Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/g6a9uq2KRc9wYONVhtFPPZGaBr4.roa
File:                     g6a9uq2KRc9wYONVhtFPPZGaBr4.roa (raw, json)
Hash identifier:          Jcii24w5hELShXLMXhNP2/DuSUjwnJEfN84e/8CYORI=
Subject key identifier:   83:A6:BD:BA:AD:8A:45:CF:70:60:E3:55:86:D1:4F:3D:91:9A:06:BE
Certificate issuer:       /CN=3adea4b7af8cce5cfd3775cb01fb97c4f951a9a2
Certificate serial:       01953BBA09082F49CF951B0ADB8147366527
Authority key identifier: 3A:DE:A4:B7:AF:8C:CE:5C:FD:37:75:CB:01:FB:97:C4:F9:51:A9:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/g6a9uq2KRc9wYONVhtFPPZGaBr4.roa
Signing time:             Tue 25 Feb 2025 06:10:02 +0000
ROA not before:           Tue 25 Feb 2025 06:10:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        5.180.38.0/24 maxlen: 24
                          5.180.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3b:ba:09:08:2f:49:cf:95:1b:0a:db:81:47:36:65:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3adea4b7af8cce5cfd3775cb01fb97c4f951a9a2
        Validity
            Not Before: Feb 25 06:10:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83a6bdbaad8a45cf7060e35586d14f3d919a06be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:17:9b:4a:bb:8f:f5:59:98:46:61:d4:ed:ad:
                    45:6d:55:ec:50:c9:93:03:3b:7c:b6:ef:54:50:d8:
                    af:9f:b4:ed:06:06:5f:e5:a7:48:1d:a6:8d:0a:0f:
                    34:83:32:0f:9e:9e:48:21:6c:bf:cc:28:ef:35:94:
                    bb:44:80:05:7e:13:b9:85:3f:56:df:cf:70:8a:6b:
                    2a:46:cf:b9:19:9e:51:e0:46:9c:40:a3:13:c5:c0:
                    b8:bd:a6:3d:52:49:de:72:8c:f6:46:34:f5:7b:d7:
                    7d:7a:ab:8c:35:1c:3f:d4:f0:72:22:cb:8b:0d:c9:
                    24:65:3d:56:9f:57:a0:01:23:72:06:2c:42:dd:b1:
                    85:3e:dc:56:71:2e:01:74:79:6b:a5:b8:3b:35:a6:
                    d2:de:d6:25:e5:50:81:d8:e2:05:48:ad:92:88:e6:
                    83:cb:b6:d0:83:2b:55:cd:97:e7:17:fd:35:62:39:
                    26:a7:59:e6:c9:2b:26:f8:d1:84:06:29:45:ed:9c:
                    76:f7:42:a5:84:51:76:bb:3d:11:32:23:a7:92:cd:
                    95:95:63:fa:ed:7a:f5:bc:ff:a3:00:5c:34:22:5e:
                    97:9e:e5:09:c8:2e:4c:2e:4c:f0:b8:b8:52:6c:17:
                    01:7e:1b:9f:5a:92:bc:60:b4:28:56:48:28:0d:38:
                    a6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:A6:BD:BA:AD:8A:45:CF:70:60:E3:55:86:D1:4F:3D:91:9A:06:BE
            X509v3 Authority Key Identifier:
