Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/5a04uRMLuLPqwpXzKrFBWV5ma_s.roa
File:                     5a04uRMLuLPqwpXzKrFBWV5ma_s.roa (raw, json)
Hash identifier:          pqBMscBUXLlLFYQmwhp2Q/lEjdKvHVjvXqUWPX0LeGM=
Subject key identifier:   E5:AD:38:B9:13:0B:B8:B3:EA:C2:95:F3:2A:B1:41:59:5E:66:6B:FB
Certificate issuer:       /CN=4191e5826270f49eae999d489e85deccc847738b
Certificate serial:       019420680A0B2866C2E6AF681EF492999303
Authority key identifier: 41:91:E5:82:62:70:F4:9E:AE:99:9D:48:9E:85:DE:CC:C8:47:73:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QZHlgmJw9J6umZ1InoXezMhHc4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/5a04uRMLuLPqwpXzKrFBWV5ma_s.roa
Signing time:             Wed 01 Jan 2025 05:47:56 +0000
ROA not before:           Wed 01 Jan 2025 05:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57763
IP address blocks:        45.90.24.0/22 maxlen: 22
                          2a06:3cc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/QZHlgmJw9J6umZ1InoXezMhHc4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/QZHlgmJw9J6umZ1InoXezMhHc4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QZHlgmJw9J6umZ1InoXezMhHc4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0a:0b:28:66:c2:e6:af:68:1e:f4:92:99:93:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4191e5826270f49eae999d489e85deccc847738b
        Validity
            Not Before: Jan  1 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5ad38b9130bb8b3eac295f32ab141595e666bfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:38:27:c9:7a:6c:7a:da:70:bf:dd:7b:60:bc:
                    e0:1f:4e:4d:66:37:9d:c9:e2:de:49:75:b9:c1:47:
                    68:c0:2e:35:da:e9:5c:b2:a2:ea:3a:7d:76:92:ff:
                    d2:3f:52:32:a1:8e:2b:d5:00:a3:48:cd:f4:68:09:
                    7b:d2:bb:e2:0a:2f:14:b2:3b:ef:c0:a8:57:1c:b2:
                    99:12:e9:f7:1f:32:53:52:19:f8:24:0d:26:b1:c0:
                    eb:85:7e:cd:83:c4:4c:9d:a5:f6:db:c7:6e:12:fb:
                    fb:37:d6:a2:d8:b3:14:0e:35:0f:1d:65:93:e2:b3:
                    08:05:de:9a:fd:f3:50:55:08:22:6d:49:07:35:a3:
                    bf:13:cd:bc:65:84:40:27:c0:49:a4:25:56:a3:26:
                    db:57:c4:e5:d9:40:88:7e:b8:0a:cc:38:dd:c5:0d:
                    75:7b:e7:b9:c5:42:8e:88:fb:cc:0a:21:e8:97:d8:
                    cb:d1:14:c2:f9:9d:3b:f2:8b:86:07:4e:ac:84:6e:
                    5d:44:b2:b7:0e:5a:de:22:d0:f7:97:23:83:62:38:
                    0c:f6:cf:d7:b0:92:26:f4:a8:cf:f8:d7:fc:b7:cf:
                    4f:48:b6:7a:98:4f:94:19:23:e4:85:35:da:61:56:
                    a8:42:9f:a2:6d:76:f7:47:c4:1d:c8:9a:51:46:65:
                    8e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AD:38:B9:13:0B:B8:B3:EA:C2:95:F3:2A:B1:41:59:5E:66:6B:FB
            X509v3 Authority Key Identifier:
