Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/KDM4rXjbcsS1DLEhMM4kEgH58RE.roa
File:                     KDM4rXjbcsS1DLEhMM4kEgH58RE.roa (raw, json)
Hash identifier:          nJE4dlKDHUmjXp0Xdi00ikIZCMR+yvC+rxJD7lUuOrk=
Subject key identifier:   28:33:38:AD:78:DB:72:C4:B5:0C:B1:21:30:CE:24:12:01:F9:F1:11
Certificate issuer:       /CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
Certificate serial:       019646C92972D70EBD98F40EDAE19E3A8B27
Authority key identifier: 4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/KDM4rXjbcsS1DLEhMM4kEgH58RE.roa
Signing time:             Fri 18 Apr 2025 02:45:10 +0000
ROA not before:           Fri 18 Apr 2025 02:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57494
IP address blocks:        5.129.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:46:c9:29:72:d7:0e:bd:98:f4:0e:da:e1:9e:3a:8b:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
        Validity
            Not Before: Apr 18 02:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=283338ad78db72c4b50cb12130ce241201f9f111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fe:9c:db:ff:01:9a:5b:e8:23:43:e4:f5:45:
                    e6:da:07:e9:62:16:85:ee:67:73:19:6c:c7:ed:36:
                    cd:f9:62:ac:08:6f:8e:2c:cb:ad:f0:43:e6:a3:be:
                    a7:ea:f6:13:f8:17:99:9e:97:d9:3e:3f:1f:9b:ac:
                    c9:e8:df:72:b5:54:c6:c0:2d:45:a2:d0:9e:c5:52:
                    a1:ec:91:06:5e:2f:a5:9c:a0:e2:31:a1:e8:4d:0b:
                    7f:39:6d:0b:d5:ac:c5:98:52:f3:89:0a:63:46:43:
                    9f:5d:92:56:cc:9d:a1:e8:74:3f:9a:cc:cb:29:f9:
                    80:a9:70:4b:0c:d9:55:2c:82:8a:e1:92:9b:25:36:
                    cb:ea:75:35:12:fe:6b:64:6c:f2:55:c0:e2:27:ae:
                    71:9d:23:80:8d:6b:50:7e:54:a4:47:18:52:04:48:
                    59:6a:59:3c:50:34:55:46:2c:f3:bf:49:d9:a3:6e:
                    5d:50:cf:de:b9:bf:dc:54:1e:85:9b:4d:a4:b0:4b:
                    fe:17:fd:1f:a5:d7:bb:53:28:bd:9f:a3:bd:f7:c4:
                    db:ce:a1:70:e8:67:e8:94:a7:7f:0a:c3:26:49:65:
                    1b:bc:f8:a1:4c:13:fb:a2:cf:8b:ab:1b:6f:13:63:
                    3d:79:78:57:17:b5:4a:55:aa:44:f9:0f:dc:e7:18:
                    e2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:33:38:AD:78:DB:72:C4:B5:0C:B1:21:30:CE:24:12:01:F9:F1:11
            X509v3 Authority Key Identifier:
                keyid:4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/KDM4rXjbcsS1DLEhMM4kEgH58RE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.129.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:02:b5:84:1f:d2:86:c6:d9:60:1d:7a:5c:ec:2e:18:0e:10:
         50:00:f8:fd:c8:9e:ac:c7:8c:0a:e8:25:f8:36:78:92:03:fe:
         f0:af:39:58:b5:3f:87:59:e0:4b:12:c6:bb:51:ec:e1:b4:bb:
         d8:7d:af:5c:e1:aa:c7:6e:a5:4d:f1:62:78:fe:87:52:25:09:
         16:63:3c:bc:dc:39:c0:10:d4:68:e5:46:51:ec:21:b2:88:06:
         6a:7d:31:91:c7:14:ab:e2:a8:2c:ca:9b:06:5b:c5:86:bc:23:
         ab:82:d3:92:00:e5:02:d9:93:46:c4:95:c3:bf:e7:ea:a6:ab:
         a4:7f:53:06:26:75:33:b1:1a:88:93:c1:4a:08:5c:5f:40:4e:
         7f:13:89:20:cc:96:f1:9b:eb:8c:54:33:ce:10:df:21:75:42:
         8b:44:71:0d:38:41:64:98:e5:7a:fd:57:f6:23:d0:86:ee:5c:
         d4:cd:2e:71:6d:0d:57:9f:35:a3:43:73:bd:2f:81:18:06:e0:
         c1:43:5b:8f:8c:92:45:fd:dc:c1:95:b0:ee:b3:8e:ad:33:de:
         2d:0b:2b:89:cb:a6:62:8b:41:ab:35:fd:b0:6a:dc:d4:70:23:
         c7:08:26:2e:c7:83:ec:33:8c:db:d3:2b:2b:28:85:46:90:82:
         b3:42:5a:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZGySly1w69mPQO2uGeOosnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGIzZGNkZjVlNmJlZTA5ODI1YzM3YmYzYjhiZGYyOGI2
ZmI1OTMwHhcNMjUwNDE4MDI0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODMzMzhhZDc4ZGI3MmM0YjUwY2IxMjEzMGNlMjQxMjAxZjlmMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxf6c2/8BmlvoI0Pk9UXm2gfpYhaF
7mdzGWzH7TbN+WKsCG+OLMut8EPmo76n6vYT+BeZnpfZPj8fm6zJ6N9ytVTGwC1F
otCexVKh7JEGXi+lnKDiMaHoTQt/OW0L1azFmFLziQpjRkOfXZJWzJ2h6HQ/mszL
KfmAqXBLDNlVLIKK4ZKbJTbL6nU1Ev5rZGzyVcDiJ65xnSOAjWtQflSkRxhSBEhZ
alk8UDRVRizzv0nZo25dUM/eub/cVB6Fm02ksEv+F/0fpde7Uyi9n6O998TbzqFw
6GfolKd/CsMmSWUbvPihTBP7os+LqxtvE2M9eXhXF7VKVapE+Q/c5xjiRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgzOK1423LEtQyxITDOJBIB+fERMB8GA1UdIwQY
MBaAFE3bPc315r7gmCXDe/O4vfKLb7WTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEt
MjE3MGM1YzFkM2VkLzEvS0RNNHJYamJjc1MxRExFaE1NNGtFZ0g1OFJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEtMjE3MGM1YzFkM2Vk
LzEvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYHPMA0G
CSqGSIb3DQEBCwUAA4IBAQC2ArWEH9KGxtlgHXpc7C4YDhBQAPj9yJ6sx4wK6CX4
NniSA/7wrzlYtT+HWeBLEsa7UezhtLvYfa9c4arHbqVN8WJ4/odSJQkWYzy83DnA
ENRo5UZR7CGyiAZqfTGRxxSr4qgsypsGW8WGvCOrgtOSAOUC2ZNGxJXDv+fqpquk
f1MGJnUzsRqIk8FKCFxfQE5/E4kgzJbxm+uMVDPOEN8hdUKLRHENOEFkmOV6/Vf2
I9CG7lzUzS5xbQ1XnzWjQ3O9L4EYBuDBQ1uPjJJF/dzBlbDus46tM94tCyuJy6Zi
i0GrNf2watzUcCPHCCYux4PsM4zb0ysrKIVGkIKzQlqg
-----END CERTIFICATE-----