Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/nArRHp-4C_xfVc5I0xzODMyX0Wc.roa
File:                     nArRHp-4C_xfVc5I0xzODMyX0Wc.roa (raw, json)
Hash identifier:          unbAaPNeb8ss923AiSBNv55C1f+CW+UAKQwmAnYXVMU=
Subject key identifier:   9C:0A:D1:1E:9F:B8:0B:FC:5F:55:CE:48:D3:1C:CE:0C:CC:97:D1:67
Certificate issuer:       /CN=78fb099aa43081ac8395ee0b90ccf1a8844f8d64
Certificate serial:       01942143D0C420C13BF03FE3D436A1039914
Authority key identifier: 78:FB:09:9A:A4:30:81:AC:83:95:EE:0B:90:CC:F1:A8:84:4F:8D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ePsJmqQwgayDle4LkMzxqIRPjWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/nArRHp-4C_xfVc5I0xzODMyX0Wc.roa
Signing time:             Wed 01 Jan 2025 09:47:59 +0000
ROA not before:           Wed 01 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38933
IP address blocks:        5.133.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/ePsJmqQwgayDle4LkMzxqIRPjWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/ePsJmqQwgayDle4LkMzxqIRPjWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ePsJmqQwgayDle4LkMzxqIRPjWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d0:c4:20:c1:3b:f0:3f:e3:d4:36:a1:03:99:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78fb099aa43081ac8395ee0b90ccf1a8844f8d64
        Validity
            Not Before: Jan  1 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c0ad11e9fb80bfc5f55ce48d31cce0ccc97d167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:66:d5:b2:e8:6b:31:e8:af:1a:a1:33:45:a0:
                    dd:3b:7d:b2:ac:ce:ba:ed:45:c3:ea:0c:03:7e:9f:
                    18:73:de:67:b7:d8:1f:8e:7d:c9:a5:1e:05:64:71:
                    18:40:15:1d:d2:de:7d:f5:12:a4:b7:25:1c:67:da:
                    63:50:40:14:0c:ed:ec:13:e1:a3:b1:23:ab:42:1c:
                    19:0e:a2:25:d8:47:3e:3a:8c:09:27:3d:2b:39:f2:
                    06:34:d2:14:51:e7:2a:6a:84:82:88:c1:93:64:a4:
                    b0:a0:b0:71:03:b7:3c:5c:88:08:6b:d8:b0:88:d1:
                    15:e9:cc:d7:21:8a:56:76:e7:02:0e:ae:c4:6c:67:
                    75:2c:f0:b5:2d:83:dd:36:06:53:29:e5:9a:85:02:
                    bb:3d:99:79:9d:fc:9a:db:9d:53:e4:ea:ce:7c:f1:
                    3c:2d:3f:57:fa:e3:54:39:26:b8:84:a4:81:85:e1:
                    fb:44:f5:80:53:db:0d:c1:96:e9:5f:d3:7a:f4:cf:
                    06:51:81:3a:a0:c8:c0:7f:b7:2c:80:99:3a:fc:e1:
                    75:3f:ab:2c:3d:89:8a:3d:05:a0:43:b7:48:7a:b6:
                    4b:89:86:34:de:16:25:dd:96:a5:c5:34:1d:b3:70:
                    2d:11:59:42:28:d4:ed:bd:98:d6:71:d5:ef:ad:c5:
                    ca:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:0A:D1:1E:9F:B8:0B:FC:5F:55:CE:48:D3:1C:CE:0C:CC:97:D1:67
            X509v3 Authority Key Identifier:
