Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/uAqsYudX7mPIe3ZhGSNb-LLk9zw.roa
File:                     uAqsYudX7mPIe3ZhGSNb-LLk9zw.roa (raw, json)
Hash identifier:          mQhnijyqTK1dj7ry7R8uLAun/5RKJF5onMi2LcOOMfA=
Subject key identifier:   B8:0A:AC:62:E7:57:EE:63:C8:7B:76:61:19:23:5B:F8:B2:E4:F7:3C
Certificate issuer:       /CN=b464b4523a8972b9e2f46a4f4a1634e97027aedf
Certificate serial:       019420D63F32A2A04E3B83276383E1F8C8E0
Authority key identifier: B4:64:B4:52:3A:89:72:B9:E2:F4:6A:4F:4A:16:34:E9:70:27:AE:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tGS0UjqJcrni9GpPShY06XAnrt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/uAqsYudX7mPIe3ZhGSNb-LLk9zw.roa
Signing time:             Wed 01 Jan 2025 07:48:19 +0000
ROA not before:           Wed 01 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        5.61.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/tGS0UjqJcrni9GpPShY06XAnrt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/tGS0UjqJcrni9GpPShY06XAnrt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tGS0UjqJcrni9GpPShY06XAnrt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:3f:32:a2:a0:4e:3b:83:27:63:83:e1:f8:c8:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b464b4523a8972b9e2f46a4f4a1634e97027aedf
        Validity
            Not Before: Jan  1 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b80aac62e757ee63c87b766119235bf8b2e4f73c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f2:e3:96:7d:27:ac:e5:92:4b:3f:bd:2b:97:
                    03:b9:d0:b8:00:72:f0:bd:34:a2:39:f6:fd:f9:ee:
                    45:df:5d:f6:0c:34:0d:8a:6a:f9:6b:65:73:0f:fb:
                    35:f7:bd:05:6d:a1:a5:de:da:13:21:7b:94:25:b6:
                    f0:41:cc:aa:67:5a:f1:34:eb:e0:c1:9c:89:fe:ea:
                    35:4d:82:f9:a2:dc:ff:98:0c:2c:ee:db:da:d0:a0:
                    ba:7f:9b:0c:60:6b:40:fa:95:4f:0b:40:4b:df:c1:
                    fa:66:be:cc:7d:09:9d:af:97:e8:ef:9d:86:03:65:
                    60:f1:36:35:fc:64:68:85:7e:65:6f:64:74:7e:67:
                    32:e5:03:8e:50:95:41:e7:78:68:ce:d8:fc:42:34:
                    04:0e:56:4d:0f:c2:51:d5:0d:9a:56:8b:11:1a:49:
                    bc:55:10:29:c8:5d:bf:af:fa:5e:06:f7:9d:24:45:
                    05:7c:5e:3f:2a:f3:ca:ca:57:ae:b4:e9:ba:f3:a5:
                    f3:bf:5b:9e:69:77:ee:94:71:da:d2:96:ec:7e:5c:
                    76:e2:28:68:cd:2b:9d:28:1c:af:48:bd:49:f2:9b:
                    da:bd:3a:c2:63:3a:8e:5c:82:68:76:66:a5:2f:29:
                    f8:3e:5d:b7:8a:e5:b8:ed:b2:a8:10:61:bc:d1:34:
                    6a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:0A:AC:62:E7:57:EE:63:C8:7B:76:61:19:23:5B:F8:B2:E4:F7:3C
            X509v3 Authority Key Identifier:
