Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/h5XDYzeHNRC78pQldSdBc3wtmlU.roa
File:                     h5XDYzeHNRC78pQldSdBc3wtmlU.roa (raw, json)
Hash identifier:          y/jCUDtK6aEdyycsVox6EyAhTQt3+YacMPTfw4ggZeM=
Subject key identifier:   87:95:C3:63:37:87:35:10:BB:F2:94:25:75:27:41:73:7C:2D:9A:55
Certificate issuer:       /CN=89d6a49d23007fbb1247192fbb7bd982eb37335f
Certificate serial:       0196530183B5D581018C6F7D82EBBE1D5CD1
Authority key identifier: 89:D6:A4:9D:23:00:7F:BB:12:47:19:2F:BB:7B:D9:82:EB:37:33:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/idaknSMAf7sSRxkvu3vZgus3M18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/h5XDYzeHNRC78pQldSdBc3wtmlU.roa
Signing time:             Sun 20 Apr 2025 11:42:10 +0000
ROA not before:           Sun 20 Apr 2025 11:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        109.70.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/idaknSMAf7sSRxkvu3vZgus3M18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/idaknSMAf7sSRxkvu3vZgus3M18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/idaknSMAf7sSRxkvu3vZgus3M18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 20:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:53:01:83:b5:d5:81:01:8c:6f:7d:82:eb:be:1d:5c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89d6a49d23007fbb1247192fbb7bd982eb37335f
        Validity
            Not Before: Apr 20 11:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8795c36337873510bbf29425752741737c2d9a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:61:09:1e:31:0e:ac:c0:f1:3d:fd:54:a4:bb:
                    35:c9:cf:55:95:fc:50:0a:ea:0e:bd:be:d2:fb:bb:
                    18:48:c2:ca:07:86:26:aa:36:0e:5b:c9:63:c3:c5:
                    f7:d0:df:e9:f4:1b:4e:8d:27:61:b7:4e:43:77:36:
                    91:00:69:fd:9c:9c:52:ec:f8:37:a5:64:75:e4:36:
                    e7:4b:65:46:1c:96:9d:50:7c:4a:5e:49:a1:72:73:
                    f5:99:c9:d4:59:a3:ee:7b:49:73:6f:63:87:6c:02:
                    d4:87:ff:77:fe:46:4a:5a:22:24:ca:65:4d:9f:42:
                    47:95:a5:61:e5:a3:4d:e5:8b:b8:58:04:97:0f:e3:
                    cc:7d:01:cd:10:02:ae:dc:a8:9b:49:98:6b:55:31:
                    20:89:5b:90:6a:cb:7c:a1:4f:0b:a2:99:03:6e:b6:
                    fa:c8:a6:9d:09:df:0b:95:74:f8:71:87:22:0b:1f:
                    37:08:7b:d4:ff:1f:cb:90:c9:1a:a8:43:33:29:bf:
                    cb:54:b0:a7:fb:12:0f:47:84:11:f7:5e:1e:29:a8:
                    c0:e7:20:51:b9:93:30:e0:18:f5:c7:10:45:d1:10:
                    14:72:03:92:57:62:9d:94:2c:99:fa:47:3c:17:a9:
                    6d:24:b2:a2:53:59:c1:14:2a:e1:72:70:73:3c:0e:
                    06:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:95:C3:63:37:87:35:10:BB:F2:94:25:75:27:41:73:7C:2D:9A:55
            X509v3 Authority Key Identifier:
