Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/5ea7Hkm0SW34L_8iukOhDVRtzJ4.roa
File:                     5ea7Hkm0SW34L_8iukOhDVRtzJ4.roa (raw, json)
Hash identifier:          Bh3wXEj5kxu51D9giUL6vfcOwVLV+BQ8j2j4rv4c3bE=
Subject key identifier:   E5:E6:BB:1E:49:B4:49:6D:F8:2F:FF:22:BA:43:A1:0D:54:6D:CC:9E
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019427B6843948826F48171E77E9B0CD4281
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/5ea7Hkm0SW34L_8iukOhDVRtzJ4.roa
Signing time:             Thu 02 Jan 2025 15:51:00 +0000
ROA not before:           Thu 02 Jan 2025 15:51:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214221
IP address blocks:        192.109.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:84:39:48:82:6f:48:17:1e:77:e9:b0:cd:42:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 15:51:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5e6bb1e49b4496df82fff22ba43a10d546dcc9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:eb:94:54:b2:2c:df:c5:02:26:59:a5:03:ca:
                    dd:79:1e:49:a2:bc:af:2e:34:8f:1c:44:7c:56:a1:
                    22:b4:27:51:84:5d:cc:92:0a:51:a8:6d:e6:36:4e:
                    a4:6a:60:d8:14:59:15:91:f8:cb:f6:8c:12:1f:fb:
                    b8:67:d6:d0:70:ec:36:69:58:40:43:9a:55:f1:94:
                    93:b0:ab:03:7b:f2:cf:fe:b0:c9:a6:93:a4:fd:db:
                    88:e1:28:89:29:c2:ca:f6:a7:47:bf:82:b6:33:97:
                    a8:97:f8:34:39:8b:9f:20:a8:9a:41:e3:5f:43:44:
                    e4:74:d9:93:d2:2a:cf:23:ad:56:12:87:3a:2a:08:
                    fe:26:5f:aa:2d:ce:13:d8:3f:1f:af:75:b0:ae:da:
                    83:f0:a6:e4:53:57:44:93:1a:23:78:c6:da:d3:16:
                    74:a1:fb:31:2b:73:15:db:bc:9b:40:0a:91:e8:be:
                    f5:d8:cf:35:34:e2:c8:be:fc:ef:d6:ea:23:de:ee:
                    75:0e:15:0f:54:f5:bc:f4:c4:7b:9a:57:2b:c5:c3:
                    04:14:ec:73:73:a2:47:0d:e5:f1:5f:15:8b:84:50:
                    85:75:8d:d8:43:ed:bc:23:24:5a:66:6f:2f:df:15:
                    50:a2:b1:97:4f:46:d8:08:cd:14:92:b5:50:3a:d4:
                    0c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E6:BB:1E:49:B4:49:6D:F8:2F:FF:22:BA:43:A1:0D:54:6D:CC:9E
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/5ea7Hkm0SW34L_8iukOhDVRtzJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:ed:3b:fb:8d:35:a6:35:6b:2b:2a:aa:dc:ad:42:a6:aa:5a:
         ba:51:c8:ec:49:b0:a6:07:e7:0d:4e:8a:d7:ca:3a:e1:31:7a:
         fc:32:0b:0a:b3:56:f0:ce:fa:db:27:bd:5d:a6:06:a6:53:3f:
         da:47:65:0c:ae:5b:4f:38:c2:5d:91:23:df:ba:ea:c6:1f:e1:
         2f:82:7e:ae:38:56:1a:44:f1:76:9b:fc:91:6b:75:6a:e8:28:
         66:09:4c:a8:74:6b:dc:f2:91:0c:d4:15:c1:37:b2:4a:83:19:
         b4:98:01:1a:7f:0f:ab:2e:c4:54:61:88:2a:1b:6f:df:33:19:
         3b:06:de:b9:b2:79:70:da:a5:94:16:93:41:65:42:28:73:af:
         76:bb:2e:ce:df:76:69:c1:fa:bf:bd:08:46:0f:b1:51:b7:14:
         4e:4f:f2:cf:44:b4:d3:8b:f1:85:44:ba:78:c7:47:44:7f:af:
         2e:2f:db:f1:57:7f:f6:c5:58:2c:de:03:87:56:51:ce:3f:25:
         9f:1f:ee:2b:28:2e:51:12:4c:ca:1a:47:dc:67:5b:b9:b2:aa:
         34:5e:81:bb:c7:fe:fe:4a:9f:d3:3e:e1:22:d9:2c:5e:a4:5e:
         d7:88:1d:55:36:c1:1b:29:be:c1:b4:be:b7:90:6b:c1:3a:8f:
         58:da:83:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntoQ5SIJvSBced+mwzUKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjUwMTAyMTU1MTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWU2YmIxZTQ5YjQ0OTZkZjgyZmZmMjJiYTQzYTEwZDU0NmRjYzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+uUVLIs38UCJlmlA8rdeR5Joryv
LjSPHER8VqEitCdRhF3MkgpRqG3mNk6kamDYFFkVkfjL9owSH/u4Z9bQcOw2aVhA
Q5pV8ZSTsKsDe/LP/rDJppOk/duI4SiJKcLK9qdHv4K2M5eol/g0OYufIKiaQeNf
Q0TkdNmT0irPI61WEoc6Kgj+Jl+qLc4T2D8fr3WwrtqD8KbkU1dEkxojeMba0xZ0
ofsxK3MV27ybQAqR6L712M81NOLIvvzv1uoj3u51DhUPVPW89MR7mlcrxcMEFOxz
c6JHDeXxXxWLhFCFdY3YQ+28IyRaZm8v3xVQorGXT0bYCM0UkrVQOtQMeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXmux5JtElt+C//IrpDoQ1UbcyeMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvNWVhN0hrbTBTVzM0TF84aXVrT2hEVlJ0eko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG39MA0G
CSqGSIb3DQEBCwUAA4IBAQAB7Tv7jTWmNWsrKqrcrUKmqlq6UcjsSbCmB+cNTorX
yjrhMXr8MgsKs1bwzvrbJ71dpgamUz/aR2UMrltPOMJdkSPfuurGH+Evgn6uOFYa
RPF2m/yRa3Vq6ChmCUyodGvc8pEM1BXBN7JKgxm0mAEafw+rLsRUYYgqG2/fMxk7
Bt65snlw2qWUFpNBZUIoc692uy7O33Zpwfq/vQhGD7FRtxROT/LPRLTTi/GFRLp4
x0dEf68uL9vxV3/2xVgs3gOHVlHOPyWfH+4rKC5REkzKGkfcZ1u5sqo0XoG7x/7+
Sp/TPuEi2SxepF7XiB1VNsEbKb7BtL63kGvBOo9Y2oNu
-----END CERTIFICATE-----