Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/Rz-Vh9z4e03dlNgqerpia1XRL-k.roa
File:                     Rz-Vh9z4e03dlNgqerpia1XRL-k.roa (raw, json)
Hash identifier:          264nJ8QiwzT6QaHmYoFKRNYp0Sy9/H1JZeP4RPKrOd4=
Subject key identifier:   47:3F:95:87:DC:F8:7B:4D:DD:94:D8:2A:7A:BA:62:6B:55:D1:2F:E9
Certificate issuer:       /CN=3ba05cb29671d30a57a3e8444f41fe034cf75231
Certificate serial:       0194228D10F6CAE898C89DE51046A4F975DD
Authority key identifier: 3B:A0:5C:B2:96:71:D3:0A:57:A3:E8:44:4F:41:FE:03:4C:F7:52:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6BcspZx0wpXo-hET0H-A0z3UjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/Rz-Vh9z4e03dlNgqerpia1XRL-k.roa
Signing time:             Wed 01 Jan 2025 15:47:37 +0000
ROA not before:           Wed 01 Jan 2025 15:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206188
IP address blocks:        5.42.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/O6BcspZx0wpXo-hET0H-A0z3UjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/O6BcspZx0wpXo-hET0H-A0z3UjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O6BcspZx0wpXo-hET0H-A0z3UjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:10:f6:ca:e8:98:c8:9d:e5:10:46:a4:f9:75:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba05cb29671d30a57a3e8444f41fe034cf75231
        Validity
            Not Before: Jan  1 15:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=473f9587dcf87b4ddd94d82a7aba626b55d12fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9e:25:03:bc:3e:de:66:7b:0d:0a:b2:0d:a2:
                    da:dd:9e:be:b0:53:87:fb:90:ec:15:07:f7:4a:a8:
                    e0:17:ec:37:73:6b:43:50:3f:3a:54:d7:bc:c0:00:
                    84:c7:98:ad:b3:4a:6d:61:04:82:ff:78:ef:07:30:
                    fd:f6:49:05:50:31:65:21:d7:cb:59:14:93:c0:43:
                    60:49:12:8b:7c:b4:55:ce:d9:3d:f5:98:3e:60:ee:
                    41:21:62:0b:2f:da:b6:0c:de:65:63:41:26:72:c7:
                    68:8f:d6:bf:06:09:64:e5:ee:12:d1:19:4d:e7:c6:
                    53:64:42:fe:9d:b5:3f:6a:55:d2:13:97:fc:ea:85:
                    c7:cc:0f:33:12:e8:e8:c7:a9:a1:5a:ac:63:4c:96:
                    d6:05:37:7b:9a:a6:66:76:05:15:a3:e4:ad:68:41:
                    05:a1:af:61:23:04:7f:d5:cf:38:a8:ea:fd:3e:75:
                    88:52:3c:77:92:c4:c0:fe:28:7a:4f:e3:a5:15:b0:
                    8f:f7:2a:12:b9:70:e9:33:33:59:db:aa:04:d4:0d:
                    d0:e5:0a:6e:a9:4c:ff:11:d3:4b:0c:48:45:26:c0:
                    26:f1:e6:63:61:a6:2e:47:1f:31:7e:24:87:38:b2:
                    37:e5:47:9e:d4:d7:0f:cb:1d:17:f6:21:27:16:86:
                    8c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:3F:95:87:DC:F8:7B:4D:DD:94:D8:2A:7A:BA:62:6B:55:D1:2F:E9
            X509v3 Authority Key Identifier:
