Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/PuRCtZYS1zb-l6-lSbqSBFwnqhM.roa
File:                     PuRCtZYS1zb-l6-lSbqSBFwnqhM.roa (raw, json)
Hash identifier:          AbBVF9kyhgAnkvzoIY9J9QbGE309UtyTbrK9vyLj9EM=
Subject key identifier:   3E:E4:42:B5:96:12:D7:36:FE:97:AF:A5:49:BA:92:04:5C:27:AA:13
Certificate issuer:       /CN=00911779c767d2364e86f4e27ef8c5fe9bb01090
Certificate serial:       01941FFA3FAF239E03D81CF2A8F0BC7F85AE
Authority key identifier: 00:91:17:79:C7:67:D2:36:4E:86:F4:E2:7E:F8:C5:FE:9B:B0:10:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AJEXecdn0jZOhvTifvjF_puwEJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/PuRCtZYS1zb-l6-lSbqSBFwnqhM.roa
Signing time:             Wed 01 Jan 2025 03:48:01 +0000
ROA not before:           Wed 01 Jan 2025 03:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60406
IP address blocks:        5.45.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/AJEXecdn0jZOhvTifvjF_puwEJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/AJEXecdn0jZOhvTifvjF_puwEJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AJEXecdn0jZOhvTifvjF_puwEJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3f:af:23:9e:03:d8:1c:f2:a8:f0:bc:7f:85:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00911779c767d2364e86f4e27ef8c5fe9bb01090
        Validity
            Not Before: Jan  1 03:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ee442b59612d736fe97afa549ba92045c27aa13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:ac:87:a3:5e:8f:09:d9:8b:af:27:04:d6:f2:
                    75:37:cc:96:7c:41:30:dd:c3:71:c5:12:18:f5:2a:
                    20:a1:8c:91:15:91:e6:5b:bd:54:fc:4a:2b:96:69:
                    89:40:d8:2a:e1:e6:e1:bd:3d:f8:a3:79:7a:a4:29:
                    f7:b3:8f:9c:d5:7c:f1:33:7a:84:a0:92:62:bf:59:
                    8f:3e:61:c3:80:38:a4:e1:6d:4e:d1:4c:15:a7:68:
                    a2:d0:69:d7:64:58:2a:6a:ff:ce:99:22:d5:9e:b7:
                    dd:b8:0f:f6:23:64:85:9f:83:c0:3d:b7:09:e3:9c:
                    4c:65:4f:d0:76:98:0b:47:32:a3:96:60:ab:df:5d:
                    9a:b2:56:31:5b:4a:e5:e7:34:2d:8b:1f:39:ca:35:
                    29:b9:a8:e5:55:39:b8:84:39:9b:a4:1a:41:72:23:
                    65:87:73:25:2a:7d:aa:ee:60:e7:79:69:a1:e9:52:
                    79:24:62:5b:aa:46:24:2e:84:57:fd:a0:1c:64:e9:
                    a5:b8:31:79:c2:11:1f:70:03:85:d8:b2:3f:40:63:
                    7c:14:42:db:bf:91:c3:a5:7b:47:1e:ca:22:c6:9c:
                    54:1d:c1:98:d1:eb:e0:1a:78:0b:92:bc:b1:f0:2b:
                    9f:05:95:67:24:fa:9a:0c:d0:b5:90:75:8e:f5:f8:
                    1d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E4:42:B5:96:12:D7:36:FE:97:AF:A5:49:BA:92:04:5C:27:AA:13
            X509v3 Authority Key Identifier:
