Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/5df262-2e0b-4fb7-b0d3-5d0e09a0204f/1/OrU-ziQYoFsF0SFLj5hUR0WFYdk.roa
File:                     OrU-ziQYoFsF0SFLj5hUR0WFYdk.roa (raw, json)
Hash identifier:          vKvArLuRWwADD8tPRmUlOwoJpiLvqPGF1/inHuxg7/0=
Subject key identifier:   3A:B5:3E:CE:24:18:A0:5B:05:D1:21:4B:8F:98:54:47:45:85:61:D9
Certificate issuer:       /CN=822f5a6c0b95647f070350e6524e1220fba47fa3
Certificate serial:       018CC348E8250D98B3DAF7D87A9C7A3EE758
Authority key identifier: 82:2F:5A:6C:0B:95:64:7F:07:03:50:E6:52:4E:12:20:FB:A4:7F:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gi9abAuVZH8HA1DmUk4SIPukf6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/5df262-2e0b-4fb7-b0d3-5d0e09a0204f/1/OrU-ziQYoFsF0SFLj5hUR0WFYdk.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209042
IP address blocks:        5.182.248.0/22 maxlen: 24
                          2a0e:a400::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/5df262-2e0b-4fb7-b0d3-5d0e09a0204f/1/gi9abAuVZH8HA1DmUk4SIPukf6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/5df262-2e0b-4fb7-b0d3-5d0e09a0204f/1/gi9abAuVZH8HA1DmUk4SIPukf6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gi9abAuVZH8HA1DmUk4SIPukf6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e8:25:0d:98:b3:da:f7:d8:7a:9c:7a:3e:e7:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=822f5a6c0b95647f070350e6524e1220fba47fa3
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ab53ece2418a05b05d1214b8f985447458561d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:69:c0:85:13:de:9e:aa:38:15:8c:ff:e0:52:
                    ac:ad:a8:5d:df:d3:3d:73:9c:b1:a6:5f:20:29:11:
                    82:49:8f:7e:ed:c1:5d:a6:97:f4:ad:92:87:42:23:
                    59:62:a5:7d:2d:6a:7c:ed:6b:eb:9e:11:4f:40:58:
                    cf:03:7d:4c:17:92:e3:70:93:c3:17:b5:ee:7f:ee:
                    19:f8:76:80:ef:f8:5c:f5:d5:2c:52:38:76:ec:85:
                    85:9f:62:37:8e:77:00:43:9b:5b:fa:67:d2:d2:cd:
                    45:e0:85:62:e8:0f:83:e7:03:dd:a9:60:46:a5:7c:
                    1c:0e:ba:62:d0:96:91:32:76:a5:36:6c:b7:44:ca:
                    db:05:74:67:96:4d:e6:f1:eb:86:d2:d3:7c:3d:0f:
                    a5:12:eb:8b:57:a0:55:27:fe:38:e6:c6:20:3b:34:
                    eb:9f:2f:52:d1:42:6d:56:32:7c:7d:64:cb:76:b4:
                    f7:35:60:9e:4a:21:9f:26:a6:6e:ae:69:bc:32:bf:
                    ca:28:54:8a:4c:70:c0:e5:74:02:89:2e:f9:4a:ec:
                    96:d7:9a:de:d1:59:c8:23:55:51:68:f7:59:32:fd:
                    2e:b5:84:be:28:e7:b4:46:ac:16:30:c2:2a:6e:2c:
                    2d:42:f4:0c:bc:10:64:cd:58:4b:4b:50:71:da:e5:
                    1a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:B5:3E:CE:24:18:A0:5B:05:D1:21:4B:8F:98:54:47:45:85:61:D9
            X509v3 Authority Key Identifier:
                keyid:82:2F:5A:6C:0B:95:64:7F:07:03:50:E6:52:4E:12:20:FB:A4:7F:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gi9abAuVZH8HA1DmUk4SIPukf6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5df262-2e0b-4fb7-b0d3-5d0e09a0204f/1/OrU-ziQYoFsF0SFLj5hUR0WFYdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5df262-2e0b-4fb7-b0d3-5d0e09a0204f/1/gi9abAuVZH8HA1DmUk4SIPukf6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.248.0/22
                IPv6:
                  2a0e:a400::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:a5:29:b9:b6:8b:ef:94:9f:c0:dd:3d:a9:55:c2:3d:5f:46:
         fb:a5:54:1d:45:63:83:5a:b2:8c:2e:19:00:b2:7c:5f:89:8e:
         5d:e2:dc:1d:d3:ec:43:8a:36:95:27:5c:cd:01:4e:c4:0d:0c:
         c3:0b:8c:e1:f4:6f:57:b6:70:a4:a0:ac:fc:82:ed:bb:05:9b:
         1b:3b:3b:a8:90:31:6c:06:ea:69:da:ee:a9:cc:53:a9:42:df:
         93:57:c7:42:ce:20:73:5d:4d:f4:1c:15:e6:9c:aa:4d:c2:ac:
         9f:36:ee:eb:df:b9:41:67:f8:21:1a:ee:00:5c:11:b5:50:4d:
         07:3b:13:c9:27:50:a5:0f:97:cd:90:7d:cb:53:a4:2f:c0:20:
         71:02:b6:57:d4:ad:d9:e8:bf:a5:44:d4:72:39:41:2d:96:8f:
         47:1d:6d:29:48:34:d6:b1:90:ae:8c:69:6c:74:f2:74:fd:fd:
         5a:e3:1f:cc:4f:b0:3e:82:6d:93:d8:3e:a9:6e:70:c5:6b:43:
         d8:dc:6a:69:73:78:32:4d:66:00:c9:f1:51:8f:df:e8:86:94:
         a1:75:46:ab:10:c3:cd:fb:f8:c4:f2:09:5f:35:23:45:c1:d0:
         da:6a:6e:14:e2:df:2f:ec:48:54:47:c6:b9:83:53:f8:81:fc:
         a7:70:14:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSOglDZiz2vfYepx6PudYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMmY1YTZjMGI5NTY0N2YwNzAzNTBlNjUyNGUxMjIwZmJh
NDdmYTMwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWI1M2VjZTI0MThhMDViMDVkMTIxNGI4Zjk4NTQ0NzQ1ODU2MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2nAhRPenqo4FYz/4FKsrahd39M9
c5yxpl8gKRGCSY9+7cFdppf0rZKHQiNZYqV9LWp87WvrnhFPQFjPA31MF5LjcJPD
F7Xuf+4Z+HaA7/hc9dUsUjh27IWFn2I3jncAQ5tb+mfS0s1F4IVi6A+D5wPdqWBG
pXwcDrpi0JaRMnalNmy3RMrbBXRnlk3m8euG0tN8PQ+lEuuLV6BVJ/445sYgOzTr
ny9S0UJtVjJ8fWTLdrT3NWCeSiGfJqZurmm8Mr/KKFSKTHDA5XQCiS75SuyW15re
0VnII1VRaPdZMv0utYS+KOe0RqwWMMIqbiwtQvQMvBBkzVhLS1Bx2uUaNwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDq1Ps4kGKBbBdEhS4+YVEdFhWHZMB8GA1UdIwQY
MBaAFIIvWmwLlWR/BwNQ5lJOEiD7pH+jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2k5YWJBdVZaSDhIQTFEbVVrNFNJUHVrZjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81ZGYyNjItMmUwYi00ZmI3LWIwZDMt
NWQwZTA5YTAyMDRmLzEvT3JVLXppUVlvRnNGMFNGTGo1aFVSMFdGWWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81ZGYyNjItMmUwYi00ZmI3LWIwZDMtNWQwZTA5YTAyMDRm
LzEvZ2k5YWJBdVZaSDhIQTFEbVVrNFNJUHVrZjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCBbb4MA0E
AgACMAcDBQMqDqQAMA0GCSqGSIb3DQEBCwUAA4IBAQAnpSm5tovvlJ/A3T2pVcI9
X0b7pVQdRWODWrKMLhkAsnxfiY5d4twd0+xDijaVJ1zNAU7EDQzDC4zh9G9XtnCk
oKz8gu27BZsbOzuokDFsBupp2u6pzFOpQt+TV8dCziBzXU30HBXmnKpNwqyfNu7r
37lBZ/ghGu4AXBG1UE0HOxPJJ1ClD5fNkH3LU6QvwCBxArZX1K3Z6L+lRNRyOUEt
lo9HHW0pSDTWsZCujGlsdPJ0/f1a4x/MT7A+gm2T2D6pbnDFa0PY3Gppc3gyTWYA
yfFRj9/ohpShdUarEMPN+/jE8glfNSNFwdDaam4U4t8v7EhUR8a5g1P4gfyncBQz
-----END CERTIFICATE-----