Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/2a4922-434b-47b1-b304-cd459a65721b/1/S5EUbJYTzxxJENV_0aeZUeE3rIg.roa
File:                     S5EUbJYTzxxJENV_0aeZUeE3rIg.roa (raw, json)
Hash identifier:          T5jerJgaOtnhTZeSwrYRIoeWoz09H+6q0RNXAeNm/yc=
Subject key identifier:   4B:91:14:6C:96:13:CF:1C:49:10:D5:7F:D1:A7:99:51:E1:37:AC:88
Certificate issuer:       /CN=d97a77930122879a766470df8d660c98442a9932
Certificate serial:       0196AA78D0EC5FF7C531064A10A183F05077
Authority key identifier: D9:7A:77:93:01:22:87:9A:76:64:70:DF:8D:66:0C:98:44:2A:99:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Xp3kwEih5p2ZHDfjWYMmEQqmTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/2a4922-434b-47b1-b304-cd459a65721b/1/S5EUbJYTzxxJENV_0aeZUeE3rIg.roa
Signing time:             Wed 07 May 2025 11:19:26 +0000
ROA not before:           Wed 07 May 2025 11:19:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60637
IP address blocks:        193.5.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/2a4922-434b-47b1-b304-cd459a65721b/1/2Xp3kwEih5p2ZHDfjWYMmEQqmTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/2a4922-434b-47b1-b304-cd459a65721b/1/2Xp3kwEih5p2ZHDfjWYMmEQqmTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Xp3kwEih5p2ZHDfjWYMmEQqmTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 05:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:aa:78:d0:ec:5f:f7:c5:31:06:4a:10:a1:83:f0:50:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d97a77930122879a766470df8d660c98442a9932
        Validity
            Not Before: May  7 11:19:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b91146c9613cf1c4910d57fd1a79951e137ac88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:37:92:f8:05:f7:3b:d8:2b:95:40:f8:36:08:
                    a9:d1:60:5f:1a:44:58:c4:ff:e5:57:50:7f:34:28:
                    31:91:e1:8c:83:a2:cf:21:2c:7d:3a:1f:a1:e7:ee:
                    9c:a6:e6:69:80:f1:72:24:0f:be:1f:38:e8:27:bf:
                    35:3c:43:ad:36:46:9d:ff:fe:98:45:9c:2c:b3:3f:
                    80:1f:3b:5b:ac:77:dc:69:c4:4b:30:6f:0a:ff:e9:
                    ee:a2:bf:36:26:3e:52:ca:13:c0:99:7c:26:3b:36:
                    80:6d:c1:98:ee:13:49:44:23:39:35:89:c5:b6:67:
                    ed:fb:fd:41:9a:7e:bf:c7:ae:1f:a0:62:8d:44:4b:
                    fa:e8:2f:07:a8:62:21:dd:33:72:10:c8:29:10:52:
                    0c:92:f9:af:03:97:f9:f8:97:29:a6:57:d2:06:4b:
                    0b:28:6b:42:4c:a7:33:51:b7:6d:16:08:8b:87:cd:
                    02:22:3f:92:56:7f:c3:1a:b3:7a:de:e3:76:ef:32:
                    72:6a:85:c2:1a:1e:3b:5d:7a:05:a3:d8:c7:a2:b1:
                    67:3d:cc:14:6b:88:5a:42:a6:b8:df:99:ce:ce:56:
                    88:34:52:b7:ea:50:75:cc:58:42:54:a9:33:d1:52:
                    ec:03:e8:e7:fb:b8:a0:04:83:ae:c1:d7:87:43:62:
                    4f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:91:14:6C:96:13:CF:1C:49:10:D5:7F:D1:A7:99:51:E1:37:AC:88
            X509v3 Authority Key Identifier:
