Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/ZV9AgWO6uhagwHDD9I6tZkK9CXE.roa
File:                     ZV9AgWO6uhagwHDD9I6tZkK9CXE.roa (raw, json)
Hash identifier:          r40ZyDvHygBFDbvKP6P/hRu0VsEVvZUOQj6L+ANjkj8=
Subject key identifier:   65:5F:40:81:63:BA:BA:16:A0:C0:70:C3:F4:8E:AD:66:42:BD:09:71
Certificate issuer:       /CN=43594e55dc96cb9b980a52aa637e48a8d87389c0
Certificate serial:       019421B1F695EABD130099211640DB73ED5A
Authority key identifier: 43:59:4E:55:DC:96:CB:9B:98:0A:52:AA:63:7E:48:A8:D8:73:89:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q1lOVdyWy5uYClKqY35IqNhzicA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/ZV9AgWO6uhagwHDD9I6tZkK9CXE.roa
Signing time:             Wed 01 Jan 2025 11:48:18 +0000
ROA not before:           Wed 01 Jan 2025 11:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35193
IP address blocks:        5.145.120.0/21 maxlen: 21
                          85.239.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Q1lOVdyWy5uYClKqY35IqNhzicA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Q1lOVdyWy5uYClKqY35IqNhzicA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q1lOVdyWy5uYClKqY35IqNhzicA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f6:95:ea:bd:13:00:99:21:16:40:db:73:ed:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43594e55dc96cb9b980a52aa637e48a8d87389c0
        Validity
            Not Before: Jan  1 11:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=655f408163baba16a0c070c3f48ead6642bd0971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5c:4c:5c:35:a3:3b:0c:25:58:7d:21:1a:22:
                    3c:88:dc:b3:a2:c3:e7:9a:ab:02:a7:34:8d:86:43:
                    53:7a:bc:35:d2:91:dc:76:d2:dd:68:59:27:de:4b:
                    30:43:4a:92:23:13:57:9a:b5:eb:9b:76:70:5e:a2:
                    b3:da:f7:46:7f:94:00:b3:f8:1e:ac:d9:57:6f:de:
                    83:bf:1d:f9:8e:e0:b2:20:0f:51:fc:e3:e1:2a:45:
                    83:5a:5d:f8:2b:7c:30:1c:29:ec:d5:ee:bb:9f:70:
                    f0:34:86:77:66:f5:78:96:76:88:9f:f4:74:14:f8:
                    30:14:94:af:d0:66:26:f6:ca:4d:a8:b0:08:74:2a:
                    cf:70:cb:47:ef:e7:aa:e4:6a:5c:b5:5a:18:33:d9:
                    0c:57:ff:12:2c:54:1a:26:b2:f6:8a:ca:6e:b2:2e:
                    6f:ec:7c:67:8a:93:bb:ea:78:ee:db:cf:7e:30:49:
                    e4:88:21:0f:e0:d3:23:89:7e:cc:bf:e4:1a:23:a7:
                    ca:e6:72:12:2b:da:9f:ff:b2:95:16:03:76:31:cb:
                    d2:04:df:ea:36:3d:66:c0:4f:6d:e6:f3:27:22:33:
                    ec:af:5b:70:bd:b2:1f:45:fe:86:c4:b3:aa:32:61:
                    b9:0e:be:61:4b:fa:fa:65:c9:8f:db:39:93:83:ac:
                    3d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:5F:40:81:63:BA:BA:16:A0:C0:70:C3:F4:8E:AD:66:42:BD:09:71
            X509v3 Authority Key Identifier:
                keyid:43:59:4E:55:DC:96:CB:9B:98:0A:52:AA:63:7E:48:A8:D8:73:89:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1lOVdyWy5uYClKqY35IqNhzicA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/ZV9AgWO6uhagwHDD9I6tZkK9CXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/85e125-85d6-43f0-98bf-d8fa0eda3abe/1/Q1lOVdyWy5uYClKqY35IqNhzicA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.120.0/21
                  85.239.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6e:51:2e:03:72:76:c3:f6:2b:c1:c2:cc:e2:61:0f:68:73:62:
         54:8c:bf:cd:89:0a:a5:83:46:6f:4b:c7:39:23:e1:23:78:bb:
         6a:84:1e:10:56:b8:c1:8d:90:df:47:23:fb:ba:45:ed:86:17:
         58:d5:06:78:be:eb:a9:69:72:8b:33:41:81:6e:a9:4b:d2:bf:
         e5:d0:97:91:01:8f:2d:2e:11:fe:2b:be:94:0c:fa:88:ce:8d:
         6e:2f:90:cd:26:2b:12:7f:d1:70:1c:0e:2f:b4:f7:22:5c:df:
         0c:7f:7c:7b:20:f5:7f:5c:12:0b:cb:3e:05:c1:86:a6:3d:a7:
         d0:03:cb:19:81:45:9b:54:c1:82:ff:84:26:6d:11:ff:12:c6:
         cb:f8:c6:04:c2:97:c9:ef:14:b5:98:77:19:56:db:47:ae:33:
         c9:2d:f3:8e:66:7d:f8:f7:c3:db:1c:60:45:32:b3:40:ad:ec:
         16:71:c9:be:d3:99:77:48:65:37:eb:4c:3c:7f:60:c7:90:60:
         fd:15:6e:6c:35:b0:ec:6f:bc:34:ab:b7:e7:df:78:c4:24:a2:
         42:22:3e:b3:22:d3:ef:cd:bd:cf:3b:3b:a7:d3:93:d2:40:15:
         10:fe:9f:6a:1f:e4:60:2f:4f:f1:e8:56:52:58:18:f4:0f:75:
         18:fa:d2:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsfaV6r0TAJkhFkDbc+1aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTk0ZTU1ZGM5NmNiOWI5ODBhNTJhYTYzN2U0OGE4ZDg3
Mzg5YzAwHhcNMjUwMTAxMTE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTVmNDA4MTYzYmFiYTE2YTBjMDcwYzNmNDhlYWQ2NjQyYmQwOTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVxMXDWjOwwlWH0hGiI8iNyzosPn
mqsCpzSNhkNTerw10pHcdtLdaFkn3kswQ0qSIxNXmrXrm3ZwXqKz2vdGf5QAs/ge
rNlXb96Dvx35juCyIA9R/OPhKkWDWl34K3wwHCns1e67n3DwNIZ3ZvV4lnaIn/R0
FPgwFJSv0GYm9spNqLAIdCrPcMtH7+eq5GpctVoYM9kMV/8SLFQaJrL2ispusi5v
7HxnipO76nju289+MEnkiCEP4NMjiX7Mv+QaI6fK5nISK9qf/7KVFgN2McvSBN/q
Nj1mwE9t5vMnIjPsr1twvbIfRf6GxLOqMmG5Dr5hS/r6ZcmP2zmTg6w9KwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGVfQIFjuroWoMBww/SOrWZCvQlxMB8GA1UdIwQY
MBaAFENZTlXclsubmApSqmN+SKjYc4nAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFsT1ZkeVd5NXVZQ2xLcVkzNUlxTmh6aWNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84NWUxMjUtODVkNi00M2YwLTk4YmYt
ZDhmYTBlZGEzYWJlLzEvWlY5QWdXTzZ1aGFnd0hERDlJNnRaa0s5Q1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84NWUxMjUtODVkNi00M2YwLTk4YmYtZDhmYTBlZGEzYWJl
LzEvUTFsT1ZkeVd5NXVZQ2xLcVkzNUlxTmh6aWNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBZF4AwQF
Ve+gMA0GCSqGSIb3DQEBCwUAA4IBAQBuUS4DcnbD9ivBwsziYQ9oc2JUjL/NiQql
g0ZvS8c5I+EjeLtqhB4QVrjBjZDfRyP7ukXthhdY1QZ4vuupaXKLM0GBbqlL0r/l
0JeRAY8tLhH+K76UDPqIzo1uL5DNJisSf9FwHA4vtPciXN8Mf3x7IPV/XBILyz4F
wYamPafQA8sZgUWbVMGC/4QmbRH/EsbL+MYEwpfJ7xS1mHcZVttHrjPJLfOOZn34
98PbHGBFMrNArewWccm+05l3SGU360w8f2DHkGD9FW5sNbDsb7w0q7fn33jEJKJC
Ij6zItPvzb3POzun05PSQBUQ/p9qH+RgL0/x6FZSWBj0D3UY+tKY
-----END CERTIFICATE-----