Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/DgqNbF9iJTN6tJqFHFsmrsPTN-0.roa
File:                     DgqNbF9iJTN6tJqFHFsmrsPTN-0.roa (raw, json)
Hash identifier:          LWJhYWGLPkv6XiCgsYq7ikNGs7uAsKZdQqaT/g/DLbI=
Subject key identifier:   0E:0A:8D:6C:5F:62:25:33:7A:B4:9A:85:1C:5B:26:AE:C3:D3:37:ED
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       01941F8C4EEBEEC22EEB4E54338BA6A79997
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/DgqNbF9iJTN6tJqFHFsmrsPTN-0.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200370
IP address blocks:        5.202.224.0/24 maxlen: 24
                          5.202.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4e:eb:ee:c2:2e:eb:4e:54:33:8b:a6:a7:99:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e0a8d6c5f6225337ab49a851c5b26aec3d337ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:79:10:a0:33:fd:ee:22:d7:2e:d8:f7:ed:6d:
                    7f:cc:54:fc:fb:13:9a:6f:71:7c:e6:15:ad:1f:b7:
                    9b:36:c2:09:78:2f:85:44:8d:f1:2d:89:a0:33:6c:
                    76:09:85:7c:9c:98:a9:0e:56:a2:64:cd:91:68:ce:
                    da:99:e7:86:0b:c7:47:7e:b7:43:d0:b9:bc:27:af:
                    1c:6c:0c:ca:b2:84:43:f9:d2:83:40:97:7c:f9:54:
                    47:71:09:d4:12:29:f5:5b:b8:2c:a2:96:79:00:32:
                    f8:39:2f:8d:c8:ea:b7:70:1f:95:7e:69:98:16:67:
                    70:bb:76:99:cd:72:cd:90:9a:b3:17:da:00:31:5b:
                    3e:73:95:08:ab:f9:55:73:0c:6a:8f:f0:04:8c:47:
                    75:7e:ef:60:df:3a:c0:28:ae:f3:86:d2:c9:9a:52:
                    fc:90:61:b5:dd:0d:b4:7f:c2:a7:80:05:91:1a:53:
                    e3:d1:e4:3e:d6:db:8b:91:6d:c0:13:6c:81:dd:dd:
                    cb:c3:80:57:c8:11:d5:8c:ac:6c:96:00:c9:2f:62:
                    56:7b:61:00:3f:87:31:64:88:73:b0:da:03:7b:03:
                    74:33:ea:22:5f:70:5c:4b:f6:75:a9:8b:35:aa:64:
                    5b:33:c2:bc:12:c2:12:22:23:b6:ad:3c:5e:dd:62:
                    3f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:0A:8D:6C:5F:62:25:33:7A:B4:9A:85:1C:5B:26:AE:C3:D3:37:ED
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/DgqNbF9iJTN6tJqFHFsmrsPTN-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:1e:16:3e:71:3a:76:33:f0:6b:58:ef:1f:ee:43:6a:a0:1b:
         f5:59:66:e6:9a:7d:40:73:ca:7e:3e:60:51:bc:65:5d:89:92:
         d5:a9:1d:5b:a7:0c:72:d1:01:44:2b:e7:6d:48:bd:a6:4c:a5:
         14:10:9a:0e:e8:f5:e6:e0:ee:1d:fa:d5:a1:90:c7:df:f4:64:
         2c:dd:dd:32:93:39:e7:a4:13:3b:b7:6b:27:8a:4c:d3:09:69:
         0a:4b:d0:5d:d1:ef:42:44:7a:e9:bd:24:96:3d:0d:ff:f9:81:
         b6:23:93:d0:8b:c4:8d:87:c3:2e:e2:61:5b:0d:88:71:da:32:
         23:ff:e8:3e:46:57:e0:b4:0e:9e:13:89:21:98:59:91:d4:5c:
         38:8a:dc:77:e6:29:43:c9:31:f4:87:80:52:a0:1d:1d:47:f5:
         62:f2:c7:2a:1c:74:a8:2c:49:f3:ee:3e:93:99:d2:cd:8b:99:
         da:bf:e3:a8:a9:f0:41:be:92:a5:92:56:58:e5:57:5c:ff:95:
         00:e1:48:96:ff:64:ad:fe:d2:89:41:b1:b2:9d:0a:1f:cd:14:
         f3:42:72:f0:59:0c:62:4d:11:3d:60:13:7d:23:df:99:38:65:
         12:d6:e7:c5:a7:60:36:b3:98:b3:e0:74:3a:c4:fd:2d:25:27:
         d0:eb:01:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjE7r7sIu605UM4ump5mXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTBhOGQ2YzVmNjIyNTMzN2FiNDlhODUxYzViMjZhZWMzZDMzN2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXkQoDP97iLXLtj37W1/zFT8+xOa
b3F85hWtH7ebNsIJeC+FRI3xLYmgM2x2CYV8nJipDlaiZM2RaM7ameeGC8dHfrdD
0Lm8J68cbAzKsoRD+dKDQJd8+VRHcQnUEin1W7gsopZ5ADL4OS+NyOq3cB+VfmmY
Fmdwu3aZzXLNkJqzF9oAMVs+c5UIq/lVcwxqj/AEjEd1fu9g3zrAKK7zhtLJmlL8
kGG13Q20f8KngAWRGlPj0eQ+1tuLkW3AE2yB3d3Lw4BXyBHVjKxslgDJL2JWe2EA
P4cxZIhzsNoDewN0M+oiX3BcS/Z1qYs1qmRbM8K8EsISIiO2rTxe3WI/+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4KjWxfYiUzerSahRxbJq7D0zftMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvRGdxTmJGOWlKVE42dEpxRkhGc21yc1BUTi0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBcrgMA0G
CSqGSIb3DQEBCwUAA4IBAQBhHhY+cTp2M/BrWO8f7kNqoBv1WWbmmn1Ac8p+PmBR
vGVdiZLVqR1bpwxy0QFEK+dtSL2mTKUUEJoO6PXm4O4d+tWhkMff9GQs3d0ykznn
pBM7t2snikzTCWkKS9Bd0e9CRHrpvSSWPQ3/+YG2I5PQi8SNh8Mu4mFbDYhx2jIj
/+g+RlfgtA6eE4khmFmR1Fw4itx35ilDyTH0h4BSoB0dR/Vi8scqHHSoLEnz7j6T
mdLNi5nav+OoqfBBvpKlklZY5Vdc/5UA4UiW/2St/tKJQbGynQofzRTzQnLwWQxi
TRE9YBN9I9+ZOGUS1ufFp2A2s5iz4HQ6xP0tJSfQ6wGO
-----END CERTIFICATE-----