Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/5XHrLiIM2y02izeT50u3RQeElIc.roa
File:                     5XHrLiIM2y02izeT50u3RQeElIc.roa (raw, json)
Hash identifier:          m1/SMtGStEqNpySfHpmo6F8175M2nkwVOpWEiQdkpBo=
Subject key identifier:   E5:71:EB:2E:22:0C:DB:2D:36:8B:37:93:E7:4B:B7:45:07:84:94:87
Certificate issuer:       /CN=9b7d24416aa8a478b3ed36e2e65855d42259d9ee
Certificate serial:       019427B66BB3724B9CD22D78D6C8C5A95523
Authority key identifier: 9B:7D:24:41:6A:A8:A4:78:B3:ED:36:E2:E6:58:55:D4:22:59:D9:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m30kQWqopHiz7Tbi5lhV1CJZ2e4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/5XHrLiIM2y02izeT50u3RQeElIc.roa
Signing time:             Thu 02 Jan 2025 15:50:53 +0000
ROA not before:           Thu 02 Jan 2025 15:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        81.26.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/m30kQWqopHiz7Tbi5lhV1CJZ2e4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/m30kQWqopHiz7Tbi5lhV1CJZ2e4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m30kQWqopHiz7Tbi5lhV1CJZ2e4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:6b:b3:72:4b:9c:d2:2d:78:d6:c8:c5:a9:55:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b7d24416aa8a478b3ed36e2e65855d42259d9ee
        Validity
            Not Before: Jan  2 15:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e571eb2e220cdb2d368b3793e74bb74507849487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5b:c7:40:a0:aa:56:c4:90:30:08:b3:5f:a3:
                    df:43:d7:9a:72:06:68:7b:9b:fd:9a:05:66:f3:bd:
                    35:a8:04:be:83:ea:64:6f:bd:00:9f:e9:04:7f:e6:
                    41:34:76:2f:f4:eb:78:1f:2c:dc:eb:56:2b:19:d4:
                    a2:1a:2c:20:10:4e:fa:2f:f0:a7:01:49:ef:c2:b8:
                    f6:39:de:b1:ab:e8:e2:cb:cf:f1:c6:4f:41:cf:e6:
                    ca:4b:5e:62:91:5e:b2:13:ae:69:af:dd:06:36:36:
                    72:02:9b:cf:62:24:d8:26:3a:84:e6:cf:08:f8:07:
                    67:f5:cf:ba:23:f7:12:bf:e3:6e:41:27:04:e8:e6:
                    b9:f9:ec:12:e6:26:94:ef:24:5d:e3:17:ea:43:1f:
                    81:37:90:ee:d3:97:ff:ec:e5:a4:47:eb:17:86:d9:
                    c5:0d:8a:58:bb:72:ed:2a:2e:80:e8:ee:54:a0:b1:
                    7a:eb:31:2d:0a:07:5d:bf:7d:ce:98:d6:8c:fa:7b:
                    04:49:e5:d4:e1:3a:7e:e5:54:e3:9a:b8:04:ed:40:
                    ed:4f:c0:9a:64:84:b6:2b:78:e6:ad:b6:a4:04:6d:
                    b9:5f:2c:97:93:a7:65:f4:bd:09:a8:90:79:aa:bf:
                    18:a3:56:a0:91:88:88:f5:95:0d:fe:93:fd:c1:56:
                    ff:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:71:EB:2E:22:0C:DB:2D:36:8B:37:93:E7:4B:B7:45:07:84:94:87
            X509v3 Authority Key Identifier:
                keyid:9B:7D:24:41:6A:A8:A4:78:B3:ED:36:E2:E6:58:55:D4:22:59:D9:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m30kQWqopHiz7Tbi5lhV1CJZ2e4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/5XHrLiIM2y02izeT50u3RQeElIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/m30kQWqopHiz7Tbi5lhV1CJZ2e4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.26.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:7e:a7:68:5e:9e:74:69:96:46:3b:d5:ff:d9:51:95:71:6d:
         5b:21:4e:21:25:19:ca:2f:0a:5c:9e:09:ff:10:21:18:37:d7:
         df:1b:a1:3a:9d:9c:6a:84:3d:e5:8b:48:3c:87:74:25:a9:07:
         76:28:f2:3c:5f:2c:6e:6c:ba:61:0f:c4:79:c3:cd:98:bf:15:
         95:79:e2:d7:6a:a3:d9:69:29:df:4d:8c:f9:ce:ba:53:f3:b4:
         37:df:6f:4b:4a:b6:b9:23:7c:3f:5c:16:58:f9:32:3a:6d:50:
         f2:1b:5a:16:4a:f5:6d:1b:bb:fe:d4:1a:4a:d0:ca:5b:15:bf:
         53:69:ff:61:4b:b9:95:3f:2e:a2:a6:44:93:37:38:fe:18:4c:
         df:66:64:4d:92:ce:f2:35:2b:08:ed:0a:ef:c9:79:12:85:33:
         17:fe:5d:2b:7b:a0:36:86:ec:ed:60:89:d3:b1:f8:b0:96:a1:
         28:37:28:9a:80:dc:7f:36:d0:a5:58:31:5f:14:a7:bf:90:4f:
         38:ab:16:de:a9:97:18:b1:04:cc:3d:b8:9c:15:34:59:c4:d5:
         5f:ce:de:85:c1:cb:ec:66:05:fa:1f:3a:9c:90:9c:1e:93:3a:
         ac:ea:ce:ff:9e:a5:06:01:19:4a:1c:21:53:36:12:05:f7:34:
         40:d5:dc:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntmuzckuc0i141sjFqVUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliN2QyNDQxNmFhOGE0NzhiM2VkMzZlMmU2NTg1NWQ0MjI1
OWQ5ZWUwHhcNMjUwMTAyMTU1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTcxZWIyZTIyMGNkYjJkMzY4YjM3OTNlNzRiYjc0NTA3ODQ5NDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVvHQKCqVsSQMAizX6PfQ9eacgZo
e5v9mgVm8701qAS+g+pkb70An+kEf+ZBNHYv9Ot4Hyzc61YrGdSiGiwgEE76L/Cn
AUnvwrj2Od6xq+jiy8/xxk9Bz+bKS15ikV6yE65pr90GNjZyApvPYiTYJjqE5s8I
+Adn9c+6I/cSv+NuQScE6Oa5+ewS5iaU7yRd4xfqQx+BN5Du05f/7OWkR+sXhtnF
DYpYu3LtKi6A6O5UoLF66zEtCgddv33OmNaM+nsESeXU4Tp+5VTjmrgE7UDtT8Ca
ZIS2K3jmrbakBG25XyyXk6dl9L0JqJB5qr8Yo1agkYiI9ZUN/pP9wVb/hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVx6y4iDNstNos3k+dLt0UHhJSHMB8GA1UdIwQY
MBaAFJt9JEFqqKR4s+024uZYVdQiWdnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTMwa1FXcW9wSGl6N1RiaTVsaFYxQ0paMmU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xYjhmMmEtMGFiZC00ZmZiLTgyZjYt
ZWYzYmJiMDU2NTVlLzEvNVhIckxpSU0yeTAyaXplVDUwdTNSUWVFbEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xYjhmMmEtMGFiZC00ZmZiLTgyZjYtZWYzYmJiMDU2NTVl
LzEvbTMwa1FXcW9wSGl6N1RiaTVsaFYxQ0paMmU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURquMA0G
CSqGSIb3DQEBCwUAA4IBAQCxfqdoXp50aZZGO9X/2VGVcW1bIU4hJRnKLwpcngn/
ECEYN9ffG6E6nZxqhD3li0g8h3QlqQd2KPI8XyxubLphD8R5w82YvxWVeeLXaqPZ
aSnfTYz5zrpT87Q3329LSra5I3w/XBZY+TI6bVDyG1oWSvVtG7v+1BpK0MpbFb9T
af9hS7mVPy6ipkSTNzj+GEzfZmRNks7yNSsI7QrvyXkShTMX/l0re6A2huztYInT
sfiwlqEoNyiagNx/NtClWDFfFKe/kE84qxbeqZcYsQTMPbicFTRZxNVfzt6Fwcvs
ZgX6HzqckJwekzqs6s7/nqUGARlKHCFTNhIF9zRA1dwi
-----END CERTIFICATE-----