Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/o-IAHNtlfJTe0lrMjkAn3EfKWfQ.roa
File:                     o-IAHNtlfJTe0lrMjkAn3EfKWfQ.roa (raw, json)
Hash identifier:          4yZoP16QAdZ03Ygf8PchIKIjGuMurg8hghXjeARQmNw=
Subject key identifier:   A3:E2:00:1C:DB:65:7C:94:DE:D2:5A:CC:8E:40:27:DC:47:CA:59:F4
Certificate issuer:       /CN=a71cc0d58b16adbbf7fa5c2fdbc3659f9c73c7ba
Certificate serial:       019425FD5E5CA4D85AFC93A1A4D24347F7DC
Authority key identifier: A7:1C:C0:D5:8B:16:AD:BB:F7:FA:5C:2F:DB:C3:65:9F:9C:73:C7:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pxzA1YsWrbv3-lwv28Nln5xzx7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/o-IAHNtlfJTe0lrMjkAn3EfKWfQ.roa
Signing time:             Thu 02 Jan 2025 07:49:09 +0000
ROA not before:           Thu 02 Jan 2025 07:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41075
IP address blocks:        5.56.32.0/24 maxlen: 24
                          5.56.39.0/24 maxlen: 24
                          2a01:47c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/pxzA1YsWrbv3-lwv28Nln5xzx7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/pxzA1YsWrbv3-lwv28Nln5xzx7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pxzA1YsWrbv3-lwv28Nln5xzx7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:5e:5c:a4:d8:5a:fc:93:a1:a4:d2:43:47:f7:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a71cc0d58b16adbbf7fa5c2fdbc3659f9c73c7ba
        Validity
            Not Before: Jan  2 07:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3e2001cdb657c94ded25acc8e4027dc47ca59f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:75:cd:f8:9f:6e:ef:23:3b:97:c1:45:0f:f4:
                    48:69:5d:0d:e7:42:bb:cd:6b:78:58:25:bd:37:b8:
                    40:68:97:19:fa:ee:39:49:a2:b8:a9:21:61:a2:13:
                    90:30:98:69:7f:c2:ad:d0:93:22:10:ee:32:85:8d:
                    ab:d3:a6:60:c8:93:c4:5e:a2:12:c1:20:d5:b9:79:
                    02:47:76:e3:cf:57:c6:e8:a7:fd:2d:df:b0:36:80:
                    34:f1:14:53:e2:bb:b2:ff:78:a7:93:70:db:c7:88:
                    62:ab:8e:67:64:f0:12:93:de:b5:68:34:dd:6a:49:
                    d1:f6:b0:d7:b4:90:69:b4:e9:44:d5:bc:52:f0:86:
                    4d:58:85:42:7f:94:a7:03:55:90:60:3c:d4:9c:ae:
                    fc:ce:80:35:a2:96:82:92:e7:ba:0e:36:3e:cb:ba:
                    8d:48:82:23:e2:53:74:68:a3:b3:59:b8:ae:52:72:
                    3c:11:2b:e1:80:ae:66:35:75:ef:20:7b:a0:20:f4:
                    9c:29:ca:8c:4b:c2:89:a7:4e:d7:2f:64:56:90:fa:
                    ee:07:4e:3e:48:e3:88:88:ee:15:7a:68:0c:7c:3b:
                    30:1a:dd:cf:ba:e7:34:9d:b3:67:e9:8f:c3:35:75:
                    54:4c:49:a5:67:b1:2d:00:34:f9:d5:65:a9:be:5c:
                    9e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:E2:00:1C:DB:65:7C:94:DE:D2:5A:CC:8E:40:27:DC:47:CA:59:F4
            X509v3 Authority Key Identifier:
