Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/olHGlk0ELwTkE_7muSEG0Na85RQ.roa
File:                     olHGlk0ELwTkE_7muSEG0Na85RQ.roa (raw, json)
Hash identifier:          MTXKIfW+MQEkagRvcG10halMWe/71HGlCHUEwfqxLwc=
Subject key identifier:   A2:51:C6:96:4D:04:2F:04:E4:13:FE:E6:B9:21:06:D0:D6:BC:E5:14
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFAD12B90A8FD4700577F369C62D81
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/olHGlk0ELwTkE_7muSEG0Na85RQ.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209181
IP address blocks:        5.252.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:ad:12:b9:0a:8f:d4:70:05:77:f3:69:c6:2d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a251c6964d042f04e413fee6b92106d0d6bce514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:94:dc:c9:92:62:f0:89:ab:7f:79:e0:58:7a:
                    35:97:76:47:22:df:ce:78:2d:03:71:39:01:d5:1d:
                    ca:21:8c:9c:4c:9d:c1:6b:9f:6a:77:7d:e4:8a:16:
                    6b:bb:70:50:c1:b2:26:25:07:c7:79:bf:f2:1b:bb:
                    e2:1a:c3:ec:57:d1:a3:2a:c0:5c:c0:6b:a0:15:6d:
                    e0:d5:10:61:68:d3:23:83:78:ff:19:b6:40:a3:f6:
                    10:f2:d8:3c:05:66:75:9f:87:29:dc:d8:89:4e:b0:
                    2d:e6:3c:60:d6:5e:18:db:fd:68:54:b8:d8:28:cc:
                    f6:e1:17:71:ff:0e:3e:b3:82:f5:70:0b:cc:72:59:
                    16:b3:1f:fd:f9:35:2f:ac:c0:2e:00:0a:2d:54:5f:
                    1d:84:2c:26:b0:c1:40:42:44:29:46:44:46:cc:91:
                    6c:d6:77:05:d7:79:c4:8c:94:49:ce:83:c4:e9:8f:
                    49:18:b1:94:e9:c0:52:59:ad:b3:cb:9a:6c:44:d0:
                    17:16:f6:12:ba:de:2a:00:a8:8c:c7:7f:83:a1:43:
                    f7:c0:66:59:03:ca:15:cf:f8:7a:54:42:b4:33:ce:
                    ea:de:2a:73:39:d0:c0:83:93:1e:63:9f:0f:76:d4:
                    91:bf:f9:e1:fd:53:22:9e:ad:f7:93:9a:c0:ac:cf:
                    6d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:51:C6:96:4D:04:2F:04:E4:13:FE:E6:B9:21:06:D0:D6:BC:E5:14
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/olHGlk0ELwTkE_7muSEG0Na85RQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:21:37:27:f4:cb:48:19:02:82:52:e6:83:25:6f:41:35:9d:
         49:a4:25:34:11:ab:67:b8:34:93:e3:65:a5:ec:b5:b0:5c:b5:
         48:77:02:9a:6e:29:2c:b3:f7:af:8c:b2:f6:91:5c:d8:53:0c:
         6f:5e:d6:71:a0:7f:9d:9c:fa:c3:ed:36:22:f5:d8:7b:bb:25:
         d8:83:76:b1:62:e3:ef:88:53:6f:d7:92:06:8a:d4:17:b2:af:
         03:56:6e:90:53:e7:13:d4:9a:dd:a6:45:a0:d1:f0:ba:c5:a8:
         dd:82:20:a4:f7:67:cd:72:5d:4e:a1:69:f0:7d:e5:28:3f:b1:
         ea:f6:08:11:a1:a1:60:95:5f:b5:65:37:e1:57:32:f0:5a:d9:
         36:b7:ff:7f:0d:5e:36:bd:05:13:63:68:65:b0:82:53:f0:6a:
         6c:36:0f:75:3c:87:fa:53:b2:0a:5c:c7:23:f3:2e:26:39:d9:
         dc:7d:64:8f:b1:d0:b1:cd:f5:47:e1:a1:47:f7:87:0a:d1:05:
         d5:23:45:00:59:72:ab:45:23:72:0b:9a:f4:be:c5:5f:74:45:
         63:12:d5:b8:c2:a8:89:42:d2:33:a8:f0:25:1f:71:a2:d0:17:
         e9:c8:b4:7a:2c:64:d5:e8:1a:a1:34:04:1b:d3:31:8c:53:69:
         51:d4:3f:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI360SuQqP1HAFd/Npxi2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjUxYzY5NjRkMDQyZjA0ZTQxM2ZlZTZiOTIxMDZkMGQ2YmNlNTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJTcyZJi8Imrf3ngWHo1l3ZHIt/O
eC0DcTkB1R3KIYycTJ3Ba59qd33kihZru3BQwbImJQfHeb/yG7viGsPsV9GjKsBc
wGugFW3g1RBhaNMjg3j/GbZAo/YQ8tg8BWZ1n4cp3NiJTrAt5jxg1l4Y2/1oVLjY
KMz24Rdx/w4+s4L1cAvMclkWsx/9+TUvrMAuAAotVF8dhCwmsMFAQkQpRkRGzJFs
1ncF13nEjJRJzoPE6Y9JGLGU6cBSWa2zy5psRNAXFvYSut4qAKiMx3+DoUP3wGZZ
A8oVz/h6VEK0M87q3ipzOdDAg5MeY58PdtSRv/nh/VMinq33k5rArM9tdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJRxpZNBC8E5BP+5rkhBtDWvOUUMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvb2xIR2xrMEVMd1RrRV83bXVTRUcwTmE4NVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfx1MA0G
CSqGSIb3DQEBCwUAA4IBAQA0ITcn9MtIGQKCUuaDJW9BNZ1JpCU0EatnuDST42Wl
7LWwXLVIdwKabikss/evjLL2kVzYUwxvXtZxoH+dnPrD7TYi9dh7uyXYg3axYuPv
iFNv15IGitQXsq8DVm6QU+cT1JrdpkWg0fC6xajdgiCk92fNcl1OoWnwfeUoP7Hq
9ggRoaFglV+1ZTfhVzLwWtk2t/9/DV42vQUTY2hlsIJT8GpsNg91PIf6U7IKXMcj
8y4mOdncfWSPsdCxzfVH4aFH94cK0QXVI0UAWXKrRSNyC5r0vsVfdEVjEtW4wqiJ
QtIzqPAlH3Gi0BfpyLR6LGTV6BqhNAQb0zGMU2lR1D8B
-----END CERTIFICATE-----