Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/ctU4FIR-r7525NdQcQhV07S1InU.roa
File:                     ctU4FIR-r7525NdQcQhV07S1InU.roa (raw, json)
Hash identifier:          AU7Mc04mkVMs25EZU4CCsCrYPVp1VtWzfOi9wTwg8to=
Subject key identifier:   72:D5:38:14:84:7E:AF:BE:76:E4:D7:50:71:08:55:D3:B4:B5:22:75
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       0194266B33F51D95B5CE8E87BAE00E049DEA
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/ctU4FIR-r7525NdQcQhV07S1InU.roa
Signing time:             Thu 02 Jan 2025 09:49:07 +0000
ROA not before:           Thu 02 Jan 2025 09:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273241
IP address blocks:        158.172.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:33:f5:1d:95:b5:ce:8e:87:ba:e0:0e:04:9d:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jan  2 09:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72d53814847eafbe76e4d750710855d3b4b52275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:40:51:e3:53:45:9b:38:85:1c:f7:a2:7f:0a:
                    89:6b:fb:05:f7:b0:9f:ef:c7:85:44:9e:52:d8:07:
                    78:e5:29:42:15:60:44:bc:bd:df:b8:2f:17:36:ad:
                    46:c6:f8:c3:4e:8e:b0:4d:4a:63:32:52:d3:a1:c4:
                    23:67:90:ca:ce:23:51:79:8b:99:03:93:b2:2d:06:
                    f2:e4:ec:b0:0c:05:df:9c:49:ac:fd:dd:50:09:b4:
                    9f:66:35:79:e4:87:7c:20:16:b2:95:b1:4f:c7:2f:
                    2c:d0:7d:2d:e6:d3:f2:df:81:12:ea:1a:07:b8:a7:
                    16:12:41:cc:be:f3:f8:52:74:fa:c1:79:15:ff:d2:
                    32:44:4d:c6:c4:bf:34:4f:d3:85:dc:c3:95:8c:5b:
                    6b:30:ea:86:5d:47:85:2f:75:4d:5b:3a:70:49:5a:
                    ad:f1:bf:b1:d3:d6:35:af:be:7a:ac:b1:11:3a:18:
                    4b:ad:74:9e:43:8a:c8:25:e1:5a:8e:da:2a:b0:81:
                    52:88:67:7a:b4:e9:55:30:f0:83:c7:5d:eb:55:1e:
                    87:91:b6:c5:2a:95:ef:45:3c:47:e6:d2:ec:a1:e6:
                    12:d5:bc:ab:31:0b:38:3b:23:4a:3f:ed:82:90:b3:
                    78:cc:8c:4b:f6:25:98:9c:72:d5:a0:f8:f2:3d:a1:
                    90:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D5:38:14:84:7E:AF:BE:76:E4:D7:50:71:08:55:D3:B4:B5:22:75
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/ctU4FIR-r7525NdQcQhV07S1InU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:48:0a:35:6c:cd:67:6b:d9:ac:af:da:41:43:f6:fe:b0:2d:
         24:65:ac:25:19:5a:5c:d5:fe:37:60:6f:d3:f3:62:65:87:2d:
         6f:7d:9d:63:6e:f4:12:01:69:d7:b3:33:7f:02:bd:39:59:c2:
         51:a0:d2:7a:8f:07:c7:68:19:95:4c:4e:58:b8:ca:b3:fa:9d:
         b1:f7:95:ea:8e:37:30:e0:d4:9d:3a:e6:a6:f6:70:e9:af:40:
         ce:9a:ac:d3:41:e8:d1:60:6a:a9:90:e3:d7:9f:a0:44:cf:f8:
         c5:e8:7c:c7:62:5a:04:24:e4:e4:b7:88:43:25:6f:66:ce:fb:
         2c:b1:f4:a0:be:42:e6:ac:79:0c:94:ac:a9:03:60:e3:5e:50:
         d4:5a:9b:69:1d:7b:bb:f6:6f:25:0e:b8:7e:85:ad:de:81:08:
         24:fa:7c:9d:ba:10:fa:a7:26:da:3b:8a:e3:cb:27:0a:0c:f4:
         c1:1d:a2:ae:a1:39:d1:dc:05:e6:a0:8b:97:41:c8:51:92:c3:
         03:50:d1:14:0d:d5:4c:a1:25:78:e3:59:2e:9b:89:16:ab:21:
         9d:f1:ef:9b:05:84:d4:22:13:16:8d:45:3f:ef:d4:69:1d:3d:
         7c:86:61:b3:d1:21:3f:14:d8:c6:10:5d:81:1b:10:eb:e8:0f:
         11:99:7d:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmazP1HZW1zo6HuuAOBJ3qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjUwMTAyMDk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmQ1MzgxNDg0N2VhZmJlNzZlNGQ3NTA3MTA4NTVkM2I0YjUyMjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kBR41NFmziFHPeifwqJa/sF97Cf
78eFRJ5S2Ad45SlCFWBEvL3fuC8XNq1GxvjDTo6wTUpjMlLTocQjZ5DKziNReYuZ
A5OyLQby5OywDAXfnEms/d1QCbSfZjV55Id8IBaylbFPxy8s0H0t5tPy34ES6hoH
uKcWEkHMvvP4UnT6wXkV/9IyRE3GxL80T9OF3MOVjFtrMOqGXUeFL3VNWzpwSVqt
8b+x09Y1r756rLEROhhLrXSeQ4rIJeFajtoqsIFSiGd6tOlVMPCDx13rVR6HkbbF
KpXvRTxH5tLsoeYS1byrMQs4OyNKP+2CkLN4zIxL9iWYnHLVoPjyPaGQPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLVOBSEfq++duTXUHEIVdO0tSJ1MB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvY3RVNEZJUi1yNzUyNU5kUWNRaFYwN1MxSW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnqzfMA0G
CSqGSIb3DQEBCwUAA4IBAQAJSAo1bM1na9msr9pBQ/b+sC0kZawlGVpc1f43YG/T
82Jlhy1vfZ1jbvQSAWnXszN/Ar05WcJRoNJ6jwfHaBmVTE5YuMqz+p2x95Xqjjcw
4NSdOuam9nDpr0DOmqzTQejRYGqpkOPXn6BEz/jF6HzHYloEJOTkt4hDJW9mzvss
sfSgvkLmrHkMlKypA2DjXlDUWptpHXu79m8lDrh+ha3egQgk+nyduhD6pybaO4rj
yycKDPTBHaKuoTnR3AXmoIuXQchRksMDUNEUDdVMoSV441kum4kWqyGd8e+bBYTU
IhMWjUU/79RpHT18hmGz0SE/FNjGEF2BGxDr6A8RmX09
-----END CERTIFICATE-----