Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/5lDpUUbHXzya0fMquFYbFulqqVs.roa
File:                     5lDpUUbHXzya0fMquFYbFulqqVs.roa (raw, json)
Hash identifier:          f1hht89a/wconxQu5KNK8QHufJfhYi0HFOvBnekJIq0=
Subject key identifier:   E6:50:E9:51:46:C7:5F:3C:9A:D1:F3:2A:B8:56:1B:16:E9:6A:A9:5B
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       0194266B2D8791F23FF7FE8B326A6D67F981
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/5lDpUUbHXzya0fMquFYbFulqqVs.roa
Signing time:             Thu 02 Jan 2025 09:49:05 +0000
ROA not before:           Thu 02 Jan 2025 09:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8903
IP address blocks:        158.172.140.0/23 maxlen: 23
                          158.172.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:2d:87:91:f2:3f:f7:fe:8b:32:6a:6d:67:f9:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jan  2 09:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e650e95146c75f3c9ad1f32ab8561b16e96aa95b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8d:62:15:70:d0:b7:98:6c:01:ca:00:54:7f:
                    84:fc:e3:af:d8:14:15:ce:e4:e1:82:58:6a:50:97:
                    28:0e:0c:31:10:c0:d1:0c:15:54:1e:93:69:89:bb:
                    a8:2c:3e:e5:84:d4:cd:6a:36:52:38:d5:62:e9:b8:
                    98:f4:8d:1a:45:f2:51:b8:08:98:80:89:b8:14:b8:
                    b2:45:d2:40:74:c4:48:af:51:c2:bd:2d:f6:f7:35:
                    4b:e5:d5:2e:d3:76:3e:b6:eb:7b:07:e8:02:da:ad:
                    fd:7a:7d:d2:56:14:97:48:e0:b2:ad:e6:8a:fa:12:
                    35:7c:0b:81:f2:06:e9:5e:fa:39:a8:a3:e3:fc:1e:
                    59:56:5e:f7:75:76:04:a5:27:20:e9:db:9e:18:00:
                    5e:49:86:72:db:a6:f8:36:ac:21:46:39:54:8d:04:
                    67:a3:e5:17:b3:ad:92:e5:9b:30:e0:78:28:98:c9:
                    bc:fb:a3:de:f4:81:7d:c8:92:51:e1:c5:05:62:7b:
                    62:a2:be:23:51:2d:8e:dc:98:9d:b7:39:07:ed:58:
                    ea:8c:82:ae:ce:8f:10:7d:cd:41:50:c6:20:a2:5c:
                    42:2c:cb:89:dd:b2:06:65:64:73:3e:a1:97:69:e1:
                    d0:5d:9e:fa:78:83:ac:b6:eb:62:be:0c:1e:53:1e:
                    58:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:50:E9:51:46:C7:5F:3C:9A:D1:F3:2A:B8:56:1B:16:E9:6A:A9:5B
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/5lDpUUbHXzya0fMquFYbFulqqVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.140.0-158.172.142.255

    Signature Algorithm: sha256WithRSAEncryption
         7a:43:d6:48:e6:c4:a8:4f:1d:dc:04:8f:83:62:05:b3:40:04:
         5a:97:5d:8a:52:8d:94:a5:61:51:ac:d8:73:93:cf:dd:31:f5:
         c2:ae:b2:5e:fb:31:25:c2:f5:77:e6:52:0a:99:aa:3e:0c:3f:
         7b:4c:e1:b1:ab:21:61:d7:99:ff:2f:51:b3:50:48:c8:41:37:
         59:33:e1:a0:3f:43:c9:42:92:99:49:c7:48:fb:d7:d2:cc:92:
         61:e8:ae:38:14:50:5e:d9:1a:9b:70:12:3b:ef:45:09:d5:cf:
         ad:64:61:07:a7:45:b8:99:99:d4:dd:c0:10:d2:57:57:d2:23:
         00:46:31:3d:34:02:94:67:35:f2:24:69:3c:bb:d4:49:94:d1:
         5c:da:63:03:be:2c:46:93:3e:9e:1f:10:7d:1f:76:2f:b1:fc:
         b6:f3:d0:ea:70:c0:af:f4:00:c4:8a:ca:3c:cb:86:b5:93:4a:
         2a:97:9e:14:29:0d:30:2b:ab:20:eb:64:b3:35:5e:ff:ba:0e:
         85:6e:9c:25:70:83:8b:5d:71:93:74:04:03:ab:25:d3:64:cc:
         6f:09:8d:e1:df:e7:d0:81:c9:ce:eb:81:e8:2e:28:fa:d3:eb:
         58:4e:8e:54:9e:0b:bf:b8:f9:57:c4:10:69:6a:02:5d:52:2d:
         0a:80:d4:89
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQmay2HkfI/9/6LMmptZ/mBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjUwMTAyMDk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjUwZTk1MTQ2Yzc1ZjNjOWFkMWYzMmFiODU2MWIxNmU5NmFhOTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjI1iFXDQt5hsAcoAVH+E/OOv2BQV
zuThglhqUJcoDgwxEMDRDBVUHpNpibuoLD7lhNTNajZSONVi6biY9I0aRfJRuAiY
gIm4FLiyRdJAdMRIr1HCvS329zVL5dUu03Y+tut7B+gC2q39en3SVhSXSOCyreaK
+hI1fAuB8gbpXvo5qKPj/B5ZVl73dXYEpScg6dueGABeSYZy26b4NqwhRjlUjQRn
o+UXs62S5Zsw4HgomMm8+6Pe9IF9yJJR4cUFYntior4jUS2O3JidtzkH7VjqjIKu
zo8Qfc1BUMYgolxCLMuJ3bIGZWRzPqGXaeHQXZ76eIOstutivgweUx5YUQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOZQ6VFGx188mtHzKrhWGxbpaqlbMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvNWxEcFVVYkhYenlhMGZNcXVGWWJGdWxxcVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKerIwD
BACerI4wDQYJKoZIhvcNAQELBQADggEBAHpD1kjmxKhPHdwEj4NiBbNABFqXXYpS
jZSlYVGs2HOTz90x9cKusl77MSXC9XfmUgqZqj4MP3tM4bGrIWHXmf8vUbNQSMhB
N1kz4aA/Q8lCkplJx0j719LMkmHorjgUUF7ZGptwEjvvRQnVz61kYQenRbiZmdTd
wBDSV1fSIwBGMT00ApRnNfIkaTy71EmU0VzaYwO+LEaTPp4fEH0fdi+x/Lbz0Opw
wK/0AMSKyjzLhrWTSiqXnhQpDTArqyDrZLM1Xv+6DoVunCVwg4tdcZN0BAOrJdNk
zG8JjeHf59CByc7rgeguKPrT61hOjlSeC7+4+VfEEGlqAl1SLQqA1Ik=
-----END CERTIFICATE-----