Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/Bl_DRAQyNdtxmEDBKvpfIDvc-wY.roa
File:                     Bl_DRAQyNdtxmEDBKvpfIDvc-wY.roa (raw, json)
Hash identifier:          g79tAYYYtDQoQijPPZ8deh6DLcAkjib/ZnmzHfO10t8=
Subject key identifier:   06:5F:C3:44:04:32:35:DB:71:98:40:C1:2A:FA:5F:20:3B:DC:FB:06
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       0195ECC41B1182C4E15FC446BB4A62F5A98C
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/Bl_DRAQyNdtxmEDBKvpfIDvc-wY.roa
Signing time:             Mon 31 Mar 2025 15:13:49 +0000
ROA not before:           Mon 31 Mar 2025 15:13:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        5.10.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 17:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ec:c4:1b:11:82:c4:e1:5f:c4:46:bb:4a:62:f5:a9:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Mar 31 15:13:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=065fc344043235db719840c12afa5f203bdcfb06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:19:8d:9f:06:4d:02:2b:33:98:d7:b3:81:4b:
                    cb:40:18:87:02:04:97:8c:7b:9b:ab:34:ba:48:a0:
                    83:37:a0:d6:a1:73:d3:57:de:75:09:08:81:2f:75:
                    1b:87:7d:fb:13:0e:26:fe:e4:10:81:b5:90:5a:52:
                    58:1b:1b:af:8a:2b:3b:af:a9:52:fa:13:69:58:64:
                    f1:c0:f0:2b:a0:1b:91:02:ea:1b:a4:7b:9e:e2:8e:
                    42:7a:f4:2b:99:54:37:7a:ba:20:2b:bc:67:46:cb:
                    60:70:9f:19:79:f0:9e:93:4c:3b:5b:f2:b9:2f:4b:
                    fc:88:3d:62:af:23:7e:e5:7d:c8:3b:16:5a:18:66:
                    70:16:2e:b6:84:78:1b:6a:b4:75:06:ba:20:b5:a2:
                    cd:55:f1:1f:db:2f:56:c4:9c:ba:5b:cd:e6:1c:85:
                    d7:f8:26:9d:41:7e:85:2b:dc:9f:26:f7:01:81:f3:
                    82:d1:22:66:e0:fd:e7:cc:87:a6:bd:32:69:0e:6f:
                    50:5a:32:54:2d:04:96:b0:a7:63:82:fe:d3:87:6d:
                    05:3e:d3:2e:d9:a8:2c:3e:23:a1:47:7c:78:c9:31:
                    92:cd:29:86:1e:f9:a3:ad:b5:1b:23:74:8e:8a:ae:
                    93:0d:fd:62:f1:7a:54:1c:13:43:79:8e:02:99:b0:
                    2b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:5F:C3:44:04:32:35:DB:71:98:40:C1:2A:FA:5F:20:3B:DC:FB:06
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/Bl_DRAQyNdtxmEDBKvpfIDvc-wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:3f:22:52:76:94:86:8b:6e:e8:bb:d1:5c:a5:37:3e:56:7d:
         c9:7e:0d:f6:7d:b6:da:3f:19:b5:dc:0d:51:04:06:44:50:e8:
         07:56:a2:81:f5:a1:85:30:a3:48:d5:6d:63:24:66:78:fc:80:
         38:a2:6f:cd:e0:6c:54:7a:0f:16:be:c6:bd:8a:33:11:b7:27:
         f2:a0:78:59:11:15:f4:22:d6:85:d7:ed:b7:82:37:bc:fb:9a:
         28:7f:ed:69:34:27:ca:5e:13:1f:29:e3:32:8a:73:49:14:f2:
         80:bf:be:76:de:c4:65:51:b2:96:a0:55:03:a1:0f:e2:be:ec:
         b8:7e:5f:46:b4:c8:4a:d9:5a:be:af:94:72:9e:51:eb:b1:ac:
         13:cd:98:45:7c:0d:48:7d:a2:6b:b1:ad:5b:90:d4:a9:cf:90:
         41:d8:05:8c:0c:b4:6b:0c:fb:c1:15:66:35:91:1e:f2:77:13:
         7f:7b:a9:15:99:46:23:75:38:79:f3:b1:e5:2d:91:b5:fe:d4:
         91:65:ae:1d:34:62:02:12:91:87:d7:a8:a3:0e:1f:69:78:ca:
         aa:6d:61:a9:db:66:75:87:dc:73:c5:f0:57:10:bc:0f:a1:cf:
         78:b5:c3:da:5e:69:5f:04:3b:46:45:a1:ec:cb:69:5c:d0:9d:
         25:5d:fd:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXsxBsRgsThX8RGu0pi9amMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwMzMxMTUxMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjVmYzM0NDA0MzIzNWRiNzE5ODQwYzEyYWZhNWYyMDNiZGNmYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhmNnwZNAiszmNezgUvLQBiHAgSX
jHubqzS6SKCDN6DWoXPTV951CQiBL3Ubh337Ew4m/uQQgbWQWlJYGxuviis7r6lS
+hNpWGTxwPAroBuRAuobpHue4o5CevQrmVQ3erogK7xnRstgcJ8ZefCek0w7W/K5
L0v8iD1iryN+5X3IOxZaGGZwFi62hHgbarR1BrogtaLNVfEf2y9WxJy6W83mHIXX
+CadQX6FK9yfJvcBgfOC0SJm4P3nzIemvTJpDm9QWjJULQSWsKdjgv7Th20FPtMu
2agsPiOhR3x4yTGSzSmGHvmjrbUbI3SOiq6TDf1i8XpUHBNDeY4CmbArlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZfw0QEMjXbcZhAwSr6XyA73PsGMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvQmxfRFJBUXlOZHR4bUVEQkt2cGZJRHZjLXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQreMA0G
CSqGSIb3DQEBCwUAA4IBAQBLPyJSdpSGi27ou9FcpTc+Vn3Jfg32fbbaPxm13A1R
BAZEUOgHVqKB9aGFMKNI1W1jJGZ4/IA4om/N4GxUeg8Wvsa9ijMRtyfyoHhZERX0
ItaF1+23gje8+5oof+1pNCfKXhMfKeMyinNJFPKAv7523sRlUbKWoFUDoQ/ivuy4
fl9GtMhK2Vq+r5RynlHrsawTzZhFfA1IfaJrsa1bkNSpz5BB2AWMDLRrDPvBFWY1
kR7ydxN/e6kVmUYjdTh587HlLZG1/tSRZa4dNGICEpGH16ijDh9peMqqbWGp22Z1
h9xzxfBXELwPoc94tcPaXmlfBDtGRaHsy2lc0J0lXf1l
-----END CERTIFICATE-----