Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/HjNua0dFgpkvwB-2kmKtW5031EA.roa
File:                     HjNua0dFgpkvwB-2kmKtW5031EA.roa (raw, json)
Hash identifier:          UWL5Ul9aduvJMi5yN3mtpVMI0fRcmhstXLKdz4JcVUs=
Subject key identifier:   1E:33:6E:6B:47:45:82:99:2F:C0:1F:B6:92:62:AD:5B:9D:37:D4:40
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       01966C58F0F01F5BE8E45AD7A89F1CA7CDA3
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/HjNua0dFgpkvwB-2kmKtW5031EA.roa
Signing time:             Fri 25 Apr 2025 09:48:10 +0000
ROA not before:           Fri 25 Apr 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        5.39.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 20:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:58:f0:f0:1f:5b:e8:e4:5a:d7:a8:9f:1c:a7:cd:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Apr 25 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e336e6b474582992fc01fb69262ad5b9d37d440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:43:3f:3d:92:59:c6:f3:a9:95:cb:9c:58:49:
                    02:35:16:fd:74:43:b2:bb:f6:ea:6e:41:d2:ea:94:
                    65:ed:73:a6:42:ba:de:f9:34:80:58:cb:4c:7e:61:
                    4a:d3:22:a5:d1:f8:80:e4:7b:d2:ac:26:a1:b0:81:
                    1e:53:38:84:f8:2a:78:7f:f8:9b:11:85:94:e4:3d:
                    cb:c3:1c:9d:79:b8:7f:17:f4:bd:64:4d:43:68:ab:
                    41:2d:e8:23:01:fd:35:00:28:0c:ce:d6:c5:1f:5e:
                    d2:b7:2a:6e:47:50:3b:c4:a9:83:f2:22:a1:65:e3:
                    69:14:b0:f2:e4:a1:3e:f1:ae:1e:74:c5:21:68:f3:
                    46:65:de:58:e0:07:44:c3:a3:db:b1:1e:63:c0:fd:
                    5b:aa:b9:88:43:47:89:8d:9f:51:84:fb:02:a8:5e:
                    df:23:44:b5:86:98:3a:60:88:2e:1b:22:81:7b:22:
                    a8:71:12:17:55:f4:15:e1:e4:76:d8:91:20:e6:fe:
                    4e:0e:c4:38:61:95:bc:ca:00:1f:19:a5:1d:48:12:
                    19:63:10:26:cc:19:cb:23:dc:79:bc:3f:28:c8:42:
                    f6:34:27:bd:16:08:46:40:9e:77:65:ac:c5:a6:78:
                    cf:fa:0a:eb:01:65:bb:8b:c5:f3:b4:88:d5:61:e0:
                    0e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:33:6E:6B:47:45:82:99:2F:C0:1F:B6:92:62:AD:5B:9D:37:D4:40
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/HjNua0dFgpkvwB-2kmKtW5031EA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:c2:d2:d9:cc:63:af:e4:20:f5:60:06:85:84:ac:69:32:95:
         38:02:03:74:53:fd:30:75:1e:8f:77:33:51:e2:0e:8a:a2:59:
         04:6a:89:bc:47:bc:96:7d:9c:de:13:a1:b8:3e:0d:71:cb:0f:
         b2:17:5a:30:d9:c6:7b:12:3c:76:18:aa:99:75:d5:42:a5:f1:
         c9:ea:60:b9:50:d2:6e:c8:bb:6d:7d:e6:bb:d7:bb:3c:9a:26:
         ef:54:0f:a6:43:b8:fc:a8:31:52:d1:08:2f:08:7e:94:45:64:
         3e:6e:99:d3:b9:34:a0:d9:72:a4:a3:73:2e:c9:c5:61:e9:8a:
         95:ee:9c:74:8e:3e:c8:b1:18:3d:e7:2f:f5:a8:e1:67:f9:4d:
         35:c1:7b:68:7a:e6:b7:69:ba:5b:c4:8b:f1:e7:e0:36:20:c1:
         fb:91:49:0d:f3:6a:f4:cc:ad:b4:80:ca:ef:47:b6:28:48:0d:
         98:e2:52:b7:d5:ab:6f:b7:79:09:84:90:37:29:32:fc:0d:e7:
         af:9b:a0:14:e2:73:d5:c4:e2:15:44:c3:45:d7:c2:89:8f:ee:
         c7:9e:fb:2d:54:03:65:35:af:da:ae:87:1e:b3:0c:81:ad:40:
         10:93:0d:bf:92:ae:0b:f5:31:db:26:94:93:9d:25:60:18:7b:
         13:98:87:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZsWPDwH1vo5FrXqJ8cp82jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjUwNDI1MDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTMzNmU2YjQ3NDU4Mjk5MmZjMDFmYjY5MjYyYWQ1YjlkMzdkNDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEM/PZJZxvOplcucWEkCNRb9dEOy
u/bqbkHS6pRl7XOmQrre+TSAWMtMfmFK0yKl0fiA5HvSrCahsIEeUziE+Cp4f/ib
EYWU5D3Lwxydebh/F/S9ZE1DaKtBLegjAf01ACgMztbFH17StypuR1A7xKmD8iKh
ZeNpFLDy5KE+8a4edMUhaPNGZd5Y4AdEw6PbsR5jwP1bqrmIQ0eJjZ9RhPsCqF7f
I0S1hpg6YIguGyKBeyKocRIXVfQV4eR22JEg5v5ODsQ4YZW8ygAfGaUdSBIZYxAm
zBnLI9x5vD8oyEL2NCe9FghGQJ53ZazFpnjP+grrAWW7i8XztIjVYeAOqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4zbmtHRYKZL8AftpJirVudN9RAMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvSGpOdWEwZEZncGt2d0ItMmttS3RXNTAzMUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBSfAMA0G
CSqGSIb3DQEBCwUAA4IBAQAAwtLZzGOv5CD1YAaFhKxpMpU4AgN0U/0wdR6PdzNR
4g6KolkEaom8R7yWfZzeE6G4Pg1xyw+yF1ow2cZ7Ejx2GKqZddVCpfHJ6mC5UNJu
yLttfea717s8mibvVA+mQ7j8qDFS0QgvCH6URWQ+bpnTuTSg2XKko3MuycVh6YqV
7px0jj7IsRg95y/1qOFn+U01wXtoeua3abpbxIvx5+A2IMH7kUkN82r0zK20gMrv
R7YoSA2Y4lK31atvt3kJhJA3KTL8Deevm6AU4nPVxOIVRMNF18KJj+7HnvstVANl
Na/aroceswyBrUAQkw2/kq4L9THbJpSTnSVgGHsTmIeg
-----END CERTIFICATE-----