Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/1-d_4NnGRWiLNxMtEHTI7liKr9UI.roa
File:                     1-d_4NnGRWiLNxMtEHTI7liKr9UI.roa (raw, json)
Hash identifier:          CvRaWUsgFRo0d4EaYRA4VrTo+xf/BVknD8qlBjzpT68=
Subject key identifier:   F9:DF:F8:36:71:91:5A:22:CD:C4:CB:44:1D:32:3B:96:22:AB:F5:42
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       0197D6EA834FEF8F2314C74D70C51F3161F0
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/1-d_4NnGRWiLNxMtEHTI7liKr9UI.roa
Signing time:             Fri 04 Jul 2025 19:29:42 +0000
ROA not before:           Fri 04 Jul 2025 19:29:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214294
IP address blocks:        5.10.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 19:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d6:ea:83:4f:ef:8f:23:14:c7:4d:70:c5:1f:31:61:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Jul  4 19:29:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9dff83671915a22cdc4cb441d323b9622abf542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:34:3a:5c:b5:1e:e1:37:a6:7a:18:0a:73:00:
                    df:bc:ef:66:91:5e:cf:81:e9:7c:69:40:a8:cc:3d:
                    b0:1c:34:1d:25:e0:3a:d3:fa:a3:36:e7:e1:c7:a8:
                    35:3e:42:be:88:bb:44:11:44:0f:ef:71:44:90:e7:
                    ee:07:46:59:9c:c2:34:3a:c7:79:3f:75:b1:f0:cb:
                    c3:e5:d7:bf:a0:45:e6:4b:21:d6:ba:38:05:55:25:
                    3a:69:2f:9d:57:b8:43:c1:83:64:f9:ca:59:67:94:
                    5b:da:4a:83:a7:7a:8e:31:c0:8e:b1:71:3e:ce:22:
                    45:e3:28:fa:ef:3d:d5:af:cb:d3:89:ff:dc:3d:8e:
                    97:9d:79:30:31:7c:b0:d4:e2:49:66:7e:8d:2f:ff:
                    3d:d5:d8:45:b1:de:78:52:ff:c0:46:d1:69:17:67:
                    95:18:c1:6f:b4:d6:e6:2f:5a:6d:77:07:d7:11:c7:
                    2c:e3:5a:32:4d:fa:d2:ef:ad:5b:a3:74:ca:e9:f3:
                    6f:b9:c8:e2:f0:c8:06:88:35:5c:e4:d8:67:52:9c:
                    b9:b2:ab:91:69:b4:b0:e3:64:73:a3:2a:0d:2c:d9:
                    d6:17:f8:bd:3f:ac:9f:64:65:62:ea:85:c8:91:4a:
                    e2:0f:8b:a7:c2:88:2b:b7:f9:d3:e3:8f:ea:c7:b7:
                    33:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:DF:F8:36:71:91:5A:22:CD:C4:CB:44:1D:32:3B:96:22:AB:F5:42
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/1-d_4NnGRWiLNxMtEHTI7liKr9UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:18:c9:1b:45:54:ff:4b:32:a4:29:62:08:92:6f:f9:28:fa:
         8e:32:b0:5e:00:09:a9:e6:bc:a5:b2:ac:74:e3:9a:6e:39:79:
         09:6a:8d:bc:21:ac:3a:39:df:a1:5d:17:3d:e6:13:88:9e:fe:
         44:ec:39:ef:b8:e6:69:4b:35:15:c4:16:5a:80:b5:0d:e9:c7:
         17:2c:d2:a2:d7:78:af:3b:cb:2b:42:cd:de:df:53:a2:00:7a:
         24:9b:1b:4d:83:f4:94:47:f0:0c:e8:f7:40:80:6b:5d:72:0f:
         c3:4a:d2:7b:d3:a8:94:2f:8a:ee:55:e3:7f:b4:64:18:6b:6d:
         19:d2:18:51:f9:14:c4:96:2f:2f:9d:15:95:00:07:4c:09:e4:
         76:86:33:27:19:1e:fd:9c:2c:78:0d:3a:90:c4:7c:d0:c2:9d:
         68:b3:d5:a1:62:ae:a4:85:a4:88:dd:24:3d:6b:7b:17:b2:ae:
         02:d1:97:e4:b4:fa:47:2d:22:b7:97:99:05:ad:64:f9:aa:65:
         71:56:dc:5e:f2:90:b4:73:72:a5:41:fd:88:2b:0b:65:2c:08:
         6e:16:22:6f:76:03:42:c1:23:68:78:7e:6c:f1:c2:1d:11:7b:
         b5:1d:96:9d:12:4f:61:04:69:70:f6:91:90:11:61:dd:fe:4b:
         26:8b:bc:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfW6oNP748jFMdNcMUfMWHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwNzA0MTkyOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWRmZjgzNjcxOTE1YTIyY2RjNGNiNDQxZDMyM2I5NjIyYWJmNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTQ6XLUe4TemehgKcwDfvO9mkV7P
gel8aUCozD2wHDQdJeA60/qjNufhx6g1PkK+iLtEEUQP73FEkOfuB0ZZnMI0Osd5
P3Wx8MvD5de/oEXmSyHWujgFVSU6aS+dV7hDwYNk+cpZZ5Rb2kqDp3qOMcCOsXE+
ziJF4yj67z3Vr8vTif/cPY6XnXkwMXyw1OJJZn6NL/891dhFsd54Uv/ARtFpF2eV
GMFvtNbmL1ptdwfXEccs41oyTfrS761bo3TK6fNvucji8MgGiDVc5NhnUpy5squR
abSw42RzoyoNLNnWF/i9P6yfZGVi6oXIkUriD4unwogrt/nT44/qx7cz2wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnf+DZxkVoizcTLRB0yO5Yiq/VCMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvMS1kXzRObkdSV2lMTnhNdEVIVEk3bGlLcjlVSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2EvYmU0OTA5LTc0NWYtNGQwYy1iZmFiLWRlZTc2ODYwMDEz
ZC8xL0tYNzV2djBhZmlUQXpKY3BtSF9BWmRhM0V5OC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAUK1DAN
BgkqhkiG9w0BAQsFAAOCAQEAERjJG0VU/0sypCliCJJv+Sj6jjKwXgAJqea8pbKs
dOOabjl5CWqNvCGsOjnfoV0XPeYTiJ7+ROw577jmaUs1FcQWWoC1DenHFyzSotd4
rzvLK0LN3t9TogB6JJsbTYP0lEfwDOj3QIBrXXIPw0rSe9OolC+K7lXjf7RkGGtt
GdIYUfkUxJYvL50VlQAHTAnkdoYzJxke/ZwseA06kMR80MKdaLPVoWKupIWkiN0k
PWt7F7KuAtGX5LT6Ry0it5eZBa1k+aplcVbcXvKQtHNypUH9iCsLZSwIbhYib3YD
QsEjaHh+bPHCHRF7tR2WnRJPYQRpcPaRkBFh3f5LJou8aQ==
-----END CERTIFICATE-----