Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/rMoZ83VQ7iYFtJcAmlmBDs25c0s.roa
File:                     rMoZ83VQ7iYFtJcAmlmBDs25c0s.roa (raw, json)
Hash identifier:          5UVFXIRMFFdYenUl6z+JEcUUQ5VhSSfJAeVRB/Ej+fc=
Subject key identifier:   AC:CA:19:F3:75:50:EE:26:05:B4:97:00:9A:59:81:0E:CD:B9:73:4B
Certificate issuer:       /CN=f15096fe3390449c936e857061d4a6965d408a31
Certificate serial:       019426D92226BD207C9E6148BE2264322965
Authority key identifier: F1:50:96:FE:33:90:44:9C:93:6E:85:70:61:D4:A6:96:5D:40:8A:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8VCW_jOQRJyTboVwYdSmll1AijE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/rMoZ83VQ7iYFtJcAmlmBDs25c0s.roa
Signing time:             Thu 02 Jan 2025 11:49:11 +0000
ROA not before:           Thu 02 Jan 2025 11:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197883
IP address blocks:        5.42.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/8VCW_jOQRJyTboVwYdSmll1AijE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/8VCW_jOQRJyTboVwYdSmll1AijE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8VCW_jOQRJyTboVwYdSmll1AijE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:22:26:bd:20:7c:9e:61:48:be:22:64:32:29:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f15096fe3390449c936e857061d4a6965d408a31
        Validity
            Not Before: Jan  2 11:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acca19f37550ee2605b497009a59810ecdb9734b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:42:50:ca:84:fc:9b:aa:27:2a:39:84:a1:e8:
                    a2:c9:1e:8b:e7:26:26:1e:8b:ab:90:3e:1b:03:ab:
                    11:55:e5:28:71:66:38:ce:2d:f7:eb:e3:dd:16:68:
                    c0:10:85:04:34:fa:8d:6c:29:16:a9:c4:b5:52:6d:
                    8c:91:f5:63:ae:06:92:9c:c0:37:b5:6a:64:09:7d:
                    c9:b4:22:cb:c1:b9:a4:38:1f:48:4f:c7:a1:6f:a8:
                    d2:3a:c1:6c:9e:44:06:ff:45:23:7f:df:1f:64:07:
                    a4:4d:24:18:d2:25:0b:db:97:11:6d:0b:57:ad:74:
                    75:ba:8d:90:45:00:c7:b0:19:cd:56:d8:35:f6:20:
                    54:81:a2:4a:bd:8a:8e:0e:e9:1d:a8:9f:31:74:14:
                    aa:4c:15:3d:98:41:5b:5e:f9:08:28:c7:e3:f3:e1:
                    70:e4:01:e4:7c:f3:c8:18:ac:11:d3:d9:c3:46:e6:
                    70:fe:64:8e:60:91:70:5d:6f:55:e4:c2:b6:d6:8c:
                    af:32:41:1d:36:03:2f:12:fd:d1:27:2b:e8:20:1b:
                    cf:6d:eb:0d:74:c2:0d:05:e5:43:d9:93:11:bd:b8:
                    7d:2e:37:7d:55:b6:9e:6d:b2:8f:68:d1:42:d3:0e:
                    9f:62:89:5c:3b:0b:d2:0e:ba:5d:14:b4:ee:d2:2a:
                    ff:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:CA:19:F3:75:50:EE:26:05:B4:97:00:9A:59:81:0E:CD:B9:73:4B
            X509v3 Authority Key Identifier:
                keyid:F1:50:96:FE:33:90:44:9C:93:6E:85:70:61:D4:A6:96:5D:40:8A:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8VCW_jOQRJyTboVwYdSmll1AijE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/rMoZ83VQ7iYFtJcAmlmBDs25c0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/8VCW_jOQRJyTboVwYdSmll1AijE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:6b:0b:d9:e8:8a:91:b1:ef:aa:8c:70:3e:31:2d:11:70:7a:
         37:ab:c3:5e:c7:33:5a:86:27:25:1b:32:f1:fa:8f:d0:99:2c:
         2a:d3:c0:18:49:8c:7b:42:15:83:0a:a3:44:a7:c2:f0:f5:4d:
         af:16:a9:79:d9:ef:a4:78:9c:40:35:8a:5f:5e:13:44:4a:df:
         24:7e:fc:30:ac:d0:86:a7:f6:d2:a5:4a:ab:75:d7:0b:1e:fe:
         d7:75:2d:87:15:21:5f:33:0c:cd:30:ab:4e:ee:74:56:f8:27:
         b9:7b:cb:93:49:58:db:52:9c:9f:8f:aa:1f:48:35:90:4c:2d:
         bf:a1:1c:67:70:2c:de:65:79:55:db:f8:eb:6c:85:1a:d0:e4:
         be:19:8e:3f:01:71:0c:77:4a:c3:85:f9:88:ec:a8:5c:19:1d:
         34:2c:96:d9:a3:31:85:37:2f:c9:d7:77:fe:df:55:1f:48:1c:
         ea:5c:3b:57:cd:f6:e7:10:52:05:6f:9c:a9:e7:df:19:66:a6:
         e1:1b:62:f3:ad:b3:82:d7:ea:8d:41:67:13:c0:24:07:07:30:
         9a:ee:df:e4:8f:25:c6:db:e6:e7:46:4c:8c:74:30:cc:5e:17:
         f9:d4:b5:5d:ea:81:f3:fd:95:d4:e1:a6:0e:3e:e5:6f:c9:4c:
         2f:80:d8:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2SImvSB8nmFIviJkMillMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNTA5NmZlMzM5MDQ0OWM5MzZlODU3MDYxZDRhNjk2NWQ0
MDhhMzEwHhcNMjUwMTAyMTE0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2NhMTlmMzc1NTBlZTI2MDViNDk3MDA5YTU5ODEwZWNkYjk3MzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkJQyoT8m6onKjmEoeiiyR6L5yYm
HourkD4bA6sRVeUocWY4zi336+PdFmjAEIUENPqNbCkWqcS1Um2MkfVjrgaSnMA3
tWpkCX3JtCLLwbmkOB9IT8ehb6jSOsFsnkQG/0Ujf98fZAekTSQY0iUL25cRbQtX
rXR1uo2QRQDHsBnNVtg19iBUgaJKvYqODukdqJ8xdBSqTBU9mEFbXvkIKMfj8+Fw
5AHkfPPIGKwR09nDRuZw/mSOYJFwXW9V5MK21oyvMkEdNgMvEv3RJyvoIBvPbesN
dMINBeVD2ZMRvbh9Ljd9VbaebbKPaNFC0w6fYolcOwvSDrpdFLTu0ir/QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzKGfN1UO4mBbSXAJpZgQ7NuXNLMB8GA1UdIwQY
MBaAFPFQlv4zkESck26FcGHUppZdQIoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFZDV19qT1FSSnlUYm9Wd1lkU21sbDFBaWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC81ZDZkNjktODg4MC00YTkyLTg3NTYt
NTgxNWZkM2RhMjk3LzEvck1vWjgzVlE3aVlGdEpjQW1sbUJEczI1YzBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC81ZDZkNjktODg4MC00YTkyLTg3NTYtNTgxNWZkM2RhMjk3
LzEvOFZDV19qT1FSSnlUYm9Wd1lkU21sbDFBaWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrBMA0G
CSqGSIb3DQEBCwUAA4IBAQAUawvZ6IqRse+qjHA+MS0RcHo3q8NexzNahiclGzLx
+o/QmSwq08AYSYx7QhWDCqNEp8Lw9U2vFql52e+keJxANYpfXhNESt8kfvwwrNCG
p/bSpUqrddcLHv7XdS2HFSFfMwzNMKtO7nRW+Ce5e8uTSVjbUpyfj6ofSDWQTC2/
oRxncCzeZXlV2/jrbIUa0OS+GY4/AXEMd0rDhfmI7KhcGR00LJbZozGFNy/J13f+
31UfSBzqXDtXzfbnEFIFb5yp598ZZqbhG2LzrbOC1+qNQWcTwCQHBzCa7t/kjyXG
2+bnRkyMdDDMXhf51LVd6oHz/ZXU4aYOPuVvyUwvgNhM
-----END CERTIFICATE-----