Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/5fcpJVl5DXDFgBV-5G0BOvh2tGg.roa
File:                     5fcpJVl5DXDFgBV-5G0BOvh2tGg.roa (raw, json)
Hash identifier:          urXegQalP46Ga7kO5s8Ojf4B2voXZNk4EbUTvjtFENw=
Subject key identifier:   E5:F7:29:25:59:79:0D:70:C5:80:15:7E:E4:6D:01:3A:F8:76:B4:68
Certificate issuer:       /CN=a73d640d90bf3d67f2498138cc371f654647ddad
Certificate serial:       01941F8C1EA81E12161FA9FCCA3D0A1067E8
Authority key identifier: A7:3D:64:0D:90:BF:3D:67:F2:49:81:38:CC:37:1F:65:46:47:DD:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pz1kDZC_PWfySYE4zDcfZUZH3a0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/5fcpJVl5DXDFgBV-5G0BOvh2tGg.roa
Signing time:             Wed 01 Jan 2025 01:47:44 +0000
ROA not before:           Wed 01 Jan 2025 01:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41970
IP address blocks:        194.60.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/pz1kDZC_PWfySYE4zDcfZUZH3a0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/pz1kDZC_PWfySYE4zDcfZUZH3a0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pz1kDZC_PWfySYE4zDcfZUZH3a0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:1e:a8:1e:12:16:1f:a9:fc:ca:3d:0a:10:67:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a73d640d90bf3d67f2498138cc371f654647ddad
        Validity
            Not Before: Jan  1 01:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5f7292559790d70c580157ee46d013af876b468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:09:fb:10:1a:aa:20:62:63:79:f3:42:00:f9:
                    2e:65:c5:b6:25:cb:85:32:37:a8:9f:25:72:03:39:
                    9a:f0:40:10:18:37:c4:fa:4d:63:00:a3:a7:1d:96:
                    26:dd:78:2d:b1:e3:4b:8b:25:0f:6f:cb:a1:31:f5:
                    77:25:65:8c:31:2c:c3:72:25:d8:cc:e3:35:cd:dd:
                    3b:01:dc:e1:67:45:b3:a5:84:f8:73:72:eb:e7:e6:
                    34:8e:2f:98:5d:92:74:c2:96:41:2a:74:a5:42:71:
                    d3:67:05:5c:59:16:70:b6:9a:1e:99:ad:38:49:63:
                    9c:a8:8b:f6:9d:61:84:0b:c9:6f:5b:25:3d:2d:48:
                    8d:0f:78:44:26:80:46:f3:d8:b7:5e:4c:57:e6:db:
                    90:17:0e:ca:e7:7a:38:59:ad:c2:1b:02:dc:be:05:
                    00:74:ed:4e:81:14:23:9d:05:51:6f:f5:ab:ca:19:
                    38:f2:96:f8:c0:4f:9b:59:34:07:9c:e3:44:d7:fb:
                    4a:0d:5d:74:d6:ae:77:6c:dd:0d:dc:00:cb:e7:b4:
                    4a:d0:9c:6d:09:60:1e:8a:03:f3:c1:a6:35:9c:fe:
                    43:e5:8f:7f:a8:76:f3:2d:28:c8:f2:47:0b:04:d3:
                    e8:a3:ff:b7:cb:b9:f2:d6:cd:79:23:c0:87:ff:34:
                    f2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:F7:29:25:59:79:0D:70:C5:80:15:7E:E4:6D:01:3A:F8:76:B4:68
            X509v3 Authority Key Identifier:
