Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/4ONine07eIhpJhI9ECOeUP9WFQg.roa
File:                     4ONine07eIhpJhI9ECOeUP9WFQg.roa (raw, json)
Hash identifier:          MmJtgZmAq2o+Sq5m0y3r9fQ0BH94PpmL5fYIQg/FZYc=
Subject key identifier:   E0:E3:62:9D:ED:3B:78:88:69:26:12:3D:10:23:9E:50:FF:56:15:08
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01955D69A6612AD5F86619966F9D4CD13456
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/4ONine07eIhpJhI9ECOeUP9WFQg.roa
Signing time:             Mon 03 Mar 2025 19:09:19 +0000
ROA not before:           Mon 03 Mar 2025 19:09:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215355
IP address blocks:        5.102.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5d:69:a6:61:2a:d5:f8:66:19:96:6f:9d:4c:d1:34:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Mar  3 19:09:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0e3629ded3b78886926123d10239e50ff561508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ab:5c:e9:72:21:f2:b0:2c:4d:56:ea:19:f5:
                    6b:cf:a2:10:95:77:97:74:5a:1e:c1:8f:74:f4:95:
                    69:cd:e6:80:90:ee:aa:c1:6f:7c:4a:7f:8e:a8:43:
                    13:1b:3f:49:0a:0d:77:2e:4c:b6:fe:bd:30:93:1f:
                    1d:ce:0d:32:25:52:a9:4a:3b:7e:b0:65:10:70:55:
                    3c:c2:92:5d:55:7a:17:02:1b:43:8c:6e:aa:6f:0e:
                    76:0c:40:e2:f4:34:88:da:bf:cc:a0:05:bc:ef:b4:
                    e9:76:24:3c:4f:1c:f6:a5:d8:d8:08:a6:a0:ae:0a:
                    16:a0:18:11:dd:79:57:e0:c7:4e:7a:85:d4:56:0d:
                    69:20:b6:39:7a:9a:70:28:00:2c:ee:99:8c:ed:fd:
                    dd:99:41:d6:89:c6:24:a7:0b:9e:92:77:bb:3c:c7:
                    8f:9b:f1:43:f5:b7:d3:19:eb:52:3d:7d:a4:50:f9:
                    d7:3f:73:8e:b4:20:43:f7:fe:74:c0:fa:74:2c:39:
                    b6:06:b6:5b:df:88:fe:0f:4e:bc:f6:cd:88:d5:c3:
                    67:10:35:02:85:42:79:4a:c6:d1:cb:61:8d:41:e0:
                    a4:05:1f:d6:46:4f:b4:3e:81:0e:3f:7d:bf:3d:0e:
                    0e:41:8a:fb:15:60:57:1a:7f:60:c2:9a:61:88:92:
                    3a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:E3:62:9D:ED:3B:78:88:69:26:12:3D:10:23:9E:50:FF:56:15:08
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/4ONine07eIhpJhI9ECOeUP9WFQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:5d:1c:64:a1:c6:23:44:14:34:97:6d:81:a1:30:af:18:4e:
         f1:7c:76:24:c5:e3:d5:10:a8:26:5f:c7:5a:2a:ed:69:4f:63:
         11:d8:73:5a:2d:fe:1e:cc:de:2c:f7:99:66:e8:22:bc:e4:47:
         1b:b5:fb:94:ef:7a:b5:d2:43:e8:2f:0f:8f:a3:45:56:93:c9:
         a9:8d:da:0e:f9:82:84:e1:5c:f5:41:fc:e2:49:b4:68:86:e2:
         f9:a2:7f:6a:a7:75:bb:39:49:85:d5:95:08:0e:62:95:7a:53:
         83:5f:82:08:06:4c:f0:bb:ad:ac:2d:51:33:f9:1a:30:6e:23:
         79:fc:a1:38:53:d4:9b:59:8f:40:7d:f4:53:a1:e4:b5:05:f5:
         ac:b5:e6:73:0f:d0:80:9d:ba:32:94:75:f9:05:8d:c6:38:4e:
         c9:18:07:fa:15:a3:3a:6b:f0:f9:f4:3b:99:61:b2:8a:db:63:
         2f:02:a5:58:8a:7d:24:95:85:4a:7d:ca:ed:29:5d:60:24:54:
         6c:11:9d:a7:6d:fd:5a:b0:a9:46:36:c6:0f:65:32:8e:9b:7a:
         e7:de:0a:36:9b:32:2f:6e:09:ef:60:94:d0:8f:5b:b8:ba:81:
         25:3d:c0:0e:0f:35:dc:de:44:0b:d8:73:ad:bb:74:0c:d8:f7:
         51:0e:21:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVdaaZhKtX4ZhmWb51M0TRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMzAzMTkwOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGUzNjI5ZGVkM2I3ODg4NjkyNjEyM2QxMDIzOWU1MGZmNTYxNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26tc6XIh8rAsTVbqGfVrz6IQlXeX
dFoewY909JVpzeaAkO6qwW98Sn+OqEMTGz9JCg13Lky2/r0wkx8dzg0yJVKpSjt+
sGUQcFU8wpJdVXoXAhtDjG6qbw52DEDi9DSI2r/MoAW877TpdiQ8Txz2pdjYCKag
rgoWoBgR3XlX4MdOeoXUVg1pILY5eppwKAAs7pmM7f3dmUHWicYkpwuekne7PMeP
m/FD9bfTGetSPX2kUPnXP3OOtCBD9/50wPp0LDm2BrZb34j+D0689s2I1cNnEDUC
hUJ5SsbRy2GNQeCkBR/WRk+0PoEOP32/PQ4OQYr7FWBXGn9gwpphiJI6KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODjYp3tO3iIaSYSPRAjnlD/VhUIMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvNE9OaW5lMDdlSWhwSmhJOUVDT2VVUDlXRlFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZ8MA0G
CSqGSIb3DQEBCwUAA4IBAQAAXRxkocYjRBQ0l22BoTCvGE7xfHYkxePVEKgmX8da
Ku1pT2MR2HNaLf4ezN4s95lm6CK85EcbtfuU73q10kPoLw+Po0VWk8mpjdoO+YKE
4Vz1QfziSbRohuL5on9qp3W7OUmF1ZUIDmKVelODX4IIBkzwu62sLVEz+RowbiN5
/KE4U9SbWY9AffRToeS1BfWsteZzD9CAnboylHX5BY3GOE7JGAf6FaM6a/D59DuZ
YbKK22MvAqVYin0klYVKfcrtKV1gJFRsEZ2nbf1asKlGNsYPZTKOm3rn3go2mzIv
bgnvYJTQj1u4uoElPcAODzXc3kQL2HOtu3QM2PdRDiEP
-----END CERTIFICATE-----