Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/600a37-f967-45b1-a1dd-07a315e9033d/1/ZYUzGeilRyfhVGBGDs3ScwXWgUY.roa
File:                     ZYUzGeilRyfhVGBGDs3ScwXWgUY.roa (raw, json)
Hash identifier:          gBAr68IvuzGBsMRnZQFpHYo6Uf7sa+Fh75TAVHTzSCc=
Subject key identifier:   65:85:33:19:E8:A5:47:27:E1:54:60:46:0E:CD:D2:73:05:D6:81:46
Certificate issuer:       /CN=9870bf4f95350d0377fa8938bf4f2dcb7e72ff12
Certificate serial:       01965783FF312AC811BFD30F8E2212280398
Authority key identifier: 98:70:BF:4F:95:35:0D:03:77:FA:89:38:BF:4F:2D:CB:7E:72:FF:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mHC_T5U1DQN3-ok4v08ty35y_xI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/600a37-f967-45b1-a1dd-07a315e9033d/1/ZYUzGeilRyfhVGBGDs3ScwXWgUY.roa
Signing time:             Mon 21 Apr 2025 08:43:10 +0000
ROA not before:           Mon 21 Apr 2025 08:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205800
IP address blocks:        5.10.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/600a37-f967-45b1-a1dd-07a315e9033d/1/mHC_T5U1DQN3-ok4v08ty35y_xI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/600a37-f967-45b1-a1dd-07a315e9033d/1/mHC_T5U1DQN3-ok4v08ty35y_xI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mHC_T5U1DQN3-ok4v08ty35y_xI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:57:83:ff:31:2a:c8:11:bf:d3:0f:8e:22:12:28:03:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9870bf4f95350d0377fa8938bf4f2dcb7e72ff12
        Validity
            Not Before: Apr 21 08:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65853319e8a54727e15460460ecdd27305d68146
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:76:bf:44:eb:37:56:95:20:a6:1b:56:92:0f:
                    3b:3d:c2:f4:6b:41:80:b9:21:12:f1:d7:9f:5b:10:
                    b6:a9:47:92:f9:f0:e9:e3:1c:12:c3:76:4d:4e:36:
                    12:39:77:13:dd:bb:50:c7:99:73:e7:72:77:fe:74:
                    95:28:56:c9:12:0e:46:dc:1b:f5:51:ef:70:b9:b8:
                    53:c3:53:17:40:34:18:a2:3a:97:2f:e2:9a:1e:c4:
                    8f:d8:d3:04:99:cc:1c:58:e8:68:4b:2b:8b:46:95:
                    5a:15:1b:16:c4:c7:f3:a7:63:e7:15:8b:2b:9e:65:
                    b1:6a:5a:a5:13:62:5a:00:25:0b:f5:c6:19:eb:af:
                    de:9c:0c:58:a8:0b:ce:ac:cd:e7:47:f2:6e:d5:1b:
                    1e:8d:cc:31:01:f9:35:cd:c7:70:3f:09:75:4d:cc:
                    ea:cb:12:82:dd:93:d7:e9:d8:df:b6:e1:88:d7:f0:
                    4e:3e:ec:d2:4b:0a:b6:5f:0a:40:41:d9:09:31:a3:
                    85:c5:f8:55:be:97:21:7e:c2:19:88:52:84:55:bd:
                    3c:d7:40:fc:f8:2c:22:c5:78:c3:0c:a3:02:d4:22:
                    0d:e5:8e:fa:4b:b8:bc:02:2e:4f:af:5e:09:b2:c0:
                    eb:6a:ff:f1:43:55:b6:8b:b2:e6:af:b5:09:88:9c:
                    c4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:85:33:19:E8:A5:47:27:E1:54:60:46:0E:CD:D2:73:05:D6:81:46
            X509v3 Authority Key Identifier:
                keyid:98:70:BF:4F:95:35:0D:03:77:FA:89:38:BF:4F:2D:CB:7E:72:FF:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mHC_T5U1DQN3-ok4v08ty35y_xI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/600a37-f967-45b1-a1dd-07a315e9033d/1/ZYUzGeilRyfhVGBGDs3ScwXWgUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/600a37-f967-45b1-a1dd-07a315e9033d/1/mHC_T5U1DQN3-ok4v08ty35y_xI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:fe:ee:b6:55:2a:07:34:b9:2c:30:7f:3b:38:93:17:21:f8:
         1a:01:52:7a:eb:89:57:42:24:bb:4e:b3:c9:fe:3b:d8:05:73:
         b3:e6:a9:85:74:10:9e:5d:f0:bb:bb:e3:48:e9:0c:97:d9:d5:
         cb:a1:c6:0f:29:0e:d4:23:5a:1a:5c:46:9a:c5:c3:81:45:46:
         48:5a:1a:43:aa:8a:b2:a6:77:82:f1:39:28:74:e1:5c:92:38:
         50:7c:e9:b6:3f:b5:5d:f7:f9:ea:fb:0c:e2:e9:f9:91:ae:aa:
         f3:9d:0e:a1:f0:30:04:18:65:ba:2f:d6:7c:a8:84:17:12:00:
         17:75:9d:4a:51:4a:d6:a2:83:46:f6:03:50:78:15:47:9f:db:
         7e:cf:fd:11:11:f5:ab:c3:69:e6:35:26:3e:34:64:4e:5d:31:
         15:36:d7:46:46:84:8d:9d:2a:96:1c:97:80:e8:8e:c2:31:65:
         59:b6:9c:87:c9:5f:3e:31:8a:01:54:85:d6:ba:d7:a0:14:f5:
         71:eb:46:25:4e:d3:d7:f1:1a:d3:ef:fc:01:4d:ea:5d:dc:c5:
         70:5a:36:74:e4:41:f4:de:bf:a6:94:37:5d:36:ac:3e:2f:da:
         a5:d8:dc:e4:22:1a:6d:fd:ec:6f:d4:93:a5:c3:a1:12:79:8b:
         85:18:9b:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZXg/8xKsgRv9MPjiISKAOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NzBiZjRmOTUzNTBkMDM3N2ZhODkzOGJmNGYyZGNiN2U3
MmZmMTIwHhcNMjUwNDIxMDg0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTg1MzMxOWU4YTU0NzI3ZTE1NDYwNDYwZWNkZDI3MzA1ZDY4MTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXa/ROs3VpUgphtWkg87PcL0a0GA
uSES8defWxC2qUeS+fDp4xwSw3ZNTjYSOXcT3btQx5lz53J3/nSVKFbJEg5G3Bv1
Ue9wubhTw1MXQDQYojqXL+KaHsSP2NMEmcwcWOhoSyuLRpVaFRsWxMfzp2PnFYsr
nmWxalqlE2JaACUL9cYZ66/enAxYqAvOrM3nR/Ju1RsejcwxAfk1zcdwPwl1Tczq
yxKC3ZPX6djftuGI1/BOPuzSSwq2XwpAQdkJMaOFxfhVvpchfsIZiFKEVb0810D8
+CwixXjDDKMC1CIN5Y76S7i8Ai5Pr14JssDrav/xQ1W2i7Lmr7UJiJzEUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWFMxnopUcn4VRgRg7N0nMF1oFGMB8GA1UdIwQY
MBaAFJhwv0+VNQ0Dd/qJOL9PLct+cv8SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUhDX1Q1VTFEUU4zLW9rNHYwOHR5MzV5X3hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi82MDBhMzctZjk2Ny00NWIxLWExZGQt
MDdhMzE1ZTkwMzNkLzEvWllVekdlaWxSeWZoVkdCR0RzM1Njd1hXZ1VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi82MDBhMzctZjk2Ny00NWIxLWExZGQtMDdhMzE1ZTkwMzNk
LzEvbUhDX1Q1VTFEUU4zLW9rNHYwOHR5MzV5X3hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQriMA0G
CSqGSIb3DQEBCwUAA4IBAQBy/u62VSoHNLksMH87OJMXIfgaAVJ664lXQiS7TrPJ
/jvYBXOz5qmFdBCeXfC7u+NI6QyX2dXLocYPKQ7UI1oaXEaaxcOBRUZIWhpDqoqy
pneC8TkodOFckjhQfOm2P7Vd9/nq+wzi6fmRrqrznQ6h8DAEGGW6L9Z8qIQXEgAX
dZ1KUUrWooNG9gNQeBVHn9t+z/0REfWrw2nmNSY+NGROXTEVNtdGRoSNnSqWHJeA
6I7CMWVZtpyHyV8+MYoBVIXWutegFPVx60YlTtPX8RrT7/wBTepd3MVwWjZ05EH0
3r+mlDddNqw+L9ql2NzkIhpt/exv1JOlw6ESeYuFGJt3
-----END CERTIFICATE-----