Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Zc5ShWhdcNUQpNV_DRulsLHCXts.roa
File:                     Zc5ShWhdcNUQpNV_DRulsLHCXts.roa (raw, json)
Hash identifier:          SEdg4AROspmNCigLnPppIxA7vCUY65E+wMjh35OPG9E=
Subject key identifier:   65:CE:52:85:68:5D:70:D5:10:A4:D5:7F:0D:1B:A5:B0:B1:C2:5E:DB
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D726455ED16DD38A561DC42CDBB466
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Zc5ShWhdcNUQpNV_DRulsLHCXts.roa
Signing time:             Wed 01 Jan 2025 21:48:10 +0000
ROA not before:           Wed 01 Jan 2025 21:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209181
IP address blocks:        5.252.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:26:45:5e:d1:6d:d3:8a:56:1d:c4:2c:db:b4:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65ce5285685d70d510a4d57f0d1ba5b0b1c25edb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9d:b4:7d:9f:8a:bc:75:21:24:28:ab:c6:f7:
                    47:40:d5:64:06:c2:86:25:eb:59:0d:85:f8:50:a4:
                    bf:38:3d:3b:66:74:89:ac:f7:d8:a4:bc:8f:94:53:
                    3a:20:2b:50:a0:89:04:92:66:a5:9e:a0:50:b0:a2:
                    85:3f:cf:e6:1b:ae:17:b6:2f:81:5a:41:72:47:a4:
                    95:c9:fe:ac:a0:5a:bb:8b:80:6a:52:7a:83:fa:50:
                    a8:54:57:fb:42:06:e8:32:de:fd:4f:af:8e:d6:2a:
                    94:02:81:d3:92:69:45:c7:02:97:2e:32:60:ba:b7:
                    e4:a2:0a:9b:8e:43:5d:f4:56:00:4c:d2:2d:62:7f:
                    11:67:bf:9a:42:67:c8:43:92:e1:ca:af:02:c0:ad:
                    7f:f8:0f:ec:d7:51:e8:18:bb:6a:4a:ab:48:0a:43:
                    d7:f6:50:aa:e6:85:46:b2:f6:30:d9:b3:1f:d1:c6:
                    23:a1:65:40:19:9f:bc:09:6e:8e:23:8c:32:a4:2b:
                    b0:60:72:34:15:a6:37:ab:f7:bc:ef:bd:6f:02:4c:
                    fc:84:b5:ae:5b:0d:41:30:fd:dd:1d:b4:ee:20:af:
                    6d:bf:1a:50:dd:93:b3:29:db:02:b3:32:fa:0d:39:
                    ff:56:f1:61:7e:f9:10:5f:16:f4:63:91:72:36:c5:
                    bc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:CE:52:85:68:5D:70:D5:10:A4:D5:7F:0D:1B:A5:B0:B1:C2:5E:DB
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Zc5ShWhdcNUQpNV_DRulsLHCXts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:d0:1d:aa:d1:3c:a9:3b:22:df:4b:88:d1:84:d9:b4:ea:de:
         20:a4:46:77:33:4f:39:66:19:9d:5f:02:41:02:6d:82:65:05:
         9d:e1:f9:c5:ca:06:62:57:50:d6:16:a8:dd:36:ab:24:32:db:
         b3:c1:69:70:97:33:bd:b2:82:79:d9:fe:84:a2:e2:4d:23:5c:
         1f:d8:c4:31:34:64:85:6c:07:2a:57:68:99:d8:77:40:40:28:
         ac:6a:92:7b:8b:c3:f3:47:17:98:f2:30:7d:a6:70:21:f1:6b:
         3c:52:d2:1d:8a:d3:95:e1:9d:c8:d5:6b:15:b1:22:ac:56:6a:
         a1:eb:00:7b:9e:3a:c2:ee:be:a9:38:65:6d:a3:c1:a5:12:81:
         bc:1c:0f:9c:62:28:4b:f0:5f:25:9c:91:9a:ab:d2:a6:df:36:
         1e:54:e3:49:9b:29:5d:50:ac:5c:d8:f9:14:2a:6a:5c:24:f1:
         2f:01:3f:14:b0:2b:c7:cd:a7:09:f0:95:93:43:1a:78:4d:f6:
         48:a8:8b:00:b2:61:1f:36:0b:f8:e8:79:71:8a:35:4e:19:82:
         7e:15:b2:fa:d6:23:52:bd:54:88:e2:de:4e:fc:48:ab:1c:51:
         09:c1:88:cd:5d:22:c1:7f:e2:dd:03:ba:54:dc:c9:5b:8b:f0:
         32:65:0e:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yZFXtFt04pWHcQs27RmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWNlNTI4NTY4NWQ3MGQ1MTBhNGQ1N2YwZDFiYTViMGIxYzI1ZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr520fZ+KvHUhJCirxvdHQNVkBsKG
JetZDYX4UKS/OD07ZnSJrPfYpLyPlFM6ICtQoIkEkmalnqBQsKKFP8/mG64Xti+B
WkFyR6SVyf6soFq7i4BqUnqD+lCoVFf7QgboMt79T6+O1iqUAoHTkmlFxwKXLjJg
urfkogqbjkNd9FYATNItYn8RZ7+aQmfIQ5Lhyq8CwK1/+A/s11HoGLtqSqtICkPX
9lCq5oVGsvYw2bMf0cYjoWVAGZ+8CW6OI4wypCuwYHI0FaY3q/e8771vAkz8hLWu
Ww1BMP3dHbTuIK9tvxpQ3ZOzKdsCszL6DTn/VvFhfvkQXxb0Y5FyNsW8ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXOUoVoXXDVEKTVfw0bpbCxwl7bMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvWmM1U2hXaGRjTlVRcE5WX0RSdWxzTEhDWHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfx1MA0G
CSqGSIb3DQEBCwUAA4IBAQBW0B2q0TypOyLfS4jRhNm06t4gpEZ3M085ZhmdXwJB
Am2CZQWd4fnFygZiV1DWFqjdNqskMtuzwWlwlzO9soJ52f6EouJNI1wf2MQxNGSF
bAcqV2iZ2HdAQCisapJ7i8PzRxeY8jB9pnAh8Ws8UtIditOV4Z3I1WsVsSKsVmqh
6wB7njrC7r6pOGVto8GlEoG8HA+cYihL8F8lnJGaq9Km3zYeVONJmyldUKxc2PkU
KmpcJPEvAT8UsCvHzacJ8JWTQxp4TfZIqIsAsmEfNgv46HlxijVOGYJ+FbL61iNS
vVSI4t5O/EirHFEJwYjNXSLBf+LdA7pU3Mlbi/AyZQ7E
-----END CERTIFICATE-----