Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/0_z69Mp8Uq-H2QPlCa0CLWX2coU.roa
File:                     0_z69Mp8Uq-H2QPlCa0CLWX2coU.roa (raw, json)
Hash identifier:          wm+6P/OKtHhF/O/CkulyZkvoYkTpsb5odPnFIekRy3I=
Subject key identifier:   D3:FC:FA:F4:CA:7C:52:AF:87:D9:03:E5:09:AD:02:2D:65:F6:72:85
Certificate issuer:       /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial:       01943E642919F89F2D10D312D52C8920B60B
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/0_z69Mp8Uq-H2QPlCa0CLWX2coU.roa
Signing time:             Tue 07 Jan 2025 01:32:19 +0000
ROA not before:           Tue 07 Jan 2025 01:32:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59989
IP address blocks:        140.150.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3e:64:29:19:f8:9f:2d:10:d3:12:d5:2c:89:20:b6:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
        Validity
            Not Before: Jan  7 01:32:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3fcfaf4ca7c52af87d903e509ad022d65f67285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:a6:e1:4c:e8:11:65:12:30:9f:d3:32:be:27:
                    90:52:cc:ca:19:d2:0b:1c:40:c3:3f:46:76:11:7c:
                    e8:5b:37:c2:80:15:e7:12:e5:e7:f3:44:44:2f:ea:
                    9b:53:8f:26:ce:ca:a9:48:c8:1f:dd:a6:77:56:c4:
                    8d:a4:6a:6f:9a:c5:c1:28:fb:4f:bb:2b:d0:b3:74:
                    6c:77:19:ea:f7:52:01:7c:d8:a1:db:14:ef:52:7c:
                    6b:91:7b:8f:f8:c0:80:f6:ba:0c:98:33:e6:a6:9c:
                    c7:88:ef:93:6d:4e:19:ba:2f:1f:08:d9:cc:00:bd:
                    98:d7:62:da:2a:6f:49:7f:10:3a:7b:76:75:6f:d4:
                    f4:be:8f:70:2e:4d:1f:2c:fc:a7:88:e1:b2:92:81:
                    95:03:68:b7:f1:48:ee:83:15:07:25:1c:53:bb:aa:
                    62:6d:cf:da:18:6b:16:40:df:5c:83:02:c1:0b:17:
                    21:e6:ca:d3:21:b6:eb:66:99:0a:f8:e3:e0:cb:f5:
                    01:c3:a5:f1:51:af:82:8e:4e:ef:6e:34:ef:3d:18:
                    5f:5b:6e:b0:26:bc:f1:04:36:9d:a7:d3:81:26:ae:
                    d1:ca:af:65:a1:3f:d1:79:44:0d:5d:c2:ec:1f:af:
                    63:5e:24:10:cb:9a:df:a1:f1:79:0f:83:33:74:6e:
                    cf:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FC:FA:F4:CA:7C:52:AF:87:D9:03:E5:09:AD:02:2D:65:F6:72:85
            X509v3 Authority Key Identifier:
                keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/0_z69Mp8Uq-H2QPlCa0CLWX2coU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:50:18:1b:e2:75:7f:1f:70:fa:e8:ed:5d:62:ab:28:fe:4b:
         46:a0:cc:36:9d:bb:50:c5:7f:92:35:6b:73:9b:85:c3:70:3a:
         17:d8:a9:59:71:0e:b2:59:11:0d:a8:61:23:60:ff:a8:75:3c:
         02:a3:1a:e2:d2:11:04:49:14:a7:3d:7c:70:7e:c9:e6:9d:cc:
         73:72:a4:ac:a9:8e:a6:52:13:0f:a8:5e:bd:c6:91:c8:ca:4b:
         af:35:b7:de:84:c3:c2:29:3c:27:c6:ff:72:34:57:6d:e3:f0:
         0e:50:98:4e:43:7d:d3:29:eb:75:35:f6:5b:cd:63:b1:2b:d0:
         70:d6:4d:01:1a:97:1a:9b:46:c3:28:6b:96:eb:93:ee:18:dc:
         fe:35:56:70:32:2f:b5:99:86:74:20:e9:ef:d5:e3:ea:ce:e7:
         54:4a:ba:cc:a2:f2:12:37:49:ab:04:bd:79:bb:ca:9b:bc:65:
         d2:6d:d7:50:f5:9a:7d:85:91:e4:fe:06:d8:ad:4a:76:8f:7f:
         ef:4c:72:c8:6c:2a:e4:69:43:2b:d4:d9:7d:3f:1b:76:1f:e5:
         03:c3:d5:69:97:f5:fb:c9:aa:58:50:2d:d1:d6:74:44:9b:de:
         d2:97:e7:8b:5e:98:b6:12:f2:29:8e:ed:a3:01:db:be:4f:e6:
         a2:8d:21:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ+ZCkZ+J8tENMS1SyJILYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjUwMTA3MDEzMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZjZmFmNGNhN2M1MmFmODdkOTAzZTUwOWFkMDIyZDY1ZjY3Mjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2KbhTOgRZRIwn9MyvieQUszKGdIL
HEDDP0Z2EXzoWzfCgBXnEuXn80REL+qbU48mzsqpSMgf3aZ3VsSNpGpvmsXBKPtP
uyvQs3Rsdxnq91IBfNih2xTvUnxrkXuP+MCA9roMmDPmppzHiO+TbU4Zui8fCNnM
AL2Y12LaKm9JfxA6e3Z1b9T0vo9wLk0fLPyniOGykoGVA2i38UjugxUHJRxTu6pi
bc/aGGsWQN9cgwLBCxch5srTIbbrZpkK+OPgy/UBw6XxUa+Cjk7vbjTvPRhfW26w
JrzxBDadp9OBJq7Ryq9loT/ReUQNXcLsH69jXiQQy5rfofF5D4MzdG7PJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNP8+vTKfFKvh9kD5QmtAi1l9nKFMB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvMF96NjlNcDhVcS1IMlFQbENhMENMV1gyY29VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjJYnMA0G
CSqGSIb3DQEBCwUAA4IBAQC6UBgb4nV/H3D66O1dYqso/ktGoMw2nbtQxX+SNWtz
m4XDcDoX2KlZcQ6yWRENqGEjYP+odTwCoxri0hEESRSnPXxwfsnmncxzcqSsqY6m
UhMPqF69xpHIykuvNbfehMPCKTwnxv9yNFdt4/AOUJhOQ33TKet1NfZbzWOxK9Bw
1k0BGpcam0bDKGuW65PuGNz+NVZwMi+1mYZ0IOnv1ePqzudUSrrMovISN0mrBL15
u8qbvGXSbddQ9Zp9hZHk/gbYrUp2j3/vTHLIbCrkaUMr1Nl9Pxt2H+UDw9Vpl/X7
yapYUC3R1nREm97Sl+eLXpi2EvIpju2jAdu+T+aijSEJ
-----END CERTIFICATE-----