Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7baa1c-8da1-4f80-babb-b4bfc29e71a3/1/hpkYZsr4ehkRhZoX0PY5vhGw4f0.roa
File:                     hpkYZsr4ehkRhZoX0PY5vhGw4f0.roa (raw, json)
Hash identifier:          yIy93XAXh8xhvhofZiP5cDUdE2rbmmhviH4jDOGAZ/g=
Subject key identifier:   86:99:18:66:CA:F8:7A:19:11:85:9A:17:D0:F6:39:BE:11:B0:E1:FD
Certificate issuer:       /CN=96f6ea768ebc9ddc068f5697dfd75caedd7ae108
Certificate serial:       01941FFAB7C65046FA16BF80C4DE7253389E
Authority key identifier: 96:F6:EA:76:8E:BC:9D:DC:06:8F:56:97:DF:D7:5C:AE:DD:7A:E1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lvbqdo68ndwGj1aX39dcrt164Qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7baa1c-8da1-4f80-babb-b4bfc29e71a3/1/hpkYZsr4ehkRhZoX0PY5vhGw4f0.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24971
IP address blocks:        5.180.200.0/22 maxlen: 22
                          2a0b:3240::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7baa1c-8da1-4f80-babb-b4bfc29e71a3/1/lvbqdo68ndwGj1aX39dcrt164Qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7baa1c-8da1-4f80-babb-b4bfc29e71a3/1/lvbqdo68ndwGj1aX39dcrt164Qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lvbqdo68ndwGj1aX39dcrt164Qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b7:c6:50:46:fa:16:bf:80:c4:de:72:53:38:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96f6ea768ebc9ddc068f5697dfd75caedd7ae108
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86991866caf87a1911859a17d0f639be11b0e1fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:fe:8b:63:d7:b0:78:cc:c3:bb:72:c5:90:48:
                    3c:a0:f0:83:85:1c:03:54:18:0c:c9:c0:5a:39:bb:
                    de:9c:dc:c8:0f:3a:66:00:0c:40:ba:fe:ea:b7:2a:
                    75:88:20:8b:42:b9:7f:33:00:79:5d:9a:91:15:c9:
                    d7:7d:fd:c1:4f:0e:f6:8b:9d:3b:c7:bf:02:a2:9d:
                    5a:6c:0c:93:a9:fc:38:0b:3c:4c:5b:5a:c2:b7:a5:
                    28:f1:1a:65:e4:64:0c:6f:a4:a4:99:8d:88:33:2c:
                    4e:47:95:c7:8d:37:2c:3b:67:0d:63:45:81:9d:b9:
                    ee:23:91:9e:b8:51:d9:ec:23:26:aa:aa:bc:57:d2:
                    ca:fd:89:45:ba:bd:a1:8c:ba:44:9d:99:02:4e:77:
                    6e:5c:ef:f4:03:c7:93:5d:22:4d:09:6d:0e:8b:52:
                    24:3d:d2:8e:83:7a:f8:32:c0:26:df:9c:d9:6e:93:
                    dc:8d:8b:97:95:7a:3f:04:23:01:b6:99:a8:36:b2:
                    9c:3b:42:d0:38:b3:5a:10:b5:71:11:f5:84:1b:76:
                    ce:83:4c:3b:d8:9a:02:18:c3:34:07:7c:a7:84:a9:
                    fd:f5:34:3c:51:28:61:0e:a9:80:1a:2a:4e:da:bd:
                    4e:b7:e8:46:6e:af:49:aa:5e:4b:48:b4:8c:4a:c6:
                    88:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:99:18:66:CA:F8:7A:19:11:85:9A:17:D0:F6:39:BE:11:B0:E1:FD
            X509v3 Authority Key Identifier:
