Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/5_4_sAkbSvWJQW-nU_3z-g5dxpA.roa
File:                     5_4_sAkbSvWJQW-nU_3z-g5dxpA.roa (raw, json)
Hash identifier:          F/KthvnH0mRjG4XxKOZeHwPHj4wXZSHXZrhRe1Un8RI=
Subject key identifier:   E7:FE:3F:B0:09:1B:4A:F5:89:41:6F:A7:53:FD:F3:FA:0E:5D:C6:90
Certificate issuer:       /CN=48a2e811f00bae16a447423f11e24217142cff7c
Certificate serial:       0197BF4A89BF5FFF9149CB8407DF0C7F4653
Authority key identifier: 48:A2:E8:11:F0:0B:AE:16:A4:47:42:3F:11:E2:42:17:14:2C:FF:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKLoEfALrhakR0I_EeJCFxQs_3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/5_4_sAkbSvWJQW-nU_3z-g5dxpA.roa
Signing time:             Mon 30 Jun 2025 05:23:42 +0000
ROA not before:           Mon 30 Jun 2025 05:23:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216393
IP address blocks:        89.37.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/SKLoEfALrhakR0I_EeJCFxQs_3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/SKLoEfALrhakR0I_EeJCFxQs_3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKLoEfALrhakR0I_EeJCFxQs_3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Jul 2025 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:4a:89:bf:5f:ff:91:49:cb:84:07:df:0c:7f:46:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48a2e811f00bae16a447423f11e24217142cff7c
        Validity
            Not Before: Jun 30 05:23:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7fe3fb0091b4af589416fa753fdf3fa0e5dc690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b3:a7:f5:4b:75:fd:77:75:77:0b:3f:83:d8:
                    9e:0d:11:75:22:89:86:e9:d7:fd:c1:68:92:4d:11:
                    04:99:b5:af:2f:35:89:6f:3e:d0:ce:94:0a:9c:98:
                    35:72:87:ac:17:bb:47:b9:f0:94:eb:32:51:af:03:
                    fb:ec:96:e9:0a:c7:c7:61:07:3a:72:e2:3e:32:d3:
                    a5:a5:da:83:e0:d4:c0:ce:5f:4b:34:94:9c:83:6c:
                    a2:38:18:0a:96:66:0e:3f:71:8e:7b:7a:ea:cd:7f:
                    b8:47:ee:a7:c3:fc:91:82:ef:72:9b:24:7f:10:0f:
                    83:5a:da:6b:a7:e9:af:ab:6f:c7:7d:51:10:6f:80:
                    36:e5:7c:8b:d1:1f:6d:e3:7b:13:28:69:59:79:0b:
                    be:19:c2:6b:a6:bc:80:51:16:3e:86:34:d3:86:f3:
                    60:08:91:53:ac:a5:56:57:cc:db:72:1a:d0:1b:f0:
                    56:e9:57:f6:a9:97:39:8b:47:08:92:98:0c:a9:26:
                    e3:fc:4e:10:f6:13:15:e8:6b:ac:f4:90:b6:02:73:
                    ef:75:65:cb:c5:c9:e7:eb:4e:e3:60:2c:3f:29:44:
                    18:f9:4b:d6:fa:04:3e:d0:42:d9:4a:9a:aa:18:7d:
                    9f:df:e2:c5:a8:c2:ea:7b:a0:b4:30:38:ae:dc:75:
                    47:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:FE:3F:B0:09:1B:4A:F5:89:41:6F:A7:53:FD:F3:FA:0E:5D:C6:90
            X509v3 Authority Key Identifier:
                keyid:48:A2:E8:11:F0:0B:AE:16:A4:47:42:3F:11:E2:42:17:14:2C:FF:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKLoEfALrhakR0I_EeJCFxQs_3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/5_4_sAkbSvWJQW-nU_3z-g5dxpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/33444c-0529-4fa9-b712-1abadd1b12d6/1/SKLoEfALrhakR0I_EeJCFxQs_3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:dd:7c:d2:bb:5c:bb:e3:7d:3c:97:65:07:40:4e:de:8e:e1:
         64:48:72:bd:15:79:da:1a:01:70:20:49:74:05:91:be:27:62:
         ad:a6:bf:09:e1:07:7c:6d:39:64:06:8c:05:a4:5c:8b:e4:3e:
         73:ac:62:e8:0c:da:ba:7f:90:41:af:91:47:a4:88:82:11:97:
         4b:be:28:b8:42:9f:2f:b1:a0:b4:21:9c:bb:c3:3d:90:bb:b6:
         63:ed:b5:a8:82:6d:1f:13:99:4b:80:f4:2b:ab:0f:47:08:ab:
         e0:4f:02:4b:61:a3:a0:af:4d:54:99:41:df:14:48:17:b6:f9:
         38:ef:0c:43:36:49:05:70:3c:da:1d:d8:b6:be:08:89:30:1f:
         37:8a:7b:67:01:f2:19:5b:99:6d:ba:fd:14:00:7f:92:7b:a3:
         ea:92:48:45:b2:01:22:99:d8:5b:f6:a2:a2:b7:78:bd:1d:d3:
         e2:7a:ff:ef:2c:3d:60:34:07:9d:6b:57:3d:47:88:16:c8:1b:
         65:97:43:57:69:08:88:30:72:6a:83:50:43:57:94:f5:90:00:
         15:91:70:1c:1b:35:2c:b6:13:c8:ab:8b:c2:a9:97:0d:d5:85:
         c1:34:c3:ea:41:34:cd:31:72:ec:13:96:b4:0b:3e:df:3d:b1:
         db:f2:4b:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe/Som/X/+RScuEB98Mf0ZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YTJlODExZjAwYmFlMTZhNDQ3NDIzZjExZTI0MjE3MTQy
Y2ZmN2MwHhcNMjUwNjMwMDUyMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2ZlM2ZiMDA5MWI0YWY1ODk0MTZmYTc1M2ZkZjNmYTBlNWRjNjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLOn9Ut1/Xd1dws/g9ieDRF1IomG
6df9wWiSTREEmbWvLzWJbz7QzpQKnJg1coesF7tHufCU6zJRrwP77JbpCsfHYQc6
cuI+MtOlpdqD4NTAzl9LNJScg2yiOBgKlmYOP3GOe3rqzX+4R+6nw/yRgu9ymyR/
EA+DWtprp+mvq2/HfVEQb4A25XyL0R9t43sTKGlZeQu+GcJrpryAURY+hjTThvNg
CJFTrKVWV8zbchrQG/BW6Vf2qZc5i0cIkpgMqSbj/E4Q9hMV6Gus9JC2AnPvdWXL
xcnn607jYCw/KUQY+UvW+gQ+0ELZSpqqGH2f3+LFqMLqe6C0MDiu3HVHLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOf+P7AJG0r1iUFvp1P98/oOXcaQMB8GA1UdIwQY
MBaAFEii6BHwC64WpEdCPxHiQhcULP98MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0tMb0VmQUxyaGFrUjBJX0VlSkNGeFFzXzN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8zMzQ0NGMtMDUyOS00ZmE5LWI3MTIt
MWFiYWRkMWIxMmQ2LzEvNV80X3NBa2JTdldKUVctblVfM3otZzVkeHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8zMzQ0NGMtMDUyOS00ZmE5LWI3MTItMWFiYWRkMWIxMmQ2
LzEvU0tMb0VmQUxyaGFrUjBJX0VlSkNGeFFzXzN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSUpMA0G
CSqGSIb3DQEBCwUAA4IBAQCC3XzSu1y74308l2UHQE7ejuFkSHK9FXnaGgFwIEl0
BZG+J2Ktpr8J4Qd8bTlkBowFpFyL5D5zrGLoDNq6f5BBr5FHpIiCEZdLvii4Qp8v
saC0IZy7wz2Qu7Zj7bWogm0fE5lLgPQrqw9HCKvgTwJLYaOgr01UmUHfFEgXtvk4
7wxDNkkFcDzaHdi2vgiJMB83intnAfIZW5ltuv0UAH+Se6PqkkhFsgEimdhb9qKi
t3i9HdPiev/vLD1gNAeda1c9R4gWyBtll0NXaQiIMHJqg1BDV5T1kAAVkXAcGzUs
thPIq4vCqZcN1YXBNMPqQTTNMXLsE5a0Cz7fPbHb8ksm
-----END CERTIFICATE-----