Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/mz5_KREEknujZQoXHfbHmQZrYvg.roa
File:                     mz5_KREEknujZQoXHfbHmQZrYvg.roa (raw, json)
Hash identifier:          RyVzCNKBTWp7O5OXhcD39xmyvlXTnA4tHgWAJ9wEpXY=
Subject key identifier:   9B:3E:7F:29:11:04:92:7B:A3:65:0A:17:1D:F6:C7:99:06:6B:62:F8
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       018EC78259E7A8A3918EA324D363F82BCDF5
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/mz5_KREEknujZQoXHfbHmQZrYvg.roa
Signing time:             Wed 10 Apr 2024 10:16:32 +0000
ROA not before:           Wed 10 Apr 2024 10:16:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9123
IP address blocks:        5.42.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:82:59:e7:a8:a3:91:8e:a3:24:d3:63:f8:2b:cd:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Apr 10 10:16:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b3e7f291104927ba3650a171df6c799066b62f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ee:1e:1c:8f:05:07:b0:5e:29:90:e6:79:68:
                    13:0e:32:cc:9c:a5:f0:7c:5d:5b:c2:9c:50:5a:8f:
                    f0:fc:3d:d6:f9:c9:0a:9a:86:f7:ce:31:a0:50:cb:
                    41:d9:57:6d:45:4f:90:4d:94:f2:19:6a:5d:99:9e:
                    73:be:1d:dd:4c:2c:f2:d1:56:3f:cc:a3:cb:4d:6c:
                    d1:53:d7:78:e3:ae:4d:50:58:fd:13:44:20:d2:7a:
                    26:de:bf:ab:f4:cc:54:1d:71:52:d7:01:65:e4:58:
                    59:97:25:a9:1d:c5:a1:97:23:71:6a:ab:68:e3:ae:
                    a2:08:83:49:6d:19:41:fa:40:d9:6b:8a:a0:d0:9f:
                    ef:45:da:cb:ce:57:d7:ca:72:a8:e4:b7:c5:d8:7e:
                    30:37:fe:b6:0c:fa:ae:34:fa:5d:ac:69:0e:47:86:
                    8b:3b:ed:a0:5e:33:1c:af:9b:fb:9c:a0:75:83:31:
                    9a:ab:cc:aa:e7:b8:49:da:dc:fc:5c:89:97:be:f0:
                    df:f6:17:cb:b7:a5:31:dd:ec:76:80:34:e8:f4:3f:
                    29:d0:a4:b8:68:8c:12:6f:1e:2e:a2:6e:65:dd:5e:
                    f8:c8:7f:cc:a7:86:95:db:71:fc:79:70:6c:2e:12:
                    81:b6:dd:49:43:5c:5c:c0:c1:99:a3:0e:83:05:8e:
                    9a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:3E:7F:29:11:04:92:7B:A3:65:0A:17:1D:F6:C7:99:06:6B:62:F8
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/mz5_KREEknujZQoXHfbHmQZrYvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:9a:ae:74:63:cd:0a:0d:67:d7:ce:32:22:30:0b:28:92:67:
         cd:ca:8c:8d:70:0c:0b:32:4f:f6:c7:0a:31:d4:dc:5f:e3:dd:
         a3:07:42:f7:ef:87:63:31:66:0a:89:f9:ef:85:a1:94:de:43:
         d0:60:c5:24:22:84:dd:4b:82:4d:ce:5f:13:de:d2:c7:d6:18:
         d2:d4:9a:4e:4c:ec:2e:86:ba:98:e2:e7:4e:65:13:b9:d4:75:
         49:59:fa:23:41:9e:66:cc:2d:b3:db:8d:04:92:a1:12:fa:ad:
         f6:86:78:84:51:c8:6b:f1:e8:c9:0b:60:82:07:51:be:61:0c:
         b5:41:14:0e:5e:f8:49:18:67:14:ba:85:39:15:48:bc:30:db:
         1d:ec:5b:52:a2:7f:2a:8a:29:41:68:4c:da:11:0f:11:54:16:
         e4:5a:83:3c:33:61:a1:d5:8b:60:99:b9:11:de:d4:f0:5b:2c:
         df:e9:95:45:33:60:1d:f7:07:6a:fe:1a:f7:ca:ed:d7:4d:29:
         fc:fe:58:ad:5a:79:27:a2:f5:a3:b8:5e:7f:c2:ad:5c:70:46:
         64:5b:a2:1b:60:d4:81:f9:fd:ed:84:77:58:61:e6:ad:bb:a6:
         10:1c:91:1a:61:6b:ee:96:82:2b:df:9b:9f:30:97:74:a2:58:
         39:71:f6:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7HglnnqKORjqMk02P4K831MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwNDEwMTAxNjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjNlN2YyOTExMDQ5MjdiYTM2NTBhMTcxZGY2Yzc5OTA2NmI2MmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApu4eHI8FB7BeKZDmeWgTDjLMnKXw
fF1bwpxQWo/w/D3W+ckKmob3zjGgUMtB2VdtRU+QTZTyGWpdmZ5zvh3dTCzy0VY/
zKPLTWzRU9d4465NUFj9E0Qg0nom3r+r9MxUHXFS1wFl5FhZlyWpHcWhlyNxaqto
466iCINJbRlB+kDZa4qg0J/vRdrLzlfXynKo5LfF2H4wN/62DPquNPpdrGkOR4aL
O+2gXjMcr5v7nKB1gzGaq8yq57hJ2tz8XImXvvDf9hfLt6Ux3ex2gDTo9D8p0KS4
aIwSbx4uom5l3V74yH/Mp4aV23H8eXBsLhKBtt1JQ1xcwMGZow6DBY6amwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJs+fykRBJJ7o2UKFx32x5kGa2L4MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvbXo1X0tSRUVrbnVqWlFvWEhmYkhtUVpyWXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrcMA0G
CSqGSIb3DQEBCwUAA4IBAQAvmq50Y80KDWfXzjIiMAsokmfNyoyNcAwLMk/2xwox
1Nxf492jB0L374djMWYKifnvhaGU3kPQYMUkIoTdS4JNzl8T3tLH1hjS1JpOTOwu
hrqY4udOZRO51HVJWfojQZ5mzC2z240EkqES+q32hniEUchr8ejJC2CCB1G+YQy1
QRQOXvhJGGcUuoU5FUi8MNsd7FtSon8qiilBaEzaEQ8RVBbkWoM8M2Gh1YtgmbkR
3tTwWyzf6ZVFM2Ad9wdq/hr3yu3XTSn8/litWnknovWjuF5/wq1ccEZkW6IbYNSB
+f3thHdYYeatu6YQHJEaYWvuloIr35ufMJd0olg5cfYc
-----END CERTIFICATE-----