                keyid:96:F6:EA:76:8E:BC:9D:DC:06:8F:56:97:DF:D7:5C:AE:DD:7A:E1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lvbqdo68ndwGj1aX39dcrt164Qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7baa1c-8da1-4f80-babb-b4bfc29e71a3/1/hpkYZsr4ehkRhZoX0PY5vhGw4f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7baa1c-8da1-4f80-babb-b4bfc29e71a3/1/lvbqdo68ndwGj1aX39dcrt164Qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.200.0/22
                IPv6:
                  2a0b:3240::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:bc:dc:10:45:35:6a:3b:4f:8e:31:50:05:0b:0d:0a:76:d3:
         d9:be:29:2f:50:6d:a0:c5:cc:dc:26:5a:25:44:b6:b1:05:00:
         86:cc:52:e7:4e:59:0d:c6:04:ac:f1:8a:ba:41:d6:68:7a:18:
         36:b3:b0:20:f0:c9:82:80:74:8a:d5:0a:71:29:cd:4c:58:d8:
         02:86:22:a2:f9:d5:af:b7:65:c2:e5:34:bc:d6:47:ba:e3:a3:
         10:e9:46:58:89:37:a1:36:ec:3c:76:7a:1e:e9:51:fc:c8:59:
         e1:e9:3c:8c:24:e2:a4:09:30:8a:03:f7:e7:f6:c2:25:97:44:
         de:aa:e9:88:04:e8:9a:12:48:5e:d5:ef:85:40:9f:3e:04:08:
         3c:fd:a9:e7:0d:7f:4a:11:ce:fd:b9:5c:58:97:38:b9:0a:26:
         79:b8:36:63:28:62:b2:79:9e:0f:02:b8:e0:de:84:3e:6e:e0:
         bb:0d:be:0b:0a:5a:ff:30:62:6a:ba:a0:11:b8:92:8d:4d:00:
         fe:cb:50:93:4f:a3:0a:54:e9:cd:1d:c1:c2:c7:96:9c:03:98:
         12:d8:c0:47:73:a2:c3:c1:ef:a6:be:4e:42:5a:08:cf:7c:84:
         56:91:ea:9d:5c:58:8c:ea:be:ad:1c:7d:17:01:ef:e9:f9:9c:
         6b:44:b1:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+rfGUEb6Fr+AxN5yUzieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZjZlYTc2OGViYzlkZGMwNjhmNTY5N2RmZDc1Y2FlZGQ3
YWUxMDgwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njk5MTg2NmNhZjg3YTE5MTE4NTlhMTdkMGY2MzliZTExYjBlMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4f6LY9eweMzDu3LFkEg8oPCDhRwD
VBgMycBaObvenNzIDzpmAAxAuv7qtyp1iCCLQrl/MwB5XZqRFcnXff3BTw72i507
x78Cop1abAyTqfw4CzxMW1rCt6Uo8Rpl5GQMb6SkmY2IMyxOR5XHjTcsO2cNY0WB
nbnuI5GeuFHZ7CMmqqq8V9LK/YlFur2hjLpEnZkCTnduXO/0A8eTXSJNCW0Oi1Ik
PdKOg3r4MsAm35zZbpPcjYuXlXo/BCMBtpmoNrKcO0LQOLNaELVxEfWEG3bOg0w7
2JoCGMM0B3ynhKn99TQ8UShhDqmAGipO2r1Ot+hGbq9Jql5LSLSMSsaIcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIaZGGbK+HoZEYWaF9D2Ob4RsOH9MB8GA1UdIwQY
MBaAFJb26naOvJ3cBo9Wl9/XXK7deuEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHZicWRvNjhuZHdHajFhWDM5ZGNydDE2NFFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83YmFhMWMtOGRhMS00ZjgwLWJhYmIt
YjRiZmMyOWU3MWEzLzEvaHBrWVpzcjRlaGtSaFpvWDBQWTV2aEd3NGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83YmFhMWMtOGRhMS00ZjgwLWJhYmItYjRiZmMyOWU3MWEz
LzEvbHZicWRvNjhuZHdHajFhWDM5ZGNydDE2NFFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCBbTIMA0E
AgACMAcDBQAqCzJAMA0GCSqGSIb3DQEBCwUAA4IBAQBEvNwQRTVqO0+OMVAFCw0K
dtPZvikvUG2gxczcJlolRLaxBQCGzFLnTlkNxgSs8Yq6QdZoehg2s7Ag8MmCgHSK
1QpxKc1MWNgChiKi+dWvt2XC5TS81ke646MQ6UZYiTehNuw8dnoe6VH8yFnh6TyM
JOKkCTCKA/fn9sIll0TequmIBOiaEkhe1e+FQJ8+BAg8/annDX9KEc79uVxYlzi5
CiZ5uDZjKGKyeZ4PArjg3oQ+buC7Db4LClr/MGJquqARuJKNTQD+y1CTT6MKVOnN
HcHCx5acA5gS2MBHc6LDwe+mvk5CWgjPfIRWkeqdXFiM6r6tHH0XAe/p+ZxrRLEV
-----END CERTIFICATE-----