Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/U73SPnrRJB4la5AB1PgxAgI8YJo.roa
File:                     U73SPnrRJB4la5AB1PgxAgI8YJo.roa (raw, json)
Hash identifier:          ZSAy+kor664YPi7EMmeLbInOy0BorQL0Jabp4osjNno=
Subject key identifier:   53:BD:D2:3E:7A:D1:24:1E:25:6B:90:01:D4:F8:31:02:02:3C:60:9A
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019648AF4F73692B88378003DC76B254B71D
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/U73SPnrRJB4la5AB1PgxAgI8YJo.roa
Signing time:             Fri 18 Apr 2025 11:36:10 +0000
ROA not before:           Fri 18 Apr 2025 11:36:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214083
IP address blocks:        5.180.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:48:af:4f:73:69:2b:88:37:80:03:dc:76:b2:54:b7:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr 18 11:36:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53bdd23e7ad1241e256b9001d4f83102023c609a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:13:04:d7:db:6c:81:f3:d5:54:04:3c:44:47:
                    02:52:55:4f:e6:f5:86:35:6c:cf:30:3a:b3:95:db:
                    0a:e2:0a:5e:b8:03:2e:55:9c:02:f5:d6:1e:d8:27:
                    15:94:db:84:9e:16:44:82:77:be:92:67:b7:86:4d:
                    a9:c7:ab:b6:4c:4f:7a:6f:e4:dc:1b:ed:46:c9:8f:
                    cc:85:68:19:21:a5:4f:74:a4:f3:3b:dc:a7:0e:a8:
                    3a:dc:87:3d:e3:c9:e9:82:db:ec:e7:d8:df:d7:1e:
                    a7:df:59:82:73:6b:3e:5a:07:c5:86:c3:f9:0b:5e:
                    ee:eb:43:fa:26:29:96:df:bb:d4:15:4d:75:27:a7:
                    44:c4:a2:8c:d8:73:cd:ed:ff:f6:c5:61:12:67:46:
                    20:c4:4d:8e:60:a0:0a:24:f4:31:75:f8:d0:b7:0b:
                    85:05:b9:2a:29:21:c8:55:ca:a7:b8:9f:86:0f:b9:
                    5c:28:b6:ee:01:ad:76:74:31:02:7e:ae:5c:11:04:
                    2a:c6:d7:ac:27:38:94:2f:6e:62:ed:96:3d:6b:8c:
                    75:9c:fe:73:76:84:71:8d:e6:2d:b8:34:3d:06:fc:
                    ba:a9:9b:cb:8e:f7:0b:a4:42:7d:d6:ab:e4:0d:5f:
                    5a:b7:57:7a:9e:43:40:8a:c0:f5:39:b0:7b:50:57:
                    0d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:BD:D2:3E:7A:D1:24:1E:25:6B:90:01:D4:F8:31:02:02:3C:60:9A
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/U73SPnrRJB4la5AB1PgxAgI8YJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:b8:5c:65:e0:26:33:d4:6e:1e:19:0e:4f:ff:34:c9:6d:22:
         1b:8c:73:21:24:bc:ff:1c:73:38:78:46:d4:dc:65:10:a8:e1:
         e7:0c:45:08:16:6f:e1:6c:15:6f:2c:3c:61:3e:5f:df:ff:ca:
         72:dd:f7:35:93:f0:74:0b:35:f2:c6:2e:a0:29:e7:62:3d:af:
         4d:dc:2c:12:6f:44:45:37:ab:c1:24:2c:e8:5c:a8:22:eb:d8:
         4b:8b:8e:98:f3:a6:de:f0:6e:ed:41:b4:37:a9:f0:38:4b:b1:
         b5:a9:7d:5c:47:3d:04:05:c6:d4:73:b4:ff:cd:8c:99:15:bd:
         37:c5:ca:c4:1b:a5:29:fd:83:cf:74:f1:2e:10:e0:b3:ae:37:
         29:9f:c5:61:d2:42:1c:8a:8b:b0:e5:9c:3d:71:e8:e3:55:2a:
         97:ca:21:55:d9:ab:b6:59:64:21:da:47:05:62:82:47:41:2e:
         de:95:7b:50:cc:b2:ea:5c:cc:b8:4c:18:c9:80:af:5f:e9:8a:
         01:45:43:ac:81:89:39:99:d5:15:c0:1b:f2:70:1f:22:9d:d0:
         70:2c:87:d7:a1:03:87:40:dd:8b:7f:09:7d:a1:e8:50:75:16:
         9f:a1:b5:b1:c6:9e:f6:0d:5e:99:59:f5:3c:87:a0:50:d7:ed:
         fd:1c:79:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZIr09zaSuIN4AD3HayVLcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwNDE4MTEzNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2JkZDIzZTdhZDEyNDFlMjU2YjkwMDFkNGY4MzEwMjAyM2M2MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhME19tsgfPVVAQ8REcCUlVP5vWG
NWzPMDqzldsK4gpeuAMuVZwC9dYe2CcVlNuEnhZEgne+kme3hk2px6u2TE96b+Tc
G+1GyY/MhWgZIaVPdKTzO9ynDqg63Ic948npgtvs59jf1x6n31mCc2s+WgfFhsP5
C17u60P6JimW37vUFU11J6dExKKM2HPN7f/2xWESZ0YgxE2OYKAKJPQxdfjQtwuF
BbkqKSHIVcqnuJ+GD7lcKLbuAa12dDECfq5cEQQqxtesJziUL25i7ZY9a4x1nP5z
doRxjeYtuDQ9Bvy6qZvLjvcLpEJ91qvkDV9at1d6nkNAisD1ObB7UFcNowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFO90j560SQeJWuQAdT4MQICPGCaMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvVTczU1BuclJKQjRsYTVBQjFQZ3hBZ0k4WUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbTqMA0G
CSqGSIb3DQEBCwUAA4IBAQBHuFxl4CYz1G4eGQ5P/zTJbSIbjHMhJLz/HHM4eEbU
3GUQqOHnDEUIFm/hbBVvLDxhPl/f/8py3fc1k/B0CzXyxi6gKediPa9N3CwSb0RF
N6vBJCzoXKgi69hLi46Y86be8G7tQbQ3qfA4S7G1qX1cRz0EBcbUc7T/zYyZFb03
xcrEG6Up/YPPdPEuEOCzrjcpn8Vh0kIciouw5Zw9cejjVSqXyiFV2au2WWQh2kcF
YoJHQS7elXtQzLLqXMy4TBjJgK9f6YoBRUOsgYk5mdUVwBvycB8indBwLIfXoQOH
QN2Lfwl9oehQdRafobWxxp72DV6ZWfU8h6BQ1+39HHkL
-----END CERTIFICATE-----