Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/sKarxrcp3TYbOa1lj25cFgvPm1M.roa
File:                     sKarxrcp3TYbOa1lj25cFgvPm1M.roa (raw, json)
Hash identifier:          hzIQC+6QcM0KejfwF/J95Pb7an1/Oimflf+mKhKCBQI=
Subject key identifier:   B0:A6:AB:C6:B7:29:DD:36:1B:39:AD:65:8F:6E:5C:16:0B:CF:9B:53
Certificate issuer:       /CN=cb662ceeb726774b1b44c51ff1fc0df908bdebbc
Certificate serial:       0196CF1EE41100DE12F012C9FC43F29BD697
Authority key identifier: CB:66:2C:EE:B7:26:77:4B:1B:44:C5:1F:F1:FC:0D:F9:08:BD:EB:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2Ys7rcmd0sbRMUf8fwN-Qi967w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/sKarxrcp3TYbOa1lj25cFgvPm1M.roa
Signing time:             Wed 14 May 2025 14:07:10 +0000
ROA not before:           Wed 14 May 2025 14:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12969
IP address blocks:        5.23.80.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/y2Ys7rcmd0sbRMUf8fwN-Qi967w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/y2Ys7rcmd0sbRMUf8fwN-Qi967w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2Ys7rcmd0sbRMUf8fwN-Qi967w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:1e:e4:11:00:de:12:f0:12:c9:fc:43:f2:9b:d6:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb662ceeb726774b1b44c51ff1fc0df908bdebbc
        Validity
            Not Before: May 14 14:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0a6abc6b729dd361b39ad658f6e5c160bcf9b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d4:3c:98:4a:4b:7d:d2:38:eb:c5:85:b5:7b:
                    8d:cd:7a:68:0d:a8:2c:e7:6d:bf:98:1a:fa:5a:22:
                    d4:9f:b9:38:df:97:a3:9c:39:a9:9a:89:b6:e4:03:
                    19:be:a2:3a:40:e8:fa:47:06:fc:29:f0:03:63:30:
                    66:3a:12:e0:88:3a:f6:0c:97:96:fe:ee:e9:48:b8:
                    c3:d9:e9:58:5e:4e:65:d1:8e:8c:31:e8:38:30:e2:
                    5d:11:7c:98:46:4d:b5:cd:0c:d7:3a:15:6b:f5:75:
                    d1:93:67:b0:b3:fe:66:f6:95:52:ee:55:d6:8a:2d:
                    da:9b:11:1d:93:75:63:c1:72:66:18:42:da:e8:09:
                    82:68:e0:7f:f4:98:81:21:38:59:d4:bd:d1:62:79:
                    e9:dd:62:25:36:e0:2b:33:32:9a:cf:56:a1:a6:3e:
                    93:60:5a:4a:26:ac:b6:a2:ee:c6:74:4e:88:11:58:
                    ee:6d:d3:07:bf:41:63:73:1e:a6:63:52:cb:86:57:
                    ee:1b:a7:50:d7:7d:89:fe:7a:f1:c0:f0:ca:5e:5d:
                    9e:d1:1e:c2:3b:19:d2:da:02:92:99:e6:fc:a0:61:
                    5b:98:17:80:4b:05:e6:e4:24:66:17:94:35:e9:57:
                    1b:1a:df:59:b6:0f:39:72:6a:d2:31:b5:7c:68:a4:
                    54:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A6:AB:C6:B7:29:DD:36:1B:39:AD:65:8F:6E:5C:16:0B:CF:9B:53
            X509v3 Authority Key Identifier:
                keyid:CB:66:2C:EE:B7:26:77:4B:1B:44:C5:1F:F1:FC:0D:F9:08:BD:EB:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2Ys7rcmd0sbRMUf8fwN-Qi967w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/sKarxrcp3TYbOa1lj25cFgvPm1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/y2Ys7rcmd0sbRMUf8fwN-Qi967w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.23.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         78:49:3d:aa:6d:9f:f0:86:a2:ee:f9:f5:6c:ca:0c:2e:40:5b:
         6b:c8:6f:ce:ec:35:93:d6:9f:a1:a0:77:0c:f9:47:9b:28:76:
         f5:48:2b:34:45:a1:e0:78:ed:fa:87:35:f2:67:b6:7a:c1:d8:
         a7:e7:88:e8:53:38:6e:0f:40:fb:9a:d0:04:29:dc:e9:03:fb:
         d6:73:7c:28:25:0e:e9:ad:90:ab:94:17:fc:1e:a2:3c:80:99:
         67:af:d3:85:a9:7b:1b:d3:da:b6:1d:11:0f:8e:e0:00:38:fa:
         96:64:8c:84:27:0b:81:66:81:75:8e:e9:44:7a:4a:97:ee:92:
         b4:53:fa:55:23:6e:6a:d9:90:c7:be:7e:8a:65:c4:63:f0:b8:
         be:fc:17:4d:e4:50:ab:77:ea:b5:1b:33:17:53:6b:1c:69:2f:
         a8:8f:c6:5b:51:51:d4:70:59:4a:34:fd:09:b2:df:30:0f:27:
         97:04:c4:8a:7c:79:fa:ba:77:11:f1:85:cb:3d:89:e4:d5:61:
         79:47:98:62:7a:9e:f3:18:e4:09:22:f6:31:9a:f6:f4:28:4e:
         0d:2b:ff:d2:81:4e:db:28:e4:52:8b:46:f0:96:45:a8:4c:99:
         30:c7:24:d5:51:5e:4f:ed:20:77:bd:0c:8d:99:7e:c8:02:43:
         57:7e:c0:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbPHuQRAN4S8BLJ/EPym9aXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjYyY2VlYjcyNjc3NGIxYjQ0YzUxZmYxZmMwZGY5MDhi
ZGViYmMwHhcNMjUwNTE0MTQwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGE2YWJjNmI3MjlkZDM2MWIzOWFkNjU4ZjZlNWMxNjBiY2Y5YjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdQ8mEpLfdI468WFtXuNzXpoDags
522/mBr6WiLUn7k435ejnDmpmom25AMZvqI6QOj6Rwb8KfADYzBmOhLgiDr2DJeW
/u7pSLjD2elYXk5l0Y6MMeg4MOJdEXyYRk21zQzXOhVr9XXRk2ews/5m9pVS7lXW
ii3amxEdk3VjwXJmGELa6AmCaOB/9JiBIThZ1L3RYnnp3WIlNuArMzKaz1ahpj6T
YFpKJqy2ou7GdE6IEVjubdMHv0Fjcx6mY1LLhlfuG6dQ132J/nrxwPDKXl2e0R7C
OxnS2gKSmeb8oGFbmBeASwXm5CRmF5Q16VcbGt9Ztg85cmrSMbV8aKRU8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCmq8a3Kd02GzmtZY9uXBYLz5tTMB8GA1UdIwQY
MBaAFMtmLO63JndLG0TFH/H8DfkIveu8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJZczdyY21kMHNiUk1VZjhmd04tUWk5Njd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hOTYyYTktYWJmZi00NDk1LTg2Y2Mt
YjU2YzhjY2IyOTM1LzEvc0thcnhyY3AzVFliT2ExbGoyNWNGZ3ZQbTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hOTYyYTktYWJmZi00NDk1LTg2Y2MtYjU2YzhjY2IyOTM1
LzEveTJZczdyY21kMHNiUk1VZjhmd04tUWk5Njd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEBRdQMA0G
CSqGSIb3DQEBCwUAA4IBAQB4ST2qbZ/whqLu+fVsygwuQFtryG/O7DWT1p+hoHcM
+UebKHb1SCs0RaHgeO36hzXyZ7Z6wdin54joUzhuD0D7mtAEKdzpA/vWc3woJQ7p
rZCrlBf8HqI8gJlnr9OFqXsb09q2HREPjuAAOPqWZIyEJwuBZoF1julEekqX7pK0
U/pVI25q2ZDHvn6KZcRj8Li+/BdN5FCrd+q1GzMXU2scaS+oj8ZbUVHUcFlKNP0J
st8wDyeXBMSKfHn6uncR8YXLPYnk1WF5R5hiep7zGOQJIvYxmvb0KE4NK//SgU7b
KORSi0bwlkWoTJkwxyTVUV5P7SB3vQyNmX7IAkNXfsCh
-----END CERTIFICATE-----