Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/b7oMoNLEeexBq7MIfZdfTx6xx-k.roa
File:                     b7oMoNLEeexBq7MIfZdfTx6xx-k.roa (raw, json)
Hash identifier:          OSaZRd3wcs3q/SzG2reGUiR0uNvDtIWlv9sr3p7/FyU=
Subject key identifier:   6F:BA:0C:A0:D2:C4:79:EC:41:AB:B3:08:7D:97:5F:4F:1E:B1:C7:E9
Certificate issuer:       /CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
Certificate serial:       0198E42CE5D2E5D3631027499209D783B6F9
Authority key identifier: 4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/b7oMoNLEeexBq7MIfZdfTx6xx-k.roa
Signing time:             Tue 26 Aug 2025 02:20:04 +0000
ROA not before:           Tue 26 Aug 2025 02:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51789
IP address blocks:        5.129.244.0/24 maxlen: 24
                          5.129.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e4:2c:e5:d2:e5:d3:63:10:27:49:92:09:d7:83:b6:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ddb3dcdf5e6bee09825c37bf3b8bdf28b6fb593
        Validity
            Not Before: Aug 26 02:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fba0ca0d2c479ec41abb3087d975f4f1eb1c7e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:14:0d:d6:ab:3b:5a:b3:4d:08:22:61:c3:31:
                    d4:4f:0a:35:d2:05:d8:28:5c:61:01:27:80:4a:2b:
                    ef:0a:07:b3:3d:53:51:65:3a:49:02:f2:f2:53:32:
                    7b:df:59:82:7a:96:6c:52:f8:3d:44:d3:45:3d:92:
                    49:fe:33:1d:d5:af:08:6c:5a:11:53:41:82:f9:79:
                    51:1e:be:33:73:55:65:7c:60:79:e6:ab:c8:77:38:
                    2f:78:24:cf:be:9d:0d:fd:ea:ce:5e:00:f2:a6:a9:
                    e8:c3:57:72:b7:a7:c0:0e:ca:9a:b3:4f:02:e3:d1:
                    e7:7e:e6:54:c3:14:42:75:ea:32:54:d1:93:a0:4a:
                    d6:9a:ff:59:fa:25:f4:36:7e:60:ec:3a:91:e5:4a:
                    64:f4:ec:ba:42:13:53:14:ac:ff:c7:f1:61:c5:7a:
                    3a:2d:7e:ee:01:84:83:ef:30:2c:6b:06:0b:95:a0:
                    31:49:8e:38:9d:af:1d:c9:ff:7b:d9:d0:c1:cb:60:
                    50:16:db:d4:6c:dd:c9:bb:99:44:75:34:40:c7:34:
                    88:6d:96:ae:1e:cd:36:5c:6f:d2:b3:5a:72:16:0a:
                    95:7b:72:c7:7e:84:44:12:f3:19:75:60:62:8d:11:
                    7a:0c:8d:16:90:bf:21:72:30:51:fb:50:7c:eb:d0:
                    88:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BA:0C:A0:D2:C4:79:EC:41:AB:B3:08:7D:97:5F:4F:1E:B1:C7:E9
            X509v3 Authority Key Identifier:
                keyid:4D:DB:3D:CD:F5:E6:BE:E0:98:25:C3:7B:F3:B8:BD:F2:8B:6F:B5:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tds9zfXmvuCYJcN787i98otvtZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/b7oMoNLEeexBq7MIfZdfTx6xx-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/790cee-d54e-4598-8bc1-2170c5c1d3ed/1/Tds9zfXmvuCYJcN787i98otvtZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.129.244.0/24
