Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/DwNEa67GeVfXPcLrWPlMm4OLjVo.roa
File:                     DwNEa67GeVfXPcLrWPlMm4OLjVo.roa (raw, json)
Hash identifier:          3gEhvhLUNasIQ2pRn7FSbquTzSKI+z6q4epOcxacj1o=
Subject key identifier:   0F:03:44:6B:AE:C6:79:57:D7:3D:C2:EB:58:F9:4C:9B:83:8B:8D:5A
Certificate issuer:       /CN=c7ebabd786da13805655b1b5501fdcbf433bc78d
Certificate serial:       01942444900365A2C717C8DF6B5B13492E0F
Authority key identifier: C7:EB:AB:D7:86:DA:13:80:56:55:B1:B5:50:1F:DC:BF:43:3B:C7:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x-ur14baE4BWVbG1UB_cv0M7x40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/DwNEa67GeVfXPcLrWPlMm4OLjVo.roa
Signing time:             Wed 01 Jan 2025 23:47:40 +0000
ROA not before:           Wed 01 Jan 2025 23:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211269
IP address blocks:        5.8.250.0/24 maxlen: 24
                          91.213.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/x-ur14baE4BWVbG1UB_cv0M7x40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/x-ur14baE4BWVbG1UB_cv0M7x40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x-ur14baE4BWVbG1UB_cv0M7x40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Jan 2025 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:90:03:65:a2:c7:17:c8:df:6b:5b:13:49:2e:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7ebabd786da13805655b1b5501fdcbf433bc78d
        Validity
            Not Before: Jan  1 23:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f03446baec67957d73dc2eb58f94c9b838b8d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:dd:c4:b9:f8:6c:00:e6:1f:32:ec:fb:2b:40:
                    93:df:59:97:02:03:72:5d:ca:94:55:bb:cf:e7:fd:
                    ab:d6:d9:b9:c2:58:e9:ff:98:c8:66:49:2c:b7:f0:
                    c9:92:fc:89:eb:03:3d:b2:0e:f5:d6:92:26:a8:b3:
                    a2:6d:28:47:a8:40:4a:2c:c9:10:5e:e6:da:84:63:
                    58:81:5d:e1:20:7f:b4:66:8b:e6:c2:3b:f2:31:1d:
                    5e:f3:b8:1e:1d:66:1c:60:58:8a:1f:a5:63:47:a6:
                    d1:36:26:2d:d7:6c:d9:6a:9b:27:3e:20:64:32:63:
                    37:3d:0f:55:66:cc:f8:33:fb:16:a0:b9:c7:df:eb:
                    0b:96:f2:bf:e6:eb:52:ff:b7:52:61:b6:cb:5e:b2:
                    ff:4a:d2:2f:89:f8:6c:8b:02:ce:79:b4:1e:12:c8:
                    4a:30:54:26:23:1d:6b:5a:46:82:48:23:52:f4:7a:
                    e5:f9:c6:07:51:a6:c0:31:40:6a:c9:51:42:57:55:
                    88:d0:61:49:e5:46:12:27:0e:5e:d5:06:c5:0c:9e:
                    b6:41:58:bd:b9:51:e5:a6:a9:1b:fe:86:0d:96:cc:
                    f6:94:51:33:04:fb:a1:15:41:1f:ee:b8:b2:de:c8:
                    2f:b3:70:39:29:0b:1d:59:24:16:ff:76:5f:5d:e8:
                    2b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:03:44:6B:AE:C6:79:57:D7:3D:C2:EB:58:F9:4C:9B:83:8B:8D:5A
            X509v3 Authority Key Identifier:
                keyid:C7:EB:AB:D7:86:DA:13:80:56:55:B1:B5:50:1F:DC:BF:43:3B:C7:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x-ur14baE4BWVbG1UB_cv0M7x40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/DwNEa67GeVfXPcLrWPlMm4OLjVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/x-ur14baE4BWVbG1UB_cv0M7x40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.250.0/24
                  91.213.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:c9:f2:21:c0:0f:9a:db:c1:55:bb:85:f9:61:bb:ec:07:bc:
         50:fd:0c:9a:d4:5c:61:ee:d3:f0:42:e6:09:f0:13:10:d5:35:
         e1:42:e5:dd:61:bb:b0:28:ab:42:02:04:85:ac:b2:6e:a3:21:
         97:5b:27:fd:b6:33:01:a0:50:8b:12:6e:44:87:a7:18:ea:0a:
         74:73:31:b4:98:ea:c0:c1:b3:94:33:3c:c1:3f:74:ab:64:e2:
         ed:c2:4e:84:78:31:c7:08:5c:06:7e:3e:24:a3:cb:e9:ec:c6:
         08:40:e4:0f:d8:e7:98:20:8e:78:38:fa:12:e8:db:fb:f4:ef:
         f8:a1:13:94:78:e1:b3:a7:7f:31:15:a0:18:66:90:18:15:36:
         06:bf:d5:f6:ed:f7:48:19:66:f8:e3:30:fb:7c:64:30:b4:20:
         04:38:51:17:44:55:d4:fb:42:71:a7:a8:07:7b:e6:b2:77:5d:
         c0:61:04:61:c4:5d:8f:fe:d3:d9:9e:d2:bf:fd:96:c4:df:65:
         63:1b:48:af:f5:34:4d:70:df:8d:95:d7:b4:72:ec:68:75:47:
         aa:16:42:f3:cd:ea:11:05:be:5f:b8:86:03:14:6d:41:7d:e5:
         93:ed:50:ce:51:9a:d5:90:24:a2:51:3c:4f:c0:00:ca:8a:c5:
         e1:6f:0b:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRJADZaLHF8jfa1sTSS4PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZWJhYmQ3ODZkYTEzODA1NjU1YjFiNTUwMWZkY2JmNDMz
YmM3OGQwHhcNMjUwMTAxMjM0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjAzNDQ2YmFlYzY3OTU3ZDczZGMyZWI1OGY5NGM5YjgzOGI4ZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd3EufhsAOYfMuz7K0CT31mXAgNy
XcqUVbvP5/2r1tm5wljp/5jIZkkst/DJkvyJ6wM9sg711pImqLOibShHqEBKLMkQ
XubahGNYgV3hIH+0ZovmwjvyMR1e87geHWYcYFiKH6VjR6bRNiYt12zZapsnPiBk
MmM3PQ9VZsz4M/sWoLnH3+sLlvK/5utS/7dSYbbLXrL/StIvifhsiwLOebQeEshK
MFQmIx1rWkaCSCNS9Hrl+cYHUabAMUBqyVFCV1WI0GFJ5UYSJw5e1QbFDJ62QVi9
uVHlpqkb/oYNlsz2lFEzBPuhFUEf7riy3sgvs3A5KQsdWSQW/3ZfXegr1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA8DRGuuxnlX1z3C61j5TJuDi41aMB8GA1UdIwQY
MBaAFMfrq9eG2hOAVlWxtVAf3L9DO8eNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveC11cjE0YmFFNEJXVmJHMVVCX2N2ME03eDQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9jMDY0YTUtZDdhOS00ZTZmLThmZDgt
MGRjZDAzZGMwODk3LzEvRHdORWE2N0dlVmZYUGNMcldQbE1tNE9MalZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9jMDY0YTUtZDdhOS00ZTZmLThmZDgtMGRjZDAzZGMwODk3
LzEveC11cjE0YmFFNEJXVmJHMVVCX2N2ME03eDQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABQj6AwQA
W9XJMA0GCSqGSIb3DQEBCwUAA4IBAQAYyfIhwA+a28FVu4X5YbvsB7xQ/Qya1Fxh
7tPwQuYJ8BMQ1TXhQuXdYbuwKKtCAgSFrLJuoyGXWyf9tjMBoFCLEm5Eh6cY6gp0
czG0mOrAwbOUMzzBP3SrZOLtwk6EeDHHCFwGfj4ko8vp7MYIQOQP2OeYII54OPoS
6Nv79O/4oROUeOGzp38xFaAYZpAYFTYGv9X27fdIGWb44zD7fGQwtCAEOFEXRFXU
+0Jxp6gHe+ayd13AYQRhxF2P/tPZntK//ZbE32VjG0iv9TRNcN+Nlde0cuxodUeq
FkLzzeoRBb5fuIYDFG1BfeWT7VDOUZrVkCSiUTxPwADKisXhbwsq
-----END CERTIFICATE-----