                keyid:89:D6:A4:9D:23:00:7F:BB:12:47:19:2F:BB:7B:D9:82:EB:37:33:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/idaknSMAf7sSRxkvu3vZgus3M18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/h5XDYzeHNRC78pQldSdBc3wtmlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/14099a-e2da-4f6a-b5c4-6fd751de717a/1/idaknSMAf7sSRxkvu3vZgus3M18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:fe:4e:60:d2:0e:fb:09:69:e2:f1:88:bc:1f:f5:ba:42:7a:
         dd:d0:c9:b2:67:71:a4:97:6b:1f:ee:8d:3d:a8:af:28:39:2e:
         c7:b6:49:37:5f:1a:3a:30:24:e4:3a:01:0b:65:69:97:ae:f6:
         eb:26:30:3f:ba:61:47:40:c5:7e:13:79:00:eb:d1:ed:a4:7a:
         af:12:51:dc:79:61:02:5a:9c:2a:f3:a6:49:e3:ab:0c:c4:6f:
         6c:81:da:b8:8c:60:90:4c:7f:34:83:a0:11:f2:b2:d7:44:ba:
         c1:49:aa:9f:7c:37:8c:65:32:75:5b:bb:ef:78:45:31:fa:9d:
         f8:34:84:c8:f8:fb:fb:79:04:8c:d8:23:d7:01:48:54:9b:f7:
         c5:61:41:68:59:b6:79:06:b7:2e:11:46:73:b9:04:56:59:9e:
         8a:02:98:97:17:93:04:62:49:89:c5:9f:27:ea:ed:3c:50:f3:
         b6:d1:0b:e5:d3:cc:74:7a:13:ca:29:0a:5b:c2:39:ed:9a:86:
         da:83:0d:88:d6:29:cc:57:4d:6c:99:2a:e7:eb:fa:44:0e:4a:
         4f:10:3a:b7:6a:cc:f2:a3:3a:21:29:6b:2f:97:28:e5:a0:ad:
         4b:12:4e:c4:d6:6f:2c:06:b4:c1:f6:af:6a:5c:63:73:06:58:
         a4:ac:e8:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZTAYO11YEBjG99guu+HVzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZDZhNDlkMjMwMDdmYmIxMjQ3MTkyZmJiN2JkOTgyZWIz
NzMzNWYwHhcNMjUwNDIwMTE0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzk1YzM2MzM3ODczNTEwYmJmMjk0MjU3NTI3NDE3MzdjMmQ5YTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmEJHjEOrMDxPf1UpLs1yc9VlfxQ
CuoOvb7S+7sYSMLKB4YmqjYOW8ljw8X30N/p9BtOjSdht05DdzaRAGn9nJxS7Pg3
pWR15DbnS2VGHJadUHxKXkmhcnP1mcnUWaPue0lzb2OHbALUh/93/kZKWiIkymVN
n0JHlaVh5aNN5Yu4WASXD+PMfQHNEAKu3KibSZhrVTEgiVuQast8oU8LopkDbrb6
yKadCd8LlXT4cYciCx83CHvU/x/LkMkaqEMzKb/LVLCn+xIPR4QR914eKajA5yBR
uZMw4Bj1xxBF0RAUcgOSV2KdlCyZ+kc8F6ltJLKiU1nBFCrhcnBzPA4G3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeVw2M3hzUQu/KUJXUnQXN8LZpVMB8GA1UdIwQY
MBaAFInWpJ0jAH+7EkcZL7t72YLrNzNfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWRha25TTUFmN3NTUnhrdnUzdlpndXMzTTE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8xNDA5OWEtZTJkYS00ZjZhLWI1YzQt
NmZkNzUxZGU3MTdhLzEvaDVYRFl6ZUhOUkM3OHBRbGRTZEJjM3d0bWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8xNDA5OWEtZTJkYS00ZjZhLWI1YzQtNmZkNzUxZGU3MTdh
LzEvaWRha25TTUFmN3NTUnhrdnUzdlpndXMzTTE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUZMMA0G
CSqGSIb3DQEBCwUAA4IBAQCi/k5g0g77CWni8Yi8H/W6Qnrd0MmyZ3Gkl2sf7o09
qK8oOS7Htkk3Xxo6MCTkOgELZWmXrvbrJjA/umFHQMV+E3kA69HtpHqvElHceWEC
Wpwq86ZJ46sMxG9sgdq4jGCQTH80g6AR8rLXRLrBSaqffDeMZTJ1W7vveEUx+p34
NITI+Pv7eQSM2CPXAUhUm/fFYUFoWbZ5BrcuEUZzuQRWWZ6KApiXF5MEYkmJxZ8n
6u08UPO20Qvl08x0ehPKKQpbwjntmobagw2I1inMV01smSrn6/pEDkpPEDq3aszy
ozohKWsvlyjloK1LEk7E1m8sBrTB9q9qXGNzBlikrOix
-----END CERTIFICATE-----