Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/sjrvDPQwhWQPqwn6TmRlTLKuFYg.roa
File:                     sjrvDPQwhWQPqwn6TmRlTLKuFYg.roa (raw, json)
Hash identifier:          1WK8IPxCTeSex8E0rLqfFDPE1ENBltlsB6VMf3gJcZY=
Subject key identifier:   B2:3A:EF:0C:F4:30:85:64:0F:AB:09:FA:4E:64:65:4C:B2:AE:15:88
Certificate issuer:       /CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
Certificate serial:       019422FC32F983ADB6A139D9F6D3F3F0A678
Authority key identifier: 92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/sjrvDPQwhWQPqwn6TmRlTLKuFYg.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50673
IP address blocks:        5.56.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:32:f9:83:ad:b6:a1:39:d9:f6:d3:f3:f0:a6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b23aef0cf43085640fab09fa4e64654cb2ae1588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a2:84:26:2d:47:3b:c3:33:38:0c:8f:83:b3:
                    66:26:ab:a9:e9:30:20:4a:8f:43:e4:c6:4c:01:a7:
                    d8:21:48:98:59:51:cc:11:3b:cb:f0:b4:41:f4:62:
                    7b:21:28:be:17:ba:6d:0b:f3:12:a5:ff:2b:fb:df:
                    2e:1a:b2:45:70:fb:59:27:65:30:3b:02:cd:78:bf:
                    93:ec:da:d7:51:a4:7e:ed:4c:01:aa:34:ac:3a:93:
                    b7:16:aa:ec:c9:fc:49:f6:a8:52:91:3b:32:2f:6c:
                    f5:4d:7c:bd:2b:f1:2d:6e:e5:1a:fb:7f:e1:a6:58:
                    4b:df:bf:f1:06:21:22:f0:dd:b6:22:74:62:80:09:
                    6e:ab:3f:c9:d9:ec:02:63:41:72:90:90:f4:4b:26:
                    42:a8:8a:6d:20:c4:95:08:3a:4c:0f:1d:c3:18:29:
                    25:6a:47:5a:b2:63:11:33:b5:fe:a4:39:79:ad:26:
                    99:5b:5c:c3:50:5b:e9:b7:29:01:6e:4d:a3:31:a3:
                    e8:cc:d9:af:11:df:0a:93:2c:16:57:41:82:f2:fb:
                    0c:77:b6:bf:9f:fc:8d:85:16:04:05:52:50:c2:7c:
                    44:34:75:76:6f:cf:96:c4:15:fa:ea:2d:ad:2d:99:
                    2d:a6:99:c0:39:d0:1c:f8:9d:e0:df:a2:88:0c:d3:
                    6b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:3A:EF:0C:F4:30:85:64:0F:AB:09:FA:4E:64:65:4C:B2:AE:15:88
            X509v3 Authority Key Identifier:
                keyid:92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/sjrvDPQwhWQPqwn6TmRlTLKuFYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f9:15:9f:42:7d:d2:00:9a:b3:f6:85:b8:65:69:90:60:aa:
         76:9a:8d:f0:49:a3:47:b3:2a:a7:12:e1:b6:7f:58:5d:4d:9f:
         db:0e:87:8b:7a:1c:4d:88:b4:1e:00:be:cf:5b:5e:ff:d4:75:
         fb:2f:9b:e5:04:be:78:d8:2e:89:33:56:5a:64:34:4b:a5:cd:
         b2:eb:95:96:22:06:78:cf:8c:79:62:24:e2:e2:a5:88:16:32:
         4b:93:c0:d0:b9:cb:6a:09:91:2f:34:c5:ca:6a:1b:a5:a3:51:
         91:e2:64:c6:73:87:3d:d2:f8:44:71:fa:b7:75:5e:1b:2c:e3:
         7a:b9:0f:83:9b:02:c1:7a:1f:6e:bf:24:c8:4a:38:8d:de:73:
         8b:90:40:7e:31:62:46:94:29:c9:58:48:eb:3d:dc:58:60:2a:
         2b:9d:fc:bf:26:6c:1d:72:e3:ef:be:2a:56:f1:d0:ca:d7:7c:
         1c:67:e7:3c:b9:b8:69:f3:81:03:c3:aa:58:9d:c9:c8:1f:fb:
         f1:71:54:3c:96:84:d5:f2:7c:24:87:25:0b:1d:34:e2:ba:fd:
         b7:76:c9:36:fa:1f:5e:ed:48:40:de:cf:a3:54:8c:f7:3d:56:
         a0:0e:06:13:e3:ba:46:49:61:59:6a:f1:60:bf:5a:7c:0d:88:
         81:03:b5:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/DL5g622oTnZ9tPz8KZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYmY2NDY0Y2U2ZTE5YTRkY2Y4YTMyYjI3YTJmMWNiZTE1
NTEwNTUwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjNhZWYwY2Y0MzA4NTY0MGZhYjA5ZmE0ZTY0NjU0Y2IyYWUxNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKKEJi1HO8MzOAyPg7NmJqup6TAg
So9D5MZMAafYIUiYWVHMETvL8LRB9GJ7ISi+F7ptC/MSpf8r+98uGrJFcPtZJ2Uw
OwLNeL+T7NrXUaR+7UwBqjSsOpO3FqrsyfxJ9qhSkTsyL2z1TXy9K/EtbuUa+3/h
plhL37/xBiEi8N22InRigAluqz/J2ewCY0FykJD0SyZCqIptIMSVCDpMDx3DGCkl
akdasmMRM7X+pDl5rSaZW1zDUFvptykBbk2jMaPozNmvEd8KkywWV0GC8vsMd7a/
n/yNhRYEBVJQwnxENHV2b8+WxBX66i2tLZktppnAOdAc+J3g36KIDNNrYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLI67wz0MIVkD6sJ+k5kZUyyrhWIMB8GA1UdIwQY
MBaAFJK/ZGTObhmk3PijKyei8cvhVRBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzct
YjUzZTMwZTE0MTJhLzEvc2pydkRQUXdoV1FQcXduNlRtUmxUTEt1RllnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzctYjUzZTMwZTE0MTJh
LzEva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTiFMA0G
CSqGSIb3DQEBCwUAA4IBAQB0+RWfQn3SAJqz9oW4ZWmQYKp2mo3wSaNHsyqnEuG2
f1hdTZ/bDoeLehxNiLQeAL7PW17/1HX7L5vlBL542C6JM1ZaZDRLpc2y65WWIgZ4
z4x5YiTi4qWIFjJLk8DQuctqCZEvNMXKahulo1GR4mTGc4c90vhEcfq3dV4bLON6
uQ+DmwLBeh9uvyTISjiN3nOLkEB+MWJGlCnJWEjrPdxYYCornfy/JmwdcuPvvipW
8dDK13wcZ+c8ubhp84EDw6pYncnIH/vxcVQ8loTV8nwkhyULHTTiuv23dsk2+h9e
7UhA3s+jVIz3PVagDgYT47pGSWFZavFgv1p8DYiBA7Xm
-----END CERTIFICATE-----