Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/lA75bW7UySj-4Gmj2_AP8C_iuC4.roa
File:                     lA75bW7UySj-4Gmj2_AP8C_iuC4.roa (raw, json)
Hash identifier:          hqdS8xALOEXysaeF5hAmiV4VjJ9G3SYaE0SbHmeuKBQ=
Subject key identifier:   94:0E:F9:6D:6E:D4:C9:28:FE:E0:69:A3:DB:F0:0F:F0:2F:E2:B8:2E
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       0194266B99BC91DFA424A80CC9944E7EBF06
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/lA75bW7UySj-4Gmj2_AP8C_iuC4.roa
Signing time:             Thu 02 Jan 2025 09:49:33 +0000
ROA not before:           Thu 02 Jan 2025 09:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202813
IP address blocks:        5.154.6.0/24 maxlen: 24
                          5.154.69.0/24 maxlen: 24
                          89.43.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:99:bc:91:df:a4:24:a8:0c:c9:94:4e:7e:bf:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 09:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=940ef96d6ed4c928fee069a3dbf00ff02fe2b82e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:92:19:bf:76:f6:67:4d:e5:79:5d:0a:38:31:
                    71:e7:20:52:75:20:c3:df:dc:fe:a9:a7:54:cd:04:
                    3b:92:93:e8:45:11:3c:3c:9b:78:d3:aa:5e:24:f5:
                    7e:26:25:39:41:9d:44:63:67:37:80:cc:41:98:84:
                    3c:66:16:ee:37:91:e5:3c:aa:29:a4:45:02:ce:a3:
                    a1:ab:4f:af:ef:e4:60:f8:a3:a2:80:00:a5:49:c1:
                    66:6e:e8:7c:ec:66:40:6f:b3:de:b9:b0:41:e9:e9:
                    b1:b0:ac:71:f3:41:f2:84:0e:79:8a:bb:30:01:d7:
                    38:20:f8:20:64:ca:c2:7e:54:c1:bb:46:d8:eb:57:
                    fa:07:6d:84:7b:49:8b:7f:4e:a8:17:7b:91:bf:28:
                    c6:48:ba:ac:aa:7f:3e:11:8a:55:db:bd:c0:7d:ed:
                    06:3b:31:3c:10:96:e7:8a:36:54:49:f2:2a:7e:03:
                    89:1f:a5:70:70:d8:9b:aa:ef:ea:f2:27:64:47:62:
                    09:14:63:84:d9:b5:b0:d2:ce:ee:47:3b:5c:00:9e:
                    b2:87:4e:9c:79:d6:7d:21:ad:0a:5e:3b:c5:83:6b:
                    c9:15:2e:e8:cb:ef:27:d6:f6:a7:c4:9b:4d:63:4d:
                    07:41:59:19:c0:36:6e:f8:28:a3:c1:54:11:08:15:
                    0b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:0E:F9:6D:6E:D4:C9:28:FE:E0:69:A3:DB:F0:0F:F0:2F:E2:B8:2E
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/lA75bW7UySj-4Gmj2_AP8C_iuC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.6.0/24
                  5.154.69.0/24
                  89.43.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:1f:b6:56:d1:22:ec:d9:7b:70:52:33:b4:91:5c:a2:e5:37:
         3f:39:63:d6:ac:1b:78:10:3e:ce:97:b4:67:06:ed:54:be:b1:
         0f:3b:1f:97:ac:2a:19:17:f4:b0:f7:f6:ad:e5:4e:de:d2:d4:
         97:d8:11:12:ee:42:c7:41:23:ea:19:2b:3c:89:4e:66:f9:bd:
         52:c6:75:c1:06:a3:35:30:56:f5:6a:44:fc:72:6f:c4:59:3f:
         9d:c9:e5:ce:15:6b:9d:73:b8:06:16:4d:4c:86:f5:ce:b4:9f:
         26:11:f7:eb:94:06:48:34:10:e8:27:fd:b4:7a:1d:e7:9f:15:
         30:38:d8:e2:8f:3f:a5:ed:dc:05:09:a2:0c:f6:9d:b1:2b:99:
         8b:74:32:17:fa:df:71:cc:e8:64:0c:69:26:ae:d3:8f:ad:11:
         d3:4f:9c:6c:51:fe:c0:1e:03:7a:57:86:3d:05:80:f6:17:a2:
         5d:f1:99:95:26:04:30:1c:28:24:8b:f8:33:51:1a:de:f6:5a:
         e2:ed:7b:49:ac:d4:08:fd:20:dd:3d:f7:00:62:7f:aa:95:1f:
         c8:7d:46:32:29:9a:9f:98:2b:19:34:a0:3d:ac:1c:10:7e:2a:
         3d:aa:ea:52:c3:d3:32:a1:f8:ac:ae:bf:91:81:1e:49:73:f2:
         63:2c:21:55
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQma5m8kd+kJKgMyZROfr8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjUwMTAyMDk0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDBlZjk2ZDZlZDRjOTI4ZmVlMDY5YTNkYmYwMGZmMDJmZTJiODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJIZv3b2Z03leV0KODFx5yBSdSDD
39z+qadUzQQ7kpPoRRE8PJt406peJPV+JiU5QZ1EY2c3gMxBmIQ8ZhbuN5HlPKop
pEUCzqOhq0+v7+Rg+KOigAClScFmbuh87GZAb7PeubBB6emxsKxx80HyhA55irsw
Adc4IPggZMrCflTBu0bY61f6B22Ee0mLf06oF3uRvyjGSLqsqn8+EYpV273Afe0G
OzE8EJbnijZUSfIqfgOJH6VwcNibqu/q8idkR2IJFGOE2bWw0s7uRztcAJ6yh06c
edZ9Ia0KXjvFg2vJFS7oy+8n1vanxJtNY00HQVkZwDZu+CijwVQRCBULrwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJQO+W1u1Mko/uBpo9vwD/Av4rguMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvbEE3NWJXN1V5U2otNEdtajJfQVA4Q19pdUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABZoGAwQA
BZpFAwQAWStVMA0GCSqGSIb3DQEBCwUAA4IBAQDQH7ZW0SLs2XtwUjO0kVyi5Tc/
OWPWrBt4ED7Ol7RnBu1UvrEPOx+XrCoZF/Sw9/at5U7e0tSX2BES7kLHQSPqGSs8
iU5m+b1SxnXBBqM1MFb1akT8cm/EWT+dyeXOFWudc7gGFk1MhvXOtJ8mEffrlAZI
NBDoJ/20eh3nnxUwONjijz+l7dwFCaIM9p2xK5mLdDIX+t9xzOhkDGkmrtOPrRHT
T5xsUf7AHgN6V4Y9BYD2F6Jd8ZmVJgQwHCgki/gzURre9lri7XtJrNQI/SDdPfcA
Yn+qlR/IfUYyKZqfmCsZNKA9rBwQfio9qupSw9Myofisrr+RgR5Jc/JjLCFV
-----END CERTIFICATE-----