Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/hKRvEPMVo2ukUILwmPta9_N3Dm4.roa
File:                     hKRvEPMVo2ukUILwmPta9_N3Dm4.roa (raw, json)
Hash identifier:          qTgr935WkDSGh45Ek2R2g/eV9pnfadByRLqS2Wh5HdI=
Subject key identifier:   84:A4:6F:10:F3:15:A3:6B:A4:50:82:F0:98:FB:5A:F7:F3:77:0E:6E
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       0195ECC41B65D8EC89F2E44717B5BE739D53
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/hKRvEPMVo2ukUILwmPta9_N3Dm4.roa
Signing time:             Mon 31 Mar 2025 15:13:49 +0000
ROA not before:           Mon 31 Mar 2025 15:13:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50448
IP address blocks:        5.10.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 20:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ec:c4:1b:65:d8:ec:89:f2:e4:47:17:b5:be:73:9d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Mar 31 15:13:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84a46f10f315a36ba45082f098fb5af7f3770e6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:23:dc:ce:e9:af:f6:c5:02:d8:2a:52:fc:b8:
                    16:29:17:40:a9:5f:bb:f9:7b:67:8a:07:4a:7e:79:
                    87:de:60:96:9d:12:ab:5a:86:f5:ec:4b:4c:c9:33:
                    a6:d6:40:c3:4f:68:38:80:d3:e0:7b:76:9b:6b:bf:
                    d2:e9:ea:0d:5a:95:81:0c:d2:c0:ba:a4:10:cc:72:
                    c4:5d:2c:98:91:78:c9:ea:2b:cc:0a:4a:3e:81:00:
                    d8:79:d6:b1:31:f1:c5:fe:cc:19:8f:e8:77:ab:06:
                    54:c6:cd:86:1b:f0:87:da:43:b5:8e:05:82:15:a5:
                    a0:a3:5d:45:cc:9c:c3:e8:25:89:30:63:b5:a0:11:
                    66:2f:bc:3e:4c:48:2d:c6:1c:87:e7:4e:28:2e:87:
                    ea:66:92:a5:74:d6:8c:79:a5:03:12:82:3e:9b:51:
                    bb:46:ca:ce:dc:19:5d:27:da:79:90:e0:a5:98:8a:
                    18:06:1d:86:3a:a8:76:ec:e0:3b:e9:57:4d:0d:e3:
                    7f:a0:5a:41:14:3b:95:a2:ac:54:8a:ff:1e:81:0f:
                    b4:3c:99:35:d6:d8:b3:89:7d:de:04:fa:6b:63:ee:
                    2f:44:ae:16:d9:91:b3:97:81:48:27:e5:85:6c:5b:
                    23:02:25:84:b9:54:b6:4f:40:17:78:9e:ec:ed:bb:
                    37:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:A4:6F:10:F3:15:A3:6B:A4:50:82:F0:98:FB:5A:F7:F3:77:0E:6E
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/hKRvEPMVo2ukUILwmPta9_N3Dm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:d8:bc:76:34:7e:c7:be:06:1a:8e:b5:96:ae:70:0b:ab:5c:
         dc:07:80:c8:c9:a9:21:0a:dc:cc:36:aa:ea:d5:1f:8e:1f:82:
         e0:76:94:d0:54:08:c9:21:79:4b:39:3a:73:33:f4:8b:32:a4:
         4e:5a:64:2d:4c:0a:a0:ce:50:f1:6b:9b:34:12:74:79:59:e8:
         ef:5e:6e:49:b0:19:41:36:b9:7b:87:c1:43:66:ce:ad:3b:00:
         20:6d:e5:43:2a:42:25:6c:94:0d:9a:4c:30:fd:d3:f1:17:57:
         82:7d:e9:41:1f:fc:10:58:95:5d:95:22:6c:ea:01:41:67:a9:
         8a:6b:f7:7b:41:56:73:13:34:86:6c:b3:14:53:dc:92:7d:17:
         47:8e:1b:2c:52:1f:be:ff:6d:52:71:85:3a:22:01:fd:13:26:
         aa:d1:65:69:59:cd:a6:a8:8a:66:0f:de:ad:81:01:fd:6b:98:
         c1:b6:89:65:31:95:3e:11:83:df:5d:51:3d:80:77:fa:9d:cb:
         a6:34:37:1b:98:63:e5:e2:c9:94:70:8d:db:86:8d:dd:0c:9b:
         6c:bd:e7:fa:de:b2:d2:b3:24:96:ba:46:19:de:34:5d:18:17:
         4a:60:ac:7b:7f:f0:5d:3e:3c:52:d1:dc:ff:e2:fa:c5:6a:cc:
         d2:01:d6:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXsxBtl2OyJ8uRHF7W+c51TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwMzMxMTUxMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGE0NmYxMGYzMTVhMzZiYTQ1MDgyZjA5OGZiNWFmN2YzNzcwZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyPczumv9sUC2CpS/LgWKRdAqV+7
+XtnigdKfnmH3mCWnRKrWob17EtMyTOm1kDDT2g4gNPge3aba7/S6eoNWpWBDNLA
uqQQzHLEXSyYkXjJ6ivMCko+gQDYedaxMfHF/swZj+h3qwZUxs2GG/CH2kO1jgWC
FaWgo11FzJzD6CWJMGO1oBFmL7w+TEgtxhyH504oLofqZpKldNaMeaUDEoI+m1G7
RsrO3BldJ9p5kOClmIoYBh2GOqh27OA76VdNDeN/oFpBFDuVoqxUiv8egQ+0PJk1
1tiziX3eBPprY+4vRK4W2ZGzl4FIJ+WFbFsjAiWEuVS2T0AXeJ7s7bs30QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISkbxDzFaNrpFCC8Jj7Wvfzdw5uMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvaEtSdkVQTVZvMnVrVUlMd21QdGE5X04zRG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQrdMA0G
CSqGSIb3DQEBCwUAA4IBAQCL2Lx2NH7HvgYajrWWrnALq1zcB4DIyakhCtzMNqrq
1R+OH4LgdpTQVAjJIXlLOTpzM/SLMqROWmQtTAqgzlDxa5s0EnR5WejvXm5JsBlB
Nrl7h8FDZs6tOwAgbeVDKkIlbJQNmkww/dPxF1eCfelBH/wQWJVdlSJs6gFBZ6mK
a/d7QVZzEzSGbLMUU9ySfRdHjhssUh++/21ScYU6IgH9Eyaq0WVpWc2mqIpmD96t
gQH9a5jBtollMZU+EYPfXVE9gHf6ncumNDcbmGPl4smUcI3bho3dDJtsvef63rLS
sySWukYZ3jRdGBdKYKx7f/BdPjxS0dz/4vrFaszSAdaq
-----END CERTIFICATE-----