Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/5HqASf1cVS2Sg1t9mJUP8nDaNwY.roa
File:                     5HqASf1cVS2Sg1t9mJUP8nDaNwY.roa (raw, json)
Hash identifier:          xqV+ryG3h1+U00j562da6IRP6JDC0K+F5snkZ2co3rw=
Subject key identifier:   E4:7A:80:49:FD:5C:55:2D:92:83:5B:7D:98:95:0F:F2:70:DA:37:06
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC7276A997F18AAAA4070CC2F058FF8FE
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/5HqASf1cVS2Sg1t9mJUP8nDaNwY.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201253
IP address blocks:        217.153.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6a:99:7f:18:aa:aa:40:70:cc:2f:05:8f:f8:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e47a8049fd5c552d92835b7d98950ff270da3706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:53:cc:66:5b:99:28:de:09:d0:e3:46:4f:de:
                    84:6d:87:a6:86:86:cc:88:16:76:9e:9f:6c:83:72:
                    01:f4:ff:09:ef:ca:54:d5:d3:16:67:af:a3:e1:50:
                    11:c6:fb:f4:b4:dd:ad:38:c6:a6:e6:07:3a:6d:d3:
                    5d:df:e8:7f:59:ed:a9:af:41:d2:60:03:2c:42:65:
                    b7:a6:28:78:e4:38:32:94:a6:29:7b:7c:01:55:32:
                    a2:08:6b:00:a8:82:69:e3:9f:6c:74:b8:4a:6a:9f:
                    98:fa:c8:17:fd:13:31:5e:76:5b:41:2c:28:1c:27:
                    0d:0f:10:4c:c6:d3:56:ad:d9:2c:37:f8:73:09:0a:
                    c6:0f:0b:52:80:16:19:33:b3:4b:01:11:00:2d:30:
                    07:da:c1:72:db:2e:27:60:4b:aa:c5:e8:88:a3:f1:
                    b5:86:da:fe:ee:fc:ed:70:39:49:fa:4e:39:f6:13:
                    82:ee:80:9b:da:85:5a:77:fb:aa:69:11:8b:2d:c0:
                    de:16:c5:c8:fc:59:27:b4:f0:06:bf:01:a3:0a:81:
                    1f:e8:d2:3b:54:c5:07:22:07:0a:fc:19:7a:7c:46:
                    0b:a2:72:46:e3:ed:64:49:03:2b:d2:86:13:af:32:
                    14:6b:3e:3c:08:60:fd:4f:84:34:50:9b:4a:0e:ec:
                    41:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:7A:80:49:FD:5C:55:2D:92:83:5B:7D:98:95:0F:F2:70:DA:37:06
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/5HqASf1cVS2Sg1t9mJUP8nDaNwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.153.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:a2:26:08:df:c7:87:08:f6:2d:26:9e:62:12:02:9e:5f:01:
         ca:d6:46:3c:98:b3:e2:50:c9:dd:4f:31:12:5b:47:b0:60:84:
         60:00:5d:7d:0c:ac:52:1d:2d:02:05:b0:16:0b:a0:44:e7:48:
         f4:49:5d:a8:1f:37:79:65:8f:99:b1:89:7e:80:59:50:ed:c4:
         ab:71:bb:a4:85:8d:45:88:4b:49:3c:f4:50:86:af:5f:67:45:
         0a:5a:65:17:cb:c5:8f:96:f6:a0:c6:a5:89:62:ef:ef:bd:40:
         54:2e:44:58:7f:13:91:18:37:82:25:cf:52:7f:55:ac:c8:c7:
         c2:23:5a:c8:a0:e3:1b:7c:10:5f:8f:f4:b1:20:64:12:12:b7:
         89:c1:03:52:57:7c:d0:0d:77:14:48:fb:6f:94:cc:f9:c2:94:
         a7:76:25:ce:de:d4:c5:59:d2:af:99:62:c2:71:17:af:10:7e:
         6a:4f:1c:9d:72:3f:8f:d8:05:61:5a:be:01:a7:35:ed:ae:56:
         79:c2:5f:fc:ac:df:35:99:b4:6f:31:22:2d:04:6d:28:c6:5d:
         51:6d:5c:f0:30:f9:8a:f1:51:42:2c:ba:b1:08:b3:5e:e2:44:
         3d:0d:73:9c:cf:cf:f6:7c:81:10:ae:32:18:fc:fc:f4:67:76:
         47:0b:08:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2qZfxiqqkBwzC8Fj/j+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDdhODA0OWZkNWM1NTJkOTI4MzViN2Q5ODk1MGZmMjcwZGEzNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVPMZluZKN4J0ONGT96EbYemhobM
iBZ2np9sg3IB9P8J78pU1dMWZ6+j4VARxvv0tN2tOMam5gc6bdNd3+h/We2pr0HS
YAMsQmW3pih45DgylKYpe3wBVTKiCGsAqIJp459sdLhKap+Y+sgX/RMxXnZbQSwo
HCcNDxBMxtNWrdksN/hzCQrGDwtSgBYZM7NLAREALTAH2sFy2y4nYEuqxeiIo/G1
htr+7vztcDlJ+k459hOC7oCb2oVad/uqaRGLLcDeFsXI/FkntPAGvwGjCoEf6NI7
VMUHIgcK/Bl6fEYLonJG4+1kSQMr0oYTrzIUaz48CGD9T4Q0UJtKDuxBFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOR6gEn9XFUtkoNbfZiVD/Jw2jcGMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvNUhxQVNmMWNWUzJTZzF0OW1KVVA4bkRhTndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Zl+MA0G
CSqGSIb3DQEBCwUAA4IBAQAzoiYI38eHCPYtJp5iEgKeXwHK1kY8mLPiUMndTzES
W0ewYIRgAF19DKxSHS0CBbAWC6BE50j0SV2oHzd5ZY+ZsYl+gFlQ7cSrcbukhY1F
iEtJPPRQhq9fZ0UKWmUXy8WPlvagxqWJYu/vvUBULkRYfxORGDeCJc9Sf1WsyMfC
I1rIoOMbfBBfj/SxIGQSEreJwQNSV3zQDXcUSPtvlMz5wpSndiXO3tTFWdKvmWLC
cRevEH5qTxydcj+P2AVhWr4BpzXtrlZ5wl/8rN81mbRvMSItBG0oxl1RbVzwMPmK
8VFCLLqxCLNe4kQ9DXOcz8/2fIEQrjIY/Pz0Z3ZHCwgq
-----END CERTIFICATE-----