Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/FeTp24wy4fnE-L9j1NV3Xf67GYU.roa
File:                     FeTp24wy4fnE-L9j1NV3Xf67GYU.roa (raw, json)
Hash identifier:          ltn6Xic1raUjJKSr/NAl8SOLlc/8faxZUHvmGzdClQk=
Subject key identifier:   15:E4:E9:DB:8C:32:E1:F9:C4:F8:BF:63:D4:D5:77:5D:FE:BB:19:85
Certificate issuer:       /CN=37d27fc24443fcdd4b1b65cfc8078c4a14289f9e
Certificate serial:       018E7752977F4892C557E06B55A9E24B19D5
Authority key identifier: 37:D2:7F:C2:44:43:FC:DD:4B:1B:65:CF:C8:07:8C:4A:14:28:9F:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/FeTp24wy4fnE-L9j1NV3Xf67GYU.roa
Signing time:             Mon 25 Mar 2024 20:34:45 +0000
ROA not before:           Mon 25 Mar 2024 20:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216385
IP address blocks:        5.252.98.0/24 maxlen: 32
                          5.252.99.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:77:52:97:7f:48:92:c5:57:e0:6b:55:a9:e2:4b:19:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37d27fc24443fcdd4b1b65cfc8078c4a14289f9e
        Validity
            Not Before: Mar 25 20:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15e4e9db8c32e1f9c4f8bf63d4d5775dfebb1985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6d:06:c3:f6:ee:c8:d8:88:01:e4:ee:cf:87:
                    43:f8:be:2f:b0:e2:be:71:6c:13:04:af:c1:0c:4e:
                    05:49:57:49:6d:4f:0a:7f:ec:6a:a3:42:ad:22:66:
                    b1:84:08:56:9e:aa:72:68:a4:cd:6d:97:86:4f:60:
                    da:fe:b3:51:74:8e:d6:04:1f:d5:a5:1d:86:4b:63:
                    a9:ee:1f:d7:66:08:39:2f:25:65:fc:3b:7b:11:54:
                    8b:82:66:8f:a4:50:b2:5b:8f:1b:07:6b:88:a8:67:
                    50:9e:c3:64:73:9d:99:a2:49:cc:13:f4:c2:13:76:
                    8f:ee:fe:01:38:91:64:2f:a1:98:da:69:eb:8d:42:
                    08:c9:f8:ad:29:af:b9:8e:bb:32:9f:1e:07:0b:2a:
                    c5:97:13:96:4e:6b:e5:c9:e9:14:de:8e:a0:8a:04:
                    4e:58:b3:44:ee:c4:c4:51:4d:7d:c7:73:5e:83:9b:
                    01:2b:94:63:4e:77:c4:10:61:01:2b:03:6f:26:bf:
                    35:21:0b:fc:c5:9a:7b:44:4c:be:64:34:08:d8:32:
                    2e:c2:cd:a3:51:5b:f4:47:43:7a:d1:1e:38:9c:dd:
                    5b:13:d3:a7:3b:5d:fb:6d:b6:4e:46:e3:65:7b:26:
                    6d:76:00:f7:0b:e9:90:49:3a:06:75:89:da:c2:cf:
                    92:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:E4:E9:DB:8C:32:E1:F9:C4:F8:BF:63:D4:D5:77:5D:FE:BB:19:85
            X509v3 Authority Key Identifier:
