Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/KUQPwXZdITDrnXux7FVXHINOM_o.roa
File:                     KUQPwXZdITDrnXux7FVXHINOM_o.roa (raw, json)
Hash identifier:          aWXlNZPmwAdXtv/+2AApS0GLE1MgCj74zGwUuYYdWcI=
Subject key identifier:   29:44:0F:C1:76:5D:21:30:EB:9D:7B:B1:EC:55:57:1C:83:4E:33:FA
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019446023CB0B5D48F384371C6E7262E31D1
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/KUQPwXZdITDrnXux7FVXHINOM_o.roa
Signing time:             Wed 08 Jan 2025 13:02:19 +0000
ROA not before:           Wed 08 Jan 2025 13:02:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31420
IP address blocks:        5.104.184.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:46:02:3c:b0:b5:d4:8f:38:43:71:c6:e7:26:2e:31:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  8 13:02:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29440fc1765d2130eb9d7bb1ec55571c834e33fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:76:25:1c:5d:47:c4:4b:be:ab:d7:cf:fe:fc:
                    72:1f:db:7b:6c:4b:42:d6:f4:ea:50:ea:80:1f:7f:
                    d3:47:a8:bd:fc:5a:e0:cf:8d:e1:1e:b6:35:d9:18:
                    b2:ca:92:f7:25:82:6d:d1:39:3b:31:21:c2:c1:08:
                    99:47:3e:c5:64:ec:56:b4:cd:94:17:18:bf:a6:26:
                    f5:c2:a3:2e:27:d3:3c:40:43:ed:f4:f8:6c:17:49:
                    7c:93:66:a2:ec:b6:60:ef:fc:7d:50:c7:3a:fa:8f:
                    40:6b:45:c2:3e:7b:5e:30:73:e4:cb:cd:8f:84:5c:
                    3a:33:19:81:a5:08:15:3b:f6:ea:aa:b3:c0:bf:38:
                    88:60:b5:16:92:7a:5b:4e:6f:5c:a1:3b:6c:e0:79:
                    76:03:4a:d4:59:86:88:d8:5c:5b:ad:dc:d2:51:b3:
                    c7:2f:3e:33:f0:c6:c7:02:eb:f8:88:be:10:1b:29:
                    09:c7:08:51:fd:78:8f:9f:e8:5a:14:28:87:9f:35:
                    d3:54:91:db:51:b7:b6:1f:8a:01:80:37:b9:d0:61:
                    cb:10:e1:16:ac:d3:bc:c1:f0:d7:87:63:9a:7d:d5:
                    8d:41:c8:93:2b:5a:fd:ae:bf:5b:6f:4c:e7:a9:53:
                    60:a0:66:4a:43:9a:ec:90:14:c6:d7:45:cb:28:57:
                    fa:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:44:0F:C1:76:5D:21:30:EB:9D:7B:B1:EC:55:57:1C:83:4E:33:FA
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/KUQPwXZdITDrnXux7FVXHINOM_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5a:c4:51:e7:07:43:42:7f:9f:65:20:69:2c:e6:60:58:fb:f7:
         ce:15:d5:da:b0:4c:1a:d8:30:5c:05:c5:7a:74:ba:a6:63:d1:
         02:d1:09:7e:04:a7:8f:35:85:b9:6f:53:3e:b5:b5:53:c2:6f:
         09:e5:f5:97:81:92:6a:0d:06:f9:1a:58:a6:e4:2f:9f:bc:ab:
         02:4f:1f:b1:ef:c5:a1:e6:eb:b7:c0:f4:15:20:3c:1b:11:cc:
         89:32:53:85:f9:37:8c:a3:36:5d:c6:45:b9:21:80:63:3e:3a:
         dc:ed:c0:d1:76:28:2d:06:67:a3:a5:f6:21:09:a5:c7:7a:56:
         2f:4d:90:49:5f:65:c0:2a:72:e1:d2:a3:0b:cc:a7:ee:aa:83:
         81:98:03:11:77:35:27:bb:81:4c:5f:f3:fb:ef:ae:12:8c:f3:
         fa:8b:99:06:7f:47:5e:61:ad:f4:b0:40:f2:b3:f0:ee:d4:a2:
         40:bb:c6:39:1e:16:57:c2:a8:b4:ce:bf:80:de:e6:46:41:dc:
         14:fd:fa:f4:a8:bb:78:20:b2:4f:88:b8:52:c3:55:80:b6:a9:
         af:13:e4:da:e6:22:42:39:9f:b7:a7:b1:02:08:98:11:94:d1:
         f7:29:f2:db:b9:ca:fa:75:0f:7d:1b:d4:d6:a7:d3:50:d8:08:
         2e:15:e6:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRGAjywtdSPOENxxucmLjHRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA4MTMwMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ0MGZjMTc2NWQyMTMwZWI5ZDdiYjFlYzU1NTcxYzgzNGUzM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXYlHF1HxEu+q9fP/vxyH9t7bEtC
1vTqUOqAH3/TR6i9/Frgz43hHrY12RiyypL3JYJt0Tk7MSHCwQiZRz7FZOxWtM2U
Fxi/pib1wqMuJ9M8QEPt9PhsF0l8k2ai7LZg7/x9UMc6+o9Aa0XCPnteMHPky82P
hFw6MxmBpQgVO/bqqrPAvziIYLUWknpbTm9coTts4Hl2A0rUWYaI2FxbrdzSUbPH
Lz4z8MbHAuv4iL4QGykJxwhR/XiPn+haFCiHnzXTVJHbUbe2H4oBgDe50GHLEOEW
rNO8wfDXh2OafdWNQciTK1r9rr9bb0znqVNgoGZKQ5rskBTG10XLKFf6YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClED8F2XSEw6517sexVVxyDTjP6MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvS1VRUHdYWmRJVERyblh1eDdGVlhISU5PTV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBWi4MA0G
CSqGSIb3DQEBCwUAA4IBAQBaxFHnB0NCf59lIGks5mBY+/fOFdXasEwa2DBcBcV6
dLqmY9EC0Ql+BKePNYW5b1M+tbVTwm8J5fWXgZJqDQb5Glim5C+fvKsCTx+x78Wh
5uu3wPQVIDwbEcyJMlOF+TeMozZdxkW5IYBjPjrc7cDRdigtBmejpfYhCaXHelYv
TZBJX2XAKnLh0qMLzKfuqoOBmAMRdzUnu4FMX/P7764SjPP6i5kGf0deYa30sEDy
s/Du1KJAu8Y5HhZXwqi0zr+A3uZGQdwU/fr0qLt4ILJPiLhSw1WAtqmvE+Ta5iJC
OZ+3p7ECCJgRlNH3KfLbucr6dQ99G9TWp9NQ2AguFeY6
-----END CERTIFICATE-----