                keyid:B4:64:B4:52:3A:89:72:B9:E2:F4:6A:4F:4A:16:34:E9:70:27:AE:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGS0UjqJcrni9GpPShY06XAnrt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/uAqsYudX7mPIe3ZhGSNb-LLk9zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/tGS0UjqJcrni9GpPShY06XAnrt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:30:b4:05:99:68:be:20:a2:7c:1f:84:f5:03:87:2f:89:c2:
         9a:24:5c:2e:44:86:84:7c:e0:35:f6:62:2b:18:d7:14:5e:ac:
         87:9f:ed:e9:89:3d:29:e4:b3:1e:76:36:02:ca:86:3b:83:c1:
         24:90:29:62:de:95:49:72:45:fd:1a:2f:5e:e6:8a:a0:41:ab:
         a4:19:3d:0a:06:4d:8b:e1:c9:22:a6:ba:e4:fc:c0:fd:f7:0e:
         ff:e3:ce:34:37:57:2e:06:23:d1:21:64:75:68:1a:71:62:2c:
         5f:a9:9b:73:72:b2:11:53:7d:9d:de:43:99:3f:5d:7c:72:0f:
         f4:9f:2d:60:6a:5a:84:58:b2:da:05:1b:82:db:a1:6e:e2:4a:
         61:98:69:4a:eb:6d:6d:93:b9:85:c7:39:af:27:17:6c:1d:f3:
         5d:bf:a1:d1:2d:d3:d7:fb:0f:25:ca:e3:16:08:4e:4c:a2:53:
         06:0b:59:c9:63:d7:46:30:1e:69:f6:95:33:4c:eb:18:d5:20:
         17:62:96:28:84:bf:de:72:03:e2:9f:b0:30:19:15:bd:f7:7a:
         b8:59:ca:98:5d:d0:65:9a:db:8b:70:8e:73:c2:29:4b:5b:7e:
         5e:47:f1:45:22:60:de:21:d9:f7:56:1c:72:38:76:0d:ba:ac:
         cb:56:e0:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1j8yoqBOO4MnY4Ph+MjgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjRiNDUyM2E4OTcyYjllMmY0NmE0ZjRhMTYzNGU5NzAy
N2FlZGYwHhcNMjUwMTAxMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODBhYWM2MmU3NTdlZTYzYzg3Yjc2NjExOTIzNWJmOGIyZTRmNzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPLjln0nrOWSSz+9K5cDudC4AHLw
vTSiOfb9+e5F3132DDQNimr5a2VzD/s1970FbaGl3toTIXuUJbbwQcyqZ1rxNOvg
wZyJ/uo1TYL5otz/mAws7tva0KC6f5sMYGtA+pVPC0BL38H6Zr7MfQmdr5fo752G
A2Vg8TY1/GRohX5lb2R0fmcy5QOOUJVB53hoztj8QjQEDlZND8JR1Q2aVosRGkm8
VRApyF2/r/peBvedJEUFfF4/KvPKyleutOm686Xzv1ueaXfulHHa0pbsflx24iho
zSudKByvSL1J8pvavTrCYzqOXIJodmalLyn4Pl23iuW47bKoEGG80TRqJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgKrGLnV+5jyHt2YRkjW/iy5Pc8MB8GA1UdIwQY
MBaAFLRktFI6iXK54vRqT0oWNOlwJ67fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdTMFVqcUpjcm5pOUdwUFNoWTA2WEFucnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9jN2NhZjMtZWIwOC00NTU2LWE1Yjct
ZmM2ZTc3ODg0MDU0LzEvdUFxc1l1ZFg3bVBJZTNaaEdTTmItTExrOXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9jN2NhZjMtZWIwOC00NTU2LWE1YjctZmM2ZTc3ODg0MDU0
LzEvdEdTMFVqcUpjcm5pOUdwUFNoWTA2WEFucnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT13MA0G
CSqGSIb3DQEBCwUAA4IBAQAYMLQFmWi+IKJ8H4T1A4cvicKaJFwuRIaEfOA19mIr
GNcUXqyHn+3piT0p5LMedjYCyoY7g8EkkCli3pVJckX9Gi9e5oqgQaukGT0KBk2L
4ckiprrk/MD99w7/4840N1cuBiPRIWR1aBpxYixfqZtzcrIRU32d3kOZP118cg/0
ny1galqEWLLaBRuC26Fu4kphmGlK621tk7mFxzmvJxdsHfNdv6HRLdPX+w8lyuMW
CE5MolMGC1nJY9dGMB5p9pUzTOsY1SAXYpYohL/ecgPin7AwGRW993q4WcqYXdBl
mtuLcI5zwilLW35eR/FFImDeIdn3VhxyOHYNuqzLVuAn
-----END CERTIFICATE-----