Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/a17ae7-8e86-43fd-b850-c138bd1c171e/1/U_pf5mr7mVogKbgEVCSPIKt6P1Q.roa
File:                     U_pf5mr7mVogKbgEVCSPIKt6P1Q.roa (raw, json)
Hash identifier:          A+REPWck5DlDgbp9k+f3tR4pBhovVcICYPMhumJUrjo=
Subject key identifier:   53:FA:5F:E6:6A:FB:99:5A:20:29:B8:04:54:24:8F:20:AB:7A:3F:54
Certificate issuer:       /CN=e5729ee89636ba34fe56bd72e758f582ade70e52
Certificate serial:       01944A78FF273EB2DA0CA73E977F61B3A92F
Authority key identifier: E5:72:9E:E8:96:36:BA:34:FE:56:BD:72:E7:58:F5:82:AD:E7:0E:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5XKe6JY2ujT-Vr1y51j1gq3nDlI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/a17ae7-8e86-43fd-b850-c138bd1c171e/1/U_pf5mr7mVogKbgEVCSPIKt6P1Q.roa
Signing time:             Thu 09 Jan 2025 09:50:31 +0000
ROA not before:           Thu 09 Jan 2025 09:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60624
IP address blocks:        185.172.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/a17ae7-8e86-43fd-b850-c138bd1c171e/1/5XKe6JY2ujT-Vr1y51j1gq3nDlI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/a17ae7-8e86-43fd-b850-c138bd1c171e/1/5XKe6JY2ujT-Vr1y51j1gq3nDlI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5XKe6JY2ujT-Vr1y51j1gq3nDlI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 22:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:78:ff:27:3e:b2:da:0c:a7:3e:97:7f:61:b3:a9:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5729ee89636ba34fe56bd72e758f582ade70e52
        Validity
            Not Before: Jan  9 09:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53fa5fe66afb995a2029b80454248f20ab7a3f54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:74:7b:1d:20:f6:80:26:96:07:36:81:64:2d:
                    89:d3:1a:91:56:41:9e:ca:d5:f8:dd:e9:3d:63:63:
                    18:10:de:09:b0:b6:dc:c6:37:6b:8d:4e:8c:1b:8f:
                    2c:66:8e:5a:96:4c:fb:29:78:a9:a2:71:d7:c2:52:
                    11:61:72:06:c0:5c:17:a5:7c:02:e0:34:1a:7e:e6:
                    da:07:ce:a5:c6:ca:a0:02:72:25:fc:6c:71:48:ba:
                    ca:1c:ea:b9:76:27:36:c8:09:3e:75:8c:3a:8d:19:
                    23:5c:94:45:29:75:6e:e7:06:05:6a:ec:89:34:eb:
                    e5:de:6e:5c:1a:0e:5d:29:d7:3d:ab:4b:c0:0f:f9:
                    f0:da:8c:5b:3c:5f:23:2b:6f:8c:63:32:e2:43:80:
                    bb:85:86:f3:0b:be:ca:cd:6f:54:b4:9f:e0:46:dc:
                    d5:a7:c0:08:86:42:27:47:ce:40:6e:25:83:d7:a6:
                    0e:50:f7:7d:e3:0c:f6:39:0a:89:99:dc:d6:b1:16:
                    13:29:cc:cc:ac:7a:24:d0:f7:d6:b0:30:e0:84:bb:
                    a0:85:f0:1e:86:89:b8:59:3f:85:33:7a:25:f0:75:
                    7c:c2:69:16:98:7e:92:01:45:bb:83:c7:b5:26:d8:
                    06:e4:26:8e:e0:84:a9:54:95:1e:be:79:f6:de:6d:
                    c8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FA:5F:E6:6A:FB:99:5A:20:29:B8:04:54:24:8F:20:AB:7A:3F:54
            X509v3 Authority Key Identifier:
                keyid:E5:72:9E:E8:96:36:BA:34:FE:56:BD:72:E7:58:F5:82:AD:E7:0E:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5XKe6JY2ujT-Vr1y51j1gq3nDlI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a17ae7-8e86-43fd-b850-c138bd1c171e/1/U_pf5mr7mVogKbgEVCSPIKt6P1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/a17ae7-8e86-43fd-b850-c138bd1c171e/1/5XKe6JY2ujT-Vr1y51j1gq3nDlI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:e4:c6:6f:f3:48:d4:1c:b0:03:ab:d6:65:25:7b:35:a9:1d:
         a8:46:b3:7e:bc:fe:5d:10:20:4a:92:a7:ac:ff:fc:5d:35:69:
         92:c2:f4:b4:53:75:48:19:dc:c7:4e:2b:6e:eb:64:8f:34:7c:
         e4:4f:ff:0b:08:7a:3d:6f:1b:24:06:d6:11:4d:fc:a3:5d:dc:
         1d:d2:cc:48:c9:69:91:c0:84:98:db:7a:b7:fa:e9:13:ab:84:
         3e:a3:60:5f:aa:10:1a:e2:ad:9d:97:94:d3:f9:3f:c4:15:77:
         4e:ec:b2:59:15:8f:25:f0:10:e6:6c:73:38:f3:58:12:e7:31:
         bd:c0:7e:41:ab:5e:67:bd:cb:94:48:ec:40:b6:ac:91:ee:f8:
         83:fd:78:41:df:0b:67:30:f5:ba:a9:1b:09:7f:ec:60:31:b2:
         88:e3:c7:89:e8:04:01:20:c1:05:e1:ee:9d:94:96:6f:98:c9:
         cf:71:98:6f:3b:4a:bb:da:68:7c:47:e3:f6:9d:67:2c:cb:d8:
         ef:63:f3:cf:b5:0c:63:02:1a:48:7c:4f:5f:2d:a6:af:03:50:
         19:9d:89:02:f4:77:90:50:91:96:46:11:76:5a:7c:1b:0a:09:
         f7:13:ec:62:27:d2:d8:27:e7:76:e1:2f:e9:a5:fc:9d:62:1f:
         01:96:a4:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKeP8nPrLaDKc+l39hs6kvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NzI5ZWU4OTYzNmJhMzRmZTU2YmQ3MmU3NThmNTgyYWRl
NzBlNTIwHhcNMjUwMTA5MDk1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ZhNWZlNjZhZmI5OTVhMjAyOWI4MDQ1NDI0OGYyMGFiN2EzZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXR7HSD2gCaWBzaBZC2J0xqRVkGe
ytX43ek9Y2MYEN4JsLbcxjdrjU6MG48sZo5alkz7KXiponHXwlIRYXIGwFwXpXwC
4DQafubaB86lxsqgAnIl/GxxSLrKHOq5dic2yAk+dYw6jRkjXJRFKXVu5wYFauyJ
NOvl3m5cGg5dKdc9q0vAD/nw2oxbPF8jK2+MYzLiQ4C7hYbzC77KzW9UtJ/gRtzV
p8AIhkInR85AbiWD16YOUPd94wz2OQqJmdzWsRYTKczMrHok0PfWsDDghLughfAe
hom4WT+FM3ol8HV8wmkWmH6SAUW7g8e1JtgG5CaO4ISpVJUevnn23m3I3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFP6X+Zq+5laICm4BFQkjyCrej9UMB8GA1UdIwQY
MBaAFOVynuiWNro0/la9cudY9YKt5w5SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVhLZTZKWTJ1alQtVnIxeTUxajFncTNuRGxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9hMTdhZTctOGU4Ni00M2ZkLWI4NTAt
YzEzOGJkMWMxNzFlLzEvVV9wZjVtcjdtVm9nS2JnRVZDU1BJS3Q2UDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9hMTdhZTctOGU4Ni00M2ZkLWI4NTAtYzEzOGJkMWMxNzFl
LzEvNVhLZTZKWTJ1alQtVnIxeTUxajFncTNuRGxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaxXMA0G
CSqGSIb3DQEBCwUAA4IBAQB+5MZv80jUHLADq9ZlJXs1qR2oRrN+vP5dECBKkqes
//xdNWmSwvS0U3VIGdzHTitu62SPNHzkT/8LCHo9bxskBtYRTfyjXdwd0sxIyWmR
wISY23q3+ukTq4Q+o2BfqhAa4q2dl5TT+T/EFXdO7LJZFY8l8BDmbHM481gS5zG9
wH5Bq15nvcuUSOxAtqyR7viD/XhB3wtnMPW6qRsJf+xgMbKI48eJ6AQBIMEF4e6d
lJZvmMnPcZhvO0q72mh8R+P2nWcsy9jvY/PPtQxjAhpIfE9fLaavA1AZnYkC9HeQ
UJGWRhF2WnwbCgn3E+xiJ9LYJ+d24S/ppfydYh8BlqRd
-----END CERTIFICATE-----