Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/J8QjZax-mkvPxfZhhHMPCwubpys.roa
File:                     J8QjZax-mkvPxfZhhHMPCwubpys.roa (raw, json)
Hash identifier:          rmal6rcTiDBRBlMMyLquXrrXQpuz0JgUekU0ozpEKqs=
Subject key identifier:   27:C4:23:65:AC:7E:9A:4B:CF:C5:F6:61:84:73:0F:0B:0B:9B:A7:2B
Certificate issuer:       /CN=449b18e3296d795d3a9c959be25c70aaab365200
Certificate serial:       019420D64233D3CE092436CB54EF1B75CA82
Authority key identifier: 44:9B:18:E3:29:6D:79:5D:3A:9C:95:9B:E2:5C:70:AA:AB:36:52:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RJsY4ylteV06nJWb4lxwqqs2UgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/J8QjZax-mkvPxfZhhHMPCwubpys.roa
Signing time:             Wed 01 Jan 2025 07:48:20 +0000
ROA not before:           Wed 01 Jan 2025 07:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211410
IP address blocks:        5.159.4.0/22 maxlen: 24
                          162.213.160.0/24 maxlen: 24
                          185.21.96.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/RJsY4ylteV06nJWb4lxwqqs2UgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/RJsY4ylteV06nJWb4lxwqqs2UgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RJsY4ylteV06nJWb4lxwqqs2UgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:42:33:d3:ce:09:24:36:cb:54:ef:1b:75:ca:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=449b18e3296d795d3a9c959be25c70aaab365200
        Validity
            Not Before: Jan  1 07:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27c42365ac7e9a4bcfc5f66184730f0b0b9ba72b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:36:7b:84:dd:58:c0:91:17:8b:2b:53:56:fb:
                    0f:4d:ae:e0:11:60:90:d7:c2:d4:97:2a:00:1a:2c:
                    9a:39:ba:a9:d3:37:82:ad:db:fc:55:e2:89:c3:a0:
                    cc:f7:4b:fa:c9:b7:c4:ee:1b:8a:b4:f9:77:3a:b0:
                    ad:5c:37:1a:e7:cf:7d:eb:70:02:d6:94:7a:8d:13:
                    b8:58:ad:e3:e8:b4:39:f2:91:58:16:66:b3:ef:c1:
                    7e:cc:7b:45:bc:e3:9e:d9:8d:f2:4c:2b:fa:9b:3e:
                    71:bd:a7:73:3d:da:3d:3c:bf:50:84:d6:0e:c7:9d:
                    7f:df:d8:de:ab:ff:5b:53:fd:21:e2:1a:d9:f7:8f:
                    2e:d0:3e:d4:ec:7e:77:cb:e6:37:ae:4d:e1:9f:46:
                    64:e7:1a:df:bd:b1:e2:0e:9d:19:16:83:dc:0c:61:
                    66:a9:42:89:69:87:1c:61:7c:c6:d8:53:24:8a:f8:
                    ba:1f:2b:c8:d0:6f:22:fa:73:fb:c0:04:d3:a8:e6:
                    9c:e5:1e:c4:15:2b:23:4c:fd:6f:01:97:a4:df:ab:
                    d9:88:57:41:ed:78:8f:d1:5e:41:1b:8e:5e:18:a4:
                    c9:b2:42:69:cc:8a:ae:af:0a:a6:8a:2d:e8:d8:aa:
                    93:25:dd:78:2c:69:4c:18:3d:10:3c:42:12:ff:7d:
                    03:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:C4:23:65:AC:7E:9A:4B:CF:C5:F6:61:84:73:0F:0B:0B:9B:A7:2B
            X509v3 Authority Key Identifier:
