Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/mjXUPjiVNMzLXR-2QHlKUZB-SqY.roa
File:                     mjXUPjiVNMzLXR-2QHlKUZB-SqY.roa (raw, json)
Hash identifier:          9INuss7absNCiBI0T9pOtU1T9XnmEmmFvhdz0TxdOWA=
Subject key identifier:   9A:35:D4:3E:38:95:34:CC:CB:5D:1F:B6:40:79:4A:51:90:7E:4A:A6
Certificate issuer:       /CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
Certificate serial:       019426D9A3E58275EC215998FA1A0EF8B5E3
Authority key identifier: 5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/mjXUPjiVNMzLXR-2QHlKUZB-SqY.roa
Signing time:             Thu 02 Jan 2025 11:49:44 +0000
ROA not before:           Thu 02 Jan 2025 11:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199435
IP address blocks:        5.34.128.0/19 maxlen: 19
                          185.93.80.0/22 maxlen: 22
                          188.92.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:a3:e5:82:75:ec:21:59:98:fa:1a:0e:f8:b5:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
        Validity
            Not Before: Jan  2 11:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a35d43e389534cccb5d1fb640794a51907e4aa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6a:7b:3f:fc:8c:8d:98:21:3c:e1:08:c6:7f:
                    ee:f8:51:ff:f6:05:68:11:3e:e8:d3:d7:47:e5:bd:
                    74:f8:88:36:23:5b:de:44:0c:2e:ce:69:b3:42:97:
                    0e:c1:f5:c9:05:69:de:c7:09:18:19:48:26:7d:d5:
                    5b:9d:ae:fd:07:1c:f1:27:ff:d9:80:a8:5d:50:4f:
                    dd:b3:39:f1:80:f7:6c:e2:e9:37:e8:f4:cd:09:4f:
                    28:10:47:c1:80:58:61:6e:d5:ee:32:98:cb:0f:cf:
                    8a:64:9a:0b:85:05:b7:5c:8b:7f:08:39:d8:9c:4f:
                    16:f9:02:54:20:97:4c:e7:3e:c6:95:b6:62:7e:f7:
                    83:75:c1:55:eb:48:45:94:c3:f9:4a:93:8c:93:f4:
                    82:06:39:b8:d6:6d:17:58:6f:a0:51:f5:c9:71:1a:
                    fe:6e:f9:73:46:47:3c:40:3d:a7:3e:5c:4d:2e:75:
                    cc:06:34:0d:67:e6:2f:6b:3b:2e:9d:2a:84:8d:8e:
                    6d:d1:8f:b6:c5:c6:4a:ba:e6:5d:58:44:de:57:ac:
                    86:f6:47:9d:e3:f6:56:02:ff:c4:f4:5b:11:b9:51:
                    75:81:c5:b6:3b:9d:d0:03:dc:7a:69:32:95:0c:3d:
                    72:34:5f:cd:10:9e:b2:3b:80:97:6f:a5:99:bd:12:
                    a2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:35:D4:3E:38:95:34:CC:CB:5D:1F:B6:40:79:4A:51:90:7E:4A:A6
            X509v3 Authority Key Identifier:
                keyid:5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/mjXUPjiVNMzLXR-2QHlKUZB-SqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.128.0/19
                  185.93.80.0/22
                  188.92.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:bb:64:93:59:1c:d3:48:46:69:d8:fc:af:4c:b0:22:ee:96:
         c5:95:87:83:7c:02:79:f5:2e:d7:15:f6:3b:e6:73:c0:f3:80:
         b8:8f:d1:f5:ef:9d:93:74:aa:77:01:8f:b1:15:2d:64:b3:ab:
         af:89:a9:04:1a:97:1b:2f:8e:4c:32:a2:35:a6:ae:5f:34:67:
         b5:6d:be:2c:66:48:94:08:7b:13:c1:80:26:b3:7c:ae:75:6c:
         86:b1:4a:e9:c3:e6:58:fe:73:38:a9:9f:bd:54:d5:43:d6:af:
         1b:7d:5d:b0:76:e1:6c:b5:8e:11:8a:09:76:85:33:2f:24:1b:
         6a:62:ba:cf:cf:a0:9d:c7:fa:31:1c:a8:4c:8e:b0:50:00:7f:
         e2:e5:0e:6b:96:7e:c2:ac:08:e5:00:99:04:73:b7:c6:67:90:
         cd:62:00:8a:87:dc:eb:7e:a3:48:e3:c2:a8:ba:42:f1:ba:4a:
         e2:0d:86:64:58:03:b5:e4:78:5f:e6:48:7f:b3:f0:b2:26:af:
         86:a3:c9:9d:9c:a4:d1:dc:8d:5c:e7:81:5d:b4:7d:cd:98:25:
         7c:d7:33:07:0d:bc:70:38:8a:6b:5d:d8:51:59:72:11:88:cd:
         16:e3:17:96:71:ec:17:79:b5:b7:28:53:30:e5:7b:92:28:cd:
         f2:ed:ae:31
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQm2aPlgnXsIVmY+hoO+LXjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTM5YjBjZWQzOGQ3NWNjNjNlZDUwZDZlNWNlNzJiYmI1
YjRiMTAwHhcNMjUwMTAyMTE0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTM1ZDQzZTM4OTUzNGNjY2I1ZDFmYjY0MDc5NGE1MTkwN2U0YWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmp7P/yMjZghPOEIxn/u+FH/9gVo
ET7o09dH5b10+Ig2I1veRAwuzmmzQpcOwfXJBWnexwkYGUgmfdVbna79BxzxJ//Z
gKhdUE/dsznxgPds4uk36PTNCU8oEEfBgFhhbtXuMpjLD8+KZJoLhQW3XIt/CDnY
nE8W+QJUIJdM5z7GlbZifveDdcFV60hFlMP5SpOMk/SCBjm41m0XWG+gUfXJcRr+
bvlzRkc8QD2nPlxNLnXMBjQNZ+YvazsunSqEjY5t0Y+2xcZKuuZdWETeV6yG9ked
4/ZWAv/E9FsRuVF1gcW2O53QA9x6aTKVDD1yNF/NEJ6yO4CXb6WZvRKilwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJo11D44lTTMy10ftkB5SlGQfkqmMB8GA1UdIwQY
MBaAFFqTmwztONdcxj7VDW5c5yu7W0sQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgt
ZDYwYjNiNmNjYTZlLzEvbWpYVVBqaVZOTXpMWFItMlFIbEtVWkItU3FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgtZDYwYjNiNmNjYTZl
LzEvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFBSKAAwQC
uV1QAwQCvFx8MA0GCSqGSIb3DQEBCwUAA4IBAQCPu2STWRzTSEZp2PyvTLAi7pbF
lYeDfAJ59S7XFfY75nPA84C4j9H1752TdKp3AY+xFS1ks6uviakEGpcbL45MMqI1
pq5fNGe1bb4sZkiUCHsTwYAms3yudWyGsUrpw+ZY/nM4qZ+9VNVD1q8bfV2wduFs
tY4Rigl2hTMvJBtqYrrPz6Cdx/oxHKhMjrBQAH/i5Q5rln7CrAjlAJkEc7fGZ5DN
YgCKh9zrfqNI48KoukLxukriDYZkWAO15Hhf5kh/s/CyJq+Go8mdnKTR3I1c54Fd
tH3NmCV81zMHDbxwOIprXdhRWXIRiM0W4xeWcewXebW3KFMw5XuSKM3y7a4x
-----END CERTIFICATE-----