                keyid:37:D2:7F:C2:44:43:FC:DD:4B:1B:65:CF:C8:07:8C:4A:14:28:9F:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/FeTp24wy4fnE-L9j1NV3Xf67GYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:a3:17:eb:c4:69:f2:79:96:c5:f0:f7:2e:dd:27:d1:fa:ee:
         d0:c4:98:b8:85:be:2c:15:f3:08:f8:a2:b3:cf:89:3e:46:8a:
         bf:2e:13:25:6e:18:9e:56:3b:5d:97:dd:de:54:18:81:ad:97:
         06:ea:46:f3:e6:53:0e:be:a5:e5:e5:ae:a4:db:4b:ae:bb:17:
         7d:f1:49:d9:04:ab:1a:8c:0e:ce:ab:a5:e9:1e:ab:07:ad:38:
         92:6e:e7:00:f3:51:ae:77:de:e0:05:f7:76:99:63:e3:f3:fa:
         fd:ca:d0:0e:e0:e9:90:d9:c8:12:3b:36:09:49:15:e3:3e:0a:
         d6:47:eb:c6:9b:b5:ed:66:a0:fb:6e:4d:dc:6f:01:9e:51:1a:
         1a:d4:67:bc:e6:a3:d2:e1:21:c3:72:90:fe:2a:87:a4:86:9b:
         81:ff:8b:66:77:15:fb:18:7a:0a:cd:bf:58:2e:72:5f:36:28:
         99:38:00:39:51:6d:c8:aa:1a:7f:30:13:2f:df:7e:7e:8b:18:
         a7:8a:4e:d2:a7:e8:b0:0f:42:6f:1e:e7:d3:bc:f1:1c:25:c5:
         99:e0:52:12:a6:42:e3:7c:61:09:03:61:d6:2f:45:04:7e:a5:
         d8:57:2a:81:8d:6e:c0:37:49:5d:b6:06:b1:72:d5:56:6e:fe:
         6f:27:38:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY53Upd/SJLFV+BrVaniSxnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZDI3ZmMyNDQ0M2ZjZGQ0YjFiNjVjZmM4MDc4YzRhMTQy
ODlmOWUwHhcNMjQwMzI1MjAzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWU0ZTlkYjhjMzJlMWY5YzRmOGJmNjNkNGQ1Nzc1ZGZlYmIxOTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW0Gw/buyNiIAeTuz4dD+L4vsOK+
cWwTBK/BDE4FSVdJbU8Kf+xqo0KtImaxhAhWnqpyaKTNbZeGT2Da/rNRdI7WBB/V
pR2GS2Op7h/XZgg5LyVl/Dt7EVSLgmaPpFCyW48bB2uIqGdQnsNkc52ZoknME/TC
E3aP7v4BOJFkL6GY2mnrjUIIyfitKa+5jrsynx4HCyrFlxOWTmvlyekU3o6gigRO
WLNE7sTEUU19x3Neg5sBK5RjTnfEEGEBKwNvJr81IQv8xZp7REy+ZDQI2DIuws2j
UVv0R0N60R44nN1bE9OnO137bbZORuNleyZtdgD3C+mQSToGdYnaws+SSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXk6duMMuH5xPi/Y9TVd13+uxmFMB8GA1UdIwQY
MBaAFDfSf8JEQ/zdSxtlz8gHjEoUKJ+eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjlKX3drUkRfTjFMRzJYUHlBZU1TaFFvbjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kOGM1OGQtOGQyNC00MjgwLTkxZmQt
NDhiMTY2NGQ0MGQ1LzEvRmVUcDI0d3k0Zm5FLUw5ajFOVjNYZjY3R1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kOGM1OGQtOGQyNC00MjgwLTkxZmQtNDhiMTY2NGQ0MGQ1
LzEvTjlKX3drUkRfTjFMRzJYUHlBZU1TaFFvbjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBfxiMA0G
CSqGSIb3DQEBCwUAA4IBAQAnoxfrxGnyeZbF8Pcu3SfR+u7QxJi4hb4sFfMI+KKz
z4k+Roq/LhMlbhieVjtdl93eVBiBrZcG6kbz5lMOvqXl5a6k20uuuxd98UnZBKsa
jA7Oq6XpHqsHrTiSbucA81Gud97gBfd2mWPj8/r9ytAO4OmQ2cgSOzYJSRXjPgrW
R+vGm7XtZqD7bk3cbwGeURoa1Ge85qPS4SHDcpD+KoekhpuB/4tmdxX7GHoKzb9Y
LnJfNiiZOAA5UW3Iqhp/MBMv335+ixinik7Sp+iwD0JvHufTvPEcJcWZ4FISpkLj
fGEJA2HWL0UEfqXYVyqBjW7AN0ldtgaxctVWbv5vJzi6
-----END CERTIFICATE-----