Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/908956-c5e6-4a3e-9f17-a14ca0ec1c1a/1/jzoaRST14iVv_bSGhulsr5_HKjg.roa
File:                     jzoaRST14iVv_bSGhulsr5_HKjg.roa (raw, json)
Hash identifier:          eDucU+vORvsLhsrcVm/yMIU0JKeTCq2CqXsu5GoLiJA=
Subject key identifier:   8F:3A:1A:45:24:F5:E2:25:6F:FD:B4:86:86:E9:6C:AF:9F:C7:2A:38
Certificate issuer:       /CN=9d5a17271d99cf15b73ecc658673143c28e207ed
Certificate serial:       019465D0D1B5F333AC5C6E08782BAD7D89CC
Authority key identifier: 9D:5A:17:27:1D:99:CF:15:B7:3E:CC:65:86:73:14:3C:28:E2:07:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nVoXJx2ZzxW3PsxlhnMUPCjiB-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/908956-c5e6-4a3e-9f17-a14ca0ec1c1a/1/jzoaRST14iVv_bSGhulsr5_HKjg.roa
Signing time:             Tue 14 Jan 2025 17:16:11 +0000
ROA not before:           Tue 14 Jan 2025 17:16:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59597
IP address blocks:        5.179.72.0/21 maxlen: 24
                          185.14.140.0/22 maxlen: 24
                          2a01:9540::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/908956-c5e6-4a3e-9f17-a14ca0ec1c1a/1/nVoXJx2ZzxW3PsxlhnMUPCjiB-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/908956-c5e6-4a3e-9f17-a14ca0ec1c1a/1/nVoXJx2ZzxW3PsxlhnMUPCjiB-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nVoXJx2ZzxW3PsxlhnMUPCjiB-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:65:d0:d1:b5:f3:33:ac:5c:6e:08:78:2b:ad:7d:89:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5a17271d99cf15b73ecc658673143c28e207ed
        Validity
            Not Before: Jan 14 17:16:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f3a1a4524f5e2256ffdb48686e96caf9fc72a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ae:28:55:dc:98:49:5f:19:3f:8e:0b:46:ff:
                    18:34:d9:02:83:5d:f8:73:12:f3:51:3c:05:5a:a4:
                    4d:ce:c2:ec:24:4a:f3:41:81:46:a1:5a:2c:f6:fe:
                    43:24:02:a4:b9:39:46:85:e9:fb:f8:8c:c9:bf:9c:
                    41:73:f3:33:72:5e:38:33:a4:3f:61:49:b2:e5:cd:
                    5a:c1:1b:36:a7:c8:16:6f:e4:b7:00:e6:23:3a:d3:
                    1f:f6:bf:4c:39:b0:25:57:82:2f:bf:c1:16:07:13:
                    77:08:a7:e5:e5:83:cd:b0:ba:8d:cb:7f:e0:8a:31:
                    f1:f5:42:0a:4c:fb:58:66:eb:c5:29:2a:88:bb:3b:
                    60:9f:7c:e4:08:91:f9:cd:5a:5f:69:5b:6b:fc:ae:
                    1a:b1:96:13:2e:43:f1:75:a1:df:8d:04:9a:41:1f:
                    1d:8e:6e:16:a6:90:9b:52:3e:8a:5b:65:84:b4:2b:
                    55:d7:ed:0d:53:4d:a7:29:af:32:1f:7e:8d:57:a9:
                    4f:c4:ac:a5:78:42:ac:e7:1a:ff:e0:c1:a4:05:5f:
                    bf:f9:cf:44:5a:3a:a2:11:65:2b:b0:d7:2a:4f:38:
                    29:52:69:93:27:3a:df:5b:fd:09:9a:16:10:91:16:
                    12:b9:fe:51:8d:ab:cf:f0:b3:dd:a4:94:5b:37:49:
                    bd:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:3A:1A:45:24:F5:E2:25:6F:FD:B4:86:86:E9:6C:AF:9F:C7:2A:38
            X509v3 Authority Key Identifier:
                keyid:9D:5A:17:27:1D:99:CF:15:B7:3E:CC:65:86:73:14:3C:28:E2:07:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nVoXJx2ZzxW3PsxlhnMUPCjiB-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/908956-c5e6-4a3e-9f17-a14ca0ec1c1a/1/jzoaRST14iVv_bSGhulsr5_HKjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/908956-c5e6-4a3e-9f17-a14ca0ec1c1a/1/nVoXJx2ZzxW3PsxlhnMUPCjiB-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.179.72.0/21
                  185.14.140.0/22
                IPv6:
                  2a01:9540::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:fc:f6:78:48:38:1a:55:45:9c:33:29:bb:7a:0e:0b:32:4d:
         f6:f7:74:fd:ec:9a:06:50:f5:58:d7:01:60:7c:50:94:bb:29:
         bb:ac:21:e7:fd:f4:94:bd:42:4b:2f:a6:56:6b:3a:1b:fa:8d:
         f9:01:2f:01:b7:4e:f6:53:a9:c1:25:92:c7:27:22:2e:75:fe:
         d9:74:bd:63:55:41:04:73:7f:1e:38:63:74:b4:a9:7f:62:37:
         a9:79:4d:ce:e1:ba:d6:65:f1:49:ee:dd:07:6a:84:52:06:7c:
         a7:15:5f:9e:4e:ec:62:2f:d0:ef:7f:94:f0:70:53:6c:0f:98:
         3a:2d:7c:e6:2c:00:e0:c9:3e:eb:6a:24:6c:0d:23:a2:7f:d7:
         84:09:4d:9f:b3:50:b8:ea:ef:0a:b1:62:56:7d:05:18:c4:e3:
         bc:2a:a8:9c:d0:f7:e7:f6:e7:ba:42:6a:19:99:bd:20:43:f3:
         a7:e2:bf:6e:80:50:6e:1c:c7:1c:da:49:6c:0f:35:a2:0a:6b:
         5d:1f:27:75:fe:29:9a:ce:4c:10:5c:53:b0:d9:1a:49:4b:e0:
         8b:d2:a9:b8:c1:5b:4e:db:6f:7b:52:8e:7d:a2:b1:e7:12:33:
         67:53:87:d5:8d:cb:05:1f:ad:68:d7:88:31:20:d5:12:65:4f:
         c8:c6:b7:f8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZRl0NG18zOsXG4IeCutfYnMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWExNzI3MWQ5OWNmMTViNzNlY2M2NTg2NzMxNDNjMjhl
MjA3ZWQwHhcNMjUwMTE0MTcxNjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjNhMWE0NTI0ZjVlMjI1NmZmZGI0ODY4NmU5NmNhZjlmYzcyYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1a4oVdyYSV8ZP44LRv8YNNkCg134
cxLzUTwFWqRNzsLsJErzQYFGoVos9v5DJAKkuTlGhen7+IzJv5xBc/Mzcl44M6Q/
YUmy5c1awRs2p8gWb+S3AOYjOtMf9r9MObAlV4Ivv8EWBxN3CKfl5YPNsLqNy3/g
ijHx9UIKTPtYZuvFKSqIuztgn3zkCJH5zVpfaVtr/K4asZYTLkPxdaHfjQSaQR8d
jm4WppCbUj6KW2WEtCtV1+0NU02nKa8yH36NV6lPxKyleEKs5xr/4MGkBV+/+c9E
WjqiEWUrsNcqTzgpUmmTJzrfW/0JmhYQkRYSuf5RjavP8LPdpJRbN0m9lwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFI86GkUk9eIlb/20hobpbK+fxyo4MB8GA1UdIwQY
MBaAFJ1aFycdmc8Vtz7MZYZzFDwo4gftMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblZvWEp4Mlp6eFczUHN4bGhuTVVQQ2ppQi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My85MDg5NTYtYzVlNi00YTNlLTlmMTct
YTE0Y2EwZWMxYzFhLzEvanpvYVJTVDE0aVZ2X2JTR2h1bHNyNV9IS2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My85MDg5NTYtYzVlNi00YTNlLTlmMTctYTE0Y2EwZWMxYzFh
LzEvblZvWEp4Mlp6eFczUHN4bGhuTVVQQ2ppQi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBbNIAwQC
uQ6MMA0EAgACMAcDBQAqAZVAMA0GCSqGSIb3DQEBCwUAA4IBAQA2/PZ4SDgaVUWc
Mym7eg4LMk3293T97JoGUPVY1wFgfFCUuym7rCHn/fSUvUJLL6ZWazob+o35AS8B
t072U6nBJZLHJyIudf7ZdL1jVUEEc38eOGN0tKl/YjepeU3O4brWZfFJ7t0HaoRS
BnynFV+eTuxiL9Dvf5TwcFNsD5g6LXzmLADgyT7raiRsDSOif9eECU2fs1C46u8K
sWJWfQUYxOO8Kqic0Pfn9ue6QmoZmb0gQ/On4r9ugFBuHMcc2klsDzWiCmtdHyd1
/imazkwQXFOw2RpJS+CL0qm4wVtO2297Uo59orHnEjNnU4fVjcsFH61o14gxINUS
ZU/Ixrf4
-----END CERTIFICATE-----