                keyid:A7:1C:C0:D5:8B:16:AD:BB:F7:FA:5C:2F:DB:C3:65:9F:9C:73:C7:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pxzA1YsWrbv3-lwv28Nln5xzx7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/o-IAHNtlfJTe0lrMjkAn3EfKWfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/pxzA1YsWrbv3-lwv28Nln5xzx7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.32.0/24
                  5.56.39.0/24
                IPv6:
                  2a01:47c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:f7:f2:c7:10:3c:5b:6e:b8:27:04:8d:79:8e:c5:d8:88:4e:
         ce:05:8d:30:92:16:b0:34:d8:a6:8c:8e:d8:b9:e1:51:4c:19:
         5f:da:9f:e5:13:00:6e:94:1f:e8:57:6e:a3:1c:3f:e6:e1:fe:
         92:64:d1:35:56:ce:b0:e1:ed:76:8a:53:4e:f2:51:cd:09:19:
         f0:e3:3a:64:bb:90:b6:82:8d:b3:3e:5b:cb:75:2e:6e:4b:9d:
         e4:36:54:b9:23:4f:c8:53:7b:de:52:b6:17:ce:be:5e:a6:6b:
         94:39:e7:2b:ef:17:ff:b5:0a:cb:c6:58:77:af:05:3f:ef:dd:
         98:c9:91:4f:bf:22:19:c1:4f:9f:19:a1:eb:29:5a:ad:11:68:
         5b:8c:d1:97:03:26:76:ec:4a:5a:76:52:7b:0f:ff:9e:cd:9f:
         b3:19:1d:a9:a2:52:7c:c8:f7:ae:4e:b7:ba:0d:6e:e8:e4:a5:
         8c:37:96:65:f3:ea:09:cc:40:c9:aa:68:63:3e:d8:47:40:04:
         16:0c:54:85:b0:92:81:7c:c9:d5:00:f2:d8:c9:43:54:6f:37:
         07:2a:09:50:7c:4e:c1:48:bd:87:71:2e:d7:70:fa:b8:13:36:
         cf:63:ac:2c:1c:79:da:88:44:42:33:6f:36:ae:4e:85:00:e4:
         76:e0:d8:be
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/V5cpNha/JOhpNJDR/fcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MWNjMGQ1OGIxNmFkYmJmN2ZhNWMyZmRiYzM2NTlmOWM3
M2M3YmEwHhcNMjUwMTAyMDc0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2UyMDAxY2RiNjU3Yzk0ZGVkMjVhY2M4ZTQwMjdkYzQ3Y2E1OWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHXN+J9u7yM7l8FFD/RIaV0N50K7
zWt4WCW9N7hAaJcZ+u45SaK4qSFhohOQMJhpf8Kt0JMiEO4yhY2r06ZgyJPEXqIS
wSDVuXkCR3bjz1fG6Kf9Ld+wNoA08RRT4ruy/3ink3Dbx4hiq45nZPASk961aDTd
aknR9rDXtJBptOlE1bxS8IZNWIVCf5SnA1WQYDzUnK78zoA1opaCkue6DjY+y7qN
SIIj4lN0aKOzWbiuUnI8ESvhgK5mNXXvIHugIPScKcqMS8KJp07XL2RWkPruB04+
SOOIiO4VemgMfDswGt3Puuc0nbNn6Y/DNXVUTEmlZ7EtADT51WWpvlye6wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKPiABzbZXyU3tJazI5AJ9xHyln0MB8GA1UdIwQY
MBaAFKccwNWLFq279/pcL9vDZZ+cc8e6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHh6QTFZc1dyYnYzLWx3djI4TmxuNXh6eDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81ZjVhNjAtOTAyNi00YjY2LWJhYWEt
ZGU2NDBkMDEyMDY1LzEvby1JQUhOdGxmSlRlMGxyTWprQW4zRWZLV2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81ZjVhNjAtOTAyNi00YjY2LWJhYWEtZGU2NDBkMDEyMDY1
LzEvcHh6QTFZc1dyYnYzLWx3djI4TmxuNXh6eDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQABTggAwQA
BTgnMA0EAgACMAcDBQAqAUfBMA0GCSqGSIb3DQEBCwUAA4IBAQB+9/LHEDxbbrgn
BI15jsXYiE7OBY0wkhawNNimjI7YueFRTBlf2p/lEwBulB/oV26jHD/m4f6SZNE1
Vs6w4e12ilNO8lHNCRnw4zpku5C2go2zPlvLdS5uS53kNlS5I0/IU3veUrYXzr5e
pmuUOecr7xf/tQrLxlh3rwU/792YyZFPvyIZwU+fGaHrKVqtEWhbjNGXAyZ27Epa
dlJ7D/+ezZ+zGR2polJ8yPeuTre6DW7o5KWMN5Zl8+oJzEDJqmhjPthHQAQWDFSF
sJKBfMnVAPLYyUNUbzcHKglQfE7BSL2HcS7XcPq4EzbPY6wsHHnaiERCM282rk6F
AOR24Ni+
-----END CERTIFICATE-----