Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/2f36d4-72e1-4046-b73f-ab9eadb1d797/1/jlnSpYKnKgIEV_ZJFnqA1zdm8Xc.roa
File:                     jlnSpYKnKgIEV_ZJFnqA1zdm8Xc.roa (raw, json)
Hash identifier:          W+tCfuFHaZiswjzfI3LjlAyiu6GbDCuHiVsPBGynsaw=
Subject key identifier:   8E:59:D2:A5:82:A7:2A:02:04:57:F6:49:16:7A:80:D7:37:66:F1:77
Certificate issuer:       /CN=af392f28dec6b8cceb7cd70e7af71d8cdcaa9a06
Certificate serial:       0194266C0D6AD057E7873419FECBFBA16C01
Authority key identifier: AF:39:2F:28:DE:C6:B8:CC:EB:7C:D7:0E:7A:F7:1D:8C:DC:AA:9A:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rzkvKN7GuMzrfNcOevcdjNyqmgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/2f36d4-72e1-4046-b73f-ab9eadb1d797/1/jlnSpYKnKgIEV_ZJFnqA1zdm8Xc.roa
Signing time:             Thu 02 Jan 2025 09:50:02 +0000
ROA not before:           Thu 02 Jan 2025 09:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196646
IP address blocks:        5.11.88.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/2f36d4-72e1-4046-b73f-ab9eadb1d797/1/rzkvKN7GuMzrfNcOevcdjNyqmgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/2f36d4-72e1-4046-b73f-ab9eadb1d797/1/rzkvKN7GuMzrfNcOevcdjNyqmgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rzkvKN7GuMzrfNcOevcdjNyqmgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:0d:6a:d0:57:e7:87:34:19:fe:cb:fb:a1:6c:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af392f28dec6b8cceb7cd70e7af71d8cdcaa9a06
        Validity
            Not Before: Jan  2 09:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e59d2a582a72a020457f649167a80d73766f177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:21:dd:7d:ef:8f:63:5e:17:d0:94:3f:5f:64:
                    ed:96:c9:1e:89:19:22:25:0f:da:e0:04:0c:62:c6:
                    48:26:5b:8b:8f:1a:78:e9:ee:72:2a:a0:c8:1b:89:
                    49:87:58:62:bf:23:2c:da:64:70:b1:f3:f8:a0:62:
                    7a:9a:89:18:e7:87:09:b3:2d:68:f3:d0:4e:07:80:
                    0d:d2:70:d2:fd:ff:66:2c:d5:89:54:12:e1:eb:28:
                    81:1e:98:92:0f:12:12:95:d2:e7:b4:ba:e2:36:88:
                    b8:3a:d0:93:b6:7a:54:cd:91:c1:aa:36:03:06:07:
                    b3:dd:c6:83:ee:2f:06:f9:4d:c9:5e:98:ff:cc:0d:
                    04:9c:01:5b:21:66:c3:b6:6b:e7:2b:0c:69:d8:c7:
                    6c:18:bc:79:69:7a:ed:2f:11:ba:b5:df:9f:e4:8e:
                    b5:de:e9:44:50:f5:94:0d:5b:9d:57:95:7c:62:12:
                    4b:e6:a1:00:e0:ac:e3:67:3f:42:06:7d:ed:a1:d7:
                    e5:ac:e7:5b:78:d4:67:17:24:c4:db:bf:5a:54:53:
                    d0:b0:3d:d3:e2:c5:8d:83:8b:75:48:d5:a5:61:cc:
                    f6:18:d2:dc:8a:e0:bf:c8:63:13:76:a0:86:c0:57:
                    7d:6b:e5:fa:b2:86:21:ea:7a:6a:89:e9:f7:64:79:
                    c7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:59:D2:A5:82:A7:2A:02:04:57:F6:49:16:7A:80:D7:37:66:F1:77
            X509v3 Authority Key Identifier:
