Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/3sf5oEr3DlOTew2qu4MNcy3qxZU.roa
File:                     3sf5oEr3DlOTew2qu4MNcy3qxZU.roa (raw, json)
Hash identifier:          ouMQZBbsW6mz86Nimkj2chmQSM3lel6uX4kq3MHuBXo=
Subject key identifier:   DE:C7:F9:A0:4A:F7:0E:53:93:7B:0D:AA:BB:83:0D:73:2D:EA:C5:95
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F4FBDC71C92E9EF4E0D8BDD408DAF
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/3sf5oEr3DlOTew2qu4MNcy3qxZU.roa
Signing time:             Thu 02 Jan 2025 05:48:56 +0000
ROA not before:           Thu 02 Jan 2025 05:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209915
IP address blocks:        212.119.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4f:bd:c7:1c:92:e9:ef:4e:0d:8b:dd:40:8d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dec7f9a04af70e53937b0daabb830d732deac595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d4:44:8e:35:2c:37:fa:a3:7e:d7:f1:0a:80:
                    5c:ec:be:45:03:89:74:79:eb:a4:34:60:d5:f1:c2:
                    3d:9b:71:84:41:73:f9:48:08:0e:1e:5f:70:45:78:
                    8b:16:e1:c5:82:85:f7:19:fc:eb:3d:22:8e:bd:fd:
                    fc:ee:d0:c9:74:2b:92:03:1b:78:a3:85:ae:37:fb:
                    ec:cf:b1:47:36:05:25:64:75:0f:48:8d:e4:c9:e7:
                    4d:86:d1:b9:a1:47:df:9b:1c:b9:30:8e:66:1b:13:
                    7d:16:9e:db:82:b4:a4:33:96:61:2a:b7:10:a8:a1:
                    eb:63:a7:2d:c8:21:01:7d:c8:fd:a3:6c:8a:f2:ca:
                    5f:0c:0b:d1:59:0d:1b:54:2f:2a:4c:b7:a0:0c:a1:
                    85:5a:7a:af:32:fe:85:c5:94:57:90:1b:3a:15:42:
                    d3:4a:78:71:36:1e:f9:4f:78:c0:ae:ee:29:be:51:
                    7f:2f:bf:a6:eb:51:f3:c6:ea:db:b7:2b:5f:2f:7c:
                    e7:1d:7e:55:bf:41:d9:93:7f:a8:8f:58:61:92:b9:
                    95:12:c5:af:03:1c:d9:81:f3:0c:e7:25:b5:05:39:
                    06:c0:66:1a:75:aa:f6:f6:18:77:01:5f:c6:7b:53:
                    38:94:84:f5:c4:a0:2b:cf:b2:9e:3c:22:3a:34:b9:
                    d8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:C7:F9:A0:4A:F7:0E:53:93:7B:0D:AA:BB:83:0D:73:2D:EA:C5:95
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/3sf5oEr3DlOTew2qu4MNcy3qxZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.119.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:8d:c5:32:12:0d:0d:b9:8c:a6:17:13:b0:74:64:2a:d6:33:
         00:5c:c7:ea:49:c1:ba:a9:66:38:de:f4:ea:ff:58:b6:05:51:
         75:4b:64:2e:75:59:b6:3f:d7:e3:02:fc:5b:c5:df:52:fc:f1:
         68:e0:ba:6f:f1:dd:a8:59:ee:81:81:6e:f3:fa:33:67:9f:48:
         df:d4:69:4d:ac:cb:7d:0f:0e:28:59:c8:9a:f1:01:28:a6:d7:
         31:24:95:fb:19:77:5e:b1:27:1f:bd:25:85:aa:93:62:c8:7c:
         65:89:d5:db:6e:d5:7b:87:34:ef:11:37:9c:56:15:47:38:91:
         c4:58:48:d1:04:06:9e:25:33:a6:41:a6:d0:57:aa:a0:f2:a5:
         61:35:ec:f0:02:1c:c7:eb:b2:3c:1a:fe:3f:64:9b:fb:23:46:
         ce:58:8f:2a:6e:de:89:fc:db:2a:0e:a5:02:7a:ac:fe:52:e3:
         68:70:63:91:20:87:e6:d5:be:f3:f6:8b:f1:7f:fb:83:4d:ec:
         10:86:4c:2f:d2:6e:8c:14:71:81:d4:88:d1:b2:e2:2c:5f:c7:
         92:24:94:dd:02:43:fe:7d:f2:4a:66:5b:27:d8:87:fc:2f:c6:
         40:04:9a:51:87:0c:78:7d:8d:0a:f1:1d:ed:08:94:70:b1:99:
         bd:a1:db:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj0+9xxyS6e9ODYvdQI2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWM3ZjlhMDRhZjcwZTUzOTM3YjBkYWFiYjgzMGQ3MzJkZWFjNTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNREjjUsN/qjftfxCoBc7L5FA4l0
eeukNGDV8cI9m3GEQXP5SAgOHl9wRXiLFuHFgoX3GfzrPSKOvf387tDJdCuSAxt4
o4WuN/vsz7FHNgUlZHUPSI3kyedNhtG5oUffmxy5MI5mGxN9Fp7bgrSkM5ZhKrcQ
qKHrY6ctyCEBfcj9o2yK8spfDAvRWQ0bVC8qTLegDKGFWnqvMv6FxZRXkBs6FULT
SnhxNh75T3jAru4pvlF/L7+m61HzxurbtytfL3znHX5Vv0HZk3+oj1hhkrmVEsWv
AxzZgfMM5yW1BTkGwGYadar29hh3AV/Ge1M4lIT1xKArz7KePCI6NLnY5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7H+aBK9w5Tk3sNqruDDXMt6sWVMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvM3NmNW9FcjNEbE9UZXcycXU0TU5jeTNxeFpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HcFMA0G
CSqGSIb3DQEBCwUAA4IBAQAMjcUyEg0NuYymFxOwdGQq1jMAXMfqScG6qWY43vTq
/1i2BVF1S2QudVm2P9fjAvxbxd9S/PFo4Lpv8d2oWe6BgW7z+jNnn0jf1GlNrMt9
Dw4oWcia8QEoptcxJJX7GXdesScfvSWFqpNiyHxlidXbbtV7hzTvETecVhVHOJHE
WEjRBAaeJTOmQabQV6qg8qVhNezwAhzH67I8Gv4/ZJv7I0bOWI8qbt6J/NsqDqUC
eqz+UuNocGORIIfm1b7z9ovxf/uDTewQhkwv0m6MFHGB1IjRsuIsX8eSJJTdAkP+
ffJKZlsn2If8L8ZABJpRhwx4fY0K8R3tCJRwsZm9odtn
-----END CERTIFICATE-----