Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4a999f-d1fa-4887-bae8-e23f10e4b91c/1/5_kOrk9oP3_8LpHa04lopaDNoOs.roa
File:                     5_kOrk9oP3_8LpHa04lopaDNoOs.roa (raw, json)
Hash identifier:          taYYwA5WRT4de9qoNl6GeZp2wx5lTLgYK1KxyY9IZPk=
Subject key identifier:   E7:F9:0E:AE:4F:68:3F:7F:FC:2E:91:DA:D3:89:68:A5:A0:CD:A0:EB
Certificate issuer:       /CN=0f65bd21c683207da0c39fb3798535af49e0bff5
Certificate serial:       019420685708524831A0FF72164BE6D8DC31
Authority key identifier: 0F:65:BD:21:C6:83:20:7D:A0:C3:9F:B3:79:85:35:AF:49:E0:BF:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2W9IcaDIH2gw5-zeYU1r0ngv_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4a999f-d1fa-4887-bae8-e23f10e4b91c/1/5_kOrk9oP3_8LpHa04lopaDNoOs.roa
Signing time:             Wed 01 Jan 2025 05:48:16 +0000
ROA not before:           Wed 01 Jan 2025 05:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61144
IP address blocks:        185.172.196.0/24 maxlen: 24
                          185.172.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/4a999f-d1fa-4887-bae8-e23f10e4b91c/1/D2W9IcaDIH2gw5-zeYU1r0ngv_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/4a999f-d1fa-4887-bae8-e23f10e4b91c/1/D2W9IcaDIH2gw5-zeYU1r0ngv_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D2W9IcaDIH2gw5-zeYU1r0ngv_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:57:08:52:48:31:a0:ff:72:16:4b:e6:d8:dc:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f65bd21c683207da0c39fb3798535af49e0bff5
        Validity
            Not Before: Jan  1 05:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7f90eae4f683f7ffc2e91dad38968a5a0cda0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:1e:43:fa:77:79:83:ab:81:ed:0f:07:89:1c:
                    47:bc:30:8d:6b:8e:77:7e:c2:c5:dd:08:e8:53:6b:
                    11:9e:26:fa:eb:53:51:ce:ba:5d:13:26:32:5e:79:
                    98:13:43:e3:02:44:16:38:96:ed:04:65:52:3e:1e:
                    64:f6:31:bf:3c:03:fe:2f:ad:16:f4:b0:2b:4d:33:
                    02:19:aa:be:1c:1f:3f:c3:90:22:20:8a:93:bb:ac:
                    f0:81:70:8f:70:a3:a9:46:a0:45:06:52:4e:11:9c:
                    a6:68:d7:5f:da:50:88:06:31:1a:0a:e7:59:cd:78:
                    45:1b:10:61:6d:36:26:0f:44:86:2e:92:fd:8c:90:
                    fd:ec:8d:7b:eb:c1:ae:02:f6:bb:2d:8e:c7:d0:fb:
                    7c:cc:a2:a7:b3:1f:7b:59:b1:80:c0:86:37:2e:e9:
                    3f:e7:0b:d6:65:8d:f0:f4:7e:26:6d:87:6a:2b:ba:
                    f6:b3:25:d9:79:ba:97:88:0a:bb:6e:64:60:24:77:
                    bb:5a:cf:f0:aa:5c:b9:16:5c:0d:53:c2:e7:de:b8:
                    27:cf:f4:e4:6b:3f:9b:e6:ab:25:a0:57:14:03:a0:
                    04:25:41:31:68:37:89:a5:32:6d:27:c1:de:af:57:
                    9d:08:58:98:e4:85:15:6b:2f:29:b0:25:c5:55:a0:
                    1e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:F9:0E:AE:4F:68:3F:7F:FC:2E:91:DA:D3:89:68:A5:A0:CD:A0:EB
            X509v3 Authority Key Identifier:
                keyid:0F:65:BD:21:C6:83:20:7D:A0:C3:9F:B3:79:85:35:AF:49:E0:BF:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2W9IcaDIH2gw5-zeYU1r0ngv_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4a999f-d1fa-4887-bae8-e23f10e4b91c/1/5_kOrk9oP3_8LpHa04lopaDNoOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4a999f-d1fa-4887-bae8-e23f10e4b91c/1/D2W9IcaDIH2gw5-zeYU1r0ngv_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:4c:4c:ed:b3:4a:02:5e:7c:94:c6:2e:b4:80:ac:c3:ab:ff:
         0e:45:75:64:a5:51:6b:9a:cd:31:ca:ac:b0:3c:04:64:d6:c8:
         62:a2:f8:97:13:70:d2:fe:51:8b:ea:d7:a9:94:81:0f:0a:a0:
         d3:4b:fa:b1:4a:93:28:a8:41:fd:c1:72:a9:f9:0d:ab:82:4d:
         06:4d:b7:ab:9b:4b:27:b3:97:fb:93:ab:d1:49:0f:9a:68:e0:
         79:c4:ef:0f:a1:95:48:f9:2d:6c:f7:bd:38:fb:83:a4:b1:94:
         49:eb:d2:fa:63:9d:75:dc:ba:85:99:be:6e:ed:d3:80:1d:8f:
         59:fe:fc:ce:d3:3d:9e:ca:fe:35:dc:e6:b9:94:54:8c:08:4e:
         63:ed:9c:c0:25:2e:b0:bd:d9:40:53:55:0b:97:c5:11:bb:be:
         ef:9e:54:d3:cf:60:a8:1c:d4:b7:c0:ba:ca:66:11:5f:35:ac:
         d9:f7:77:f3:7a:0f:b7:db:73:2d:3f:5b:74:74:77:a3:e7:5e:
         eb:9c:9e:09:fc:5b:4e:64:9d:75:dc:c7:39:86:49:72:13:45:
         be:4e:1d:9a:25:40:2e:de:39:6c:25:e9:a5:2c:d8:27:ab:de:
         a3:fe:93:f6:12:d3:92:c3:9d:0f:c4:1f:c8:97:ae:a9:8c:b3:
         3a:9c:a8:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaFcIUkgxoP9yFkvm2NwxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjViZDIxYzY4MzIwN2RhMGMzOWZiMzc5ODUzNWFmNDll
MGJmZjUwHhcNMjUwMTAxMDU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2Y5MGVhZTRmNjgzZjdmZmMyZTkxZGFkMzg5NjhhNWEwY2RhMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7x5D+nd5g6uB7Q8HiRxHvDCNa453
fsLF3QjoU2sRnib661NRzrpdEyYyXnmYE0PjAkQWOJbtBGVSPh5k9jG/PAP+L60W
9LArTTMCGaq+HB8/w5AiIIqTu6zwgXCPcKOpRqBFBlJOEZymaNdf2lCIBjEaCudZ
zXhFGxBhbTYmD0SGLpL9jJD97I1768GuAva7LY7H0Pt8zKKnsx97WbGAwIY3Luk/
5wvWZY3w9H4mbYdqK7r2syXZebqXiAq7bmRgJHe7Ws/wqly5FlwNU8Ln3rgnz/Tk
az+b5qsloFcUA6AEJUExaDeJpTJtJ8Her1edCFiY5IUVay8psCXFVaAexwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOf5Dq5PaD9//C6R2tOJaKWgzaDrMB8GA1UdIwQY
MBaAFA9lvSHGgyB9oMOfs3mFNa9J4L/1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJXOUljYURJSDJndzUtemVZVTFyMG5ndl9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80YTk5OWYtZDFmYS00ODg3LWJhZTgt
ZTIzZjEwZTRiOTFjLzEvNV9rT3JrOW9QM184THBIYTA0bG9wYUROb09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80YTk5OWYtZDFmYS00ODg3LWJhZTgtZTIzZjEwZTRiOTFj
LzEvRDJXOUljYURJSDJndzUtemVZVTFyMG5ndl9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuazEMA0G
CSqGSIb3DQEBCwUAA4IBAQBzTEzts0oCXnyUxi60gKzDq/8ORXVkpVFrms0xyqyw
PARk1shioviXE3DS/lGL6teplIEPCqDTS/qxSpMoqEH9wXKp+Q2rgk0GTberm0sn
s5f7k6vRSQ+aaOB5xO8PoZVI+S1s9704+4OksZRJ69L6Y5113LqFmb5u7dOAHY9Z
/vzO0z2eyv413Oa5lFSMCE5j7ZzAJS6wvdlAU1ULl8URu77vnlTTz2CoHNS3wLrK
ZhFfNazZ93fzeg+323MtP1t0dHej517rnJ4J/FtOZJ113Mc5hklyE0W+Th2aJUAu
3jlsJemlLNgnq96j/pP2EtOSw50PxB/Il66pjLM6nKiL
-----END CERTIFICATE-----