                keyid:D9:7A:77:93:01:22:87:9A:76:64:70:DF:8D:66:0C:98:44:2A:99:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Xp3kwEih5p2ZHDfjWYMmEQqmTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/2a4922-434b-47b1-b304-cd459a65721b/1/S5EUbJYTzxxJENV_0aeZUeE3rIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/2a4922-434b-47b1-b304-cd459a65721b/1/2Xp3kwEih5p2ZHDfjWYMmEQqmTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:15:09:c4:a8:7c:4f:4e:b6:12:4d:c2:1a:79:bb:d0:6d:b3:
         92:89:b0:cf:4a:8f:19:2b:ca:b9:57:90:61:26:f2:cd:7a:99:
         f3:39:80:42:9e:71:83:86:b8:3c:4c:ba:e4:74:26:ca:65:ea:
         be:f5:df:ee:21:d2:d4:f3:ee:54:2f:88:88:17:b7:6f:3c:ab:
         6c:87:87:db:86:0f:b5:0f:73:35:72:85:b5:84:6a:d8:1c:16:
         65:af:90:72:e1:a7:e2:d1:77:05:dc:ef:5b:39:64:e9:17:93:
         07:db:91:a6:73:f6:27:2f:76:64:cf:a5:ae:5e:da:3c:29:6e:
         49:90:00:de:85:31:b7:ee:de:2b:dd:bc:3d:13:b6:9c:14:2c:
         63:3a:c9:65:18:8e:f3:6e:79:3f:93:55:ef:2f:5b:fa:cc:6b:
         f8:39:53:13:c8:e3:cc:14:33:91:a2:01:cc:eb:f1:51:fd:e8:
         77:1c:51:53:20:ce:0d:08:25:d1:38:a3:cd:01:0f:4a:0a:74:
         6c:ae:01:81:09:03:60:f9:bd:81:1b:65:94:81:fc:52:d6:9f:
         ab:a4:4d:69:d1:4f:62:17:4a:c2:44:a8:0b:51:c2:14:49:d3:
         32:8f:fb:ef:a0:3f:ca:69:52:77:fa:26:c2:6d:0b:6f:42:23:
         93:17:03:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaqeNDsX/fFMQZKEKGD8FB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5N2E3NzkzMDEyMjg3OWE3NjY0NzBkZjhkNjYwYzk4NDQy
YTk5MzIwHhcNMjUwNTA3MTExOTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjkxMTQ2Yzk2MTNjZjFjNDkxMGQ1N2ZkMWE3OTk1MWUxMzdhYzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jeS+AX3O9grlUD4Ngip0WBfGkRY
xP/lV1B/NCgxkeGMg6LPISx9Oh+h5+6cpuZpgPFyJA++HzjoJ781PEOtNkad//6Y
RZwssz+AHztbrHfcacRLMG8K/+nuor82Jj5SyhPAmXwmOzaAbcGY7hNJRCM5NYnF
tmft+/1Bmn6/x64foGKNREv66C8HqGIh3TNyEMgpEFIMkvmvA5f5+JcpplfSBksL
KGtCTKczUbdtFgiLh80CIj+SVn/DGrN63uN27zJyaoXCGh47XXoFo9jHorFnPcwU
a4haQqa435nOzlaINFK36lB1zFhCVKkz0VLsA+jn+7igBIOuwdeHQ2JPswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuRFGyWE88cSRDVf9GnmVHhN6yIMB8GA1UdIwQY
MBaAFNl6d5MBIoeadmRw341mDJhEKpkyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlhwM2t3RWloNXAyWkhEZmpXWU1tRVFxbVRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yYTQ5MjItNDM0Yi00N2IxLWIzMDQt
Y2Q0NTlhNjU3MjFiLzEvUzVFVWJKWVR6eHhKRU5WXzBhZVpVZUUzcklnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yYTQ5MjItNDM0Yi00N2IxLWIzMDQtY2Q0NTlhNjU3MjFi
LzEvMlhwM2t3RWloNXAyWkhEZmpXWU1tRVFxbVRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQUsMA0G
CSqGSIb3DQEBCwUAA4IBAQACFQnEqHxPTrYSTcIaebvQbbOSibDPSo8ZK8q5V5Bh
JvLNepnzOYBCnnGDhrg8TLrkdCbKZeq+9d/uIdLU8+5UL4iIF7dvPKtsh4fbhg+1
D3M1coW1hGrYHBZlr5By4afi0XcF3O9bOWTpF5MH25Gmc/YnL3Zkz6WuXto8KW5J
kADehTG37t4r3bw9E7acFCxjOsllGI7zbnk/k1XvL1v6zGv4OVMTyOPMFDORogHM
6/FR/eh3HFFTIM4NCCXROKPNAQ9KCnRsrgGBCQNg+b2BG2WUgfxS1p+rpE1p0U9i
F0rCRKgLUcIUSdMyj/vvoD/KaVJ3+ibCbQtvQiOTFwP0
-----END CERTIFICATE-----