Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/nendNgfVYn3Er_Jx5FR9_K0MhAI.roa
File:                     nendNgfVYn3Er_Jx5FR9_K0MhAI.roa (raw, json)
Hash identifier:          Zo4nTYqJK3HMiwWvWWXaOyWIMzLwcZzzdn6p7ZMhRf0=
Subject key identifier:   9D:E9:DD:36:07:D5:62:7D:C4:AF:F2:71:E4:54:7D:FC:AD:0C:84:02
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019678C3A766878AF571B498A2961145F8B0
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/nendNgfVYn3Er_Jx5FR9_K0MhAI.roa
Signing time:             Sun 27 Apr 2025 19:40:10 +0000
ROA not before:           Sun 27 Apr 2025 19:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47516
IP address blocks:        5.10.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 06:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:78:c3:a7:66:87:8a:f5:71:b4:98:a2:96:11:45:f8:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Apr 27 19:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9de9dd3607d5627dc4aff271e4547dfcad0c8402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:54:d1:3f:66:53:a7:9f:12:c7:25:cb:a6:2c:
                    53:f3:1d:13:87:f1:a5:67:c6:c6:af:2d:95:c9:73:
                    fb:48:c5:2b:51:8a:54:35:6b:10:c2:6f:92:28:d5:
                    83:2d:d4:9b:49:1b:62:07:81:ab:7a:e1:f8:32:0d:
                    29:28:af:c7:76:59:d1:e0:58:b9:30:bf:b3:8b:b2:
                    ad:a7:48:5b:35:51:71:3c:1f:ed:1f:5c:d2:62:fb:
                    44:a3:d6:f5:68:43:4e:2a:61:3f:04:ab:05:9f:45:
                    3a:19:fb:c9:20:21:18:46:d9:6f:1e:13:27:1f:bb:
                    2b:fe:8d:b7:17:bb:85:13:66:66:f8:e0:f1:a0:7d:
                    7d:cc:4e:ef:d0:74:3d:51:03:a9:69:17:87:d1:4c:
                    a1:57:7a:cd:3a:66:b9:9a:18:9c:8d:75:d0:af:ed:
                    36:31:22:ad:a1:3a:3a:f4:1b:c4:ed:9f:13:15:e6:
                    9d:f1:4a:15:e2:dc:3d:34:1f:87:28:eb:68:a3:63:
                    ea:21:81:b2:a9:1e:55:86:38:3d:1a:20:1e:b0:fd:
                    6f:72:f3:6f:8d:40:3f:e6:9a:b1:cf:37:fb:69:83:
                    f5:8d:fe:12:53:bc:48:a6:3b:24:23:c6:84:80:0b:
                    cc:db:88:63:66:e9:41:4d:f6:b4:d1:ce:9b:e0:6c:
                    8f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:E9:DD:36:07:D5:62:7D:C4:AF:F2:71:E4:54:7D:FC:AD:0C:84:02
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/nendNgfVYn3Er_Jx5FR9_K0MhAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:e7:3c:04:38:68:6a:59:77:fc:c1:81:24:66:28:39:85:4c:
         bc:82:cf:3f:8b:04:96:d9:d1:ea:45:fd:b8:19:28:c5:40:ba:
         80:d6:e7:13:15:46:27:f1:bf:cc:45:96:2b:3b:d7:6d:76:aa:
         d8:21:be:3d:29:10:37:de:ef:6d:9e:2e:d6:97:2a:1e:a6:37:
         f1:1a:36:83:7b:08:4d:8c:08:e4:8a:ac:f4:14:2f:ca:5f:76:
         cb:4e:6b:94:1f:bd:61:ea:10:92:f9:76:56:f7:9b:62:0b:0b:
         cf:95:86:72:76:be:a3:9d:68:e2:1a:bd:6a:6a:8b:1c:8a:f7:
         df:00:e4:6d:fa:ea:c8:51:89:c3:39:8f:0b:9f:98:c1:57:ed:
         7d:cd:7d:bb:94:ad:fa:62:0d:73:0b:5e:99:ec:55:49:6c:97:
         75:5f:87:55:bd:3b:37:4b:1a:13:d1:91:d8:ea:a6:dc:95:28:
         6a:ad:83:ac:ba:c9:66:e5:a3:21:52:30:8e:7b:d0:af:36:f3:
         2a:8f:f6:a6:45:fb:5e:ac:cb:c4:f7:26:43:44:81:9d:c2:03:
         74:bc:23:5c:a1:13:5a:7c:bf:80:ec:93:df:f0:42:68:78:0a:
         63:e0:dd:fe:57:cc:61:d4:d0:33:be:39:be:68:3f:b6:25:cd:
         cb:97:1f:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ4w6dmh4r1cbSYopYRRfiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwNDI3MTk0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGU5ZGQzNjA3ZDU2MjdkYzRhZmYyNzFlNDU0N2RmY2FkMGM4NDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVTRP2ZTp58SxyXLpixT8x0Th/Gl
Z8bGry2VyXP7SMUrUYpUNWsQwm+SKNWDLdSbSRtiB4GreuH4Mg0pKK/HdlnR4Fi5
ML+zi7Ktp0hbNVFxPB/tH1zSYvtEo9b1aENOKmE/BKsFn0U6GfvJICEYRtlvHhMn
H7sr/o23F7uFE2Zm+ODxoH19zE7v0HQ9UQOpaReH0UyhV3rNOma5mhicjXXQr+02
MSKtoTo69BvE7Z8TFead8UoV4tw9NB+HKOtoo2PqIYGyqR5Vhjg9GiAesP1vcvNv
jUA/5pqxzzf7aYP1jf4SU7xIpjskI8aEgAvM24hjZulBTfa00c6b4GyPIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3p3TYH1WJ9xK/yceRUffytDIQCMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvbmVuZE5nZlZZbjNFcl9KeDVGUjlfSzBNaEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQrcMA0G
CSqGSIb3DQEBCwUAA4IBAQCp5zwEOGhqWXf8wYEkZig5hUy8gs8/iwSW2dHqRf24
GSjFQLqA1ucTFUYn8b/MRZYrO9dtdqrYIb49KRA33u9tni7WlyoepjfxGjaDewhN
jAjkiqz0FC/KX3bLTmuUH71h6hCS+XZW95tiCwvPlYZydr6jnWjiGr1qaoscivff
AORt+urIUYnDOY8Ln5jBV+19zX27lK36Yg1zC16Z7FVJbJd1X4dVvTs3SxoT0ZHY
6qbclShqrYOsuslm5aMhUjCOe9CvNvMqj/amRfterMvE9yZDRIGdwgN0vCNcoRNa
fL+A7JPf8EJoeApj4N3+V8xh1NAzvjm+aD+2Jc3Llx+o
-----END CERTIFICATE-----