Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/5d7cda-0a98-43ac-9136-712b1a7968e6/1/cJTD3IKsBKeCbDG4KiZEHnYFPTM.roa
File:                     cJTD3IKsBKeCbDG4KiZEHnYFPTM.roa (raw, json)
Hash identifier:          ufqwqkZa7S2iEhZdfjJxNYCun4AbNJ4X2aLuA4Ji7yY=
Subject key identifier:   70:94:C3:DC:82:AC:04:A7:82:6C:31:B8:2A:26:44:1E:76:05:3D:33
Certificate issuer:       /CN=da024b9c63db5c1a1cf4c5581dbe5b381cb95087
Certificate serial:       019426D9C8CE5E8C95927549036412645F4C
Authority key identifier: DA:02:4B:9C:63:DB:5C:1A:1C:F4:C5:58:1D:BE:5B:38:1C:B9:50:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gJLnGPbXBoc9MVYHb5bOBy5UIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/5d7cda-0a98-43ac-9136-712b1a7968e6/1/cJTD3IKsBKeCbDG4KiZEHnYFPTM.roa
Signing time:             Thu 02 Jan 2025 11:49:54 +0000
ROA not before:           Thu 02 Jan 2025 11:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39787
IP address blocks:        5.44.64.0/21 maxlen: 21
                          195.5.112.0/23 maxlen: 23
                          2a00:e48:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/5d7cda-0a98-43ac-9136-712b1a7968e6/1/2gJLnGPbXBoc9MVYHb5bOBy5UIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/5d7cda-0a98-43ac-9136-712b1a7968e6/1/2gJLnGPbXBoc9MVYHb5bOBy5UIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gJLnGPbXBoc9MVYHb5bOBy5UIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c8:ce:5e:8c:95:92:75:49:03:64:12:64:5f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da024b9c63db5c1a1cf4c5581dbe5b381cb95087
        Validity
            Not Before: Jan  2 11:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7094c3dc82ac04a7826c31b82a26441e76053d33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f1:69:1f:33:8c:aa:3b:0f:6c:d8:fa:35:ae:
                    67:ea:b8:26:ee:34:20:19:b3:b3:9a:d7:3d:b4:fa:
                    bf:0b:f6:c2:50:d4:7b:75:74:ad:d4:d4:f8:7b:ce:
                    26:b9:c7:7d:f2:4e:83:04:1d:6b:49:93:d3:0d:4c:
                    e0:4e:a8:ed:16:7e:5e:5f:47:76:a0:02:4c:b5:27:
                    12:3b:03:93:f4:be:ff:b4:68:07:69:c4:13:7b:2f:
                    1a:ee:dc:61:12:4d:a4:0d:92:77:69:f8:4e:82:e8:
                    cc:f9:e0:e9:42:e6:79:9c:6d:63:0a:08:0a:97:ca:
                    c4:5f:fb:a7:69:06:50:fa:9f:32:96:6a:ea:e7:94:
                    07:26:d5:cc:87:53:c3:df:a3:2c:35:e7:f5:a9:ff:
                    ee:14:a5:a0:2a:30:14:89:aa:07:45:cd:a0:53:d0:
                    b1:be:55:1b:47:2d:c0:7f:7e:cf:88:91:8e:ad:cf:
                    cb:1f:af:6a:dd:92:ca:aa:af:28:79:8c:fb:43:b4:
                    60:72:8e:00:c2:e2:31:af:57:90:bf:7e:c3:5c:69:
                    1f:3c:37:f5:e4:0a:bd:87:14:74:2b:c9:d7:1e:40:
                    69:b3:9c:92:e7:8c:fa:1e:ff:9d:eb:0e:9e:8e:63:
                    57:14:84:2b:71:78:d2:79:21:03:9f:de:0d:be:b4:
                    82:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:94:C3:DC:82:AC:04:A7:82:6C:31:B8:2A:26:44:1E:76:05:3D:33
            X509v3 Authority Key Identifier:
                keyid:DA:02:4B:9C:63:DB:5C:1A:1C:F4:C5:58:1D:BE:5B:38:1C:B9:50:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gJLnGPbXBoc9MVYHb5bOBy5UIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/5d7cda-0a98-43ac-9136-712b1a7968e6/1/cJTD3IKsBKeCbDG4KiZEHnYFPTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/5d7cda-0a98-43ac-9136-712b1a7968e6/1/2gJLnGPbXBoc9MVYHb5bOBy5UIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.64.0/21
                  195.5.112.0/23
                IPv6:
                  2a00:e48:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         c3:df:3d:7c:86:87:bb:02:78:ea:d9:b6:df:50:94:94:88:4f:
         2c:8d:f2:c8:a2:0d:8f:9a:95:d3:26:57:ff:15:66:09:46:12:
         ea:c1:6c:ad:58:e5:32:73:42:2d:38:6c:7d:99:c2:31:56:20:
         93:26:4b:8a:75:86:c2:67:67:01:d2:5d:9e:2a:d5:57:e9:a6:
         ed:2c:10:cf:9a:f7:03:62:00:ee:cb:98:9c:26:d3:0b:a8:d5:
         78:9f:06:19:31:2e:d9:44:cc:14:ec:d8:5d:cd:5a:56:46:5d:
         31:57:a0:18:57:2e:84:bd:74:74:0a:a6:66:f7:65:db:07:e6:
         0f:49:ac:c3:b7:24:c0:17:b3:81:e6:5d:25:d3:7e:cc:6e:a0:
         45:f0:69:cd:86:bb:06:9d:bf:52:cb:cd:b8:4c:41:ce:7a:22:
         14:0c:00:94:88:a3:5e:cb:c9:15:15:5c:fa:01:0f:d7:63:30:
         a0:9d:6b:39:e4:f4:ab:a7:67:f6:98:43:b1:cb:5f:0b:f7:77:
         0f:c8:5b:a0:0f:25:04:15:1a:2f:04:91:09:ea:79:af:3f:ae:
         91:68:28:c4:7b:1e:a5:e4:e3:0e:93:f9:44:2d:73:71:26:e3:
         7e:cb:95:c9:20:9d:30:76:6c:e9:b6:63:ac:98:8a:62:21:db:
         6f:e9:ea:25
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQm2cjOXoyVknVJA2QSZF9MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDI0YjljNjNkYjVjMWExY2Y0YzU1ODFkYmU1YjM4MWNi
OTUwODcwHhcNMjUwMTAyMTE0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDk0YzNkYzgyYWMwNGE3ODI2YzMxYjgyYTI2NDQxZTc2MDUzZDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/FpHzOMqjsPbNj6Na5n6rgm7jQg
GbOzmtc9tPq/C/bCUNR7dXSt1NT4e84mucd98k6DBB1rSZPTDUzgTqjtFn5eX0d2
oAJMtScSOwOT9L7/tGgHacQTey8a7txhEk2kDZJ3afhOgujM+eDpQuZ5nG1jCggK
l8rEX/unaQZQ+p8ylmrq55QHJtXMh1PD36MsNef1qf/uFKWgKjAUiaoHRc2gU9Cx
vlUbRy3Af37PiJGOrc/LH69q3ZLKqq8oeYz7Q7Rgco4AwuIxr1eQv37DXGkfPDf1
5Aq9hxR0K8nXHkBps5yS54z6Hv+d6w6ejmNXFIQrcXjSeSEDn94NvrSC3wIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFHCUw9yCrASngmwxuComRB52BT0zMB8GA1UdIwQY
MBaAFNoCS5xj21waHPTFWB2+WzgcuVCHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdKTG5HUGJYQm9jOU1WWUhiNWJPQnk1VUljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC81ZDdjZGEtMGE5OC00M2FjLTkxMzYt
NzEyYjFhNzk2OGU2LzEvY0pURDNJS3NCS2VDYkRHNEtpWkVIbllGUFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC81ZDdjZGEtMGE5OC00M2FjLTkxMzYtNzEyYjFhNzk2OGU2
LzEvMmdKTG5HUGJYQm9jOU1WWUhiNWJPQnk1VUljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQDBSxAAwQB
wwVwMA4EAgACMAgDBgcqAA5IgDANBgkqhkiG9w0BAQsFAAOCAQEAw989fIaHuwJ4
6tm231CUlIhPLI3yyKINj5qV0yZX/xVmCUYS6sFsrVjlMnNCLThsfZnCMVYgkyZL
inWGwmdnAdJdnirVV+mm7SwQz5r3A2IA7suYnCbTC6jVeJ8GGTEu2UTMFOzYXc1a
VkZdMVegGFcuhL10dAqmZvdl2wfmD0msw7ckwBezgeZdJdN+zG6gRfBpzYa7Bp2/
UsvNuExBznoiFAwAlIijXsvJFRVc+gEP12MwoJ1rOeT0q6dn9phDsctfC/d3D8hb
oA8lBBUaLwSRCep5rz+ukWgoxHsepeTjDpP5RC1zcSbjfsuVySCdMHZs6bZjrJiK
YiHbb+nqJQ==
-----END CERTIFICATE-----