Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/iXaUSzToy0vGI2a0SzEelWFBwQo.roa
File:                     iXaUSzToy0vGI2a0SzEelWFBwQo.roa (raw, json)
Hash identifier:          7FY0S9lMUP8uoMb5KlG8QL53iCBJmHc19MLKKepT4Jo=
Subject key identifier:   89:76:94:4B:34:E8:CB:4B:C6:23:66:B4:4B:31:1E:95:61:41:C1:0A
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019661E306DA9C122611AD4919DFF09AB3B8
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/iXaUSzToy0vGI2a0SzEelWFBwQo.roa
Signing time:             Wed 23 Apr 2025 09:03:10 +0000
ROA not before:           Wed 23 Apr 2025 09:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56516
IP address blocks:        192.144.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 15:42:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:61:e3:06:da:9c:12:26:11:ad:49:19:df:f0:9a:b3:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 23 09:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8976944b34e8cb4bc62366b44b311e956141c10a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:cc:6b:c8:4f:ad:06:59:3e:e3:c8:41:90:de:
                    06:17:dc:ff:b4:0d:ff:aa:25:87:84:0a:d2:9d:d3:
                    76:1a:69:16:8c:fd:fa:b0:92:0d:aa:04:61:0f:48:
                    48:7c:5a:b0:04:ce:5c:6c:e1:e6:9c:95:32:fa:f1:
                    fe:93:7d:3d:02:3e:b7:6b:47:e8:62:6a:77:0d:cd:
                    4a:cf:09:1c:85:2f:ff:68:57:06:bd:5b:2c:fc:df:
                    e4:a4:eb:7a:3b:96:fe:fb:1a:e8:c1:5d:57:36:6a:
                    07:ad:eb:bf:17:0a:18:60:8c:14:a1:79:4f:be:03:
                    3c:39:84:bb:0d:15:75:f9:24:b9:69:ac:f0:3d:f5:
                    6c:aa:18:58:be:df:4d:d4:66:f1:2f:be:48:4d:52:
                    20:fe:e3:90:df:0a:61:06:fa:3f:2e:86:bb:27:4a:
                    f2:fe:20:d8:f0:d0:5b:54:1c:9b:61:3f:aa:33:4e:
                    ec:36:db:c3:43:9e:e2:59:a1:b1:4a:e9:81:de:d4:
                    60:91:03:2d:58:38:4a:f1:7b:23:6b:b2:00:80:2d:
                    06:b4:c6:68:fa:d0:cf:2f:2b:27:5a:7e:6f:69:63:
                    27:9b:b4:86:6e:23:aa:21:10:d2:9d:08:90:09:d9:
                    eb:20:6c:7f:ab:81:65:f0:a0:35:53:fa:e6:35:2c:
                    11:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:76:94:4B:34:E8:CB:4B:C6:23:66:B4:4B:31:1E:95:61:41:C1:0A
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/iXaUSzToy0vGI2a0SzEelWFBwQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.144.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:b1:b5:c5:07:02:1e:51:a0:e8:82:6f:ab:f5:4e:e8:7d:e5:
         17:6d:fd:ed:99:f4:95:ff:00:e9:50:13:b1:da:7e:51:72:d5:
         b7:79:3f:27:62:5c:64:cf:e0:48:e0:07:39:97:d2:77:f3:ae:
         41:d6:0f:d1:28:ba:ae:95:63:87:c8:75:3e:82:4f:2a:d8:4b:
         2e:68:9e:95:ae:2f:4d:ea:c8:88:17:74:16:ac:9d:42:9e:17:
         d9:33:8b:e8:03:4c:9e:fa:3c:a6:27:8a:89:fc:f3:7a:f9:a0:
         1b:39:31:b4:c0:37:b0:6a:70:ee:a1:75:37:75:cf:8e:0c:6b:
         f1:33:2c:f1:57:14:de:3a:d1:da:eb:39:33:a3:bf:8a:79:4b:
         3a:0f:d0:ce:ad:71:65:cb:62:da:09:aa:80:65:70:7a:49:1c:
         d2:95:36:f8:93:b8:ba:0d:4d:5c:4d:4c:0b:cb:dd:90:42:f9:
         b8:9c:52:13:43:8f:5c:5e:b4:a0:75:eb:57:c0:d7:14:7d:33:
         42:ec:c7:bc:3a:36:3f:d5:fe:f5:f3:87:29:38:1e:ab:75:05:
         71:6b:70:85:4f:b6:a4:d7:7b:94:3c:68:07:23:cf:04:55:51:
         70:78:ff:2e:06:a7:78:e4:b5:ff:29:23:b6:9b:e6:8c:d5:32:
         d6:22:3b:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZh4wbanBImEa1JGd/wmrO4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwNDIzMDkwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTc2OTQ0YjM0ZThjYjRiYzYyMzY2YjQ0YjMxMWU5NTYxNDFjMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cxryE+tBlk+48hBkN4GF9z/tA3/
qiWHhArSndN2GmkWjP36sJINqgRhD0hIfFqwBM5cbOHmnJUy+vH+k309Aj63a0fo
Ymp3Dc1KzwkchS//aFcGvVss/N/kpOt6O5b++xrowV1XNmoHreu/FwoYYIwUoXlP
vgM8OYS7DRV1+SS5aazwPfVsqhhYvt9N1GbxL75ITVIg/uOQ3wphBvo/Loa7J0ry
/iDY8NBbVBybYT+qM07sNtvDQ57iWaGxSumB3tRgkQMtWDhK8Xsja7IAgC0GtMZo
+tDPLysnWn5vaWMnm7SGbiOqIRDSnQiQCdnrIGx/q4Fl8KA1U/rmNSwRlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIl2lEs06MtLxiNmtEsxHpVhQcEKMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvaVhhVVN6VG95MHZHSTJhMFN6RWVsV0ZCd1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJAdMA0G
CSqGSIb3DQEBCwUAA4IBAQAJsbXFBwIeUaDogm+r9U7ofeUXbf3tmfSV/wDpUBOx
2n5RctW3eT8nYlxkz+BI4Ac5l9J3865B1g/RKLqulWOHyHU+gk8q2EsuaJ6Vri9N
6siIF3QWrJ1CnhfZM4voA0ye+jymJ4qJ/PN6+aAbOTG0wDewanDuoXU3dc+ODGvx
MyzxVxTeOtHa6zkzo7+KeUs6D9DOrXFly2LaCaqAZXB6SRzSlTb4k7i6DU1cTUwL
y92QQvm4nFITQ49cXrSgdetXwNcUfTNC7Me8OjY/1f7184cpOB6rdQVxa3CFT7ak
13uUPGgHI88EVVFweP8uBqd45LX/KSO2m+aM1TLWIjt3
-----END CERTIFICATE-----