                keyid:44:9B:18:E3:29:6D:79:5D:3A:9C:95:9B:E2:5C:70:AA:AB:36:52:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RJsY4ylteV06nJWb4lxwqqs2UgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/J8QjZax-mkvPxfZhhHMPCwubpys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/RJsY4ylteV06nJWb4lxwqqs2UgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.4.0/22
                  162.213.160.0/24
                  185.21.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:c4:bc:71:ac:c0:a3:90:84:15:3f:4c:b2:51:e9:cd:2a:86:
         33:68:a0:d8:16:68:11:2e:42:4c:cb:c6:29:9c:bc:7c:80:fc:
         c2:1f:a8:e0:38:15:9e:6b:cf:22:00:21:0c:63:7b:61:d5:5a:
         06:96:d5:64:e4:72:ca:28:ad:0c:01:4c:39:2d:bb:35:59:31:
         b4:09:e1:58:68:56:f4:f0:f7:61:87:85:74:26:25:d6:d8:b1:
         4f:c1:5f:f1:08:a6:f1:14:43:50:71:60:3c:ba:07:88:ee:09:
         e8:9a:11:ed:f9:e3:1f:86:61:96:26:a0:48:f5:ac:83:4f:1c:
         86:55:02:dc:6b:e8:85:77:da:c3:e8:ad:86:04:b7:11:28:d5:
         86:34:10:d5:18:fd:5d:72:dd:d2:d8:3f:cf:a8:2f:8d:5a:54:
         33:bb:66:15:46:8e:a5:d1:7d:a1:91:04:9a:03:41:19:ce:11:
         30:ae:ef:be:6e:5d:3d:5f:63:39:98:ea:69:d9:2f:9f:06:ec:
         43:d6:08:4e:62:57:27:10:65:76:b1:3f:53:93:23:af:6a:03:
         df:6c:ef:72:b6:f7:f1:9b:41:ed:2c:1d:93:ac:7e:c4:e9:5e:
         13:0d:f3:6b:b4:59:a9:73:4b:be:ac:96:74:87:80:2c:02:f6:
         b3:f8:c0:72
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQg1kIz084JJDbLVO8bdcqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0OWIxOGUzMjk2ZDc5NWQzYTljOTU5YmUyNWM3MGFhYWIz
NjUyMDAwHhcNMjUwMTAxMDc0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2M0MjM2NWFjN2U5YTRiY2ZjNWY2NjE4NDczMGYwYjBiOWJhNzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjZ7hN1YwJEXiytTVvsPTa7gEWCQ
18LUlyoAGiyaObqp0zeCrdv8VeKJw6DM90v6ybfE7huKtPl3OrCtXDca589963AC
1pR6jRO4WK3j6LQ58pFYFmaz78F+zHtFvOOe2Y3yTCv6mz5xvadzPdo9PL9QhNYO
x51/39jeq/9bU/0h4hrZ948u0D7U7H53y+Y3rk3hn0Zk5xrfvbHiDp0ZFoPcDGFm
qUKJaYccYXzG2FMkivi6HyvI0G8i+nP7wATTqOac5R7EFSsjTP1vAZek36vZiFdB
7XiP0V5BG45eGKTJskJpzIqurwqmii3o2KqTJd14LGlMGD0QPEIS/30DGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCfEI2WsfppLz8X2YYRzDwsLm6crMB8GA1UdIwQY
MBaAFESbGOMpbXldOpyVm+JccKqrNlIAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkpzWTR5bHRlVjA2bkpXYjRseHdxcXMyVWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9mYjM5ZWQtN2M3My00NDc4LTkwMWQt
NjVhODk5YTYwMzY2LzEvSjhRalpheC1ta3ZQeGZaaGhITVBDd3VicHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9mYjM5ZWQtN2M3My00NDc4LTkwMWQtNjVhODk5YTYwMzY2
LzEvUkpzWTR5bHRlVjA2bkpXYjRseHdxcXMyVWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCBZ8EAwQA
otWgAwQBuRVgMA0GCSqGSIb3DQEBCwUAA4IBAQBsxLxxrMCjkIQVP0yyUenNKoYz
aKDYFmgRLkJMy8YpnLx8gPzCH6jgOBWea88iACEMY3th1VoGltVk5HLKKK0MAUw5
Lbs1WTG0CeFYaFb08Pdhh4V0JiXW2LFPwV/xCKbxFENQcWA8ugeI7gnomhHt+eMf
hmGWJqBI9ayDTxyGVQLca+iFd9rD6K2GBLcRKNWGNBDVGP1dct3S2D/PqC+NWlQz
u2YVRo6l0X2hkQSaA0EZzhEwru++bl09X2M5mOpp2S+fBuxD1ghOYlcnEGV2sT9T
kyOvagPfbO9ytvfxm0HtLB2TrH7E6V4TDfNrtFmpc0u+rJZ0h4AsAvaz+MBy
-----END CERTIFICATE-----