                keyid:3B:A0:5C:B2:96:71:D3:0A:57:A3:E8:44:4F:41:FE:03:4C:F7:52:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6BcspZx0wpXo-hET0H-A0z3UjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/Rz-Vh9z4e03dlNgqerpia1XRL-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/O6BcspZx0wpXo-hET0H-A0z3UjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:70:fa:05:ce:08:7a:ec:72:5c:bd:5e:e3:dd:26:7c:d8:cd:
         e7:7e:6e:5f:f1:24:7c:b6:1b:a6:73:b8:89:3f:06:ea:4e:dc:
         83:c9:c8:a8:5e:59:e7:5a:25:97:7e:35:ec:6d:f7:b5:21:7e:
         69:42:03:3a:ad:51:bc:50:b8:c8:4d:bb:73:a6:f9:5b:e0:80:
         41:de:cd:68:7e:01:73:1c:8e:5f:79:70:72:a5:a0:8f:f7:9c:
         72:61:56:9e:ec:51:90:ca:0c:cd:b3:7e:60:bf:25:ec:73:61:
         86:dc:78:30:47:42:ba:71:9e:1f:1c:f8:e5:b3:26:39:1e:4a:
         6c:ce:06:ac:1b:01:32:06:34:94:f4:65:7d:7d:ca:72:23:2e:
         e6:3a:d7:32:b2:6d:c5:b8:94:4a:18:80:e3:8f:51:27:2e:fe:
         80:7e:e7:bf:d0:9f:cd:99:98:07:c3:bd:3f:92:23:db:18:2f:
         81:9c:9f:73:bc:6c:9b:e7:ad:5b:a1:26:75:5b:d5:6c:ab:2a:
         9f:14:b0:b8:4a:15:2c:55:d4:5f:a3:2c:b8:d7:20:d2:2c:bb:
         83:86:57:c5:48:11:e4:29:93:4e:4f:01:b2:ea:33:a2:68:ec:
         6a:b7:2e:57:a4:74:e2:fd:75:5f:ea:fd:cd:b5:09:08:b2:8f:
         1d:f4:d1:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijRD2yuiYyJ3lEEak+XXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTA1Y2IyOTY3MWQzMGE1N2EzZTg0NDRmNDFmZTAzNGNm
NzUyMzEwHhcNMjUwMTAxMTU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzNmOTU4N2RjZjg3YjRkZGQ5NGQ4MmE3YWJhNjI2YjU1ZDEyZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZ4lA7w+3mZ7DQqyDaLa3Z6+sFOH
+5DsFQf3SqjgF+w3c2tDUD86VNe8wACEx5its0ptYQSC/3jvBzD99kkFUDFlIdfL
WRSTwENgSRKLfLRVztk99Zg+YO5BIWILL9q2DN5lY0Emcsdoj9a/Bglk5e4S0RlN
58ZTZEL+nbU/alXSE5f86oXHzA8zEujox6mhWqxjTJbWBTd7mqZmdgUVo+StaEEF
oa9hIwR/1c84qOr9PnWIUjx3ksTA/ih6T+OlFbCP9yoSuXDpMzNZ26oE1A3Q5Qpu
qUz/EdNLDEhFJsAm8eZjYaYuRx8xfiSHOLI35Uee1NcPyx0X9iEnFoaMxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEc/lYfc+HtN3ZTYKnq6YmtV0S/pMB8GA1UdIwQY
MBaAFDugXLKWcdMKV6PoRE9B/gNM91IxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZCY3NwWngwd3BYby1oRVQwSC1BMHozVWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8wOWVjODMtODVlMi00ZTljLWE3OWMt
NGM5NTlmNjA3N2EwLzEvUnotVmg5ejRlMDNkbE5ncWVycGlhMVhSTC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8wOWVjODMtODVlMi00ZTljLWE3OWMtNGM5NTlmNjA3N2Ew
LzEvTzZCY3NwWngwd3BYby1oRVQwSC1BMHozVWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrCMA0G
CSqGSIb3DQEBCwUAA4IBAQAJcPoFzgh67HJcvV7j3SZ82M3nfm5f8SR8thumc7iJ
PwbqTtyDycioXlnnWiWXfjXsbfe1IX5pQgM6rVG8ULjITbtzpvlb4IBB3s1ofgFz
HI5feXBypaCP95xyYVae7FGQygzNs35gvyXsc2GG3HgwR0K6cZ4fHPjlsyY5Hkps
zgasGwEyBjSU9GV9fcpyIy7mOtcysm3FuJRKGIDjj1EnLv6Afue/0J/NmZgHw70/
kiPbGC+BnJ9zvGyb561boSZ1W9VsqyqfFLC4ShUsVdRfoyy41yDSLLuDhlfFSBHk
KZNOTwGy6jOiaOxqty5XpHTi/XVf6v3NtQkIso8d9NHD
-----END CERTIFICATE-----