Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ceb681-05c1-4b17-b778-242e39609fe3/1/bVqzdwgN359vsNGp9yElyAFbNJ8.roa
File:                     bVqzdwgN359vsNGp9yElyAFbNJ8.roa (raw, json)
Hash identifier:          zFBDlgyLJAYJZvieTYNRUVsVC3w0XLVGlWffIogQcYc=
Subject key identifier:   6D:5A:B3:77:08:0D:DF:9F:6F:B0:D1:A9:F7:21:25:C8:01:5B:34:9F
Certificate issuer:       /CN=24f410a4a0e72143884da8443be8296a81a29908
Certificate serial:       018CC801729B8903D99B5BA8B019D2B52FDA
Authority key identifier: 24:F4:10:A4:A0:E7:21:43:88:4D:A8:44:3B:E8:29:6A:81:A2:99:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JPQQpKDnIUOITahEO-gpaoGimQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ceb681-05c1-4b17-b778-242e39609fe3/1/bVqzdwgN359vsNGp9yElyAFbNJ8.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210855
IP address blocks:        5.181.53.0/24 maxlen: 24
                          2a05:5f80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ceb681-05c1-4b17-b778-242e39609fe3/1/JPQQpKDnIUOITahEO-gpaoGimQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ceb681-05c1-4b17-b778-242e39609fe3/1/JPQQpKDnIUOITahEO-gpaoGimQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JPQQpKDnIUOITahEO-gpaoGimQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:72:9b:89:03:d9:9b:5b:a8:b0:19:d2:b5:2f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24f410a4a0e72143884da8443be8296a81a29908
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d5ab377080ddf9f6fb0d1a9f72125c8015b349f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7c:0d:52:14:72:97:1d:99:72:8a:dc:e0:e9:
                    72:ba:ca:0b:47:e3:4b:bf:a0:d2:54:4a:ae:85:b1:
                    3e:23:97:9e:06:c2:32:d2:d0:2e:ad:51:2c:90:5f:
                    d1:b4:93:cd:d6:e9:e3:af:9d:0d:7a:21:54:45:a0:
                    8f:61:4b:4e:e3:5b:35:ef:26:ce:cd:1b:44:57:40:
                    71:fc:bc:26:d9:94:d6:29:07:08:fd:16:d2:a7:c3:
                    5e:3c:42:93:a5:d7:f9:b3:d2:fa:c9:51:2c:fb:fb:
                    6f:ea:fc:d7:d5:b3:43:4e:96:a7:23:d0:03:cb:fb:
                    55:58:f8:29:a5:9a:1b:17:cc:af:61:a9:0f:93:b8:
                    3a:7d:0a:f1:69:ae:3f:52:b1:3f:94:a1:c4:00:29:
                    33:dc:a2:a5:fd:32:d2:0a:f5:8e:df:d0:02:be:73:
                    2c:29:30:01:ee:33:0c:c4:8a:ea:ff:8c:17:f8:1a:
                    83:ae:11:73:09:a4:60:1f:4a:ac:3b:12:c7:f7:27:
                    1b:2d:56:b9:fb:ef:72:3d:4a:9b:83:67:95:ee:48:
                    06:35:cf:32:2b:a4:65:b2:bd:db:63:92:f9:d7:85:
                    d8:32:21:09:e7:76:11:da:89:92:3e:c3:7d:2a:70:
                    eb:d5:91:cc:45:be:ea:5e:9f:20:3e:a9:c5:f3:1a:
                    90:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:5A:B3:77:08:0D:DF:9F:6F:B0:D1:A9:F7:21:25:C8:01:5B:34:9F
            X509v3 Authority Key Identifier:
                keyid:24:F4:10:A4:A0:E7:21:43:88:4D:A8:44:3B:E8:29:6A:81:A2:99:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JPQQpKDnIUOITahEO-gpaoGimQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ceb681-05c1-4b17-b778-242e39609fe3/1/bVqzdwgN359vsNGp9yElyAFbNJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ceb681-05c1-4b17-b778-242e39609fe3/1/JPQQpKDnIUOITahEO-gpaoGimQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.53.0/24
                IPv6:
                  2a05:5f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:1a:3d:c1:a0:71:90:ff:6f:44:5a:39:9d:4a:86:e1:d6:be:
         cb:0c:38:4a:2b:0b:bf:71:fc:2c:44:41:d2:43:d6:40:ea:8d:
         95:a0:bc:8f:e8:15:3e:b5:f1:33:39:dd:97:2e:e9:28:a6:9a:
         a1:57:10:08:91:ac:c8:e3:3d:06:b4:a1:19:da:cc:e4:25:20:
         b6:f7:d5:db:9a:73:08:1a:2a:ba:eb:b9:5b:a0:b8:50:0c:13:
         0a:75:12:4b:37:63:73:5c:67:96:ba:bd:c1:b9:e2:fe:02:7a:
         39:10:42:d7:83:f5:17:e7:44:e7:95:bb:58:2e:09:15:b4:07:
         25:12:c3:13:d9:7d:69:e2:7f:66:84:76:90:7d:ff:02:32:b3:
         3b:0f:86:4c:01:46:7c:9a:5b:51:5f:0b:73:b1:9d:63:84:48:
         5a:52:dc:e3:52:55:8e:19:ad:3b:e4:25:c3:0d:64:03:0c:27:
         97:22:bc:5c:ae:a8:68:96:b0:d5:e8:67:2b:7d:d7:36:7b:00:
         e9:c5:7f:f3:bc:a0:33:d9:fa:95:2d:5d:56:1d:fe:5d:26:60:
         df:2c:6f:94:6e:41:a6:57:f7:90:2d:05:e9:6c:8c:05:31:06:
         15:4a:98:d6:e8:5d:a1:6a:45:da:89:69:9e:1c:11:b7:4a:73:
         88:71:02:5e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAXKbiQPZm1uosBnStS/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZjQxMGE0YTBlNzIxNDM4ODRkYTg0NDNiZTgyOTZhODFh
Mjk5MDgwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDVhYjM3NzA4MGRkZjlmNmZiMGQxYTlmNzIxMjVjODAxNWIzNDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXwNUhRylx2Zcorc4OlyusoLR+NL
v6DSVEquhbE+I5eeBsIy0tAurVEskF/RtJPN1unjr50NeiFURaCPYUtO41s17ybO
zRtEV0Bx/Lwm2ZTWKQcI/RbSp8NePEKTpdf5s9L6yVEs+/tv6vzX1bNDTpanI9AD
y/tVWPgppZobF8yvYakPk7g6fQrxaa4/UrE/lKHEACkz3KKl/TLSCvWO39ACvnMs
KTAB7jMMxIrq/4wX+BqDrhFzCaRgH0qsOxLH9ycbLVa5++9yPUqbg2eV7kgGNc8y
K6Rlsr3bY5L514XYMiEJ53YR2omSPsN9KnDr1ZHMRb7qXp8gPqnF8xqQuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG1as3cIDd+fb7DRqfchJcgBWzSfMB8GA1UdIwQY
MBaAFCT0EKSg5yFDiE2oRDvoKWqBopkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlBRUXBLRG5JVU9JVGFoRU8tZ3Bhb0dpbVFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZWI2ODEtMDVjMS00YjE3LWI3Nzgt
MjQyZTM5NjA5ZmUzLzEvYlZxemR3Z04zNTl2c05HcDl5RWx5QUZiTko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZWI2ODEtMDVjMS00YjE3LWI3NzgtMjQyZTM5NjA5ZmUz
LzEvSlBRUXBLRG5JVU9JVGFoRU8tZ3Bhb0dpbVFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABbU1MA0E
AgACMAcDBQMqBV+AMA0GCSqGSIb3DQEBCwUAA4IBAQCJGj3BoHGQ/29EWjmdSobh
1r7LDDhKKwu/cfwsREHSQ9ZA6o2VoLyP6BU+tfEzOd2XLukoppqhVxAIkazI4z0G
tKEZ2szkJSC299XbmnMIGiq667lboLhQDBMKdRJLN2NzXGeWur3BueL+Ano5EELX
g/UX50TnlbtYLgkVtAclEsMT2X1p4n9mhHaQff8CMrM7D4ZMAUZ8mltRXwtzsZ1j
hEhaUtzjUlWOGa075CXDDWQDDCeXIrxcrqholrDV6Gcrfdc2ewDpxX/zvKAz2fqV
LV1WHf5dJmDfLG+UbkGmV/eQLQXpbIwFMQYVSpjW6F2hakXaiWmeHBG3SnOIcQJe
-----END CERTIFICATE-----