Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TyejWy3JMbuHPbI-YINhRswkn6U.roa
File:                     TyejWy3JMbuHPbI-YINhRswkn6U.roa (raw, json)
Hash identifier:          ddeTozCzeGdeH2UQO6NJHuZFd1z2I2vHOsvjsVc+KhU=
Subject key identifier:   4F:27:A3:5B:2D:C9:31:BB:87:3D:B2:3E:60:83:61:46:CC:24:9F:A5
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019423D7FB2DF2C9A0D3F0AA0753FC60A2C7
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TyejWy3JMbuHPbI-YINhRswkn6U.roa
Signing time:             Wed 01 Jan 2025 21:49:04 +0000
ROA not before:           Wed 01 Jan 2025 21:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36352
IP address blocks:        5.181.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:fb:2d:f2:c9:a0:d3:f0:aa:07:53:fc:60:a2:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 21:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f27a35b2dc931bb873db23e60836146cc249fa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f6:7b:a2:15:c0:3a:81:dd:e4:69:7b:bc:52:
                    8f:bd:d7:1c:9e:db:15:b2:46:5e:ec:96:bf:c4:92:
                    73:19:8c:64:28:ba:92:9a:fc:fe:61:8b:22:39:03:
                    a5:92:58:ac:99:89:02:c3:77:46:77:63:73:1a:94:
                    19:8e:89:e4:74:ee:18:d5:40:9e:92:cf:e5:40:87:
                    ce:0e:0f:ff:2c:b2:c7:d2:db:6b:ab:97:4c:5e:30:
                    14:8a:3d:da:87:43:9d:4d:4a:77:2c:81:55:2d:6a:
                    a5:6e:b7:aa:7b:24:95:f9:35:64:41:b5:e3:8c:6a:
                    ac:17:0c:6a:46:91:36:96:a7:0a:9d:fe:63:cc:51:
                    7c:3f:11:67:f3:09:d8:39:42:58:75:9c:22:cf:5e:
                    ca:2a:59:ab:e8:ac:d0:98:4f:a3:77:02:bf:f3:2d:
                    ba:42:81:db:0f:c2:15:c1:90:74:16:60:ad:6b:15:
                    f5:7a:d1:c1:90:da:84:c1:59:7d:db:b7:12:a3:d2:
                    75:4b:9d:cd:2e:20:7d:39:20:24:da:e8:10:16:cf:
                    3a:98:48:2b:4c:b3:51:63:fa:ef:9e:e5:97:9c:67:
                    a1:ec:ba:ad:ed:31:d4:bf:d7:62:a1:1d:8c:21:1f:
                    6d:25:c0:1c:68:76:c9:d2:94:74:09:81:1b:53:3b:
                    87:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:27:A3:5B:2D:C9:31:BB:87:3D:B2:3E:60:83:61:46:CC:24:9F:A5
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TyejWy3JMbuHPbI-YINhRswkn6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:bd:d2:09:69:9b:6c:a0:11:bc:ba:8d:89:e9:62:52:6d:82:
         26:61:ba:19:50:f8:6c:e0:11:ca:ff:89:ae:02:2c:f1:5a:d8:
         17:09:84:ca:ad:62:65:98:96:f1:f6:d8:5c:f1:30:16:35:65:
         17:13:9c:4a:07:c6:0e:48:1d:58:ee:33:0b:1c:75:0e:6d:67:
         e0:e3:5a:fe:13:6b:a8:91:cc:b3:19:5c:7c:87:37:47:71:0d:
         fa:39:92:7d:7e:87:6b:d3:5a:0a:3c:29:37:19:20:91:b2:9a:
         62:d0:53:f6:4a:55:d4:34:32:a7:57:b2:df:67:6d:cd:09:93:
         b6:3f:32:06:06:e2:ae:af:e2:7b:9a:fc:20:c3:9a:41:b6:06:
         79:f7:37:ea:b0:8b:42:2e:a7:8b:cb:2f:63:ee:52:35:d1:81:
         b1:6e:53:ef:93:ed:75:95:6b:20:b9:e5:e6:f4:de:ce:b3:85:
         09:a5:d1:17:f6:e4:b3:dc:ed:41:fd:1e:60:59:80:88:b6:5c:
         ac:ba:b4:68:77:50:66:31:ef:1e:15:39:0e:75:8d:29:7c:a7:
         dd:68:a9:87:2d:72:43:41:68:de:50:aa:97:8d:a6:a6:c4:0c:
         2d:fb:48:f0:61:06:9e:92:2c:51:4e:ca:84:bb:7e:2e:fd:04:
         db:a7:aa:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1/st8smg0/CqB1P8YKLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMTAxMjE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjI3YTM1YjJkYzkzMWJiODczZGIyM2U2MDgzNjE0NmNjMjQ5ZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvZ7ohXAOoHd5Gl7vFKPvdccntsV
skZe7Ja/xJJzGYxkKLqSmvz+YYsiOQOlklismYkCw3dGd2NzGpQZjonkdO4Y1UCe
ks/lQIfODg//LLLH0ttrq5dMXjAUij3ah0OdTUp3LIFVLWqlbreqeySV+TVkQbXj
jGqsFwxqRpE2lqcKnf5jzFF8PxFn8wnYOUJYdZwiz17KKlmr6KzQmE+jdwK/8y26
QoHbD8IVwZB0FmCtaxX1etHBkNqEwVl927cSo9J1S53NLiB9OSAk2ugQFs86mEgr
TLNRY/rvnuWXnGeh7Lqt7THUv9dioR2MIR9tJcAcaHbJ0pR0CYEbUzuHOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8no1styTG7hz2yPmCDYUbMJJ+lMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVHllald5M0pNYnVIUGJJLVlJTmhSc3drbjZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbW2MA0G
CSqGSIb3DQEBCwUAA4IBAQBFvdIJaZtsoBG8uo2J6WJSbYImYboZUPhs4BHK/4mu
AizxWtgXCYTKrWJlmJbx9thc8TAWNWUXE5xKB8YOSB1Y7jMLHHUObWfg41r+E2uo
kcyzGVx8hzdHcQ36OZJ9fodr01oKPCk3GSCRsppi0FP2SlXUNDKnV7LfZ23NCZO2
PzIGBuKur+J7mvwgw5pBtgZ59zfqsItCLqeLyy9j7lI10YGxblPvk+11lWsgueXm
9N7Os4UJpdEX9uSz3O1B/R5gWYCItlysurRod1BmMe8eFTkOdY0pfKfdaKmHLXJD
QWjeUKqXjaamxAwt+0jwYQaekixRTsqEu34u/QTbp6qo
-----END CERTIFICATE-----