Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Fj1LHdywYxmpNZYAlA5jYdYU-2Y.roa
File:                     Fj1LHdywYxmpNZYAlA5jYdYU-2Y.roa (raw, json)
Hash identifier:          mXJTyqInCONrh6olkEuXhmmFrOakqrl35XBlrBrFg1o=
Subject key identifier:   16:3D:4B:1D:DC:B0:63:19:A9:35:96:00:94:0E:63:61:D6:14:FB:66
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01954151ECD11F661450B144E893A7F2B362
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Fj1LHdywYxmpNZYAlA5jYdYU-2Y.roa
Signing time:             Wed 26 Feb 2025 08:14:02 +0000
ROA not before:           Wed 26 Feb 2025 08:14:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198427
IP address blocks:        5.182.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:41:51:ec:d1:1f:66:14:50:b1:44:e8:93:a7:f2:b3:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Feb 26 08:14:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=163d4b1ddcb06319a9359600940e6361d614fb66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8c:8a:c3:4b:94:fb:e6:d4:15:31:ff:a0:78:
                    de:4f:e3:37:0e:de:79:50:bd:aa:fa:1e:50:8f:1d:
                    d8:2a:a7:aa:ea:56:17:fd:7a:0b:de:0c:83:df:9e:
                    52:c7:b4:5d:f6:9e:08:db:99:cb:b4:dc:d0:72:ef:
                    59:0a:b8:24:21:fb:26:52:03:af:b8:64:ba:35:07:
                    ef:04:17:06:67:95:3d:fa:1c:bc:45:bc:40:e1:5f:
                    91:0d:35:4f:f6:06:e2:62:76:65:b6:ea:71:d4:dd:
                    b3:5c:13:72:9e:96:16:c8:d9:e8:78:ec:8d:21:ec:
                    6a:49:b6:c0:d0:18:40:ad:f8:35:10:ea:27:cd:d9:
                    07:e7:33:d7:77:de:4a:7e:20:28:89:17:d2:78:87:
                    7d:19:8e:45:30:00:3c:9f:7b:d9:5b:0a:11:a0:7d:
                    42:48:4f:23:fd:d3:d2:c1:a6:db:74:35:03:87:55:
                    f9:e1:35:16:ea:09:73:54:ae:8a:0d:50:d7:13:21:
                    c4:44:6e:c7:8e:4b:b1:ea:ac:22:8a:71:e9:a6:63:
                    4c:f6:7d:a0:89:f5:90:c8:38:19:74:2e:fc:a2:ef:
                    79:3e:95:c8:09:bb:a4:ad:e3:f9:7d:4d:fb:26:e0:
                    fe:08:c5:b2:2f:f7:a0:e3:c4:23:64:dd:19:0c:fe:
                    cb:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:3D:4B:1D:DC:B0:63:19:A9:35:96:00:94:0E:63:61:D6:14:FB:66
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Fj1LHdywYxmpNZYAlA5jYdYU-2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:55:f7:d3:de:b7:5e:9a:84:bd:63:24:60:b2:6f:d4:0d:77:
         81:e8:65:9d:8a:05:66:86:99:92:5e:f1:e8:1a:01:52:a8:f7:
         f7:4c:86:0c:ee:1b:99:ec:ac:df:ab:b9:f6:af:9d:1c:85:a1:
         76:ff:4e:2e:5c:91:71:8d:3d:f4:dd:03:3b:c2:14:19:34:40:
         ca:f2:d9:6f:f8:40:15:99:24:8c:95:0c:a1:e5:5e:50:9e:df:
         83:39:c5:a2:3c:97:56:c3:a5:f7:a1:ee:cc:c5:01:49:68:01:
         3e:09:ea:e5:b8:b3:7e:36:ce:af:96:36:c0:13:ec:c2:48:4c:
         18:71:1c:d0:f8:c6:0f:ea:0f:08:f2:d7:15:49:dc:60:a2:ab:
         f3:0c:65:d4:83:46:b0:2c:a2:6a:cb:e1:5e:ba:e0:84:cf:53:
         93:28:94:a0:fe:72:8e:82:2a:9a:56:0d:30:79:f8:fa:bf:b5:
         06:aa:63:d8:33:f6:84:3f:04:70:ce:a5:26:d5:25:41:be:27:
         97:be:0b:54:61:36:85:7a:d6:ff:9c:d5:d2:15:34:01:5d:8d:
         9f:85:ff:58:e0:c7:5a:36:0e:ee:51:e3:6b:ce:b7:06:fe:d5:
         3e:ed:e0:69:cd:61:8f:ae:78:9d:ad:7a:84:48:9d:8d:34:2c:
         6c:e8:16:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVBUezRH2YUULFE6JOn8rNiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMjI2MDgxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjNkNGIxZGRjYjA2MzE5YTkzNTk2MDA5NDBlNjM2MWQ2MTRmYjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYyKw0uU++bUFTH/oHjeT+M3Dt55
UL2q+h5Qjx3YKqeq6lYX/XoL3gyD355Sx7Rd9p4I25nLtNzQcu9ZCrgkIfsmUgOv
uGS6NQfvBBcGZ5U9+hy8RbxA4V+RDTVP9gbiYnZltupx1N2zXBNynpYWyNnoeOyN
IexqSbbA0BhArfg1EOonzdkH5zPXd95KfiAoiRfSeId9GY5FMAA8n3vZWwoRoH1C
SE8j/dPSwabbdDUDh1X54TUW6glzVK6KDVDXEyHERG7Hjkux6qwiinHppmNM9n2g
ifWQyDgZdC78ou95PpXICbukreP5fU37JuD+CMWyL/eg48QjZN0ZDP7LqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBY9Sx3csGMZqTWWAJQOY2HWFPtmMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRmoxTEhkeXdZeG1wTlpZQWxBNWpZZFlVLTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbZwMA0G
CSqGSIb3DQEBCwUAA4IBAQBMVffT3rdemoS9YyRgsm/UDXeB6GWdigVmhpmSXvHo
GgFSqPf3TIYM7huZ7Kzfq7n2r50chaF2/04uXJFxjT303QM7whQZNEDK8tlv+EAV
mSSMlQyh5V5Qnt+DOcWiPJdWw6X3oe7MxQFJaAE+CerluLN+Ns6vljbAE+zCSEwY
cRzQ+MYP6g8I8tcVSdxgoqvzDGXUg0awLKJqy+FeuuCEz1OTKJSg/nKOgiqaVg0w
efj6v7UGqmPYM/aEPwRwzqUm1SVBvieXvgtUYTaFetb/nNXSFTQBXY2fhf9Y4Mda
Ng7uUeNrzrcG/tU+7eBpzWGPrnidrXqESJ2NNCxs6Bbi
-----END CERTIFICATE-----