                keyid:A7:3D:64:0D:90:BF:3D:67:F2:49:81:38:CC:37:1F:65:46:47:DD:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pz1kDZC_PWfySYE4zDcfZUZH3a0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/5fcpJVl5DXDFgBV-5G0BOvh2tGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/72892a-3bc0-4f57-bc5b-75039750bd68/1/pz1kDZC_PWfySYE4zDcfZUZH3a0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:71:ee:ac:cc:9f:ed:fc:26:4d:d7:9c:56:69:21:73:22:2f:
         fd:9f:83:8c:f8:f1:89:39:58:a3:4e:b8:45:19:27:6b:8e:d6:
         67:ac:b6:4a:3d:85:2b:d1:0a:56:6e:79:55:37:9f:40:8c:71:
         ec:0f:a2:f1:58:ad:4d:6b:91:ca:94:6d:f7:60:02:72:44:e9:
         3c:87:50:ec:c8:c9:41:fd:dd:c3:9d:2c:ef:07:dc:19:68:e5:
         f0:72:97:63:9d:a1:9e:32:71:9f:72:26:35:23:c1:9a:9d:e3:
         b8:59:2b:03:13:db:12:76:75:0d:24:2e:28:a4:1e:14:0d:c7:
         08:1c:66:47:50:cb:6e:52:a2:b1:d0:68:3f:af:0b:6e:52:49:
         1f:86:c4:74:5a:b5:f2:b1:ca:85:92:c7:1b:d5:69:62:eb:10:
         12:be:a6:88:33:38:f0:82:f8:f3:e0:25:64:0a:ce:8f:26:06:
         3a:be:7e:cf:2c:c5:d3:23:b4:df:b6:85:20:14:d5:00:c1:3f:
         71:f8:30:4e:e6:08:a9:8e:c1:1e:12:14:79:e1:ec:3b:33:be:
         5a:24:f8:aa:89:d1:32:98:15:b9:41:a3:63:08:80:cd:ae:7e:
         fe:13:ce:3e:88:c3:16:d2:4e:e6:2f:04:06:96:80:14:dc:24:
         70:8b:3c:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjB6oHhIWH6n8yj0KEGfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3M2Q2NDBkOTBiZjNkNjdmMjQ5ODEzOGNjMzcxZjY1NDY0
N2RkYWQwHhcNMjUwMTAxMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWY3MjkyNTU5NzkwZDcwYzU4MDE1N2VlNDZkMDEzYWY4NzZiNDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAn7EBqqIGJjefNCAPkuZcW2JcuF
MjeonyVyAzma8EAQGDfE+k1jAKOnHZYm3XgtseNLiyUPb8uhMfV3JWWMMSzDciXY
zOM1zd07AdzhZ0WzpYT4c3Lr5+Y0ji+YXZJ0wpZBKnSlQnHTZwVcWRZwtpoema04
SWOcqIv2nWGEC8lvWyU9LUiND3hEJoBG89i3XkxX5tuQFw7K53o4Wa3CGwLcvgUA
dO1OgRQjnQVRb/Wryhk48pb4wE+bWTQHnONE1/tKDV101q53bN0N3ADL57RK0Jxt
CWAeigPzwaY1nP5D5Y9/qHbzLSjI8kcLBNPoo/+3y7ny1s15I8CH/zTyqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOX3KSVZeQ1wxYAVfuRtATr4drRoMB8GA1UdIwQY
MBaAFKc9ZA2Qvz1n8kmBOMw3H2VGR92tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHoxa0RaQ19QV2Z5U1lFNHpEY2ZaVVpIM2EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC83Mjg5MmEtM2JjMC00ZjU3LWJjNWIt
NzUwMzk3NTBiZDY4LzEvNWZjcEpWbDVEWERGZ0JWLTVHMEJPdmgydEdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC83Mjg5MmEtM2JjMC00ZjU3LWJjNWItNzUwMzk3NTBiZDY4
LzEvcHoxa0RaQ19QV2Z5U1lFNHpEY2ZaVVpIM2EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjxKMA0G
CSqGSIb3DQEBCwUAA4IBAQA1ce6szJ/t/CZN15xWaSFzIi/9n4OM+PGJOVijTrhF
GSdrjtZnrLZKPYUr0QpWbnlVN59AjHHsD6LxWK1Na5HKlG33YAJyROk8h1DsyMlB
/d3DnSzvB9wZaOXwcpdjnaGeMnGfciY1I8GaneO4WSsDE9sSdnUNJC4opB4UDccI
HGZHUMtuUqKx0Gg/rwtuUkkfhsR0WrXyscqFkscb1Wli6xASvqaIMzjwgvjz4CVk
Cs6PJgY6vn7PLMXTI7TftoUgFNUAwT9x+DBO5gipjsEeEhR54ew7M75aJPiqidEy
mBW5QaNjCIDNrn7+E84+iMMW0k7mLwQGloAU3CRwizwe
-----END CERTIFICATE-----