Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/5EhGWDiv-mdrFJtaGPcIV4hAZHU.roa
File:                     5EhGWDiv-mdrFJtaGPcIV4hAZHU.roa (raw, json)
Hash identifier:          paQm0Cth2qgQ0W2I327E4nKtaA3xuIR5I8vqj1tpRT0=
Subject key identifier:   E4:48:46:58:38:AF:FA:67:6B:14:9B:5A:18:F7:08:57:88:40:64:75
Certificate issuer:       /CN=24bc98ddeefdb561aa69eca7349060d84059e192
Certificate serial:       018F810428CC3B7847D5A6E89799B5FA40A5
Authority key identifier: 24:BC:98:DD:EE:FD:B5:61:AA:69:EC:A7:34:90:60:D8:40:59:E1:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JLyY3e79tWGqaeynNJBg2EBZ4ZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/5EhGWDiv-mdrFJtaGPcIV4hAZHU.roa
Signing time:             Thu 16 May 2024 10:48:04 +0000
ROA not before:           Thu 16 May 2024 10:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208905
IP address blocks:        45.133.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/JLyY3e79tWGqaeynNJBg2EBZ4ZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/JLyY3e79tWGqaeynNJBg2EBZ4ZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JLyY3e79tWGqaeynNJBg2EBZ4ZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:81:04:28:cc:3b:78:47:d5:a6:e8:97:99:b5:fa:40:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24bc98ddeefdb561aa69eca7349060d84059e192
        Validity
            Not Before: May 16 10:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e448465838affa676b149b5a18f7085788406475
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0e:34:60:9f:56:77:6f:f3:6a:08:33:52:4a:
                    85:7c:dc:c7:85:73:66:a9:af:41:57:99:62:9d:d6:
                    2e:74:f4:f9:7f:45:a3:c7:04:55:eb:70:cd:2a:58:
                    5e:23:d5:6f:ae:a9:05:58:92:1e:65:9e:a8:56:1c:
                    94:9f:99:a7:c8:17:11:b5:b9:41:a1:1c:8d:b3:63:
                    9e:84:63:55:4f:d7:2a:c5:f4:8b:28:d9:01:64:3b:
                    00:bb:28:3f:ad:62:c0:9b:6c:6a:77:33:87:8c:9d:
                    66:e1:4c:2f:66:bb:48:7b:d4:11:c3:37:7b:1e:01:
                    da:b1:82:f6:64:d0:37:02:88:dd:92:cc:a2:ac:1c:
                    ab:1d:c0:b6:aa:23:b9:c8:03:ac:a8:dd:08:01:c7:
                    32:e8:01:3c:59:49:13:6b:60:19:9c:3f:fb:dd:a3:
                    65:b7:37:9f:18:c3:f7:6a:50:bc:e3:23:c8:f9:cf:
                    9b:95:13:ef:7c:02:38:de:71:c8:6f:3d:87:88:41:
                    e7:e7:c8:1b:69:3b:93:21:89:ca:d0:51:9b:b1:83:
                    48:a4:ad:a6:98:a2:e6:b9:31:7e:61:ee:3e:98:a8:
                    a0:89:63:09:6d:15:68:de:81:91:5b:28:0c:9a:68:
                    e5:17:e8:36:a4:b0:e4:e3:46:b8:d3:6a:3e:4f:29:
                    0d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:48:46:58:38:AF:FA:67:6B:14:9B:5A:18:F7:08:57:88:40:64:75
            X509v3 Authority Key Identifier:
                keyid:24:BC:98:DD:EE:FD:B5:61:AA:69:EC:A7:34:90:60:D8:40:59:E1:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JLyY3e79tWGqaeynNJBg2EBZ4ZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/5EhGWDiv-mdrFJtaGPcIV4hAZHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/89fe5b-4fda-4d04-99b4-f49764ff48ea/1/JLyY3e79tWGqaeynNJBg2EBZ4ZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:b6:81:88:d0:af:96:18:5d:43:f6:55:37:16:3b:e6:80:f5:
         29:6c:d1:57:d5:eb:4d:f0:23:f9:22:d3:f7:3f:2e:f7:a4:eb:
         51:a9:1e:cc:5f:41:c8:bf:5e:ba:bc:6d:22:1c:8c:de:20:31:
         d6:3a:ff:bf:16:1b:14:6e:00:da:ec:9f:fa:e6:87:3f:d9:8c:
         48:39:34:cf:74:f9:1a:98:d6:c6:8b:c1:ef:b4:2c:30:9b:c8:
         6e:f7:53:9e:24:48:51:4f:d0:78:68:8d:6c:f5:1c:b7:46:5b:
         1c:fd:6d:5b:e7:49:93:99:16:c5:7b:77:fa:11:61:28:92:ea:
         f3:ae:1a:c4:f5:f6:00:31:ba:66:63:e4:0f:79:e7:42:cb:04:
         97:0a:08:21:d3:de:7f:3a:76:4c:5d:3e:56:c7:7b:c3:33:47:
         f7:79:da:b1:a7:ef:82:78:44:cd:9a:32:04:f1:0e:b7:11:68:
         e9:ba:96:06:d1:e4:19:6e:ec:8e:3f:09:c1:ad:eb:08:54:78:
         da:dd:56:fc:fe:38:ec:54:e8:3b:2d:b9:86:17:8f:cb:91:c1:
         47:b7:ee:6c:9c:1b:41:9c:6a:2e:04:82:34:9f:fa:80:b0:06:
         60:7d:bd:3d:60:65:88:60:4b:71:0a:bc:a8:a1:04:0a:3d:a4:
         bf:4e:05:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+BBCjMO3hH1abol5m1+kClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YmM5OGRkZWVmZGI1NjFhYTY5ZWNhNzM0OTA2MGQ4NDA1
OWUxOTIwHhcNMjQwNTE2MTA0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDQ4NDY1ODM4YWZmYTY3NmIxNDliNWExOGY3MDg1Nzg4NDA2NDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvA40YJ9Wd2/zaggzUkqFfNzHhXNm
qa9BV5lindYudPT5f0WjxwRV63DNKlheI9VvrqkFWJIeZZ6oVhyUn5mnyBcRtblB
oRyNs2OehGNVT9cqxfSLKNkBZDsAuyg/rWLAm2xqdzOHjJ1m4UwvZrtIe9QRwzd7
HgHasYL2ZNA3AojdksyirByrHcC2qiO5yAOsqN0IAccy6AE8WUkTa2AZnD/73aNl
tzefGMP3alC84yPI+c+blRPvfAI43nHIbz2HiEHn58gbaTuTIYnK0FGbsYNIpK2m
mKLmuTF+Ye4+mKigiWMJbRVo3oGRWygMmmjlF+g2pLDk40a402o+TykN7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORIRlg4r/pnaxSbWhj3CFeIQGR1MB8GA1UdIwQY
MBaAFCS8mN3u/bVhqmnspzSQYNhAWeGSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkx5WTNlNzl0V0dxYWV5bk5KQmcyRUJaNFpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS84OWZlNWItNGZkYS00ZDA0LTk5YjQt
ZjQ5NzY0ZmY0OGVhLzEvNUVoR1dEaXYtbWRyRkp0YUdQY0lWNGhBWkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS84OWZlNWItNGZkYS00ZDA0LTk5YjQtZjQ5NzY0ZmY0OGVh
LzEvSkx5WTNlNzl0V0dxYWV5bk5KQmcyRUJaNFpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYXxMA0G
CSqGSIb3DQEBCwUAA4IBAQC9toGI0K+WGF1D9lU3FjvmgPUpbNFX1etN8CP5ItP3
Py73pOtRqR7MX0HIv166vG0iHIzeIDHWOv+/FhsUbgDa7J/65oc/2YxIOTTPdPka
mNbGi8HvtCwwm8hu91OeJEhRT9B4aI1s9Ry3Rlsc/W1b50mTmRbFe3f6EWEokurz
rhrE9fYAMbpmY+QPeedCywSXCggh095/OnZMXT5Wx3vDM0f3edqxp++CeETNmjIE
8Q63EWjpupYG0eQZbuyOPwnBresIVHja3Vb8/jjsVOg7LbmGF4/LkcFHt+5snBtB
nGouBII0n/qAsAZgfb09YGWIYEtxCryooQQKPaS/TgXp
-----END CERTIFICATE-----