Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/v2JqIJBq3wJphTAbwK0-g33RShA.roa
File:                     v2JqIJBq3wJphTAbwK0-g33RShA.roa (raw, json)
Hash identifier:          i1c3+hUzjW7SLy+JaUh7BqmO9B9VdI9iEDnKvNZU/ks=
Subject key identifier:   BF:62:6A:20:90:6A:DF:02:69:85:30:1B:C0:AD:3E:83:7D:D1:4A:10
Certificate issuer:       /CN=320b24a740f2e61632050adc146c1ee6a3e686c5
Certificate serial:       019421B2023015B11CF727DBB7329DA2CB9C
Authority key identifier: 32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/v2JqIJBq3wJphTAbwK0-g33RShA.roa
Signing time:             Wed 01 Jan 2025 11:48:21 +0000
ROA not before:           Wed 01 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3241
IP address blocks:        5.179.29.0/24 maxlen: 24
                          5.179.30.0/24 maxlen: 24
                          5.179.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:02:30:15:b1:1c:f7:27:db:b7:32:9d:a2:cb:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=320b24a740f2e61632050adc146c1ee6a3e686c5
        Validity
            Not Before: Jan  1 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf626a20906adf026985301bc0ad3e837dd14a10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e8:32:ad:cb:3d:00:74:9e:1a:6c:c6:cb:c8:
                    f8:18:1c:ad:7c:32:f5:44:61:1c:46:c6:54:92:c9:
                    65:25:ca:46:41:9d:9a:30:2b:cb:a0:ec:aa:81:83:
                    46:d7:a9:36:3d:5e:b0:ba:b5:30:a0:ce:a6:6d:87:
                    47:0f:b6:7b:e7:a9:73:b5:35:fc:f8:98:0b:74:4f:
                    d0:22:20:cd:f3:c0:8a:2c:45:26:69:f6:1a:27:50:
                    b0:e6:97:f6:18:29:81:25:1c:a0:20:b7:f2:ed:01:
                    74:b2:bb:73:87:e6:76:03:14:3f:72:38:0e:b5:bc:
                    66:87:bd:35:cd:3d:1a:c6:55:b2:f8:73:e3:22:09:
                    e7:d1:05:01:69:41:1b:c3:02:4e:b6:f1:0d:c4:04:
                    dc:6a:60:f5:07:ec:b8:18:18:ce:d5:05:45:a7:ec:
                    4f:0d:fb:33:7d:25:8a:98:41:98:58:c6:90:ef:79:
                    78:19:6d:15:47:c5:ed:b4:a7:d7:62:d9:35:bb:d8:
                    68:63:61:ea:48:a5:69:b4:a4:75:8f:4f:35:6f:89:
                    4e:46:b3:7c:df:ae:a3:06:9e:bf:06:df:7d:95:df:
                    4b:4d:42:f4:da:a6:2c:4e:73:f9:6c:2a:b9:a0:fb:
                    97:e2:3c:f3:09:fb:e2:2d:c5:5c:1e:87:76:7e:da:
                    d4:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:62:6A:20:90:6A:DF:02:69:85:30:1B:C0:AD:3E:83:7D:D1:4A:10
            X509v3 Authority Key Identifier:
                keyid:32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/v2JqIJBq3wJphTAbwK0-g33RShA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.179.29.0-5.179.31.255

    Signature Algorithm: sha256WithRSAEncryption
         aa:47:c1:4d:a8:f4:b2:54:fc:3f:84:ae:f7:d6:46:e6:d4:a0:
         fa:cb:bf:43:48:a0:cb:6d:4b:cd:69:9b:08:8e:c9:ba:03:02:
         ec:9c:35:92:e4:eb:bb:20:44:4b:4f:7a:04:57:72:0e:5a:25:
         21:07:27:fe:e3:09:f5:1e:8c:3a:e3:30:32:d9:5c:39:df:fe:
         75:5c:8a:aa:3c:b2:7a:f1:d4:83:59:ff:09:34:e6:b8:59:8c:
         cf:c6:9e:e9:40:63:a5:ae:09:b4:01:26:90:75:b9:a1:5f:b8:
         29:4f:b1:a0:26:9f:38:99:37:43:fc:5e:b5:4a:26:e4:6c:a5:
         85:2b:7d:69:b8:cc:94:6b:48:88:9a:8c:4a:46:78:b3:9d:59:
         96:32:bf:36:40:72:c0:a7:bf:96:ed:83:b6:73:65:b2:ad:c6:
         7c:97:82:7b:ac:63:93:ab:64:f1:d9:9b:c5:98:d0:29:ce:8a:
         69:0a:7b:6d:6b:d9:85:51:32:29:71:9c:17:65:20:8c:ae:6f:
         04:7d:5f:7c:ff:d1:11:ee:85:93:68:22:62:0a:c3:7d:3e:fa:
         3e:02:43:6e:de:5d:98:b8:79:c9:56:c4:c9:23:f4:d2:c6:27:
         0d:c0:9a:91:c0:3a:56:c1:18:c2:ca:ef:93:b9:fe:36:44:59:
         61:d6:96:75
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhsgIwFbEc9yfbtzKdosucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMGIyNGE3NDBmMmU2MTYzMjA1MGFkYzE0NmMxZWU2YTNl
Njg2YzUwHhcNMjUwMTAxMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjYyNmEyMDkwNmFkZjAyNjk4NTMwMWJjMGFkM2U4MzdkZDE0YTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkegyrcs9AHSeGmzGy8j4GBytfDL1
RGEcRsZUksllJcpGQZ2aMCvLoOyqgYNG16k2PV6wurUwoM6mbYdHD7Z756lztTX8
+JgLdE/QIiDN88CKLEUmafYaJ1Cw5pf2GCmBJRygILfy7QF0srtzh+Z2AxQ/cjgO
tbxmh701zT0axlWy+HPjIgnn0QUBaUEbwwJOtvENxATcamD1B+y4GBjO1QVFp+xP
DfszfSWKmEGYWMaQ73l4GW0VR8XttKfXYtk1u9hoY2HqSKVptKR1j081b4lORrN8
366jBp6/Bt99ld9LTUL02qYsTnP5bCq5oPuX4jzzCfviLcVcHod2ftrU+QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFL9iaiCQat8CaYUwG8CtPoN90UoQMB8GA1UdIwQY
MBaAFDILJKdA8uYWMgUK3BRsHuaj5obFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYt
OTQ5MTRmNWRkYjNjLzEvdjJKcUlKQnEzd0pwaFRBYndLMC1nMzNSU2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYtOTQ5MTRmNWRkYjNj
LzEvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAFsx0D
BAUFswAwDQYJKoZIhvcNAQELBQADggEBAKpHwU2o9LJU/D+ErvfWRubUoPrLv0NI
oMttS81pmwiOyboDAuycNZLk67sgREtPegRXcg5aJSEHJ/7jCfUejDrjMDLZXDnf
/nVciqo8snrx1INZ/wk05rhZjM/GnulAY6WuCbQBJpB1uaFfuClPsaAmnziZN0P8
XrVKJuRspYUrfWm4zJRrSIiajEpGeLOdWZYyvzZAcsCnv5btg7ZzZbKtxnyXgnus
Y5OrZPHZm8WY0CnOimkKe21r2YVRMilxnBdlIIyubwR9X3z/0RHuhZNoImIKw30+
+j4CQ27eXZi4eclWxMkj9NLGJw3AmpHAOlbBGMLK75O5/jZEWWHWlnU=
-----END CERTIFICATE-----