Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/qMKz0iOTV-AipsqG6OSykAqBmcw.roa
File:                     qMKz0iOTV-AipsqG6OSykAqBmcw.roa (raw, json)
Hash identifier:          evn2bcSDR90liMyPkIBPgdH2fICEje6rbDEpXsqQ5bo=
Subject key identifier:   A8:C2:B3:D2:23:93:57:E0:22:A6:CA:86:E8:E4:B2:90:0A:81:99:CC
Certificate issuer:       /CN=d07dc35ebcd88dd0e2a8db3a5a08654bc3be0262
Certificate serial:       019426D9A91AAA834F25771F4621BAFE539B
Authority key identifier: D0:7D:C3:5E:BC:D8:8D:D0:E2:A8:DB:3A:5A:08:65:4B:C3:BE:02:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/qMKz0iOTV-AipsqG6OSykAqBmcw.roa
Signing time:             Thu 02 Jan 2025 11:49:46 +0000
ROA not before:           Thu 02 Jan 2025 11:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51088
IP address blocks:        5.44.72.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:a9:1a:aa:83:4f:25:77:1f:46:21:ba:fe:53:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07dc35ebcd88dd0e2a8db3a5a08654bc3be0262
        Validity
            Not Before: Jan  2 11:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8c2b3d2239357e022a6ca86e8e4b2900a8199cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:04:e4:9c:42:73:f5:59:51:fd:87:8c:ed:54:
                    b9:9e:06:35:d9:da:ce:19:35:1a:03:ab:af:40:49:
                    e4:30:8e:ee:6c:87:9d:9c:a7:de:29:d3:31:01:e9:
                    69:9d:5e:3d:7c:69:1a:1c:87:a1:43:3c:40:4c:a8:
                    eb:a3:45:82:7a:8c:b6:df:e3:b9:2f:a9:55:de:e3:
                    0a:63:75:83:08:bc:d4:e8:5e:f8:b1:b2:b1:6a:9f:
                    f3:17:64:03:9d:83:f4:0a:2d:ea:0f:67:d9:c4:bf:
                    c2:9e:e4:75:3b:bb:7d:8f:71:22:94:3e:f3:24:89:
                    b6:43:af:54:37:ca:0a:35:a5:59:02:21:25:40:dc:
                    79:8f:33:12:c0:82:bd:5e:c9:ac:eb:39:27:3c:f6:
                    8d:9c:aa:c9:3d:4b:ff:0e:2b:83:6d:3b:db:d8:31:
                    51:d6:b3:98:4e:c3:72:10:73:06:c7:56:ed:f7:5b:
                    69:3c:e1:35:9c:6a:c3:0d:c8:e4:b6:bb:40:23:1c:
                    2c:c6:14:e3:46:12:ba:65:6d:5a:91:3f:eb:82:d1:
                    47:9d:17:2e:76:54:a3:10:93:24:61:a0:d1:7a:92:
                    f0:02:b9:82:34:2d:61:2c:5a:b9:7e:73:54:0d:d2:
                    77:57:cb:c0:80:4f:8a:4d:b8:6a:70:5d:5e:51:5c:
                    c5:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C2:B3:D2:23:93:57:E0:22:A6:CA:86:E8:E4:B2:90:0A:81:99:CC
            X509v3 Authority Key Identifier:
                keyid:D0:7D:C3:5E:BC:D8:8D:D0:E2:A8:DB:3A:5A:08:65:4B:C3:BE:02:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/qMKz0iOTV-AipsqG6OSykAqBmcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ae:39:df:43:31:75:cf:30:48:5b:a6:f4:99:35:0c:42:4b:05:
         f2:8c:38:ef:72:f5:13:17:18:b2:de:65:a8:77:97:f2:82:99:
         8a:3a:19:1e:1e:96:18:da:e8:52:e0:76:55:9a:65:b8:c5:01:
         de:4b:fc:bf:e4:aa:da:d9:9a:87:51:fe:29:2e:84:99:eb:53:
         b4:52:d4:c1:ef:f3:98:90:81:73:49:0a:56:76:44:bc:cc:0a:
         eb:94:a2:16:26:d5:07:d9:9d:d2:85:f8:94:7a:fc:0f:0f:85:
         bb:b2:91:cb:8e:85:d3:fb:d6:de:38:51:38:e7:05:fa:4f:1b:
         e7:f1:fa:bf:8b:a5:94:b9:50:ed:03:ab:71:e2:e0:35:10:cd:
         7d:01:b5:a3:1b:ec:fc:39:ae:a6:ee:2b:4d:69:06:4b:2f:26:
         ac:e3:ba:13:59:15:7b:64:62:c1:66:77:74:9e:bd:29:42:1d:
         cf:44:82:5a:08:c3:01:f2:59:ae:ee:3c:9f:94:d3:6d:6b:59:
         b6:5b:b7:4a:84:10:11:6c:39:f8:ba:4b:3f:b5:34:85:91:ab:
         f2:e8:0d:4a:74:70:62:b9:6d:e9:b8:7c:fe:95:cb:11:73:07:
         6e:c2:cd:1a:d6:d9:f4:6e:22:63:ea:59:cc:b4:da:a7:34:72:
         59:ed:63:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2akaqoNPJXcfRiG6/lObMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2RjMzVlYmNkODhkZDBlMmE4ZGIzYTVhMDg2NTRiYzNi
ZTAyNjIwHhcNMjUwMTAyMTE0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGMyYjNkMjIzOTM1N2UwMjJhNmNhODZlOGU0YjI5MDBhODE5OWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQTknEJz9VlR/YeM7VS5ngY12drO
GTUaA6uvQEnkMI7ubIednKfeKdMxAelpnV49fGkaHIehQzxATKjro0WCeoy23+O5
L6lV3uMKY3WDCLzU6F74sbKxap/zF2QDnYP0Ci3qD2fZxL/CnuR1O7t9j3EilD7z
JIm2Q69UN8oKNaVZAiElQNx5jzMSwIK9Xsms6zknPPaNnKrJPUv/DiuDbTvb2DFR
1rOYTsNyEHMGx1bt91tpPOE1nGrDDcjktrtAIxwsxhTjRhK6ZW1akT/rgtFHnRcu
dlSjEJMkYaDRepLwArmCNC1hLFq5fnNUDdJ3V8vAgE+KTbhqcF1eUVzFzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjCs9Ijk1fgIqbKhujkspAKgZnMMB8GA1UdIwQY
MBaAFNB9w1682I3Q4qjbOloIZUvDvgJiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgzRFhyellqZERpcU5zNldnaGxTOE8tQW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8xYzcxOGQtZTdhMC00MGFjLWExODEt
Y2JhYTQyYTYyNzI3LzEvcU1LejBpT1RWLUFpcHNxRzZPU3lrQXFCbWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8xYzcxOGQtZTdhMC00MGFjLWExODEtY2JhYTQyYTYyNzI3
LzEvMEgzRFhyellqZERpcU5zNldnaGxTOE8tQW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBSxIMA0G
CSqGSIb3DQEBCwUAA4IBAQCuOd9DMXXPMEhbpvSZNQxCSwXyjDjvcvUTFxiy3mWo
d5fygpmKOhkeHpYY2uhS4HZVmmW4xQHeS/y/5Kra2ZqHUf4pLoSZ61O0UtTB7/OY
kIFzSQpWdkS8zArrlKIWJtUH2Z3ShfiUevwPD4W7spHLjoXT+9beOFE45wX6Txvn
8fq/i6WUuVDtA6tx4uA1EM19AbWjG+z8Oa6m7itNaQZLLyas47oTWRV7ZGLBZnd0
nr0pQh3PRIJaCMMB8lmu7jyflNNta1m2W7dKhBARbDn4uks/tTSFkavy6A1KdHBi
uW3puHz+lcsRcwduws0a1tn0biJj6lnMtNqnNHJZ7WPq
-----END CERTIFICATE-----