Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/5aybWk2Ky5dF88Dl5BHsEFM1SO0.roa
File:                     5aybWk2Ky5dF88Dl5BHsEFM1SO0.roa (raw, json)
Hash identifier:          H+JwBN0SZWGViTYdzpWvA1lltG+ihuV8ot5mKPyc2Ag=
Subject key identifier:   E5:AC:9B:5A:4D:8A:CB:97:45:F3:C0:E5:E4:11:EC:10:53:35:48:ED
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       01941FFA9823F505A82C033CED6FA342B361
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/5aybWk2Ky5dF88Dl5BHsEFM1SO0.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        45.135.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:98:23:f5:05:a8:2c:03:3c:ed:6f:a3:42:b3:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5ac9b5a4d8acb9745f3c0e5e411ec10533548ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d3:8a:58:26:cd:e3:42:ff:3f:dc:68:cd:dd:
                    c9:01:a4:5a:5c:14:b2:16:ba:90:46:db:ea:1c:ec:
                    55:6e:44:e9:26:d7:01:c3:5f:31:87:ab:ff:32:5c:
                    c6:99:c1:f0:91:69:6a:b0:fc:e5:84:05:ab:b9:83:
                    10:eb:d7:ba:41:4a:a0:9a:79:dc:5c:90:cf:42:9b:
                    d3:6b:1e:ac:2a:0a:94:e7:0b:14:f6:66:d0:09:b3:
                    71:b4:9a:ef:2f:7b:64:fb:25:8c:b6:01:96:fb:d3:
                    30:00:4a:fd:33:ed:78:c9:50:c9:b9:9b:4d:c6:c8:
                    68:6b:2c:d8:41:09:ee:70:e5:89:cd:20:61:43:a0:
                    27:76:5e:51:23:0b:2c:2d:81:88:aa:ce:db:07:71:
                    25:c9:05:b9:30:26:71:07:36:da:42:34:fd:02:56:
                    af:e5:78:1a:85:20:af:6e:0e:cc:83:c0:d2:77:9c:
                    f5:86:54:32:db:99:d7:dd:86:db:28:48:14:53:dd:
                    f0:44:aa:f3:1d:e8:dc:ea:ee:18:5b:d7:d9:48:b9:
                    ff:23:28:ea:f7:74:cc:56:3a:a2:87:fa:37:ad:d1:
                    8a:b4:81:1b:2e:55:e4:bc:7b:be:17:1c:85:74:f7:
                    c3:37:c0:29:be:36:28:e9:20:c6:3a:6e:d8:53:b2:
                    90:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AC:9B:5A:4D:8A:CB:97:45:F3:C0:E5:E4:11:EC:10:53:35:48:ED
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/5aybWk2Ky5dF88Dl5BHsEFM1SO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:9b:3c:de:83:ba:b7:74:43:93:d9:d3:d4:ac:42:ea:c7:74:
         8a:b7:d5:b8:83:d8:78:bb:b3:e7:df:0a:2e:07:ab:2b:d8:b9:
         2a:56:c8:a1:9b:bc:4a:2f:e8:59:7d:3b:2d:89:74:20:32:61:
         3a:3f:a1:cb:b7:94:13:1c:ca:29:36:bb:6f:f0:32:c5:a1:87:
         77:63:65:56:a3:38:f9:f9:b7:c8:ee:b7:ec:b4:96:c2:c1:04:
         f1:4d:b8:af:42:40:aa:51:6d:8a:b0:df:78:41:cb:66:e4:cd:
         91:59:8f:78:91:9c:53:c3:30:61:5e:67:aa:dc:79:c0:34:de:
         96:b9:52:5f:3a:69:18:b5:6b:45:cd:13:c1:b3:7b:bd:25:0c:
         c2:88:17:0d:9e:f3:94:42:48:4a:75:e2:48:51:5b:d4:3e:af:
         36:13:43:f3:bd:94:34:1c:4c:9f:a3:b2:5a:8e:50:77:9b:44:
         77:93:34:60:2d:f6:f3:48:28:0e:fe:d4:22:99:54:27:ad:e3:
         d9:70:ec:ae:1a:64:53:1b:3c:62:bb:a6:29:1e:d3:a5:4d:39:
         47:06:83:68:7b:18:cc:02:f0:93:65:2f:65:57:12:43:bc:4e:
         31:b2:d5:11:6e:38:cd:da:9d:ce:2b:4c:ca:ab:a0:75:ce:7b:
         87:c4:2c:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pgj9QWoLAM87W+jQrNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWFjOWI1YTRkOGFjYjk3NDVmM2MwZTVlNDExZWMxMDUzMzU0OGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9OKWCbN40L/P9xozd3JAaRaXBSy
FrqQRtvqHOxVbkTpJtcBw18xh6v/MlzGmcHwkWlqsPzlhAWruYMQ69e6QUqgmnnc
XJDPQpvTax6sKgqU5wsU9mbQCbNxtJrvL3tk+yWMtgGW+9MwAEr9M+14yVDJuZtN
xshoayzYQQnucOWJzSBhQ6Andl5RIwssLYGIqs7bB3ElyQW5MCZxBzbaQjT9Alav
5XgahSCvbg7Mg8DSd5z1hlQy25nX3YbbKEgUU93wRKrzHejc6u4YW9fZSLn/Iyjq
93TMVjqih/o3rdGKtIEbLlXkvHu+FxyFdPfDN8ApvjYo6SDGOm7YU7KQlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWsm1pNisuXRfPA5eQR7BBTNUjtMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvNWF5YldrMkt5NWRGODhEbDVCSHNFRk0xU08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYeLMA0G
CSqGSIb3DQEBCwUAA4IBAQCQmzzeg7q3dEOT2dPUrELqx3SKt9W4g9h4u7Pn3wou
B6sr2LkqVsihm7xKL+hZfTstiXQgMmE6P6HLt5QTHMopNrtv8DLFoYd3Y2VWozj5
+bfI7rfstJbCwQTxTbivQkCqUW2KsN94Qctm5M2RWY94kZxTwzBhXmeq3HnANN6W
uVJfOmkYtWtFzRPBs3u9JQzCiBcNnvOUQkhKdeJIUVvUPq82E0PzvZQ0HEyfo7Ja
jlB3m0R3kzRgLfbzSCgO/tQimVQnrePZcOyuGmRTGzxiu6YpHtOlTTlHBoNoexjM
AvCTZS9lVxJDvE4xstURbjjN2p3OK0zKq6B1znuHxCxf
-----END CERTIFICATE-----