Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/I5RmTjKFYz79KqLmMtO2U-JhAFA.roa
File:                     I5RmTjKFYz79KqLmMtO2U-JhAFA.roa (raw, json)
Hash identifier:          B1+cDeSVZwC0LcfXe39/RIErdfHZS7Ts0F3A1wzPQzw=
Subject key identifier:   23:94:66:4E:32:85:63:3E:FD:2A:A2:E6:32:D3:B6:53:E2:61:00:50
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019706F788489067B48A03D7724D47D9DBD5
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/I5RmTjKFYz79KqLmMtO2U-JhAFA.roa
Signing time:             Sun 25 May 2025 10:22:55 +0000
ROA not before:           Sun 25 May 2025 10:22:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        5.56.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:06:f7:88:48:90:67:b4:8a:03:d7:72:4d:47:d9:db:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: May 25 10:22:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2394664e3285633efd2aa2e632d3b653e2610050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bb:e3:42:cf:3d:e2:22:21:65:af:7b:ca:c8:
                    52:e2:72:b8:49:ad:af:ed:d4:ba:78:6b:3b:de:f1:
                    6b:74:31:80:6f:9f:b3:f3:88:fe:b7:01:a6:ed:52:
                    31:14:50:6f:db:57:5a:97:c0:a6:c2:f4:91:66:fd:
                    12:f4:7a:24:c1:50:52:4c:f1:5f:a5:a5:40:15:90:
                    e0:cd:e4:8e:b9:57:ec:94:cc:3b:1a:bf:1b:a9:09:
                    a7:58:4f:36:0d:1a:40:02:eb:31:b9:b1:92:e9:43:
                    bd:ff:15:77:6f:63:d4:56:fe:fd:ae:fd:fc:b7:50:
                    a7:09:13:48:89:40:b0:88:e3:52:4e:93:fb:8e:eb:
                    f0:04:a7:5d:01:ed:7e:e0:a9:3d:7c:27:ed:86:7b:
                    b0:02:d2:85:8b:72:e2:5a:53:3e:d9:f5:0c:60:22:
                    85:42:75:41:3a:7b:f6:05:47:91:5e:39:2f:bd:b1:
                    95:21:e2:fe:16:84:b2:fd:e9:c2:12:7e:ab:6f:ca:
                    b8:de:84:b7:b2:cc:64:92:1f:61:99:12:6c:5f:64:
                    86:c1:e1:95:83:e0:50:29:b8:6a:93:b9:f4:a7:be:
                    47:b2:58:63:af:25:02:57:d8:1b:25:a8:9c:f7:54:
                    64:99:54:7e:5d:51:ea:0b:6f:6f:76:7c:58:17:5e:
                    08:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:94:66:4E:32:85:63:3E:FD:2A:A2:E6:32:D3:B6:53:E2:61:00:50
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/I5RmTjKFYz79KqLmMtO2U-JhAFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:10:a6:8d:91:34:b1:f8:11:64:a9:8a:08:a7:f8:0e:a5:db:
         ad:52:b3:45:3a:d9:ac:b9:a9:94:27:91:8c:ef:fb:f2:22:12:
         4d:32:56:c4:ff:d9:bc:a3:fc:21:78:60:a5:c0:a7:01:a5:24:
         11:dc:68:50:80:73:ac:60:5d:f9:90:f1:3b:0a:d7:42:aa:3b:
         c3:57:dd:8b:71:27:96:49:29:11:24:7b:55:1a:7b:59:6d:30:
         80:80:58:fd:24:97:8c:fc:a7:8f:7e:56:a4:99:36:51:1b:05:
         49:d7:9c:05:83:c8:1d:3d:92:21:48:b3:ab:e2:45:f9:7a:fc:
         b7:06:28:9d:9d:10:43:72:9a:ba:a7:d9:89:f4:49:57:0c:5c:
         fd:3e:31:5c:78:13:26:1c:de:77:b7:f2:15:29:96:a6:eb:07:
         c4:38:78:8f:8c:c9:cb:84:0b:53:60:22:64:88:f2:fa:1e:c8:
         44:6e:99:a3:a8:33:ce:2c:fe:ff:e1:33:05:14:7d:c6:4a:4d:
         b0:7b:d2:11:4a:83:1d:0b:24:be:f6:8b:5e:6e:73:97:22:27:
         ee:0a:05:67:58:8c:82:80:5a:78:c5:a0:7f:3a:8b:a8:72:04:
         32:6e:df:50:2a:c0:25:1b:45:4f:c1:b7:5c:54:4d:ad:0a:66:
         60:b0:db:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcG94hIkGe0igPXck1H2dvVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNTI1MTAyMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzk0NjY0ZTMyODU2MzNlZmQyYWEyZTYzMmQzYjY1M2UyNjEwMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LvjQs894iIhZa97yshS4nK4Sa2v
7dS6eGs73vFrdDGAb5+z84j+twGm7VIxFFBv21dal8CmwvSRZv0S9HokwVBSTPFf
paVAFZDgzeSOuVfslMw7Gr8bqQmnWE82DRpAAusxubGS6UO9/xV3b2PUVv79rv38
t1CnCRNIiUCwiONSTpP7juvwBKddAe1+4Kk9fCfthnuwAtKFi3LiWlM+2fUMYCKF
QnVBOnv2BUeRXjkvvbGVIeL+FoSy/enCEn6rb8q43oS3ssxkkh9hmRJsX2SGweGV
g+BQKbhqk7n0p75HslhjryUCV9gbJaic91RkmVR+XVHqC29vdnxYF14ICwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOUZk4yhWM+/Sqi5jLTtlPiYQBQMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvSTVSbVRqS0ZZejc5S3FMbU10TzJVLUpoQUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTgcMA0G
CSqGSIb3DQEBCwUAA4IBAQABEKaNkTSx+BFkqYoIp/gOpdutUrNFOtmsuamUJ5GM
7/vyIhJNMlbE/9m8o/wheGClwKcBpSQR3GhQgHOsYF35kPE7CtdCqjvDV92LcSeW
SSkRJHtVGntZbTCAgFj9JJeM/KePflakmTZRGwVJ15wFg8gdPZIhSLOr4kX5evy3
BiidnRBDcpq6p9mJ9ElXDFz9PjFceBMmHN53t/IVKZam6wfEOHiPjMnLhAtTYCJk
iPL6HshEbpmjqDPOLP7/4TMFFH3GSk2we9IRSoMdCyS+9otebnOXIifuCgVnWIyC
gFp4xaB/OouocgQybt9QKsAlG0VPwbdcVE2tCmZgsNvm
-----END CERTIFICATE-----