                keyid:00:91:17:79:C7:67:D2:36:4E:86:F4:E2:7E:F8:C5:FE:9B:B0:10:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AJEXecdn0jZOhvTifvjF_puwEJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/PuRCtZYS1zb-l6-lSbqSBFwnqhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/AJEXecdn0jZOhvTifvjF_puwEJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:0b:18:49:c2:41:35:64:27:10:a3:14:75:b4:75:d8:b6:f7:
         7a:61:52:cd:48:68:73:ea:97:7a:ed:cc:7f:61:e8:f5:c7:ac:
         d1:39:f7:60:24:6b:ba:5f:dd:fa:52:41:95:b6:63:e0:6c:3c:
         1e:15:22:90:6c:4a:89:3b:b5:d8:f8:0f:7e:ff:fd:39:12:e3:
         6e:22:28:53:9c:e0:e8:32:fd:7a:6e:9d:5e:24:9d:b2:8f:92:
         99:bf:e4:9d:38:ea:4b:f7:80:60:5f:2c:ba:be:86:7e:69:ff:
         60:5e:7f:c8:6f:5a:ee:8e:aa:7e:c9:78:9c:d0:88:48:6b:a3:
         23:e3:b1:e8:77:0b:89:9f:9d:72:24:26:51:f6:61:40:9e:73:
         f0:04:ae:1f:86:c4:98:b7:6f:66:30:fe:26:17:d0:d6:3b:f7:
         e7:80:31:08:40:03:72:d8:f1:ce:d3:55:80:ca:a3:01:f7:6a:
         84:81:5a:56:e0:de:3a:a6:78:36:5d:9e:00:bd:dd:97:0a:1c:
         89:ba:7a:59:b3:10:f7:83:f8:1d:92:fc:7a:34:2c:2a:88:2a:
         ec:f5:b3:33:d1:72:f8:c9:0e:d5:7e:3b:fe:95:7e:be:82:76:
         2c:cb:ba:ff:28:5d:db:e0:08:60:85:a7:5e:81:44:48:3e:24:
         2a:04:62:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+j+vI54D2BzyqPC8f4WuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwOTExNzc5Yzc2N2QyMzY0ZTg2ZjRlMjdlZjhjNWZlOWJi
MDEwOTAwHhcNMjUwMTAxMDM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWU0NDJiNTk2MTJkNzM2ZmU5N2FmYTU0OWJhOTIwNDVjMjdhYTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36yHo16PCdmLrycE1vJ1N8yWfEEw
3cNxxRIY9SogoYyRFZHmW71U/EorlmmJQNgq4ebhvT34o3l6pCn3s4+c1XzxM3qE
oJJiv1mPPmHDgDik4W1O0UwVp2ii0GnXZFgqav/OmSLVnrfduA/2I2SFn4PAPbcJ
45xMZU/QdpgLRzKjlmCr312aslYxW0rl5zQtix85yjUpuajlVTm4hDmbpBpBciNl
h3MlKn2q7mDneWmh6VJ5JGJbqkYkLoRX/aAcZOmluDF5whEfcAOF2LI/QGN8FELb
v5HDpXtHHsoixpxUHcGY0evgGngLkryx8CufBZVnJPqaDNC1kHWO9fgdEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7kQrWWEtc2/pevpUm6kgRcJ6oTMB8GA1UdIwQY
MBaAFACRF3nHZ9I2Tob04n74xf6bsBCQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUpFWGVjZG4walpPaHZUaWZ2akZfcHV3RUpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8yNTlmYmUtMjg1NS00ZTE5LTkxOGYt
NjJjMWIxZmYzYTI2LzEvUHVSQ3RaWVMxemItbDYtbFNicVNCRnducWhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8yNTlmYmUtMjg1NS00ZTE5LTkxOGYtNjJjMWIxZmYzYTI2
LzEvQUpFWGVjZG4walpPaHZUaWZ2akZfcHV3RUpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABS29MA0G
CSqGSIb3DQEBCwUAA4IBAQAfCxhJwkE1ZCcQoxR1tHXYtvd6YVLNSGhz6pd67cx/
Yej1x6zROfdgJGu6X936UkGVtmPgbDweFSKQbEqJO7XY+A9+//05EuNuIihTnODo
Mv16bp1eJJ2yj5KZv+SdOOpL94BgXyy6voZ+af9gXn/Ib1rujqp+yXic0IhIa6Mj
47HodwuJn51yJCZR9mFAnnPwBK4fhsSYt29mMP4mF9DWO/fngDEIQANy2PHO01WA
yqMB92qEgVpW4N46png2XZ4Avd2XChyJunpZsxD3g/gdkvx6NCwqiCrs9bMz0XL4
yQ7Vfjv+lX6+gnYsy7r/KF3b4AhghadegURIPiQqBGLt
-----END CERTIFICATE-----