Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/n4LrIW3mgA8G3axl4csgyTpsp8Q.roa
File:                     n4LrIW3mgA8G3axl4csgyTpsp8Q.roa (raw, json)
Hash identifier:          LNegLtDN4y1dMd1RyuVmBjmyfpzTDjWVARTw/3voBLo=
Subject key identifier:   9F:82:EB:21:6D:E6:80:0F:06:DD:AC:65:E1:CB:20:C9:3A:6C:A7:C4
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       01942369FFEA511D7C06506FA09EBF058A75
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/n4LrIW3mgA8G3axl4csgyTpsp8Q.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60911
IP address blocks:        5.172.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ff:ea:51:1d:7c:06:50:6f:a0:9e:bf:05:8a:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f82eb216de6800f06ddac65e1cb20c93a6ca7c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4c:81:33:44:94:fe:ea:f4:c4:54:70:5f:5a:
                    98:f8:52:22:2b:b6:f2:a0:0a:b6:67:42:54:3d:c5:
                    ba:c1:b9:97:41:3f:28:6a:85:8d:b8:9b:69:d9:af:
                    85:98:25:66:3a:f5:6c:26:0d:45:b7:fa:8d:10:91:
                    d7:e0:1f:63:2f:60:db:c4:ee:49:b4:5e:90:df:2f:
                    b7:d6:7c:2a:78:41:2e:28:a7:a9:b3:f4:34:e4:83:
                    a2:5a:db:94:b6:42:47:11:e4:1c:b3:97:b2:18:87:
                    57:73:c3:1b:72:46:38:96:cb:ec:bd:40:23:59:69:
                    76:0c:86:ee:47:a6:d9:8c:7e:42:a8:e3:87:42:dc:
                    12:ea:84:7a:51:bd:b6:36:f1:3b:80:ba:01:ed:42:
                    da:51:57:ee:ff:36:b8:25:14:50:cc:cc:93:62:7e:
                    c8:29:5c:5c:e5:7d:b5:26:b5:b5:ad:c1:23:fc:58:
                    58:bf:28:74:04:14:b1:50:1a:c1:80:b1:91:1c:8d:
                    9b:0c:02:7b:a6:63:27:52:ee:42:7b:a0:e7:52:69:
                    a0:eb:e7:50:c4:df:3d:8d:23:85:bc:7e:3b:61:b2:
                    a6:a0:d7:20:67:9d:15:3a:94:8f:ca:5a:c0:8c:0f:
                    f5:ec:88:a4:21:69:57:03:3c:5d:bc:72:df:ee:a6:
                    c4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:82:EB:21:6D:E6:80:0F:06:DD:AC:65:E1:CB:20:C9:3A:6C:A7:C4
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/n4LrIW3mgA8G3axl4csgyTpsp8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:8a:02:3e:92:de:52:dd:5c:29:04:4d:b4:bb:67:f7:02:f2:
         2a:98:bc:f7:81:a5:cc:1f:56:e2:d7:d6:9f:0b:8e:29:83:fb:
         f1:b6:2c:3b:f6:7a:65:42:60:61:fa:57:3a:e9:f9:c7:27:8d:
         f3:14:e9:2a:b3:48:bb:99:39:6a:b7:ab:92:05:0a:72:f0:3d:
         c1:36:a4:b1:70:1c:fb:51:c9:65:78:fc:6f:cb:8a:1b:fc:dd:
         c0:95:10:f5:ce:6e:ba:9c:be:82:e6:b0:66:09:64:2b:1c:d2:
         9d:5f:b2:94:8f:79:85:71:f0:ac:da:e6:fd:ca:7c:d3:50:a9:
         97:2a:7a:e7:25:b0:a7:84:3f:b2:35:8d:a1:0c:42:1a:a5:98:
         4d:01:a1:39:ec:02:5a:a5:f4:9d:5b:7c:1a:93:24:6a:3a:31:
         c6:45:bf:6a:f8:7a:d2:d1:0e:e3:36:df:86:6f:7c:c8:eb:9d:
         10:91:01:01:c5:35:08:49:cc:b3:17:65:d0:66:29:ae:2d:91:
         80:61:e0:09:1c:89:45:60:f5:25:bb:01:d6:72:0c:22:77:73:
         b3:26:3d:a8:7e:53:2c:9c:7e:3b:af:94:36:03:2d:57:7a:dc:
         9d:cc:52:3e:31:46:f7:db:55:76:f2:eb:b2:85:0f:ab:80:ca:
         6f:f7:f9:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaf/qUR18BlBvoJ6/BYp1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjgyZWIyMTZkZTY4MDBmMDZkZGFjNjVlMWNiMjBjOTNhNmNhN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUyBM0SU/ur0xFRwX1qY+FIiK7by
oAq2Z0JUPcW6wbmXQT8oaoWNuJtp2a+FmCVmOvVsJg1Ft/qNEJHX4B9jL2DbxO5J
tF6Q3y+31nwqeEEuKKeps/Q05IOiWtuUtkJHEeQcs5eyGIdXc8MbckY4lsvsvUAj
WWl2DIbuR6bZjH5CqOOHQtwS6oR6Ub22NvE7gLoB7ULaUVfu/za4JRRQzMyTYn7I
KVxc5X21JrW1rcEj/FhYvyh0BBSxUBrBgLGRHI2bDAJ7pmMnUu5Ce6DnUmmg6+dQ
xN89jSOFvH47YbKmoNcgZ50VOpSPylrAjA/17IikIWlXAzxdvHLf7qbEMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+C6yFt5oAPBt2sZeHLIMk6bKfEMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvbjRMcklXM21nQThHM2F4bDRjc2d5VHBzcDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABazPMA0G
CSqGSIb3DQEBCwUAA4IBAQBbigI+kt5S3VwpBE20u2f3AvIqmLz3gaXMH1bi19af
C44pg/vxtiw79nplQmBh+lc66fnHJ43zFOkqs0i7mTlqt6uSBQpy8D3BNqSxcBz7
UcllePxvy4ob/N3AlRD1zm66nL6C5rBmCWQrHNKdX7KUj3mFcfCs2ub9ynzTUKmX
KnrnJbCnhD+yNY2hDEIapZhNAaE57AJapfSdW3wakyRqOjHGRb9q+HrS0Q7jNt+G
b3zI650QkQEBxTUIScyzF2XQZimuLZGAYeAJHIlFYPUluwHWcgwid3OzJj2oflMs
nH47r5Q2Ay1XetydzFI+MUb321V28uuyhQ+rgMpv9/lN
-----END CERTIFICATE-----