Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/CnK_O_JvTA-jn8NZf4BVIYdpxjo.roa
File:                     CnK_O_JvTA-jn8NZf4BVIYdpxjo.roa (raw, json)
Hash identifier:          qWovma3BYcN8pXJ/lkZOtiml90eDD3dbpKZPnefvJ04=
Subject key identifier:   0A:72:BF:3B:F2:6F:4C:0F:A3:9F:C3:59:7F:80:55:21:87:69:C6:3A
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01942220099CF0E9512F5234BD2F505306BC
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/CnK_O_JvTA-jn8NZf4BVIYdpxjo.roa
Signing time:             Wed 01 Jan 2025 13:48:32 +0000
ROA not before:           Wed 01 Jan 2025 13:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200275
IP address blocks:        5.231.127.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:09:9c:f0:e9:51:2f:52:34:bd:2f:50:53:06:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 13:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a72bf3bf26f4c0fa39fc3597f8055218769c63a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8d:43:84:98:8b:d7:a6:0a:a4:22:01:3c:45:
                    2b:55:cb:89:18:b2:93:db:6e:67:36:a5:08:61:91:
                    9f:d4:41:03:bd:65:36:30:18:f6:47:f9:c4:9d:d9:
                    c5:87:ab:07:4d:27:78:c0:72:ae:fe:82:d7:12:37:
                    67:97:50:8e:3e:45:b0:40:bc:3b:3c:f7:90:20:96:
                    62:35:bc:3b:dc:a0:29:39:9d:e7:10:f0:73:c3:f3:
                    11:ed:86:8e:59:75:67:7b:5f:5a:4f:43:41:ba:cc:
                    de:00:0c:a1:7f:16:a2:6d:6d:3a:70:3c:31:01:d0:
                    af:ed:6a:49:e2:f4:a4:eb:51:35:1a:2e:2b:f8:b7:
                    2c:78:88:7b:0d:ca:f1:34:a7:a5:3d:9f:7f:36:61:
                    d3:4b:30:1f:56:6a:ca:fd:26:7b:f8:73:dd:b4:57:
                    b4:87:01:87:ee:b7:7f:de:a2:51:9b:60:5c:c0:f3:
                    0f:0f:9f:e1:d3:ad:36:94:41:f8:43:c7:eb:62:52:
                    10:d7:0d:ba:fa:2e:72:7c:6d:cd:58:02:ce:1a:dc:
                    02:df:a0:b5:fb:28:06:98:ed:b3:38:2a:5f:65:d3:
                    90:4e:93:db:21:96:3f:ad:2c:cb:df:a7:a9:1e:c3:
                    35:b5:1f:48:d7:fa:0c:53:1a:47:d0:9d:00:2c:3f:
                    30:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:72:BF:3B:F2:6F:4C:0F:A3:9F:C3:59:7F:80:55:21:87:69:C6:3A
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/CnK_O_JvTA-jn8NZf4BVIYdpxjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e5:15:33:58:34:e1:65:5d:76:78:69:5b:5f:e8:1c:a7:86:30:
         0e:a7:ac:4e:47:28:ec:f9:de:8d:23:d7:d7:12:a1:e1:15:f9:
         75:89:0b:29:9d:84:83:43:f1:4b:57:07:74:1e:a9:d7:00:b8:
         69:c6:4b:84:4f:67:61:ff:00:9e:71:3b:63:e2:df:34:47:22:
         ef:ba:43:9c:7c:d9:86:4c:67:49:f5:d3:c2:c0:fc:d7:85:45:
         bf:9f:a5:85:66:33:a8:5e:35:14:9e:16:1f:e1:26:dc:c0:d6:
         4d:0e:c3:be:f7:3b:f1:5e:93:84:f3:f8:1b:4f:73:94:32:c9:
         f7:e5:f1:85:2d:47:f6:ae:25:99:5f:a4:40:4e:00:f1:d5:e3:
         04:92:47:45:da:87:55:5e:71:25:b1:53:d3:cc:83:7a:fd:60:
         a5:af:1e:ec:b3:3b:ef:13:32:e5:d2:dd:da:4e:32:66:2f:9e:
         46:d9:85:d9:9e:ce:0a:8b:f4:cf:46:b9:96:40:3c:90:02:81:
         e1:9c:00:e0:00:0e:ae:b1:ad:5f:be:77:81:4a:d5:03:57:73:
         66:c4:fe:7b:fa:d7:d8:22:d0:19:6c:75:ef:de:93:e0:40:89:
         5e:d8:76:d7:af:7b:19:ee:79:c6:69:5a:3c:ff:69:50:81:b4:
         04:b0:9a:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAmc8OlRL1I0vS9QUwa8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMTAxMTM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTcyYmYzYmYyNmY0YzBmYTM5ZmMzNTk3ZjgwNTUyMTg3NjljNjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuI1DhJiL16YKpCIBPEUrVcuJGLKT
225nNqUIYZGf1EEDvWU2MBj2R/nEndnFh6sHTSd4wHKu/oLXEjdnl1COPkWwQLw7
PPeQIJZiNbw73KApOZ3nEPBzw/MR7YaOWXVne19aT0NBuszeAAyhfxaibW06cDwx
AdCv7WpJ4vSk61E1Gi4r+LcseIh7DcrxNKelPZ9/NmHTSzAfVmrK/SZ7+HPdtFe0
hwGH7rd/3qJRm2BcwPMPD5/h0602lEH4Q8frYlIQ1w26+i5yfG3NWALOGtwC36C1
+ygGmO2zOCpfZdOQTpPbIZY/rSzL36epHsM1tR9I1/oMUxpH0J0ALD8wnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApyvzvyb0wPo5/DWX+AVSGHacY6MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvQ25LX09fSnZUQS1qbjhOWmY0QlZJWWRweGpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABed/MA0G
CSqGSIb3DQEBCwUAA4IBAQDlFTNYNOFlXXZ4aVtf6BynhjAOp6xORyjs+d6NI9fX
EqHhFfl1iQspnYSDQ/FLVwd0HqnXALhpxkuET2dh/wCecTtj4t80RyLvukOcfNmG
TGdJ9dPCwPzXhUW/n6WFZjOoXjUUnhYf4SbcwNZNDsO+9zvxXpOE8/gbT3OUMsn3
5fGFLUf2riWZX6RATgDx1eMEkkdF2odVXnElsVPTzIN6/WClrx7sszvvEzLl0t3a
TjJmL55G2YXZns4Ki/TPRrmWQDyQAoHhnADgAA6usa1fvneBStUDV3NmxP57+tfY
ItAZbHXv3pPgQIle2HbXr3sZ7nnGaVo8/2lQgbQEsJpi
-----END CERTIFICATE-----