                keyid:AF:39:2F:28:DE:C6:B8:CC:EB:7C:D7:0E:7A:F7:1D:8C:DC:AA:9A:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rzkvKN7GuMzrfNcOevcdjNyqmgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/2f36d4-72e1-4046-b73f-ab9eadb1d797/1/jlnSpYKnKgIEV_ZJFnqA1zdm8Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/2f36d4-72e1-4046-b73f-ab9eadb1d797/1/rzkvKN7GuMzrfNcOevcdjNyqmgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b0:71:be:9d:de:44:f3:43:ef:6d:4a:6d:d5:78:f5:19:dc:db:
         5f:f0:a1:22:00:5a:ff:39:d6:65:65:e4:1e:ad:a5:56:b6:6c:
         56:e8:b0:2b:65:e5:6a:64:b4:b6:f6:30:06:95:71:c3:3c:b5:
         fa:ad:27:03:48:29:7a:fa:a2:94:50:da:e8:0e:00:38:0a:d8:
         0d:d1:e2:75:3e:fb:cb:ce:2f:3c:03:16:30:e0:4d:90:ac:24:
         2a:17:69:77:e6:3e:a3:7a:46:17:e0:9a:e8:2a:d2:ff:d9:d3:
         13:a7:64:b3:81:83:50:71:d2:20:d7:c1:b8:9a:08:71:24:31:
         ee:ae:b3:ce:b8:0a:fa:08:9d:e1:9d:75:ce:e9:15:13:e0:55:
         05:69:24:ad:fe:b7:00:85:07:66:5a:e6:2c:cf:69:e0:b7:5a:
         5e:fc:6c:d3:cc:27:34:d9:5e:a5:00:fe:14:89:6d:ed:62:4f:
         d7:d8:18:e6:fd:2e:fb:8b:35:f0:4e:f2:ea:37:91:c5:d3:65:
         46:2b:ca:e1:5c:ac:94:a0:0f:61:ed:53:f9:c4:02:78:45:c7:
         04:9a:5e:4b:89:8d:c1:c0:ee:13:14:b3:3a:a0:10:e8:1d:77:
         8f:ea:0b:8f:92:6e:c0:78:63:29:dc:05:d6:55:1c:d3:f0:fa:
         61:fd:27:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbA1q0FfnhzQZ/sv7oWwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMzkyZjI4ZGVjNmI4Y2NlYjdjZDcwZTdhZjcxZDhjZGNh
YTlhMDYwHhcNMjUwMTAyMDk1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTU5ZDJhNTgyYTcyYTAyMDQ1N2Y2NDkxNjdhODBkNzM3NjZmMTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSHdfe+PY14X0JQ/X2TtlskeiRki
JQ/a4AQMYsZIJluLjxp46e5yKqDIG4lJh1hivyMs2mRwsfP4oGJ6mokY54cJsy1o
89BOB4AN0nDS/f9mLNWJVBLh6yiBHpiSDxISldLntLriNoi4OtCTtnpUzZHBqjYD
Bgez3caD7i8G+U3JXpj/zA0EnAFbIWbDtmvnKwxp2MdsGLx5aXrtLxG6td+f5I61
3ulEUPWUDVudV5V8YhJL5qEA4KzjZz9CBn3todflrOdbeNRnFyTE279aVFPQsD3T
4sWNg4t1SNWlYcz2GNLciuC/yGMTdqCGwFd9a+X6soYh6npqien3ZHnH+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5Z0qWCpyoCBFf2SRZ6gNc3ZvF3MB8GA1UdIwQY
MBaAFK85LyjexrjM63zXDnr3HYzcqpoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnprdktON0d1TXpyZk5jT2V2Y2RqTnlxbWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8yZjM2ZDQtNzJlMS00MDQ2LWI3M2Yt
YWI5ZWFkYjFkNzk3LzEvamxuU3BZS25LZ0lFVl9aSkZucUExemRtOFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8yZjM2ZDQtNzJlMS00MDQ2LWI3M2YtYWI5ZWFkYjFkNzk3
LzEvcnprdktON0d1TXpyZk5jT2V2Y2RqTnlxbWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBQtYMA0G
CSqGSIb3DQEBCwUAA4IBAQCwcb6d3kTzQ+9tSm3VePUZ3Ntf8KEiAFr/OdZlZeQe
raVWtmxW6LArZeVqZLS29jAGlXHDPLX6rScDSCl6+qKUUNroDgA4CtgN0eJ1PvvL
zi88AxYw4E2QrCQqF2l35j6jekYX4JroKtL/2dMTp2SzgYNQcdIg18G4mghxJDHu
rrPOuAr6CJ3hnXXO6RUT4FUFaSSt/rcAhQdmWuYsz2ngt1pe/GzTzCc02V6lAP4U
iW3tYk/X2Bjm/S77izXwTvLqN5HF02VGK8rhXKyUoA9h7VP5xAJ4RccEml5LiY3B
wO4TFLM6oBDoHXeP6guPkm7AeGMp3AXWVRzT8Pph/Se4
-----END CERTIFICATE-----