Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/13v_SFUUaJanH2ti7gyyAMAe4E8.roa
File:                     13v_SFUUaJanH2ti7gyyAMAe4E8.roa (raw, json)
Hash identifier:          9BOoaT9u38i4PO8whYYhUIN3eU3jwn/DC/9uSOlK5Wc=
Subject key identifier:   D7:7B:FF:48:55:14:68:96:A7:1F:6B:62:EE:0C:B2:00:C0:1E:E0:4F
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       01941F8C4CCFA2420C8E3DE0BF720E9EF158
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/13v_SFUUaJanH2ti7gyyAMAe4E8.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58142
IP address blocks:        5.202.168.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4c:cf:a2:42:0c:8e:3d:e0:bf:72:0e:9e:f1:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d77bff4855146896a71f6b62ee0cb200c01ee04f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d6:33:9b:b5:b7:bf:84:a2:88:63:40:01:6f:
                    25:f7:9b:98:25:b5:4c:62:51:e0:6e:2c:44:1b:cc:
                    81:c3:39:04:a6:aa:27:e0:e7:b8:a4:af:67:f1:83:
                    31:9b:e8:18:32:d2:a0:cf:c6:9f:cb:74:37:be:23:
                    c4:b7:8e:89:d6:cc:d6:12:f7:d7:5c:39:c6:48:da:
                    b8:4a:75:d8:d3:ba:db:30:45:c9:e2:04:68:58:59:
                    5e:18:aa:a2:43:59:79:79:37:6d:d7:78:5f:af:9a:
                    11:27:d7:00:67:0c:dc:a8:20:5d:a7:ce:b1:75:0d:
                    da:c2:d6:a6:4e:e8:1f:77:9c:ad:3a:5b:c5:7f:8e:
                    b2:0f:e9:d8:1c:38:2d:73:28:54:e3:3d:85:57:4f:
                    14:cf:6f:0b:f6:0a:4f:50:52:10:c7:77:74:22:67:
                    e3:8f:38:c4:d7:a3:94:53:ff:18:f4:63:78:df:a9:
                    a5:4a:27:db:df:a6:ab:4c:d7:f7:b6:0b:8d:35:32:
                    e7:9f:cb:67:03:ce:b2:88:97:bb:e0:47:76:f6:78:
                    ed:64:f8:7d:5a:f0:96:d9:43:e7:4a:62:d4:6b:12:
                    81:97:0c:ce:2a:65:02:90:b9:7e:46:60:27:b5:29:
                    41:4a:33:cd:ce:e4:31:49:9a:61:ca:87:f7:62:c3:
                    5c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7B:FF:48:55:14:68:96:A7:1F:6B:62:EE:0C:B2:00:C0:1E:E0:4F
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/13v_SFUUaJanH2ti7gyyAMAe4E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5d:7b:2d:49:e1:83:c9:51:08:3b:fc:cf:bb:ec:a5:d8:27:7b:
         26:c5:bb:ae:bb:90:cd:30:01:14:97:d9:df:4f:9a:5c:11:f9:
         8a:7b:b0:cf:56:22:13:c5:fb:fb:da:d8:09:71:a2:b0:0b:f7:
         a1:65:12:d9:65:ca:d8:6e:ee:51:32:69:f0:9c:33:4c:64:47:
         7f:51:1f:87:1f:59:e8:9b:fc:cf:e7:6a:9c:ae:0d:6a:1e:07:
         a1:c7:0c:a8:39:88:b1:e0:fc:c5:fb:9a:77:fd:89:40:1a:43:
         88:82:04:15:d0:45:cd:f6:30:ea:c3:42:4e:65:6a:07:5f:15:
         ad:33:34:08:a6:a0:66:45:a0:ef:67:89:38:4e:ee:c2:64:79:
         51:74:9a:36:7f:54:82:17:04:8d:7f:e1:06:b1:a0:be:85:d4:
         0f:d8:f0:74:01:d9:fc:15:41:f8:87:27:92:e3:0a:96:cf:39:
         15:70:d1:c4:1a:01:ee:8d:69:d4:5b:8d:b6:84:36:c0:7a:cb:
         60:2d:64:b7:cc:e5:ee:36:90:7a:8a:3d:c0:c1:7b:ec:4b:92:
         51:c5:6f:69:5a:3c:fc:1d:33:d3:a3:69:8b:c6:f4:ff:2f:42:
         c7:97:75:58:2d:e2:17:3f:5e:d3:f6:9d:ad:13:24:b2:14:8c:
         3f:37:f3:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjEzPokIMjj3gv3IOnvFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdiZmY0ODU1MTQ2ODk2YTcxZjZiNjJlZTBjYjIwMGMwMWVlMDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NYzm7W3v4SiiGNAAW8l95uYJbVM
YlHgbixEG8yBwzkEpqon4Oe4pK9n8YMxm+gYMtKgz8afy3Q3viPEt46J1szWEvfX
XDnGSNq4SnXY07rbMEXJ4gRoWFleGKqiQ1l5eTdt13hfr5oRJ9cAZwzcqCBdp86x
dQ3awtamTugfd5ytOlvFf46yD+nYHDgtcyhU4z2FV08Uz28L9gpPUFIQx3d0Imfj
jzjE16OUU/8Y9GN436mlSifb36arTNf3tguNNTLnn8tnA86yiJe74Ed29njtZPh9
WvCW2UPnSmLUaxKBlwzOKmUCkLl+RmAntSlBSjPNzuQxSZphyof3YsNcCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNd7/0hVFGiWpx9rYu4MsgDAHuBPMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvMTN2X1NGVVVhSmFuSDJ0aTdneXlBTUFlNEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBcqoMA0G
CSqGSIb3DQEBCwUAA4IBAQBdey1J4YPJUQg7/M+77KXYJ3smxbuuu5DNMAEUl9nf
T5pcEfmKe7DPViITxfv72tgJcaKwC/ehZRLZZcrYbu5RMmnwnDNMZEd/UR+HH1no
m/zP52qcrg1qHgehxwyoOYix4PzF+5p3/YlAGkOIggQV0EXN9jDqw0JOZWoHXxWt
MzQIpqBmRaDvZ4k4Tu7CZHlRdJo2f1SCFwSNf+EGsaC+hdQP2PB0Adn8FUH4hyeS
4wqWzzkVcNHEGgHujWnUW422hDbAestgLWS3zOXuNpB6ij3AwXvsS5JRxW9pWjz8
HTPTo2mLxvT/L0LHl3VYLeIXP17T9p2tEySyFIw/N/OH
-----END CERTIFICATE-----