Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/3WjmScxyPShGMsEmfTcZS4RZUd0.roa
File:                     3WjmScxyPShGMsEmfTcZS4RZUd0.roa (raw, json)
Hash identifier:          5cWtsZDvpUp+XvqnrWOkzcAs96EsLhbvVP+8UGNRG5Q=
Subject key identifier:   DD:68:E6:49:CC:72:3D:28:46:32:C1:26:7D:37:19:4B:84:59:51:DD
Certificate issuer:       /CN=274d91cfa0a6db9bfd9154a441858e00e38bdbd6
Certificate serial:       01941F8C8A79E2CDA6C671BF67CA7D6B97DC
Authority key identifier: 27:4D:91:CF:A0:A6:DB:9B:FD:91:54:A4:41:85:8E:00:E3:8B:DB:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J02Rz6Cm25v9kVSkQYWOAOOL29Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/3WjmScxyPShGMsEmfTcZS4RZUd0.roa
Signing time:             Wed 01 Jan 2025 01:48:11 +0000
ROA not before:           Wed 01 Jan 2025 01:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        5.181.212.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/J02Rz6Cm25v9kVSkQYWOAOOL29Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/J02Rz6Cm25v9kVSkQYWOAOOL29Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J02Rz6Cm25v9kVSkQYWOAOOL29Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:8a:79:e2:cd:a6:c6:71:bf:67:ca:7d:6b:97:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=274d91cfa0a6db9bfd9154a441858e00e38bdbd6
        Validity
            Not Before: Jan  1 01:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd68e649cc723d284632c1267d37194b845951dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:34:22:46:2e:dc:87:8e:b4:72:61:be:8b:cd:
                    e1:82:7b:2e:c8:0c:95:4b:a2:4c:80:0a:6f:f8:40:
                    65:ba:26:0f:f3:c7:79:dd:72:d9:87:9f:6a:47:27:
                    da:b0:41:de:e0:08:45:69:04:f8:ac:f9:09:9b:68:
                    e5:78:a1:de:c0:e5:5f:90:71:a3:80:30:06:0b:93:
                    91:6c:fe:24:b4:91:97:59:00:e8:fc:00:fd:3f:3d:
                    6d:70:9c:d2:b7:f5:cc:60:fb:45:e0:15:07:38:fa:
                    6f:ec:f4:da:09:32:63:e6:bb:45:91:a6:5a:4c:0d:
                    83:6f:fa:d8:0e:de:03:a0:df:0a:9c:1a:6f:3d:b9:
                    03:7a:fd:51:60:bc:83:ae:53:7f:79:33:19:2a:48:
                    16:42:f0:a8:93:29:17:b8:a1:00:05:76:9b:a1:2b:
                    43:33:d3:00:f6:ee:b4:cf:25:ea:67:ac:35:59:7f:
                    0f:ea:f4:a1:77:90:3d:7c:7f:42:5a:f2:37:7f:1d:
                    e4:78:2d:62:58:fd:6c:dd:65:00:8f:67:08:8b:0f:
                    e5:33:02:37:bf:72:24:ba:be:62:b8:d2:bc:39:58:
                    04:67:5d:b9:bd:cd:c5:6d:80:39:2b:2c:4b:95:d1:
                    91:0d:8b:a5:90:8a:35:74:6f:74:0b:b5:40:45:f9:
                    0e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:68:E6:49:CC:72:3D:28:46:32:C1:26:7D:37:19:4B:84:59:51:DD
            X509v3 Authority Key Identifier:
                keyid:27:4D:91:CF:A0:A6:DB:9B:FD:91:54:A4:41:85:8E:00:E3:8B:DB:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J02Rz6Cm25v9kVSkQYWOAOOL29Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/3WjmScxyPShGMsEmfTcZS4RZUd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/J02Rz6Cm25v9kVSkQYWOAOOL29Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:6c:84:b9:c8:53:30:03:29:aa:7f:ef:f2:46:44:2f:14:59:
         15:df:50:83:59:10:a9:1b:b7:05:3f:8e:bf:4d:a1:ee:f7:38:
         b8:2e:fb:37:8e:81:fb:c3:7a:42:66:62:c5:0a:52:50:fa:9e:
         87:07:94:64:ff:3e:4f:86:e3:4b:1c:72:78:95:e9:25:49:5a:
         54:ff:03:73:47:fa:ce:9f:8f:fa:81:9a:72:fb:f2:19:eb:f4:
         b4:4b:2d:05:06:61:f9:cf:c7:7e:94:bc:f2:eb:0a:bd:cd:9f:
         ba:92:c5:21:47:71:57:95:22:cf:9f:ca:d0:2f:ed:0e:fd:94:
         16:2d:d3:6c:bc:c0:32:1f:f4:11:d7:78:57:a7:31:f6:af:0e:
         3b:f7:8e:77:dc:47:43:46:1c:12:d1:c5:8b:23:36:4b:99:7c:
         01:25:92:90:2e:55:09:ea:d1:0c:73:38:16:d5:0d:ad:32:70:
         d4:26:81:db:d3:b9:1b:98:fe:b7:10:50:84:5d:e9:c6:17:d6:
         01:2f:04:cf:1d:9e:4e:a6:45:9e:8f:f6:1b:da:a8:ec:ed:56:
         98:b0:1e:6f:04:40:c7:78:f3:94:2d:2e:d8:63:49:c8:70:21:
         e6:4b:05:02:11:ed:1d:02:09:8f:2d:38:69:5e:ab:42:b6:59:
         31:3a:49:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjIp54s2mxnG/Z8p9a5fcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NGQ5MWNmYTBhNmRiOWJmZDkxNTRhNDQxODU4ZTAwZTM4
YmRiZDYwHhcNMjUwMTAxMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY4ZTY0OWNjNzIzZDI4NDYzMmMxMjY3ZDM3MTk0Yjg0NTk1MWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDQiRi7ch460cmG+i83hgnsuyAyV
S6JMgApv+EBluiYP88d53XLZh59qRyfasEHe4AhFaQT4rPkJm2jleKHewOVfkHGj
gDAGC5ORbP4ktJGXWQDo/AD9Pz1tcJzSt/XMYPtF4BUHOPpv7PTaCTJj5rtFkaZa
TA2Db/rYDt4DoN8KnBpvPbkDev1RYLyDrlN/eTMZKkgWQvCokykXuKEABXaboStD
M9MA9u60zyXqZ6w1WX8P6vShd5A9fH9CWvI3fx3keC1iWP1s3WUAj2cIiw/lMwI3
v3Ikur5iuNK8OVgEZ125vc3FbYA5KyxLldGRDYulkIo1dG90C7VARfkOGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1o5knMcj0oRjLBJn03GUuEWVHdMB8GA1UdIwQY
MBaAFCdNkc+gptub/ZFUpEGFjgDji9vWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjAyUno2Q20yNXY5a1ZTa1FZV09BT09MMjlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jNTFkNTgtZTM0OS00MjMxLTg2NGYt
OTc4MjM0YzNiYjcwLzEvM1dqbVNjeHlQU2hHTXNFbWZUY1pTNFJaVWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jNTFkNTgtZTM0OS00MjMxLTg2NGYtOTc4MjM0YzNiYjcw
LzEvSjAyUno2Q20yNXY5a1ZTa1FZV09BT09MMjlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbXUMA0G
CSqGSIb3DQEBCwUAA4IBAQAlbIS5yFMwAymqf+/yRkQvFFkV31CDWRCpG7cFP46/
TaHu9zi4Lvs3joH7w3pCZmLFClJQ+p6HB5Rk/z5PhuNLHHJ4leklSVpU/wNzR/rO
n4/6gZpy+/IZ6/S0Sy0FBmH5z8d+lLzy6wq9zZ+6ksUhR3FXlSLPn8rQL+0O/ZQW
LdNsvMAyH/QR13hXpzH2rw4794533EdDRhwS0cWLIzZLmXwBJZKQLlUJ6tEMczgW
1Q2tMnDUJoHb07kbmP63EFCEXenGF9YBLwTPHZ5OpkWej/Yb2qjs7VaYsB5vBEDH
ePOULS7YY0nIcCHmSwUCEe0dAgmPLThpXqtCtlkxOknJ
-----END CERTIFICATE-----