Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/b98336-4c3e-4795-a1f7-3dbd32d6992e/1/1-SEfF-zAyv4LtcTDj-66Zlg-btQ.roa
File:                     1-SEfF-zAyv4LtcTDj-66Zlg-btQ.roa (raw, json)
Hash identifier:          b9djkwbGVQ217VQux2vVeROxgAC7tB62rSIBs5BF2zY=
Subject key identifier:   F9:21:1F:17:EC:C0:CA:FE:0B:B5:C4:C3:8F:EE:BA:66:58:3E:6E:D4
Certificate issuer:       /CN=b217b5ac467412e249c44e2739c289ebb04cd337
Certificate serial:       018CC80123F31C9855153131AF7740BB64F7
Authority key identifier: B2:17:B5:AC:46:74:12:E2:49:C4:4E:27:39:C2:89:EB:B0:4C:D3:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/she1rEZ0EuJJxE4nOcKJ67BM0zc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/b98336-4c3e-4795-a1f7-3dbd32d6992e/1/1-SEfF-zAyv4LtcTDj-66Zlg-btQ.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49781
IP address blocks:        5.253.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/b98336-4c3e-4795-a1f7-3dbd32d6992e/1/she1rEZ0EuJJxE4nOcKJ67BM0zc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/b98336-4c3e-4795-a1f7-3dbd32d6992e/1/she1rEZ0EuJJxE4nOcKJ67BM0zc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/she1rEZ0EuJJxE4nOcKJ67BM0zc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:23:f3:1c:98:55:15:31:31:af:77:40:bb:64:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b217b5ac467412e249c44e2739c289ebb04cd337
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9211f17ecc0cafe0bb5c4c38feeba66583e6ed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6b:f5:a2:45:84:26:b7:52:ec:7c:ff:cf:66:
                    43:44:94:a6:08:8a:7b:11:72:4c:52:07:6c:d4:bd:
                    5e:85:a4:a4:7f:e2:b7:56:29:f3:3a:b2:60:6f:57:
                    90:2f:64:55:36:fe:09:72:e8:98:94:0a:e5:03:26:
                    7f:23:56:65:5b:e0:08:dd:04:71:a9:64:6e:18:29:
                    13:1f:8c:54:8c:07:c0:6e:3b:ea:82:4b:ed:cf:29:
                    51:fe:29:2f:54:28:85:ce:ca:27:e1:93:c3:95:8f:
                    29:5a:a8:88:c8:a6:59:1d:fa:b1:77:1c:19:2c:eb:
                    9f:92:c3:fe:fa:ec:bc:c6:94:58:83:4f:af:33:e8:
                    d4:45:63:9b:ed:a1:8f:cf:76:ff:cc:26:3b:1c:21:
                    29:e3:78:03:94:b3:7d:5e:a4:b5:c8:2a:e6:43:0e:
                    58:de:a4:ba:28:59:e9:44:31:9e:1c:fa:90:40:3a:
                    b3:ba:14:a9:0e:17:81:cc:41:87:87:1f:95:d2:0a:
                    29:da:cb:1b:3e:db:4e:76:77:d4:7e:5a:54:e5:df:
                    da:3d:a0:56:8f:c0:66:0c:c9:ac:f2:be:be:78:f6:
                    d6:02:ec:ba:7c:9b:9f:15:91:61:3d:f2:6b:11:d1:
                    a8:5d:19:42:af:c7:6a:d8:f4:ec:78:9b:c2:19:0f:
                    6f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:21:1F:17:EC:C0:CA:FE:0B:B5:C4:C3:8F:EE:BA:66:58:3E:6E:D4
            X509v3 Authority Key Identifier:
                keyid:B2:17:B5:AC:46:74:12:E2:49:C4:4E:27:39:C2:89:EB:B0:4C:D3:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/she1rEZ0EuJJxE4nOcKJ67BM0zc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/b98336-4c3e-4795-a1f7-3dbd32d6992e/1/1-SEfF-zAyv4LtcTDj-66Zlg-btQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/b98336-4c3e-4795-a1f7-3dbd32d6992e/1/she1rEZ0EuJJxE4nOcKJ67BM0zc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:85:13:2e:1f:54:d7:e9:d5:91:55:f3:27:50:df:bb:0b:d1:
         51:bd:09:e9:cd:88:a3:9c:99:23:b8:b0:42:92:f0:d3:3e:7d:
         b7:31:eb:a9:16:a0:e7:8c:eb:ea:a5:ec:b9:9e:4a:e7:1a:07:
         ec:6b:83:b7:36:71:6f:09:6d:25:e3:2c:8a:ea:b7:29:bd:5e:
         cc:2f:b1:d3:ad:6f:c3:49:d4:e6:9e:9c:ab:08:71:4e:61:45:
         ab:21:e5:75:22:29:8e:99:61:65:cc:e0:b2:1e:23:52:17:97:
         8e:49:61:45:0d:a9:2a:85:ad:09:14:29:24:86:9c:5d:0b:a5:
         95:f4:25:45:37:ac:9a:61:9b:5f:85:31:c8:e4:a9:09:1c:a0:
         d0:b1:d5:59:7d:23:d9:6f:1b:fc:76:86:b9:81:af:fa:6a:7c:
         4a:78:c8:af:54:80:24:64:c5:5d:5e:68:95:bd:00:46:cf:96:
         98:0d:7b:29:8f:de:50:44:6f:3a:a5:8c:66:64:99:f3:9e:93:
         45:28:2b:05:d3:c7:3c:6e:e1:93:dd:61:3a:34:f7:a2:4d:21:
         c0:46:f8:f6:79:12:78:a9:9f:11:41:17:eb:ad:66:a8:50:90:
         99:12:8c:5f:63:da:e1:e9:58:95:78:c6:1f:66:97:db:6b:c9:
         ef:f3:35:c7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIASPzHJhVFTExr3dAu2T3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMTdiNWFjNDY3NDEyZTI0OWM0NGUyNzM5YzI4OWViYjA0
Y2QzMzcwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTIxMWYxN2VjYzBjYWZlMGJiNWM0YzM4ZmVlYmE2NjU4M2U2ZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWv1okWEJrdS7Hz/z2ZDRJSmCIp7
EXJMUgds1L1ehaSkf+K3VinzOrJgb1eQL2RVNv4JcuiYlArlAyZ/I1ZlW+AI3QRx
qWRuGCkTH4xUjAfAbjvqgkvtzylR/ikvVCiFzson4ZPDlY8pWqiIyKZZHfqxdxwZ
LOufksP++uy8xpRYg0+vM+jURWOb7aGPz3b/zCY7HCEp43gDlLN9XqS1yCrmQw5Y
3qS6KFnpRDGeHPqQQDqzuhSpDheBzEGHhx+V0gop2ssbPttOdnfUflpU5d/aPaBW
j8BmDMms8r6+ePbWAuy6fJufFZFhPfJrEdGoXRlCr8dq2PTseJvCGQ9vNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkhHxfswMr+C7XEw4/uumZYPm7UMB8GA1UdIwQY
MBaAFLIXtaxGdBLiScROJznCieuwTNM3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2hlMXJFWjBFdUpKeEU0bk9jS0o2N0JNMHpjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9iOTgzMzYtNGMzZS00Nzk1LWExZjct
M2RiZDMyZDY5OTJlLzEvMS1TRWZGLXpBeXY0THRjVERqLTY2WmxnLWJ0US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzYvYjk4MzM2LTRjM2UtNDc5NS1hMWY3LTNkYmQzMmQ2OTky
ZS8xL3NoZTFyRVowRXVKSnhFNG5PY0tKNjdCTTB6Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAX94DAN
BgkqhkiG9w0BAQsFAAOCAQEAbIUTLh9U1+nVkVXzJ1DfuwvRUb0J6c2Io5yZI7iw
QpLw0z59tzHrqRag54zr6qXsuZ5K5xoH7GuDtzZxbwltJeMsiuq3Kb1ezC+x061v
w0nU5p6cqwhxTmFFqyHldSIpjplhZczgsh4jUheXjklhRQ2pKoWtCRQpJIacXQul
lfQlRTesmmGbX4UxyOSpCRyg0LHVWX0j2W8b/HaGuYGv+mp8SnjIr1SAJGTFXV5o
lb0ARs+WmA17KY/eUERvOqWMZmSZ856TRSgrBdPHPG7hk91hOjT3ok0hwEb49nkS
eKmfEUEX661mqFCQmRKMX2Pa4elYlXjGH2aX22vJ7/M1xw==
-----END CERTIFICATE-----