Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/W8oJrry2382XyDpwYu9d1fRM57k.roa
File:                     W8oJrry2382XyDpwYu9d1fRM57k.roa (raw, json)
Hash identifier:          vgOtreWyL8SSvp1wiImWd0ZzLXQJtP4n+ctgbIbJd6I=
Subject key identifier:   5B:CA:09:AE:BC:B6:DF:CD:97:C8:3A:70:62:EF:5D:D5:F4:4C:E7:B9
Certificate issuer:       /CN=3545a7200164912041bb931efb1feac123b43a18
Certificate serial:       019425219BC71592FA64E46CE169162CC41F
Authority key identifier: 35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/W8oJrry2382XyDpwYu9d1fRM57k.roa
Signing time:             Thu 02 Jan 2025 03:49:06 +0000
ROA not before:           Thu 02 Jan 2025 03:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8426
IP address blocks:        5.253.180.0/24 maxlen: 24
                          2a09:58c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9b:c7:15:92:fa:64:e4:6c:e1:69:16:2c:c4:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3545a7200164912041bb931efb1feac123b43a18
        Validity
            Not Before: Jan  2 03:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bca09aebcb6dfcd97c83a7062ef5dd5f44ce7b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b4:9f:75:66:9f:f1:8a:df:d9:49:d3:71:59:
                    5d:25:d5:ba:40:2b:a5:81:ea:4d:aa:cc:85:6b:27:
                    0f:5f:52:96:ad:de:94:17:66:a2:73:78:5e:77:0c:
                    b7:96:48:9e:3c:5f:d7:a1:dc:be:0f:a2:e3:9e:a0:
                    69:dc:38:8d:84:54:39:f9:ec:9f:33:4a:b5:1d:d9:
                    ca:8d:74:f7:7c:b4:08:8d:c5:93:12:18:9a:39:22:
                    41:ba:fc:8d:a3:2b:23:ce:4a:7c:aa:26:c7:87:b2:
                    35:8d:d2:ad:07:07:a1:24:fd:14:0a:33:42:f7:84:
                    ca:b4:9f:e9:20:5f:b1:c9:38:33:5e:55:d2:d5:26:
                    1c:23:2e:ca:dd:0d:be:d0:f0:a6:28:86:26:3a:fd:
                    9f:ca:65:a6:32:35:c4:9a:cc:29:84:f1:d5:8e:c0:
                    c7:17:43:54:c4:4e:81:fc:94:60:59:c5:ca:b9:3d:
                    9a:5e:91:4f:54:b1:7e:30:8a:a7:be:ec:74:25:5f:
                    39:50:87:5b:5c:08:69:dc:f1:fb:ce:3f:f8:d1:25:
                    8a:d6:59:27:36:7f:da:d9:5c:ef:bf:e5:e1:bd:5c:
                    32:12:4a:96:7d:7d:a4:cd:ee:67:a0:93:5b:51:28:
                    51:af:0d:b7:4a:28:ab:34:7e:1d:95:27:25:1c:38:
                    90:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:CA:09:AE:BC:B6:DF:CD:97:C8:3A:70:62:EF:5D:D5:F4:4C:E7:B9
            X509v3 Authority Key Identifier:
                keyid:35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/W8oJrry2382XyDpwYu9d1fRM57k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.180.0/24
                IPv6:
                  2a09:58c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:7e:66:1d:63:43:97:b4:62:3c:aa:8f:53:4a:e2:f4:ca:ad:
         9e:89:54:0a:a8:aa:90:ab:14:75:e7:d5:97:38:c9:5c:93:86:
         d8:36:c1:52:cf:ea:15:7c:7c:d8:a8:33:63:8e:de:85:f6:f7:
         80:3c:16:a5:f7:ed:ed:7c:04:26:36:c5:50:c0:c7:0f:e2:a0:
         c0:0e:8f:a2:85:73:42:bf:6d:44:3d:81:d9:38:64:cb:ae:cf:
         bb:c5:3c:aa:fb:6c:c8:32:7d:b6:db:22:2d:ed:fe:73:6f:1c:
         7f:99:96:02:6d:48:a7:f5:7a:ba:bd:b1:b1:f5:c6:75:f0:9d:
         2d:06:c0:54:0b:d2:ea:ac:1d:4f:b7:06:1a:a9:73:3c:71:7a:
         1a:e4:19:06:55:18:5e:c5:73:92:49:f5:a2:84:a3:01:23:23:
         17:1e:89:9c:bc:05:69:6e:ce:1e:16:d0:3c:09:ac:35:94:e6:
         9a:d0:b6:e8:77:b0:53:23:5e:5e:00:d1:2e:30:c9:b3:78:d1:
         d3:c8:5f:2d:da:f8:8f:d7:4f:43:4b:94:8b:cd:66:8b:15:ad:
         13:f7:81:92:b7:22:e1:a7:33:78:68:b9:86:5d:98:1e:d4:0f:
         e1:2b:d6:4d:e4:ce:80:8b:ae:93:ad:e4:d6:65:80:80:0e:e5:
         3d:71:38:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlIZvHFZL6ZORs4WkWLMQfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDVhNzIwMDE2NDkxMjA0MWJiOTMxZWZiMWZlYWMxMjNi
NDNhMTgwHhcNMjUwMTAyMDM0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmNhMDlhZWJjYjZkZmNkOTdjODNhNzA2MmVmNWRkNWY0NGNlN2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LSfdWaf8Yrf2UnTcVldJdW6QCul
gepNqsyFaycPX1KWrd6UF2aic3hedwy3lkiePF/Xody+D6LjnqBp3DiNhFQ5+eyf
M0q1HdnKjXT3fLQIjcWTEhiaOSJBuvyNoysjzkp8qibHh7I1jdKtBwehJP0UCjNC
94TKtJ/pIF+xyTgzXlXS1SYcIy7K3Q2+0PCmKIYmOv2fymWmMjXEmswphPHVjsDH
F0NUxE6B/JRgWcXKuT2aXpFPVLF+MIqnvux0JV85UIdbXAhp3PH7zj/40SWK1lkn
Nn/a2Vzvv+XhvVwyEkqWfX2kze5noJNbUShRrw23SiirNH4dlSclHDiQnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFvKCa68tt/Nl8g6cGLvXdX0TOe5MB8GA1UdIwQY
MBaAFDVFpyABZJEgQbuTHvsf6sEjtDoYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDkt
YWFiYjA2MmU0MGRiLzEvVzhvSnJyeTIzODJYeURwd1l1OWQxZlJNNTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDktYWFiYjA2MmU0MGRi
LzEvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABf20MA8E
AgACMAkDBwAqCVjAAAAwDQYJKoZIhvcNAQELBQADggEBAF1+Zh1jQ5e0Yjyqj1NK
4vTKrZ6JVAqoqpCrFHXn1Zc4yVyThtg2wVLP6hV8fNioM2OO3oX294A8FqX37e18
BCY2xVDAxw/ioMAOj6KFc0K/bUQ9gdk4ZMuuz7vFPKr7bMgyfbbbIi3t/nNvHH+Z
lgJtSKf1erq9sbH1xnXwnS0GwFQL0uqsHU+3BhqpczxxehrkGQZVGF7Fc5JJ9aKE
owEjIxceiZy8BWluzh4W0DwJrDWU5prQtuh3sFMjXl4A0S4wybN40dPIXy3a+I/X
T0NLlIvNZosVrRP3gZK3IuGnM3houYZdmB7UD+Er1k3kzoCLrpOt5NZlgIAO5T1x
OIw=
-----END CERTIFICATE-----