Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/5s5qGQoGev1jAV5c8T8dWS5HMq8.roa
File:                     5s5qGQoGev1jAV5c8T8dWS5HMq8.roa (raw, json)
Hash identifier:          Br7JXU0oIeq94AWaj70g/oHJ4lU7FSYUKqT+ZWnKc5Y=
Subject key identifier:   E6:CE:6A:19:0A:06:7A:FD:63:01:5E:5C:F1:3F:1D:59:2E:47:32:AF
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       01942068027938F772362FC11B428DBBB269
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/5s5qGQoGev1jAV5c8T8dWS5HMq8.roa
Signing time:             Wed 01 Jan 2025 05:47:54 +0000
ROA not before:           Wed 01 Jan 2025 05:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8100
IP address blocks:        45.141.60.0/24 maxlen: 24
                          185.227.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:02:79:38:f7:72:36:2f:c1:1b:42:8d:bb:b2:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 05:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6ce6a190a067afd63015e5cf13f1d592e4732af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7a:92:ac:a2:5f:a8:c1:4a:66:d0:3d:32:21:
                    53:10:fe:da:2a:89:20:54:ae:05:ce:09:dd:4f:d8:
                    54:8c:3d:5a:f1:09:db:54:99:df:9f:5b:91:e7:1b:
                    a3:c3:f8:e5:2b:d2:93:05:89:9b:fd:bb:b1:1b:fc:
                    8c:11:28:af:1b:4a:44:a1:16:39:97:f0:3b:ed:99:
                    1f:a9:6a:6b:7f:4f:31:a6:ce:c3:69:c4:18:67:51:
                    49:24:f3:d0:ce:93:2f:ac:96:21:68:85:27:7c:d3:
                    dd:17:d6:b8:58:74:4d:4e:38:75:5d:e4:c4:05:89:
                    5b:c6:b8:b6:ae:01:77:b1:7f:7e:ba:ba:11:1d:fd:
                    e6:cc:36:94:e3:c6:03:d6:2a:40:a1:66:5a:48:ed:
                    27:1b:96:02:6a:17:d4:ae:a4:95:c5:9e:3f:0f:d6:
                    88:bb:b6:68:22:0e:8b:ee:ae:37:bb:28:19:40:23:
                    e6:b3:39:80:57:31:d8:77:1c:9a:9b:c0:07:48:9b:
                    1a:b6:b3:48:16:42:35:9c:04:9d:c9:d0:15:7e:51:
                    f5:ee:04:07:ff:4c:3b:74:5a:13:bf:be:58:71:0a:
                    7c:a7:45:43:9f:f3:df:25:ca:40:2e:dc:5f:f7:94:
                    48:7c:57:80:da:cf:18:c1:17:71:35:9e:8d:81:aa:
                    7f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:CE:6A:19:0A:06:7A:FD:63:01:5E:5C:F1:3F:1D:59:2E:47:32:AF
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/5s5qGQoGev1jAV5c8T8dWS5HMq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.60.0/24
                  185.227.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:f1:19:73:c1:59:33:9a:f4:95:bd:01:9a:12:f1:b1:b2:88:
         89:0a:17:f9:96:bc:cf:f0:b7:49:43:40:29:17:03:f6:d2:1e:
         3d:39:1c:42:e3:18:19:03:fd:79:4f:c3:0d:9f:8d:9a:ee:85:
         2a:33:84:ea:41:95:59:f4:c4:79:ee:8e:b1:9f:1e:87:22:15:
         91:55:35:ba:27:6e:96:5a:4e:79:14:cf:21:b1:51:ae:b1:1e:
         83:f1:6b:25:a0:96:2f:1a:dd:07:dc:f8:0b:65:8e:a7:5e:46:
         3c:5c:31:66:6c:d2:b2:c6:9f:71:4b:0f:51:14:82:18:0b:61:
         74:6f:5c:fe:79:81:65:5e:af:11:14:9e:98:f4:35:37:a0:9e:
         d6:65:9c:e4:5a:c1:9a:80:5a:2d:71:94:52:04:e4:82:9f:64:
         4c:9d:94:5a:2b:96:fa:ac:09:fa:dd:c5:99:bf:61:64:a6:3d:
         18:12:65:a6:fa:e1:fc:a0:0d:9e:c1:08:12:33:ce:7a:21:f6:
         0c:44:3b:f0:fb:26:01:ed:d9:13:c9:a3:ab:a0:6f:b5:c0:26:
         2c:fa:dc:03:3f:08:ec:50:ba:a8:6a:71:d8:ae:e6:41:6e:c9:
         db:ce:18:87:62:c0:6b:e0:93:1f:f8:bf:ca:0e:16:1e:f3:96:
         11:6a:7c:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaAJ5OPdyNi/BG0KNu7JpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTAxMDU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNlNmExOTBhMDY3YWZkNjMwMTVlNWNmMTNmMWQ1OTJlNDczMmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XqSrKJfqMFKZtA9MiFTEP7aKokg
VK4FzgndT9hUjD1a8QnbVJnfn1uR5xujw/jlK9KTBYmb/buxG/yMESivG0pEoRY5
l/A77ZkfqWprf08xps7DacQYZ1FJJPPQzpMvrJYhaIUnfNPdF9a4WHRNTjh1XeTE
BYlbxri2rgF3sX9+uroRHf3mzDaU48YD1ipAoWZaSO0nG5YCahfUrqSVxZ4/D9aI
u7ZoIg6L7q43uygZQCPmszmAVzHYdxyam8AHSJsatrNIFkI1nASdydAVflH17gQH
/0w7dFoTv75YcQp8p0VDn/PfJcpALtxf95RIfFeA2s8YwRdxNZ6Ngap/VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFObOahkKBnr9YwFeXPE/HVkuRzKvMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvNXM1cUdRb0dldjFqQVY1YzhUOGRXUzVITXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY08AwQA
ueNTMA0GCSqGSIb3DQEBCwUAA4IBAQAI8RlzwVkzmvSVvQGaEvGxsoiJChf5lrzP
8LdJQ0ApFwP20h49ORxC4xgZA/15T8MNn42a7oUqM4TqQZVZ9MR57o6xnx6HIhWR
VTW6J26WWk55FM8hsVGusR6D8WsloJYvGt0H3PgLZY6nXkY8XDFmbNKyxp9xSw9R
FIIYC2F0b1z+eYFlXq8RFJ6Y9DU3oJ7WZZzkWsGagFotcZRSBOSCn2RMnZRaK5b6
rAn63cWZv2Fkpj0YEmWm+uH8oA2ewQgSM856IfYMRDvw+yYB7dkTyaOroG+1wCYs
+twDPwjsULqoanHYruZBbsnbzhiHYsBr4JMf+L/KDhYe85YRanx7
-----END CERTIFICATE-----