Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/rrgsKOzotuX_T9JtkCjsuwuT608.roa
File:                     rrgsKOzotuX_T9JtkCjsuwuT608.roa (raw, json)
Hash identifier:          nbQl5tRFzUGsdMI8eU6ZprMteK4jRGohNhPIbe7S4Js=
Subject key identifier:   AE:B8:2C:28:EC:E8:B6:E5:FF:4F:D2:6D:90:28:EC:BB:0B:93:EB:4F
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019715CEF7B611B82DD13F1EAAD3FD9595CB
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/rrgsKOzotuX_T9JtkCjsuwuT608.roa
Signing time:             Wed 28 May 2025 07:32:54 +0000
ROA not before:           Wed 28 May 2025 07:32:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        5.10.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:ce:f7:b6:11:b8:2d:d1:3f:1e:aa:d3:fd:95:95:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: May 28 07:32:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aeb82c28ece8b6e5ff4fd26d9028ecbb0b93eb4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:23:04:c7:9f:ec:d6:07:c7:69:84:8e:1c:95:
                    19:9c:63:14:d7:0d:d6:0c:c9:5a:c6:fe:fa:1d:4f:
                    4d:40:ca:4f:d1:63:c2:d0:5e:44:b4:5f:13:8a:55:
                    c7:4f:ba:8e:82:26:f1:01:47:c5:f1:75:d4:9d:d3:
                    89:ac:ab:7e:6f:74:b9:1b:4d:66:28:2c:77:e9:8e:
                    b3:27:84:cf:ab:ac:fd:74:f0:b7:60:96:ab:8b:76:
                    9c:1a:66:e2:8e:14:7e:fb:b7:7e:c4:31:07:56:fe:
                    e8:e2:2a:d3:2c:5c:a9:f5:86:b9:ed:c1:02:18:b7:
                    34:b1:d2:95:11:9e:12:3c:79:59:7b:d1:9d:8c:71:
                    76:c2:5c:7f:8c:42:39:57:3c:28:90:d8:d8:6a:77:
                    76:a1:68:51:5f:94:67:bf:ca:69:61:5d:2c:c2:80:
                    d8:eb:3b:a5:db:fb:e4:1d:ef:b1:71:76:76:15:3c:
                    de:ed:13:8e:1e:12:ac:4d:d6:fd:38:d1:66:73:b6:
                    3d:87:b8:94:69:ae:b1:42:fb:ec:f1:60:c0:3a:a5:
                    41:9f:e1:07:37:f3:f3:45:1f:6a:3a:80:f0:e1:ae:
                    01:dc:23:b6:94:f9:0d:8e:f9:3b:05:89:ea:6e:a3:
                    df:6e:99:59:fd:52:18:50:ce:e5:e4:2c:76:e7:88:
                    b2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B8:2C:28:EC:E8:B6:E5:FF:4F:D2:6D:90:28:EC:BB:0B:93:EB:4F
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/rrgsKOzotuX_T9JtkCjsuwuT608.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:77:79:dd:9e:77:bd:9b:84:5b:4a:db:33:25:dc:e8:67:40:
         ff:88:51:2a:d2:9f:67:a0:62:9e:2f:7a:5d:82:ec:b9:1f:65:
         81:5c:5c:2d:2d:14:b5:2e:76:47:1b:7f:f9:18:e6:ed:90:e9:
         5f:86:0b:67:f0:aa:5b:fb:52:1d:25:4f:ce:d4:73:c7:32:63:
         30:b2:6f:87:ae:69:4a:2e:82:3a:56:39:e9:a3:10:37:e2:cc:
         f8:0d:52:68:a8:cd:fc:82:9e:a9:09:cc:17:d1:1d:3a:15:0c:
         01:64:80:ec:21:69:48:b5:ef:e5:a9:5e:4c:b3:98:39:e1:a5:
         8e:5e:13:c1:c8:8a:75:62:19:6c:ce:8b:4d:e2:28:92:20:89:
         80:d4:19:83:fa:9d:51:c3:ba:86:b7:d7:cb:06:6d:1f:76:f3:
         d2:18:c3:6c:16:44:f0:35:9d:31:d7:a7:26:c4:a5:6f:24:c6:
         52:4d:38:d1:55:75:0f:59:ad:41:cd:a8:f7:07:73:3a:d2:34:
         0f:95:31:de:92:9a:8e:88:d7:be:06:d5:90:e9:57:83:b8:36:
         e8:40:14:e6:83:ca:63:2d:1a:6e:14:90:32:f9:ba:3c:74:c9:
         91:46:f0:d2:c1:81:55:21:3a:66:5a:34:88:90:8b:81:7e:80:
         3b:55:d4:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcVzve2Ebgt0T8eqtP9lZXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwNTI4MDczMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWI4MmMyOGVjZThiNmU1ZmY0ZmQyNmQ5MDI4ZWNiYjBiOTNlYjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyMEx5/s1gfHaYSOHJUZnGMU1w3W
DMlaxv76HU9NQMpP0WPC0F5EtF8TilXHT7qOgibxAUfF8XXUndOJrKt+b3S5G01m
KCx36Y6zJ4TPq6z9dPC3YJari3acGmbijhR++7d+xDEHVv7o4irTLFyp9Ya57cEC
GLc0sdKVEZ4SPHlZe9GdjHF2wlx/jEI5VzwokNjYand2oWhRX5Rnv8ppYV0swoDY
6zul2/vkHe+xcXZ2FTze7ROOHhKsTdb9ONFmc7Y9h7iUaa6xQvvs8WDAOqVBn+EH
N/PzRR9qOoDw4a4B3CO2lPkNjvk7BYnqbqPfbplZ/VIYUM7l5Cx254iyEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK64LCjs6Lbl/0/SbZAo7LsLk+tPMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvcnJnc0tPem90dVhfVDlKdGtDanN1d3VUNjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQrVMA0G
CSqGSIb3DQEBCwUAA4IBAQByd3ndnne9m4RbStszJdzoZ0D/iFEq0p9noGKeL3pd
guy5H2WBXFwtLRS1LnZHG3/5GObtkOlfhgtn8Kpb+1IdJU/O1HPHMmMwsm+HrmlK
LoI6VjnpoxA34sz4DVJoqM38gp6pCcwX0R06FQwBZIDsIWlIte/lqV5Ms5g54aWO
XhPByIp1YhlszotN4iiSIImA1BmD+p1Rw7qGt9fLBm0fdvPSGMNsFkTwNZ0x16cm
xKVvJMZSTTjRVXUPWa1Bzaj3B3M60jQPlTHekpqOiNe+BtWQ6VeDuDboQBTmg8pj
LRpuFJAy+bo8dMmRRvDSwYFVITpmWjSIkIuBfoA7VdSU
-----END CERTIFICATE-----