                keyid:78:FB:09:9A:A4:30:81:AC:83:95:EE:0B:90:CC:F1:A8:84:4F:8D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ePsJmqQwgayDle4LkMzxqIRPjWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/nArRHp-4C_xfVc5I0xzODMyX0Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/ePsJmqQwgayDle4LkMzxqIRPjWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:60:3c:20:bd:4e:f0:69:71:11:58:8f:06:d9:e0:d0:7c:ba:
         9e:45:83:24:66:bc:46:f4:55:2a:6d:0e:9c:eb:58:8f:17:2e:
         78:9b:65:18:6d:3a:3f:6d:46:92:4c:bb:58:63:24:b4:58:39:
         36:cf:4c:31:c3:27:85:16:13:de:c2:bc:8f:08:f8:69:e3:f8:
         e4:53:f7:13:3e:9e:85:0c:09:78:27:65:43:67:fa:36:cc:15:
         89:43:ed:b1:4d:32:68:27:b1:86:fc:77:19:71:2a:71:a6:5e:
         c8:fb:8f:7f:62:5e:ef:ba:3b:6f:b1:00:9b:43:41:4c:ec:52:
         68:d3:bd:1d:c3:fd:22:30:a6:37:0d:f6:5c:02:33:a7:3c:25:
         91:b7:37:f4:4a:c2:29:a3:da:db:ab:ad:f2:85:2b:e9:b9:8b:
         bd:01:76:b6:bb:8d:fd:50:d0:61:c8:9b:0c:46:10:c1:6c:57:
         e8:fb:67:b8:72:53:e2:51:00:ad:24:02:33:80:bd:8f:b7:ba:
         bd:6e:2e:aa:23:76:32:44:c4:fb:61:4c:a9:20:0d:24:e1:79:
         0d:9b:68:fa:4f:e3:10:c5:09:09:09:da:e0:38:d0:94:7c:d8:
         84:67:68:6a:93:33:4a:1d:ac:57:c8:b3:06:29:fa:b7:a0:ec:
         ae:d0:fd:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9DEIME78D/j1DahA5kUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZmIwOTlhYTQzMDgxYWM4Mzk1ZWUwYjkwY2NmMWE4ODQ0
ZjhkNjQwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzBhZDExZTlmYjgwYmZjNWY1NWNlNDhkMzFjY2UwY2NjOTdkMTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWbVsuhrMeivGqEzRaDdO32yrM66
7UXD6gwDfp8Yc95nt9gfjn3JpR4FZHEYQBUd0t599RKktyUcZ9pjUEAUDO3sE+Gj
sSOrQhwZDqIl2Ec+OowJJz0rOfIGNNIUUecqaoSCiMGTZKSwoLBxA7c8XIgIa9iw
iNEV6czXIYpWducCDq7EbGd1LPC1LYPdNgZTKeWahQK7PZl5nfya251T5OrOfPE8
LT9X+uNUOSa4hKSBheH7RPWAU9sNwZbpX9N69M8GUYE6oMjAf7csgJk6/OF1P6ss
PYmKPQWgQ7dIerZLiYY03hYl3ZalxTQds3AtEVlCKNTtvZjWcdXvrcXK3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwK0R6fuAv8X1XOSNMczgzMl9FnMB8GA1UdIwQY
MBaAFHj7CZqkMIGsg5XuC5DM8aiET41kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVBzSm1xUXdnYXlEbGU0TGtNenhxSVJQaldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9jZDE3ZmUtZTQ0YS00Yjk4LTlmMWMt
MmQ4YThkOTY2OWY4LzEvbkFyUkhwLTRDX3hmVmM1STB4ek9ETXlYMFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9jZDE3ZmUtZTQ0YS00Yjk4LTlmMWMtMmQ4YThkOTY2OWY4
LzEvZVBzSm1xUXdnYXlEbGU0TGtNenhxSVJQaldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBYVoMA0G
CSqGSIb3DQEBCwUAA4IBAQAZYDwgvU7waXERWI8G2eDQfLqeRYMkZrxG9FUqbQ6c
61iPFy54m2UYbTo/bUaSTLtYYyS0WDk2z0wxwyeFFhPewryPCPhp4/jkU/cTPp6F
DAl4J2VDZ/o2zBWJQ+2xTTJoJ7GG/HcZcSpxpl7I+49/Yl7vujtvsQCbQ0FM7FJo
070dw/0iMKY3DfZcAjOnPCWRtzf0SsIpo9rbq63yhSvpuYu9AXa2u439UNBhyJsM
RhDBbFfo+2e4clPiUQCtJAIzgL2Pt7q9bi6qI3YyRMT7YUypIA0k4XkNm2j6T+MQ
xQkJCdrgONCUfNiEZ2hqkzNKHaxXyLMGKfq3oOyu0P12
-----END CERTIFICATE-----