Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/5JotAZkNsZmdy-emIgo1Usa9KiQ.roa
File:                     5JotAZkNsZmdy-emIgo1Usa9KiQ.roa (raw, json)
Hash identifier:          KxNBmCau0tbWKOvKkyRjqvgSzYN9kgOnNbVL/mkB+N4=
Subject key identifier:   E4:9A:2D:01:99:0D:B1:99:9D:CB:E7:A6:22:0A:35:52:C6:BD:2A:24
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       0194266BD033E49017E9661F38200CF27D5B
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/5JotAZkNsZmdy-emIgo1Usa9KiQ.roa
Signing time:             Thu 02 Jan 2025 09:49:47 +0000
ROA not before:           Thu 02 Jan 2025 09:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211984
IP address blocks:        213.33.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d0:33:e4:90:17:e9:66:1f:38:20:0c:f2:7d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  2 09:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e49a2d01990db1999dcbe7a6220a3552c6bd2a24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:db:fa:ff:49:b0:30:a4:f4:87:0c:7d:a3:a6:
                    08:ae:a5:81:e5:bc:36:6a:cb:12:c8:3c:ec:1f:bc:
                    92:f3:9b:9c:d4:de:31:7e:47:e1:af:73:fb:36:0c:
                    54:45:9e:27:1e:84:85:6c:5c:47:0d:b8:fb:fb:7a:
                    3a:02:b8:eb:84:9a:6c:22:42:07:b1:2d:8c:0c:34:
                    29:7d:19:bf:08:49:7d:a1:89:44:8f:dc:e1:b0:18:
                    4a:c8:42:55:20:f6:09:dd:e9:73:15:be:21:00:a7:
                    cf:c2:a1:3b:8b:49:0c:fa:06:f4:07:d0:86:04:6b:
                    d6:c8:fc:25:04:fe:c8:89:f5:4d:71:32:b4:41:33:
                    61:75:57:ca:ae:29:67:2b:cd:00:2d:32:be:83:34:
                    76:55:58:aa:be:d1:21:70:77:c8:90:5e:eb:39:7c:
                    a2:e0:37:2f:6d:0b:68:0d:b0:6d:d2:dc:cb:73:94:
                    0f:97:b0:ad:e4:37:6c:f4:aa:fb:3c:85:43:4a:f1:
                    30:cc:f7:5c:af:4d:43:f8:1a:9d:8d:05:67:c4:a5:
                    8c:75:2c:02:98:ea:3d:69:1d:65:a5:72:71:68:2b:
                    03:b0:90:65:ff:64:07:01:c4:d3:4e:f0:5d:4d:58:
                    a3:ec:26:48:f1:f5:47:8b:b0:82:f8:85:0a:eb:c2:
                    af:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:9A:2D:01:99:0D:B1:99:9D:CB:E7:A6:22:0A:35:52:C6:BD:2A:24
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/5JotAZkNsZmdy-emIgo1Usa9KiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:3b:6d:c8:93:ed:1e:d4:10:d5:fc:03:c6:7c:c8:b1:fe:cf:
         00:17:07:a9:7d:08:73:55:c4:7d:35:a6:e7:41:7b:ba:4b:17:
         b9:a2:0e:3e:44:86:4b:22:5a:3e:4d:93:0d:53:0e:eb:52:0f:
         9b:66:7f:ba:84:a4:66:e9:3d:b6:87:60:29:37:dd:47:fa:39:
         f5:29:63:f9:49:09:ab:75:50:30:38:e9:30:ad:37:da:40:df:
         0c:c9:b7:c1:91:7b:08:22:c0:b8:61:fe:61:c9:f0:29:ca:98:
         f0:f9:43:ac:2a:6e:ae:a5:76:ec:ca:3c:18:fe:8e:ba:16:19:
         32:8d:dc:9a:af:a2:d6:fd:0a:45:d7:09:ed:bb:76:de:7b:28:
         5e:04:a2:f3:29:cd:28:17:c6:f7:9f:52:a6:1e:86:2a:26:e2:
         16:ec:f9:0e:ea:02:0f:75:45:30:f9:e9:f3:7e:5b:ec:d4:f5:
         e0:f6:45:79:32:1f:96:8f:23:d7:f3:4c:d6:e0:94:0d:12:29:
         24:c9:5a:f7:86:ef:12:e1:c4:2a:81:e3:b5:90:9c:dd:59:99:
         18:5e:65:7f:01:4e:5f:06:20:ed:cf:ba:23:e7:f8:5d:e4:a0:
         a4:e5:e9:a7:6d:a7:52:14:a5:c7:35:57:61:2f:4c:69:bb:5b:
         f5:03:bd:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9Az5JAX6WYfOCAM8n1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjUwMTAyMDk0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDlhMmQwMTk5MGRiMTk5OWRjYmU3YTYyMjBhMzU1MmM2YmQyYTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19v6/0mwMKT0hwx9o6YIrqWB5bw2
assSyDzsH7yS85uc1N4xfkfhr3P7NgxURZ4nHoSFbFxHDbj7+3o6ArjrhJpsIkIH
sS2MDDQpfRm/CEl9oYlEj9zhsBhKyEJVIPYJ3elzFb4hAKfPwqE7i0kM+gb0B9CG
BGvWyPwlBP7IifVNcTK0QTNhdVfKrilnK80ALTK+gzR2VViqvtEhcHfIkF7rOXyi
4DcvbQtoDbBt0tzLc5QPl7Ct5Dds9Kr7PIVDSvEwzPdcr01D+BqdjQVnxKWMdSwC
mOo9aR1lpXJxaCsDsJBl/2QHAcTTTvBdTVij7CZI8fVHi7CC+IUK68KvyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSaLQGZDbGZncvnpiIKNVLGvSokMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvNUpvdEFaa05zWm1keS1lbUlnbzFVc2E5S2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SFPMA0G
CSqGSIb3DQEBCwUAA4IBAQB2O23Ik+0e1BDV/APGfMix/s8AFwepfQhzVcR9Nabn
QXu6Sxe5og4+RIZLIlo+TZMNUw7rUg+bZn+6hKRm6T22h2ApN91H+jn1KWP5SQmr
dVAwOOkwrTfaQN8MybfBkXsIIsC4Yf5hyfApypjw+UOsKm6upXbsyjwY/o66Fhky
jdyar6LW/QpF1wntu3beeyheBKLzKc0oF8b3n1KmHoYqJuIW7PkO6gIPdUUw+enz
flvs1PXg9kV5Mh+WjyPX80zW4JQNEikkyVr3hu8S4cQqgeO1kJzdWZkYXmV/AU5f
BiDtz7oj5/hd5KCk5emnbadSFKXHNVdhL0xpu1v1A73/
-----END CERTIFICATE-----