Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/5bh70NDw7zp64NXJ_51b90SAuu4.roa
File:                     5bh70NDw7zp64NXJ_51b90SAuu4.roa (raw, json)
Hash identifier:          4ywVwFnAjMHvhsAsLPg1qryIBj6T959YwjsSeW0RTBc=
Subject key identifier:   E5:B8:7B:D0:D0:F0:EF:3A:7A:E0:D5:C9:FF:9D:5B:F7:44:80:BA:EE
Certificate issuer:       /CN=b143fa703fbee04bbd91ce63a32148b36b8e55aa
Certificate serial:       019425FDEB8A0E3F2B5797B7504F2972A816
Authority key identifier: B1:43:FA:70:3F:BE:E0:4B:BD:91:CE:63:A3:21:48:B3:6B:8E:55:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/5bh70NDw7zp64NXJ_51b90SAuu4.roa
Signing time:             Thu 02 Jan 2025 07:49:45 +0000
ROA not before:           Thu 02 Jan 2025 07:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50384
IP address blocks:        2a00:1b30::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:eb:8a:0e:3f:2b:57:97:b7:50:4f:29:72:a8:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b143fa703fbee04bbd91ce63a32148b36b8e55aa
        Validity
            Not Before: Jan  2 07:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5b87bd0d0f0ef3a7ae0d5c9ff9d5bf74480baee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:74:06:ba:6f:d8:8e:3d:1a:4e:08:45:cb:85:
                    77:2d:ae:d4:81:fe:14:33:48:ba:48:2e:d0:14:56:
                    38:5a:28:bf:45:d4:77:83:5d:2a:30:72:7d:db:3a:
                    9c:5f:d5:b8:eb:22:0c:b5:fb:64:c0:2d:2c:df:2d:
                    29:12:5b:01:43:95:cb:06:e3:f6:dd:b5:13:2d:9b:
                    0e:a3:ab:52:98:5a:76:1b:ae:66:58:33:e9:f1:dc:
                    03:f6:2d:26:eb:8d:69:5a:d8:e2:f8:81:87:97:f9:
                    ea:05:7d:d8:4c:f5:5d:8c:7c:36:4d:c9:71:e2:2a:
                    29:a4:0d:40:b6:e6:7d:38:74:be:bf:22:50:55:ee:
                    e2:ff:97:5e:30:73:f4:47:6c:48:d1:50:87:67:29:
                    ec:b3:aa:79:48:e7:62:a9:be:15:9d:a8:f1:59:2f:
                    db:fe:cb:f2:46:6b:cd:22:d7:fe:13:37:d6:45:1e:
                    59:60:7f:80:49:09:3d:d0:a6:0f:1e:1c:5c:3f:8d:
                    de:a6:92:ba:43:08:4e:bb:62:7f:df:d2:4a:43:87:
                    66:6c:dd:e4:81:79:36:f4:29:0f:20:a6:03:06:c0:
                    e2:de:2e:d1:2c:1f:11:64:ad:65:4b:de:11:53:70:
                    54:05:64:11:33:98:32:b1:ed:5c:2f:d4:ef:c1:79:
                    b4:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:B8:7B:D0:D0:F0:EF:3A:7A:E0:D5:C9:FF:9D:5B:F7:44:80:BA:EE
            X509v3 Authority Key Identifier:
                keyid:B1:43:FA:70:3F:BE:E0:4B:BD:91:CE:63:A3:21:48:B3:6B:8E:55:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/5bh70NDw7zp64NXJ_51b90SAuu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1b30::/33