                keyid:3A:DE:A4:B7:AF:8C:CE:5C:FD:37:75:CB:01:FB:97:C4:F9:51:A9:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/g6a9uq2KRc9wYONVhtFPPZGaBr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:c6:3d:b5:5f:f5:fe:38:bd:19:14:ab:5e:71:5e:7e:27:a5:
         ec:23:94:14:e6:a2:12:0f:ea:1b:a8:ef:21:37:48:8b:17:24:
         40:4a:99:50:e1:40:19:d1:66:ff:21:99:8d:e6:92:d6:73:94:
         cd:f9:b9:a6:ad:77:09:72:0d:95:32:a4:9c:80:da:aa:4f:b7:
         c0:7d:e0:00:99:2b:f8:53:0c:0a:7b:78:db:3a:0b:20:06:9d:
         b9:10:23:18:1c:36:27:3e:81:65:d5:0c:8f:ca:0d:1c:2a:77:
         3f:10:58:42:5e:c0:7d:4c:6b:62:7d:21:bb:b5:6e:f8:5c:90:
         72:0e:ab:c0:a6:97:f1:02:78:1f:47:75:6e:ef:e6:2e:1d:16:
         99:a7:1e:fd:37:04:72:25:5d:df:ea:47:85:60:4d:05:d9:01:
         98:0d:97:61:f0:73:3b:a4:ea:dd:c1:9f:15:f6:bd:a1:52:89:
         09:58:19:98:ce:96:20:6c:d4:ea:6a:0d:8f:48:7c:94:4d:c4:
         93:c9:77:ca:01:c9:e8:50:09:fd:c4:59:50:a0:8f:dd:db:57:
         38:13:02:0c:84:eb:63:8b:79:29:e4:3c:7d:49:36:c7:61:54:
         5e:9f:ee:a7:27:6a:65:ef:c2:4c:7f:51:db:b2:1a:42:aa:03:
         ce:7e:72:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU7ugkIL0nPlRsK24FHNmUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZGVhNGI3YWY4Y2NlNWNmZDM3NzVjYjAxZmI5N2M0Zjk1
MWE5YTIwHhcNMjUwMjI1MDYxMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2E2YmRiYWFkOGE0NWNmNzA2MGUzNTU4NmQxNGYzZDkxOWEwNmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBebSruP9VmYRmHU7a1FbVXsUMmT
Azt8tu9UUNivn7TtBgZf5adIHaaNCg80gzIPnp5IIWy/zCjvNZS7RIAFfhO5hT9W
389wimsqRs+5GZ5R4EacQKMTxcC4vaY9Uknecoz2RjT1e9d9equMNRw/1PByIsuL
DckkZT1Wn1egASNyBixC3bGFPtxWcS4BdHlrpbg7NabS3tYl5VCB2OIFSK2SiOaD
y7bQgytVzZfnF/01Yjkmp1nmySsm+NGEBilF7Zx290KlhFF2uz0RMiOnks2VlWP6
7Xr1vP+jAFw0Il6XnuUJyC5MLkzwuLhSbBcBfhufWpK8YLQoVkgoDTimdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOmvbqtikXPcGDjVYbRTz2Rmga+MB8GA1UdIwQY
MBaAFDrepLevjM5c/Td1ywH7l8T5UamiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3Q2a3Q2LU16bHo5TjNYTEFmdVh4UGxScWFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8xMjMxMjQtZWY2Ni00OGQxLTkxZDAt
ZjBkMTE5YzUyN2ZmLzEvZzZhOXVxMktSYzl3WU9OVmh0RlBQWkdhQnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8xMjMxMjQtZWY2Ni00OGQxLTkxZDAtZjBkMTE5YzUyN2Zm
LzEvT3Q2a3Q2LU16bHo5TjNYTEFmdVh4UGxScWFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbQmMA0G
CSqGSIb3DQEBCwUAA4IBAQAGxj21X/X+OL0ZFKtecV5+J6XsI5QU5qISD+obqO8h
N0iLFyRASplQ4UAZ0Wb/IZmN5pLWc5TN+bmmrXcJcg2VMqScgNqqT7fAfeAAmSv4
UwwKe3jbOgsgBp25ECMYHDYnPoFl1QyPyg0cKnc/EFhCXsB9TGtifSG7tW74XJBy
DqvAppfxAngfR3Vu7+YuHRaZpx79NwRyJV3f6keFYE0F2QGYDZdh8HM7pOrdwZ8V
9r2hUokJWBmYzpYgbNTqag2PSHyUTcSTyXfKAcnoUAn9xFlQoI/d21c4EwIMhOtj
i3kp5Dx9STbHYVRen+6nJ2pl78JMf1HbshpCqgPOfnIp
-----END CERTIFICATE-----