                  5.129.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:8e:73:0d:cf:73:cb:6e:5c:20:c9:0c:d6:2a:86:92:81:d0:
         ac:25:ed:ab:ea:df:5d:56:0e:2d:98:ae:91:84:10:29:a6:8f:
         c5:ce:1b:40:2b:8b:55:67:71:3e:13:9e:f5:a5:77:1d:51:de:
         94:97:03:8d:8b:d6:0f:fb:8b:18:08:07:c1:7f:45:76:ae:08:
         d4:6e:da:8d:b0:f1:93:3d:cb:b3:53:2f:a8:b9:f4:37:69:e4:
         25:03:1f:c9:32:7a:40:c6:e0:a1:d2:83:c9:c8:40:f9:59:ff:
         72:54:aa:5c:80:7e:2c:70:60:98:0d:e2:9c:4e:80:57:3a:1c:
         eb:d6:0b:32:21:ba:99:1d:63:97:57:aa:35:5e:56:ef:bf:6a:
         69:f4:e1:39:c8:1e:ae:ef:bb:99:2f:f7:50:a0:13:d6:1a:8e:
         62:65:2f:51:90:dd:58:a6:87:31:b3:8f:bb:aa:57:37:8e:c2:
         5b:c8:9a:f6:d0:69:5f:1f:86:c2:d1:72:e7:7a:00:4c:22:46:
         d6:01:7b:ff:a5:90:99:f6:83:3b:41:bd:68:cc:65:1d:cb:a7:
         63:f2:d7:17:99:54:09:8d:09:19:63:3f:61:f1:a1:51:27:6f:
         f7:65:a3:cf:1a:7b:c1:8d:9a:a8:a2:c5:49:43:f8:40:eb:4c:
         04:7a:3b:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjkLOXS5dNjECdJkgnXg7b5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGIzZGNkZjVlNmJlZTA5ODI1YzM3YmYzYjhiZGYyOGI2
ZmI1OTMwHhcNMjUwODI2MDIyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmJhMGNhMGQyYzQ3OWVjNDFhYmIzMDg3ZDk3NWY0ZjFlYjFjN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxQN1qs7WrNNCCJhwzHUTwo10gXY
KFxhASeASivvCgezPVNRZTpJAvLyUzJ731mCepZsUvg9RNNFPZJJ/jMd1a8IbFoR
U0GC+XlRHr4zc1VlfGB55qvIdzgveCTPvp0N/erOXgDypqnow1dyt6fADsqas08C
49HnfuZUwxRCdeoyVNGToErWmv9Z+iX0Nn5g7DqR5Upk9Oy6QhNTFKz/x/FhxXo6
LX7uAYSD7zAsawYLlaAxSY44na8dyf972dDBy2BQFtvUbN3Ju5lEdTRAxzSIbZau
Hs02XG/Ss1pyFgqVe3LHfoREEvMZdWBijRF6DI0WkL8hcjBR+1B869CIkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG+6DKDSxHnsQauzCH2XX08escfpMB8GA1UdIwQY
MBaAFE3bPc315r7gmCXDe/O4vfKLb7WTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEt
MjE3MGM1YzFkM2VkLzEvYjdvTW9OTEVlZXhCcTdNSWZaZGZUeDZ4eC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83OTBjZWUtZDU0ZS00NTk4LThiYzEtMjE3MGM1YzFkM2Vk
LzEvVGRzOXpmWG12dUNZSmNONzg3aTk4b3R2dFpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABYH0AwQA
BYH+MA0GCSqGSIb3DQEBCwUAA4IBAQBUjnMNz3PLblwgyQzWKoaSgdCsJe2r6t9d
Vg4tmK6RhBAppo/FzhtAK4tVZ3E+E571pXcdUd6UlwONi9YP+4sYCAfBf0V2rgjU
btqNsPGTPcuzUy+oufQ3aeQlAx/JMnpAxuCh0oPJyED5Wf9yVKpcgH4scGCYDeKc
ToBXOhzr1gsyIbqZHWOXV6o1Xlbvv2pp9OE5yB6u77uZL/dQoBPWGo5iZS9RkN1Y
pocxs4+7qlc3jsJbyJr20GlfH4bC0XLnegBMIkbWAXv/pZCZ9oM7Qb1ozGUdy6dj
8tcXmVQJjQkZYz9h8aFRJ2/3ZaPPGnvBjZqoosVJQ/hA60wEejuu
-----END CERTIFICATE-----