    Signature Algorithm: sha256WithRSAEncryption
         56:d6:66:80:6a:36:97:d5:45:a0:d8:ab:87:f1:95:f4:39:58:
         5f:7f:97:5e:20:fd:ee:3d:91:16:21:f5:d7:e6:ff:d5:06:af:
         5a:5d:a5:db:2d:76:ef:ca:0e:dc:03:03:ca:31:9a:96:e7:d5:
         16:01:fc:09:ca:6f:6b:27:f1:e3:1f:6e:9a:e3:81:0b:ce:b2:
         fc:2c:69:86:3f:bd:d0:bf:63:d8:f2:a4:33:e8:82:50:37:c3:
         4b:c2:c1:bc:6d:fb:e8:85:ec:3a:33:4c:d6:64:37:78:a9:aa:
         c0:d9:9c:30:11:48:7a:0c:e1:71:f5:9f:b4:be:08:a9:33:66:
         99:02:6a:c3:bf:36:94:13:40:8b:94:1a:bf:a6:31:f5:04:d8:
         1e:0c:50:c8:5a:f3:fe:8f:56:1c:40:fe:68:18:f5:91:94:7b:
         c5:51:ea:a7:71:43:33:4c:4e:94:0e:f5:80:ad:48:39:5c:e7:
         45:54:af:d3:d7:b1:1b:b4:62:89:03:66:60:68:18:02:38:c1:
         d1:8e:18:28:0f:76:d6:97:cc:c8:d4:f0:5c:23:a7:04:d9:d5:
         59:b2:2f:cf:8e:9f:29:62:62:77:88:02:df:f8:a2:84:74:b2:
         4d:c9:c7:b2:de:18:0a:a9:b6:e1:d4:ad:3f:b6:bf:b7:a5:3f:
         d1:73:b3:f8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQl/euKDj8rV5e3UE8pcqgWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNDNmYTcwM2ZiZWUwNGJiZDkxY2U2M2EzMjE0OGIzNmI4
ZTU1YWEwHhcNMjUwMTAyMDc0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWI4N2JkMGQwZjBlZjNhN2FlMGQ1YzlmZjlkNWJmNzQ0ODBiYWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHQGum/Yjj0aTghFy4V3La7Ugf4U
M0i6SC7QFFY4Wii/RdR3g10qMHJ92zqcX9W46yIMtftkwC0s3y0pElsBQ5XLBuP2
3bUTLZsOo6tSmFp2G65mWDPp8dwD9i0m641pWtji+IGHl/nqBX3YTPVdjHw2Tclx
4ioppA1AtuZ9OHS+vyJQVe7i/5deMHP0R2xI0VCHZynss6p5SOdiqb4VnajxWS/b
/svyRmvNItf+EzfWRR5ZYH+ASQk90KYPHhxcP43eppK6QwhOu2J/39JKQ4dmbN3k
gXk29CkPIKYDBsDi3i7RLB8RZK1lS94RU3BUBWQRM5gyse1cL9TvwXm0nwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOW4e9DQ8O86euDVyf+dW/dEgLruMB8GA1UdIwQY
MBaAFLFD+nA/vuBLvZHOY6MhSLNrjlWqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VQNmNELS00RXU5a2M1am95RklzMnVPVmFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iOTM0MmYtNTkxNi00NjQ0LWIxYWEt
MDBkMWU3YTE3MGEyLzEvNWJoNzBORHc3enA2NE5YSl81MWI5MFNBdXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iOTM0MmYtNTkxNi00NjQ0LWIxYWEtMDBkMWU3YTE3MGEy
LzEvc1VQNmNELS00RXU5a2M1am95RklzMnVPVmFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKgAbMAAw
DQYJKoZIhvcNAQELBQADggEBAFbWZoBqNpfVRaDYq4fxlfQ5WF9/l14g/e49kRYh
9dfm/9UGr1pdpdstdu/KDtwDA8oxmpbn1RYB/AnKb2sn8eMfbprjgQvOsvwsaYY/
vdC/Y9jypDPoglA3w0vCwbxt++iF7DozTNZkN3ipqsDZnDARSHoM4XH1n7S+CKkz
ZpkCasO/NpQTQIuUGr+mMfUE2B4MUMha8/6PVhxA/mgY9ZGUe8VR6qdxQzNMTpQO
9YCtSDlc50VUr9PXsRu0YokDZmBoGAI4wdGOGCgPdtaXzMjU8FwjpwTZ1VmyL8+O
nyliYneIAt/4ooR0sk3Jx7LeGAqptuHUrT+2v7elP9Fzs/g=
-----END CERTIFICATE-----