Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/25f375-140f-46e9-967e-6e459a58e1d6/1/rbFhRWy7PnH1-c74EqjQ8O_SsH8.roa
File:                     rbFhRWy7PnH1-c74EqjQ8O_SsH8.roa (raw, json)
Hash identifier:          +OgMhgDQLZldm2bdOQKGi3uI3dnjtK1GBopk2ba9vPU=
Subject key identifier:   AD:B1:61:45:6C:BB:3E:71:F5:F9:CE:F8:12:A8:D0:F0:EF:D2:B0:7F
Certificate issuer:       /CN=9ca90e7daf15c17c1b9abc572157bc7d917b3991
Certificate serial:       019425214D9555F32A37C72C2E2BC089AFA5
Authority key identifier: 9C:A9:0E:7D:AF:15:C1:7C:1B:9A:BC:57:21:57:BC:7D:91:7B:39:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nKkOfa8VwXwbmrxXIVe8fZF7OZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/25f375-140f-46e9-967e-6e459a58e1d6/1/rbFhRWy7PnH1-c74EqjQ8O_SsH8.roa
Signing time:             Thu 02 Jan 2025 03:48:46 +0000
ROA not before:           Thu 02 Jan 2025 03:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206610
IP address blocks:        5.180.164.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/25f375-140f-46e9-967e-6e459a58e1d6/1/nKkOfa8VwXwbmrxXIVe8fZF7OZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/25f375-140f-46e9-967e-6e459a58e1d6/1/nKkOfa8VwXwbmrxXIVe8fZF7OZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nKkOfa8VwXwbmrxXIVe8fZF7OZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:4d:95:55:f3:2a:37:c7:2c:2e:2b:c0:89:af:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ca90e7daf15c17c1b9abc572157bc7d917b3991
        Validity
            Not Before: Jan  2 03:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=adb161456cbb3e71f5f9cef812a8d0f0efd2b07f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:99:aa:8e:26:f3:66:0e:fd:14:8f:4a:9c:a8:
                    d7:d3:1d:c5:72:92:1d:51:b3:04:c3:8c:09:3e:28:
                    5f:34:58:03:2b:73:77:b3:67:0f:21:69:ae:e0:72:
                    87:e2:cd:ca:89:3a:2f:e9:87:cd:da:85:7d:3b:6f:
                    62:8c:17:0a:61:42:cf:d5:35:65:f9:35:f9:e6:ca:
                    a8:fe:11:8a:95:e3:c1:bc:a7:38:ac:67:43:2a:3f:
                    12:a5:21:e5:07:00:11:13:d7:7f:e7:56:78:fb:ec:
                    39:bf:86:06:af:6d:a7:c5:fc:b9:18:a1:d7:6c:3f:
                    21:0d:b0:36:98:53:8b:8f:95:34:54:e1:bb:dd:22:
                    65:3a:89:1b:b5:47:b8:e7:d5:33:ca:a4:1c:7c:13:
                    05:fa:19:54:37:0d:a3:c1:06:6d:74:81:ac:5b:d0:
                    98:fb:cd:df:75:41:5c:27:37:2e:46:73:2d:c1:5c:
                    ce:24:43:d7:b7:40:95:54:63:5f:6c:ae:63:a2:05:
                    7f:fd:a8:fa:d9:97:d9:82:04:76:d8:af:b5:75:58:
                    10:34:10:e1:57:cd:51:5c:ee:6e:2a:ce:c0:87:f7:
                    ca:36:31:44:bd:34:55:9e:6d:13:d4:19:ca:94:95:
                    cd:4a:59:78:49:a8:9b:4a:5e:2e:ae:ac:26:10:58:
                    a1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:B1:61:45:6C:BB:3E:71:F5:F9:CE:F8:12:A8:D0:F0:EF:D2:B0:7F
            X509v3 Authority Key Identifier:
                keyid:9C:A9:0E:7D:AF:15:C1:7C:1B:9A:BC:57:21:57:BC:7D:91:7B:39:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nKkOfa8VwXwbmrxXIVe8fZF7OZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/25f375-140f-46e9-967e-6e459a58e1d6/1/rbFhRWy7PnH1-c74EqjQ8O_SsH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/25f375-140f-46e9-967e-6e459a58e1d6/1/nKkOfa8VwXwbmrxXIVe8fZF7OZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:22:d3:42:99:91:fa:e7:7e:a1:4d:5d:3c:54:48:c6:04:19:
         68:5e:b2:23:ce:f3:2d:76:b5:34:cf:35:31:94:2b:0e:9f:17:
         89:2f:6c:73:1c:29:25:5a:93:fa:f0:02:99:f0:1f:c5:aa:86:
         b5:cf:3f:1e:6d:9e:e0:03:83:66:35:f3:31:a6:16:b8:10:66:
         d5:d3:7a:76:7a:28:66:d7:5c:54:91:8e:3f:ef:bb:a9:de:2d:
         b6:9f:60:d5:1a:bc:be:b5:0d:c3:f2:47:f1:3f:6c:17:24:db:
         c5:b1:13:d6:b1:dd:10:b5:c0:01:cf:b5:31:9e:7e:dd:c2:8d:
         73:81:cb:b4:74:ad:e5:24:e3:93:02:2a:c0:dd:50:60:eb:b1:
         fe:07:d9:2e:e9:b2:25:80:c3:aa:1d:25:9c:dc:e4:fb:0b:52:
         d6:1a:e0:be:09:aa:40:9b:66:b3:46:63:7b:45:6c:75:58:52:
         17:3a:6f:e0:43:9e:18:4b:21:02:4d:45:7a:9e:c8:b2:1f:40:
         96:ae:f6:25:f1:43:4f:48:e2:d1:09:5d:0f:44:71:62:f1:2e:
         d3:60:f6:16:0b:72:fd:12:8b:3e:4b:05:b0:10:b3:35:9d:bc:
         0e:7b:59:87:8e:09:cc:eb:b4:5e:bf:05:5f:45:cf:44:1a:17:
         44:41:04:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIU2VVfMqN8csLivAia+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYTkwZTdkYWYxNWMxN2MxYjlhYmM1NzIxNTdiYzdkOTE3
YjM5OTEwHhcNMjUwMTAyMDM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGIxNjE0NTZjYmIzZTcxZjVmOWNlZjgxMmE4ZDBmMGVmZDJiMDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5mqjibzZg79FI9KnKjX0x3FcpId
UbMEw4wJPihfNFgDK3N3s2cPIWmu4HKH4s3KiTov6YfN2oV9O29ijBcKYULP1TVl
+TX55sqo/hGKlePBvKc4rGdDKj8SpSHlBwARE9d/51Z4++w5v4YGr22nxfy5GKHX
bD8hDbA2mFOLj5U0VOG73SJlOokbtUe459UzyqQcfBMF+hlUNw2jwQZtdIGsW9CY
+83fdUFcJzcuRnMtwVzOJEPXt0CVVGNfbK5jogV//aj62ZfZggR22K+1dVgQNBDh
V81RXO5uKs7Ah/fKNjFEvTRVnm0T1BnKlJXNSll4SaibSl4urqwmEFih3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2xYUVsuz5x9fnO+BKo0PDv0rB/MB8GA1UdIwQY
MBaAFJypDn2vFcF8G5q8VyFXvH2RezmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbktrT2ZhOFZ3WHdibXJ4WElWZThmWkY3T1pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8yNWYzNzUtMTQwZi00NmU5LTk2N2Ut
NmU0NTlhNThlMWQ2LzEvcmJGaFJXeTdQbkgxLWM3NEVxalE4T19Tc0g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8yNWYzNzUtMTQwZi00NmU5LTk2N2UtNmU0NTlhNThlMWQ2
LzEvbktrT2ZhOFZ3WHdibXJ4WElWZThmWkY3T1pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbSkMA0G
CSqGSIb3DQEBCwUAA4IBAQADItNCmZH6536hTV08VEjGBBloXrIjzvMtdrU0zzUx
lCsOnxeJL2xzHCklWpP68AKZ8B/Fqoa1zz8ebZ7gA4NmNfMxpha4EGbV03p2eihm
11xUkY4/77up3i22n2DVGry+tQ3D8kfxP2wXJNvFsRPWsd0QtcABz7Uxnn7dwo1z
gcu0dK3lJOOTAirA3VBg67H+B9ku6bIlgMOqHSWc3OT7C1LWGuC+CapAm2azRmN7
RWx1WFIXOm/gQ54YSyECTUV6nsiyH0CWrvYl8UNPSOLRCV0PRHFi8S7TYPYWC3L9
Eos+SwWwELM1nbwOe1mHjgnM67RevwVfRc9EGhdEQQRm
-----END CERTIFICATE-----