                keyid:41:91:E5:82:62:70:F4:9E:AE:99:9D:48:9E:85:DE:CC:C8:47:73:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QZHlgmJw9J6umZ1InoXezMhHc4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/5a04uRMLuLPqwpXzKrFBWV5ma_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/QZHlgmJw9J6umZ1InoXezMhHc4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.24.0/22
                IPv6:
                  2a06:3cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:fe:aa:48:b1:f6:74:56:95:f2:69:57:61:cc:7a:a4:a4:6f:
         af:53:c2:96:66:cc:7e:bc:8a:ff:62:9a:d8:87:1f:ac:2c:2b:
         73:2e:66:29:23:f1:67:2a:cc:65:40:c6:de:fe:62:b7:58:18:
         60:17:42:76:02:95:71:e6:a6:04:d7:5f:28:f6:c7:f6:a6:bd:
         88:e3:84:6d:21:85:b4:3b:2e:a8:13:68:2b:1a:2e:dc:d9:00:
         4f:13:c9:58:c1:3b:da:83:95:d7:ff:03:0f:45:71:8f:11:a9:
         5d:5d:9d:63:c1:15:e7:45:5d:c1:6f:14:ff:29:1d:2c:55:a2:
         f5:35:85:4a:40:c2:f5:c6:91:26:6f:7a:fd:82:cd:9a:5a:ae:
         e9:bd:2b:dd:09:22:e7:7e:fb:33:28:90:7f:18:10:53:86:68:
         9c:37:35:87:bd:32:4e:5e:21:8c:91:97:93:2d:94:df:d9:49:
         cb:94:be:0a:66:b3:56:6d:ed:44:92:74:62:fd:41:ba:aa:2b:
         dc:17:1a:49:77:b4:3b:a3:82:bf:b4:fd:cf:06:77:56:5b:7b:
         1d:3d:79:b6:21:01:f5:24:64:ce:89:60:51:60:85:03:5a:d8:
         6e:b2:ab:80:c3:36:63:60:c3:8a:78:f4:ed:f9:79:61:3e:1a:
         58:66:d5:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaAoLKGbC5q9oHvSSmZMDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOTFlNTgyNjI3MGY0OWVhZTk5OWQ0ODllODVkZWNjYzg0
NzczOGIwHhcNMjUwMTAxMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWFkMzhiOTEzMGJiOGIzZWFjMjk1ZjMyYWIxNDE1OTVlNjY2YmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzgnyXpsetpwv917YLzgH05NZjed
yeLeSXW5wUdowC412ulcsqLqOn12kv/SP1IyoY4r1QCjSM30aAl70rviCi8Usjvv
wKhXHLKZEun3HzJTUhn4JA0mscDrhX7Ng8RMnaX228duEvv7N9ai2LMUDjUPHWWT
4rMIBd6a/fNQVQgibUkHNaO/E828ZYRAJ8BJpCVWoybbV8Tl2UCIfrgKzDjdxQ11
e+e5xUKOiPvMCiHol9jL0RTC+Z078ouGB06shG5dRLK3DlreItD3lyODYjgM9s/X
sJIm9KjP+Nf8t89PSLZ6mE+UGSPkhTXaYVaoQp+ibXb3R8QdyJpRRmWOjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOWtOLkTC7iz6sKV8yqxQVleZmv7MB8GA1UdIwQY
MBaAFEGR5YJicPSerpmdSJ6F3szIR3OLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVpIbGdtSnc5SjZ1bVoxSW5vWGV6TWhIYzRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC81MWJhYzctOTgwNi00MWU1LTk5MzYt
N2RmZGFjZmE2NTExLzEvNWEwNHVSTUx1TFBxd3BYektyRkJXVjVtYV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC81MWJhYzctOTgwNi00MWU1LTk5MzYtN2RmZGFjZmE2NTEx
LzEvUVpIbGdtSnc5SjZ1bVoxSW5vWGV6TWhIYzRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVoYMA0E
AgACMAcDBQMqBjzAMA0GCSqGSIb3DQEBCwUAA4IBAQB0/qpIsfZ0VpXyaVdhzHqk
pG+vU8KWZsx+vIr/YprYhx+sLCtzLmYpI/FnKsxlQMbe/mK3WBhgF0J2ApVx5qYE
118o9sf2pr2I44RtIYW0Oy6oE2grGi7c2QBPE8lYwTvag5XX/wMPRXGPEaldXZ1j
wRXnRV3BbxT/KR0sVaL1NYVKQML1xpEmb3r9gs2aWq7pvSvdCSLnfvszKJB/GBBT
hmicNzWHvTJOXiGMkZeTLZTf2UnLlL4KZrNWbe1EknRi/UG6qivcFxpJd7Q7o4K/
tP3PBndWW3sdPXm2IQH1JGTOiWBRYIUDWthusquAwzZjYMOKePTt+XlhPhpYZtVh
-----END CERTIFICATE-----