Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/5Nz-AE8zN2OcGLoojbMN4SIMjbY.roa
File:                     5Nz-AE8zN2OcGLoojbMN4SIMjbY.roa (raw, json)
Hash identifier:          AgE+MJGNrYK3L+AcpKPTtjRo4snzzw7nRgm2knPfQ04=
Subject key identifier:   E4:DC:FE:00:4F:33:37:63:9C:18:BA:28:8D:B3:0D:E1:22:0C:8D:B6
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D7112BDB4B73D4B00C19108B175BED
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/5Nz-AE8zN2OcGLoojbMN4SIMjbY.roa
Signing time:             Wed 01 Jan 2025 21:48:04 +0000
ROA not before:           Wed 01 Jan 2025 21:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51921
IP address blocks:        185.58.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:11:2b:db:4b:73:d4:b0:0c:19:10:8b:17:5b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4dcfe004f3337639c18ba288db30de1220c8db6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f3:f5:fd:23:4b:20:21:99:e5:cb:1c:21:77:
                    e5:e3:64:49:37:87:f0:1b:54:30:f1:43:a6:0c:56:
                    58:a0:a8:a7:ba:1a:3e:2d:8f:9b:d2:02:68:76:87:
                    78:49:5b:18:d7:ee:a5:f1:71:31:5b:45:6f:82:f3:
                    28:69:b2:59:3c:a5:bf:d0:79:10:90:b7:89:9a:23:
                    4d:4e:9c:89:41:ce:ea:92:cd:a9:d9:3d:aa:0b:af:
                    f2:30:a7:52:7c:76:7e:51:a5:f9:de:06:fa:5f:2e:
                    11:91:c1:e5:9f:da:0e:54:a3:c7:eb:4d:d3:50:2b:
                    ab:e7:f1:8f:83:2d:ab:f8:78:68:69:ec:b6:54:ad:
                    5e:03:81:8e:09:82:51:19:c0:32:8d:01:0f:70:6f:
                    59:fd:b0:42:d3:2d:0d:4e:31:a4:73:9a:dc:c8:a9:
                    8a:19:78:c3:4c:bd:15:33:37:38:06:fa:d1:76:93:
                    66:f9:89:a3:3d:4a:d6:f2:7e:48:c8:89:25:c4:2b:
                    f9:40:69:2f:87:03:58:3b:6c:06:66:60:2a:83:3d:
                    58:ad:3e:a2:e2:0b:90:4f:55:78:1e:7c:51:40:f1:
                    b4:3f:5d:6d:97:26:6c:8f:00:4d:79:ef:24:f8:05:
                    dd:1a:90:07:59:99:c5:06:48:64:ea:22:8a:59:2e:
                    36:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:DC:FE:00:4F:33:37:63:9C:18:BA:28:8D:B3:0D:E1:22:0C:8D:B6
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/5Nz-AE8zN2OcGLoojbMN4SIMjbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:16:a3:31:0f:12:af:db:a9:03:8e:34:bd:ae:b7:f5:12:96:
         15:1a:c3:6d:f9:48:a5:4a:59:c6:96:7b:c3:00:71:d4:70:13:
         0a:1a:76:97:dc:86:07:8b:da:49:19:03:d9:88:76:43:01:d3:
         85:78:21:2e:0b:b1:b0:fe:71:76:d1:35:5a:c7:7a:4b:c8:cf:
         d8:ca:f2:84:7e:6c:16:ff:8c:67:41:1d:57:95:b4:6d:86:f8:
         11:f9:96:1d:53:d3:44:07:2b:b2:5a:12:2a:52:f5:9d:08:7d:
         f2:97:6a:54:3e:c6:ed:7d:47:63:97:b7:06:03:fa:30:38:01:
         b6:e2:2c:cd:06:d7:42:d9:91:36:96:63:b3:92:27:7e:69:68:
         5e:78:09:d6:14:eb:91:22:f4:cf:f6:ed:d2:70:b9:82:5a:31:
         e1:8d:9d:df:f4:0c:c8:e2:0e:89:6e:4d:be:f5:07:f0:3c:26:
         13:13:61:db:8a:f5:b5:ec:34:02:5b:f2:cb:f2:3c:f7:59:6b:
         0b:45:76:7b:00:c8:82:6d:68:00:68:10:8b:00:73:f4:74:1c:
         8b:3d:32:6d:ad:f6:1d:b7:c5:a5:55:7c:94:af:36:b9:be:35:
         7d:27:d1:d2:4b:ee:fc:f6:a6:46:d5:cd:e3:83:8d:dd:a3:95:
         05:86:66:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xEr20tz1LAMGRCLF1vtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGRjZmUwMDRmMzMzNzYzOWMxOGJhMjg4ZGIzMGRlMTIyMGM4ZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPP1/SNLICGZ5cscIXfl42RJN4fw
G1Qw8UOmDFZYoKinuho+LY+b0gJodod4SVsY1+6l8XExW0VvgvMoabJZPKW/0HkQ
kLeJmiNNTpyJQc7qks2p2T2qC6/yMKdSfHZ+UaX53gb6Xy4RkcHln9oOVKPH603T
UCur5/GPgy2r+Hhoaey2VK1eA4GOCYJRGcAyjQEPcG9Z/bBC0y0NTjGkc5rcyKmK
GXjDTL0VMzc4BvrRdpNm+YmjPUrW8n5IyIklxCv5QGkvhwNYO2wGZmAqgz1YrT6i
4guQT1V4HnxRQPG0P11tlyZsjwBNee8k+AXdGpAHWZnFBkhk6iKKWS42HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTc/gBPMzdjnBi6KI2zDeEiDI22MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvNU56LUFFOHpOMk9jR0xvb2piTU40U0lNamJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTrNMA0G
CSqGSIb3DQEBCwUAA4IBAQA5FqMxDxKv26kDjjS9rrf1EpYVGsNt+UilSlnGlnvD
AHHUcBMKGnaX3IYHi9pJGQPZiHZDAdOFeCEuC7Gw/nF20TVax3pLyM/YyvKEfmwW
/4xnQR1XlbRthvgR+ZYdU9NEByuyWhIqUvWdCH3yl2pUPsbtfUdjl7cGA/owOAG2
4izNBtdC2ZE2lmOzkid+aWheeAnWFOuRIvTP9u3ScLmCWjHhjZ3f9AzI4g6Jbk2+
9QfwPCYTE2HbivW17DQCW/LL8jz3WWsLRXZ7AMiCbWgAaBCLAHP0dByLPTJtrfYd
t8WlVXyUrza5vjV9J9HSS+789qZG1c3jg43do5UFhmbE
-----END CERTIFICATE-----