Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Kc_wyRw9NrWG6DRulZViqy2qSaQ.roa
File:                     Kc_wyRw9NrWG6DRulZViqy2qSaQ.roa (raw, json)
Hash identifier:          mfJU/aXrZm7XnWYFF7TXU48tN32LTUEoP4L9pWzZr84=
Subject key identifier:   29:CF:F0:C9:1C:3D:36:B5:86:E8:34:6E:95:95:62:AB:2D:AA:49:A4
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C84099F18B002B332955D149CDD6C
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Kc_wyRw9NrWG6DRulZViqy2qSaQ.roa
Signing time:             Thu 02 Jan 2025 09:50:33 +0000
ROA not before:           Thu 02 Jan 2025 09:50:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197571
IP address blocks:        5.143.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:84:09:9f:18:b0:02:b3:32:95:5d:14:9c:dd:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29cff0c91c3d36b586e8346e959562ab2daa49a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:38:37:b1:48:95:2f:90:9e:21:58:9a:39:8d:
                    5c:66:7f:2f:5b:89:4e:d6:a9:95:ef:04:12:d7:27:
                    24:9d:b5:83:58:e7:e0:b6:62:62:42:eb:85:9d:7c:
                    b6:31:d1:92:3d:3d:7c:2e:f4:1f:1f:3d:b6:82:20:
                    9c:2e:85:99:a3:87:0b:4b:da:f5:3c:6a:cd:b2:e0:
                    d4:91:a6:db:bb:13:9b:7e:99:1b:59:8a:5c:66:1b:
                    3e:6a:ed:32:da:73:f1:6b:8f:1a:7b:d3:5a:65:71:
                    e8:3a:07:d2:9e:d9:00:75:d6:3c:ef:71:cb:fe:63:
                    32:a7:35:59:3f:a9:0f:db:f5:f3:8b:ab:d5:83:6a:
                    ec:95:ad:76:a3:69:e1:d9:ee:4a:3d:30:83:b1:e6:
                    5c:d1:dc:5f:49:2b:1b:1c:cd:2e:eb:2b:07:d2:cc:
                    ff:fe:4e:56:b3:ea:e2:4f:dc:0c:4c:02:1b:e6:29:
                    c4:c8:a7:b2:96:17:e1:fa:fd:ff:c4:c3:ed:79:5b:
                    fb:24:28:28:0f:fa:2d:26:6c:15:1a:c0:c9:37:43:
                    6f:9c:58:a2:10:f1:92:eb:2c:f7:c2:f6:51:36:98:
                    57:29:5b:41:c7:21:39:b1:e0:57:e1:8e:65:11:25:
                    a0:1c:c3:7f:9a:a9:db:68:3c:1c:db:d2:d5:e3:34:
                    9c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:CF:F0:C9:1C:3D:36:B5:86:E8:34:6E:95:95:62:AB:2D:AA:49:A4
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Kc_wyRw9NrWG6DRulZViqy2qSaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.143.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:78:4b:04:03:14:dc:d0:b5:12:bb:a1:d3:71:9d:e5:8b:08:
         04:8d:6f:32:2d:75:33:02:dc:13:46:53:31:2a:d0:4a:9c:c5:
         38:27:e2:cd:d1:29:9c:4a:4f:cf:41:0e:0a:e8:0b:2f:6e:f1:
         c0:a8:8d:98:0b:26:12:36:b0:19:9a:1f:62:40:7b:b9:de:7d:
         8a:57:b9:dd:05:e7:8b:c6:6a:22:86:85:b4:49:d3:82:91:e3:
         16:08:93:8c:b8:4c:7e:cf:17:29:44:f0:3a:b1:9f:59:e6:03:
         f6:d4:75:40:f8:21:c7:05:bf:b0:b2:5c:06:72:04:84:ff:3a:
         b9:cd:30:7a:34:a4:23:dc:1f:5c:91:7a:f1:53:4c:45:e0:de:
         a0:fa:1c:49:35:be:fb:02:65:37:83:8e:65:86:41:01:94:b6:
         82:5c:57:13:77:79:b4:fd:3a:eb:67:e7:f8:21:32:23:62:6f:
         0e:ef:f2:a0:0f:d2:a0:c2:32:15:d6:83:0f:4d:11:50:cf:5e:
         06:f1:cd:ea:a0:d7:79:41:37:0b:ab:56:ad:f0:5d:42:3d:c6:
         1a:37:04:84:ed:33:23:8c:52:8d:15:85:be:c0:39:41:87:33:
         74:34:32:22:e0:f9:c8:07:15:b6:a3:45:81:a7:62:ec:b8:73:
         95:7a:b9:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbIQJnxiwArMylV0UnN1sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWNmZjBjOTFjM2QzNmI1ODZlODM0NmU5NTk1NjJhYjJkYWE0OWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5zg3sUiVL5CeIViaOY1cZn8vW4lO
1qmV7wQS1ycknbWDWOfgtmJiQuuFnXy2MdGSPT18LvQfHz22giCcLoWZo4cLS9r1
PGrNsuDUkabbuxObfpkbWYpcZhs+au0y2nPxa48ae9NaZXHoOgfSntkAddY873HL
/mMypzVZP6kP2/Xzi6vVg2rsla12o2nh2e5KPTCDseZc0dxfSSsbHM0u6ysH0sz/
/k5Ws+riT9wMTAIb5inEyKeylhfh+v3/xMPteVv7JCgoD/otJmwVGsDJN0NvnFii
EPGS6yz3wvZRNphXKVtBxyE5seBX4Y5lESWgHMN/mqnbaDwc29LV4zSclQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnP8MkcPTa1hug0bpWVYqstqkmkMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvS2Nfd3lSdzlOcldHNkRSdWxaVmlxeTJxU2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABY/gMA0G
CSqGSIb3DQEBCwUAA4IBAQBUeEsEAxTc0LUSu6HTcZ3liwgEjW8yLXUzAtwTRlMx
KtBKnMU4J+LN0SmcSk/PQQ4K6AsvbvHAqI2YCyYSNrAZmh9iQHu53n2KV7ndBeeL
xmoihoW0SdOCkeMWCJOMuEx+zxcpRPA6sZ9Z5gP21HVA+CHHBb+wslwGcgSE/zq5
zTB6NKQj3B9ckXrxU0xF4N6g+hxJNb77AmU3g45lhkEBlLaCXFcTd3m0/TrrZ+f4
ITIjYm8O7/KgD9KgwjIV1oMPTRFQz14G8c3qoNd5QTcLq1at8F1CPcYaNwSE7TMj
jFKNFYW+wDlBhzN0NDIi4PnIBxW2o0WBp2LsuHOVerkx
-----END CERTIFICATE-----