUCeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/sq5AEY7QJIys2vGMgSgXE7FeRjY.roa
Signing time:             Wed 01 Jan 2025 01:48:18 +0000
ROA not before:           Wed 01 Jan 2025 01:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34549
IP address blocks:        87.239.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/UlngAMmR948kP95ZgM1c72SUCeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/UlngAMmR948kP95ZgM1c72SUCeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UlngAMmR948kP95ZgM1c72SUCeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a6:60:44:45:16:f8:d2:a8:a5:e0:7d:27:26:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5259e000c991f78f243fde5980cd5cef649409e6
        Validity
            Not Before: Jan  1 01:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2ae40118ed0248cacdaf18c81281713b15e4636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:91:1e:a5:c0:e6:50:03:05:90:ce:68:61:d3:
                    a8:cc:1f:0e:23:ff:18:a9:dd:7e:1f:f6:34:60:f5:
                    79:fd:c8:4b:64:ac:19:c9:e4:db:fc:ff:7a:dc:c2:
                    58:89:a8:a3:e7:aa:a3:ad:93:43:a3:2f:39:1b:93:
                    c8:57:79:bf:97:bd:d6:93:b2:35:70:22:ef:af:19:
                    53:41:13:82:7b:f1:62:a7:10:a0:21:37:c5:59:ac:
                    85:a0:41:4f:48:02:1e:4b:73:68:56:0f:76:d1:a4:
                    12:32:1e:02:b6:21:1d:1b:0a:9b:54:3c:ee:86:35:
                    a5:0b:23:66:0c:b8:02:24:ae:57:4f:e9:d5:26:87:
                    e0:d2:39:94:de:ba:86:23:a7:b8:5e:30:a8:18:16:
                    51:4b:f6:5d:c4:0c:77:4a:e9:7f:88:1b:bd:3b:14:
                    90:6d:7a:e2:6c:bf:37:bb:67:65:44:3a:a9:98:85:
                    28:9e:5d:fb:4d:e2:dc:a3:92:9d:03:3b:df:f7:6a:
                    54:89:7f:3a:ba:84:b7:49:30:e8:e5:46:f1:e5:e7:
                    c4:7c:a6:ea:04:90:6d:f8:2f:4b:90:9d:b2:26:06:
                    6f:05:37:3c:27:81:86:77:87:7f:15:07:eb:1c:fd:
                    c3:cd:c3:0a:b3:05:be:3a:df:5b:cb:6c:5c:03:a5:
                    fa:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:AE:40:11:8E:D0:24:8C:AC:DA:F1:8C:81:28:17:13:B1:5E:46:36
            X509v3 Authority Key Identifier:
                keyid:52:59:E0:00:C9:91:F7:8F:24:3F:DE:59:80:CD:5C:EF:64:94:09:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UlngAMmR948kP95ZgM1c72SUCeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/sq5AEY7QJIys2vGMgSgXE7FeRjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/UlngAMmR948kP95ZgM1c72SUCeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:34:70:6c:14:6d:84:cc:30:bb:00:a4:4f:77:46:97:a0:05:
         54:5c:d5:c4:6a:73:b0:a3:30:b8:19:37:bd:1f:78:18:bf:71:
         61:62:c0:2d:66:8f:0c:75:ce:1e:10:a2:55:2d:5c:5d:81:8c:
         61:27:09:36:de:8e:02:c8:8d:33:b4:a9:ce:66:1a:c5:1f:3f:
         23:b5:2f:42:7c:86:b3:0b:3c:ef:5f:a0:ad:f6:aa:b9:c6:8b:
         b6:35:03:18:53:f3:28:83:28:55:1f:48:e4:9f:57:6f:a7:19:
         01:0e:0a:f7:d1:bb:81:be:a6:5b:df:76:0e:d0:63:1e:21:bd:
         19:1e:2b:f8:ab:0d:e2:c3:2f:fd:e6:ce:b2:77:72:47:bb:d7:
         95:7b:9d:99:c7:7b:20:c6:2f:f9:f2:73:53:27:30:a0:77:63:
         92:b7:07:fd:c0:51:ce:cf:66:a2:48:74:02:dd:70:76:c1:bb:
         72:b4:aa:f4:2e:6e:88:b9:3d:9d:5e:85:f1:e2:91:8a:f4:e2:
         a6:26:0e:b3:55:f7:c8:f1:c6:51:64:58:ce:66:30:9a:5e:fd:
         e4:ed:bf:08:38:fe:23:e8:ce:3b:0d:54:f5:97:ed:48:10:89:
         67:db:21:57:29:bc:dc:1e:9d:1b:9f:e9:58:5b:3b:d9:b3:bf:
         8a:4e:69:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjKZgREUW+NKopeB9JyYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNTllMDAwYzk5MWY3OGYyNDNmZGU1OTgwY2Q1Y2VmNjQ5
NDA5ZTYwHhcNMjUwMTAxMDE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmFlNDAxMThlZDAyNDhjYWNkYWYxOGM4MTI4MTcxM2IxNWU0NjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZEepcDmUAMFkM5oYdOozB8OI/8Y
qd1+H/Y0YPV5/chLZKwZyeTb/P963MJYiaij56qjrZNDoy85G5PIV3m/l73Wk7I1
cCLvrxlTQROCe/FipxCgITfFWayFoEFPSAIeS3NoVg920aQSMh4CtiEdGwqbVDzu
hjWlCyNmDLgCJK5XT+nVJofg0jmU3rqGI6e4XjCoGBZRS/ZdxAx3Sul/iBu9OxSQ
bXribL83u2dlRDqpmIUonl37TeLco5KdAzvf92pUiX86uoS3STDo5Ubx5efEfKbq
BJBt+C9LkJ2yJgZvBTc8J4GGd4d/FQfrHP3DzcMKswW+Ot9by2xcA6X6swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKuQBGO0CSMrNrxjIEoFxOxXkY2MB8GA1UdIwQY
MBaAFFJZ4ADJkfePJD/eWYDNXO9klAnmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWxuZ0FNbVI5NDhrUDk1WmdNMWM3MlNVQ2VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9lZjk4ZTQtMDFlNS00Yjg4LWJiZjEt
MDQ4M2QxYzAxYjI1LzEvc3E1QUVZN1FKSXlzMnZHTWdTZ1hFN0ZlUmpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9lZjk4ZTQtMDFlNS00Yjg4LWJiZjEtMDQ4M2QxYzAxYjI1
LzEvVWxuZ0FNbVI5NDhrUDk1WmdNMWM3MlNVQ2VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV++PMA0G
CSqGSIb3DQEBCwUAA4IBAQB0NHBsFG2EzDC7AKRPd0aXoAVUXNXEanOwozC4GTe9
H3gYv3FhYsAtZo8Mdc4eEKJVLVxdgYxhJwk23o4CyI0ztKnOZhrFHz8jtS9CfIaz
CzzvX6Ct9qq5xou2NQMYU/MogyhVH0jkn1dvpxkBDgr30buBvqZb33YO0GMeIb0Z
Hiv4qw3iwy/95s6yd3JHu9eVe52Zx3sgxi/58nNTJzCgd2OStwf9wFHOz2aiSHQC
3XB2wbtytKr0Lm6IuT2dXoXx4pGK9OKmJg6zVffI8cZRZFjOZjCaXv3k7b8IOP4j
6M47DVT1l+1IEIln2yFXKbzcHp0bn+lYWzvZs7+KTmkV
-----END CERTIFICATE-----