Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/ZDC9lne_Mw5HGnKc_BlosdHRydU.roa
File:                     ZDC9lne_Mw5HGnKc_BlosdHRydU.roa (raw, json)
Hash identifier:          weK4VMIQ4U4f48AbIBmbaR1q1wEqlh/Uf6Y7Y9nQL4c=
Subject key identifier:   64:30:BD:96:77:BF:33:0E:47:1A:72:9C:FC:19:68:B1:D1:D1:C9:D5
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F8B8C13C858EB5EA14FF44D8B3C25
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/ZDC9lne_Mw5HGnKc_BlosdHRydU.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44687
IP address blocks:        5.133.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8b:8c:13:c8:58:eb:5e:a1:4f:f4:4d:8b:3c:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6430bd9677bf330e471a729cfc1968b1d1d1c9d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3e:be:d3:3b:16:1c:f3:18:b2:ac:8b:53:9b:
                    fb:1d:c9:31:32:98:8d:fc:cd:14:a2:41:06:74:2a:
                    93:48:cb:99:cf:34:02:0a:64:42:6a:37:e3:c5:ce:
                    bf:b8:b5:35:06:41:9b:2b:6b:3d:d7:21:03:42:cf:
                    43:c8:d3:d7:ae:4f:c1:28:b4:f2:11:b1:0d:a8:7e:
                    7d:93:92:e7:06:53:0d:69:f0:c1:69:66:62:eb:e8:
                    e3:e4:7b:ee:55:62:ec:e6:00:0b:aa:7c:e3:c0:6c:
                    9a:d2:2d:d8:a6:cb:56:eb:74:5f:2a:e4:7c:37:5d:
                    57:4c:0b:96:8f:fe:c0:bd:41:ca:f3:22:fd:87:f4:
                    fa:d4:50:6b:84:3f:3c:b2:02:2d:95:ff:a4:9b:e6:
                    b4:3d:1a:77:f3:3e:34:5b:c1:56:f0:19:3c:97:3f:
                    2d:10:1c:74:03:c7:d9:3b:b7:a5:2a:83:2c:59:d6:
                    29:1f:ea:5b:46:86:4a:81:f0:aa:b4:04:57:2c:b6:
                    92:92:40:e9:80:e2:70:c2:ad:49:0a:42:55:f8:d5:
                    7c:fe:7c:a8:d2:0f:36:cd:bc:1d:86:ed:73:ee:53:
                    84:03:f0:5d:0c:ad:2e:87:9b:9a:68:a3:dc:64:65:
                    cc:cf:97:c2:f7:92:3b:ac:a2:a4:4d:43:a1:3d:6d:
                    64:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:30:BD:96:77:BF:33:0E:47:1A:72:9C:FC:19:68:B1:D1:D1:C9:D5
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/ZDC9lne_Mw5HGnKc_BlosdHRydU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c6:1d:98:67:d6:dc:3a:29:8c:b4:a9:81:10:46:5c:73:8d:
         78:aa:99:56:e5:61:2b:5f:d2:af:72:c8:79:92:a4:e3:11:4d:
         2a:f3:5a:64:3b:07:c4:5a:67:fa:a2:5b:f3:66:3f:5f:ea:71:
         9c:49:6b:b9:88:62:06:2c:63:f4:55:db:ae:f5:ef:20:48:fd:
         47:63:29:73:73:07:af:f2:99:05:4d:03:82:cd:76:35:e7:df:
         8f:af:ab:28:2c:c8:9d:0a:8f:3e:e5:95:25:19:c3:7e:4a:35:
         f9:61:10:b9:6a:3e:70:f0:24:bf:0d:03:5d:5a:36:70:5d:42:
         d4:4e:ea:7b:b9:87:a2:7c:25:76:f3:b5:c0:17:f8:a0:c3:db:
         a1:92:f9:42:cf:4d:13:82:9e:e5:4b:0b:c9:3a:dd:40:f5:d7:
         7e:4e:0d:53:e7:21:20:f4:f9:56:9c:98:dc:9a:02:94:dd:fc:
         cc:15:ad:48:aa:9c:28:39:dc:79:b9:7d:f8:ce:d0:71:3d:78:
         ac:4f:c2:d0:fb:61:3f:6c:29:1c:80:f5:65:79:d7:f4:2e:89:
         d7:96:8e:42:d6:3e:66:c7:35:13:05:6c:9a:ef:ea:71:56:c5:
         9d:b3:ef:f1:80:59:65:12:ec:5f:75:c5:24:ea:8c:a9:a4:c1:
         02:0c:44:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4uME8hY616hT/RNizwlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDMwYmQ5Njc3YmYzMzBlNDcxYTcyOWNmYzE5NjhiMWQxZDFjOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArz6+0zsWHPMYsqyLU5v7HckxMpiN
/M0UokEGdCqTSMuZzzQCCmRCajfjxc6/uLU1BkGbK2s91yEDQs9DyNPXrk/BKLTy
EbENqH59k5LnBlMNafDBaWZi6+jj5HvuVWLs5gALqnzjwGya0i3YpstW63RfKuR8
N11XTAuWj/7AvUHK8yL9h/T61FBrhD88sgItlf+km+a0PRp38z40W8FW8Bk8lz8t
EBx0A8fZO7elKoMsWdYpH+pbRoZKgfCqtARXLLaSkkDpgOJwwq1JCkJV+NV8/nyo
0g82zbwdhu1z7lOEA/BdDK0uh5uaaKPcZGXMz5fC95I7rKKkTUOhPW1k5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQwvZZ3vzMORxpynPwZaLHR0cnVMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvWkRDOWxuZV9NdzVIR25LY19CbG9zZEhSeWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVtMA0G
CSqGSIb3DQEBCwUAA4IBAQCaxh2YZ9bcOimMtKmBEEZcc414qplW5WErX9Kvcsh5
kqTjEU0q81pkOwfEWmf6olvzZj9f6nGcSWu5iGIGLGP0Vduu9e8gSP1HYylzcwev
8pkFTQOCzXY159+Pr6soLMidCo8+5ZUlGcN+SjX5YRC5aj5w8CS/DQNdWjZwXULU
Tup7uYeifCV287XAF/igw9uhkvlCz00Tgp7lSwvJOt1A9dd+Tg1T5yEg9PlWnJjc
mgKU3fzMFa1IqpwoOdx5uX34ztBxPXisT8LQ+2E/bCkcgPVledf0LonXlo5C1j5m
xzUTBWya7+pxVsWds+/xgFllEuxfdcUk6oyppMECDES2
-----END CERTIFICATE-----