Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/p5Mg10zCIfRA7UUdSdLMSBXFn7Y.roa
File:                     p5Mg10zCIfRA7UUdSdLMSBXFn7Y.roa (raw, json)
Hash identifier:          BUS0bw1TX/ZhcEDLxDt7zaEn0n8CiilgUb2ODoWryJc=
Subject key identifier:   A7:93:20:D7:4C:C2:21:F4:40:ED:45:1D:49:D2:CC:48:15:C5:9F:B6
Certificate issuer:       /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial:       019420D64F9B2AAD23CE960593353CE29988
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/p5Mg10zCIfRA7UUdSdLMSBXFn7Y.roa
Signing time:             Wed 01 Jan 2025 07:48:23 +0000
ROA not before:           Wed 01 Jan 2025 07:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42625
IP address blocks:        213.145.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4f:9b:2a:ad:23:ce:96:05:93:35:3c:e2:99:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
        Validity
            Not Before: Jan  1 07:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a79320d74cc221f440ed451d49d2cc4815c59fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:87:47:bd:c7:26:be:29:df:8f:e3:93:98:63:
                    8b:c2:14:dc:3e:5e:eb:47:7e:1b:b1:59:43:2a:07:
                    a5:90:3d:e0:90:d2:67:b6:fd:6c:9e:6b:1e:95:83:
                    80:29:0f:e0:76:1f:ba:06:a0:e5:94:20:de:31:1f:
                    d1:3a:79:07:28:d1:44:28:fc:4a:d3:5e:19:11:d8:
                    1a:4a:4b:4f:9f:74:38:6b:8c:bb:bb:a1:81:b6:6d:
                    e2:d4:5b:27:eb:17:ed:39:17:43:22:3d:91:08:84:
                    01:34:d3:40:9e:75:6b:1a:dc:33:a1:a4:26:47:1f:
                    e6:07:96:cb:d0:26:1b:08:d6:5d:f1:7c:71:d0:24:
                    90:7c:3d:25:23:67:70:2c:fc:9e:cb:de:3e:81:1c:
                    c4:66:d0:f6:0f:fa:c7:fb:74:31:01:04:4a:7b:5d:
                    79:68:02:2b:6b:e7:16:c5:f6:99:66:cb:18:2d:9c:
                    a5:1e:ee:78:9e:25:16:9a:8e:cd:0e:de:07:bb:76:
                    ef:67:c0:5b:09:99:8a:1c:85:0f:fc:0a:c6:9a:20:
                    36:2c:9a:6c:26:17:15:95:e0:6c:75:c8:99:9c:c8:
                    52:49:bc:26:ae:4b:b0:d4:51:41:b7:c2:02:64:de:
                    e3:4c:b1:41:4a:cc:92:71:f2:e0:0c:db:da:fd:f3:
                    ac:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:93:20:D7:4C:C2:21:F4:40:ED:45:1D:49:D2:CC:48:15:C5:9F:B6
            X509v3 Authority Key Identifier:
                keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/p5Mg10zCIfRA7UUdSdLMSBXFn7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:65:c0:1c:1b:94:b8:15:bf:10:e1:aa:5d:69:a2:e4:37:5b:
         79:c8:2c:4b:49:8d:32:9d:4f:b2:2b:7b:76:74:c1:14:6b:86:
         30:b9:b2:5c:e4:e9:33:5b:15:f1:1b:0e:dd:56:70:b3:aa:e6:
         10:6a:52:6f:d1:4b:af:3e:8a:d7:a5:37:41:40:08:38:73:43:
         b1:9f:c8:c7:ff:00:ef:3f:85:4c:78:f4:3a:df:2d:27:52:8c:
         eb:be:65:28:e0:a2:e6:a2:d0:fa:99:88:9b:ec:eb:36:e3:ca:
         32:ba:f3:6d:19:ff:ce:c8:55:eb:69:1f:1b:62:83:50:75:e4:
         d7:3e:de:5a:a8:9d:f5:e6:c3:b7:f2:2a:9d:4e:ff:f4:15:9f:
         cb:87:ea:13:84:b7:1c:af:7f:8a:71:a9:68:2f:a7:88:3c:03:
         97:86:a7:85:5c:b7:64:ac:94:cf:94:e8:66:c8:19:15:02:42:
         63:18:36:0a:f8:10:28:f9:bf:7d:ac:ac:bb:70:df:85:fc:64:
         fe:4b:8a:7b:47:9d:30:07:40:f2:02:a0:62:8e:e1:0e:ea:3c:
         b2:fd:72:55:64:10:bc:d6:cb:d1:e9:92:b0:c8:f2:74:d4:29:
         dd:6b:f6:65:ed:5f:01:78:06:0a:97:d2:66:97:fa:d7:10:a9:
         58:ea:58:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1k+bKq0jzpYFkzU84pmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjUwMTAxMDc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzkzMjBkNzRjYzIyMWY0NDBlZDQ1MWQ0OWQyY2M0ODE1YzU5ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4dHvccmvinfj+OTmGOLwhTcPl7r
R34bsVlDKgelkD3gkNJntv1snmselYOAKQ/gdh+6BqDllCDeMR/ROnkHKNFEKPxK
014ZEdgaSktPn3Q4a4y7u6GBtm3i1Fsn6xftORdDIj2RCIQBNNNAnnVrGtwzoaQm
Rx/mB5bL0CYbCNZd8Xxx0CSQfD0lI2dwLPyey94+gRzEZtD2D/rH+3QxAQRKe115
aAIra+cWxfaZZssYLZylHu54niUWmo7NDt4Hu3bvZ8BbCZmKHIUP/ArGmiA2LJps
JhcVleBsdciZnMhSSbwmrkuw1FFBt8ICZN7jTLFBSsyScfLgDNva/fOsAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeTINdMwiH0QO1FHUnSzEgVxZ+2MB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvcDVNZzEwekNJZlJBN1VVZFNkTE1TQlhGbjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFgMA0G
CSqGSIb3DQEBCwUAA4IBAQB/ZcAcG5S4Fb8Q4apdaaLkN1t5yCxLSY0ynU+yK3t2
dMEUa4YwubJc5OkzWxXxGw7dVnCzquYQalJv0UuvPorXpTdBQAg4c0Oxn8jH/wDv
P4VMePQ63y0nUozrvmUo4KLmotD6mYib7Os248oyuvNtGf/OyFXraR8bYoNQdeTX
Pt5aqJ315sO38iqdTv/0FZ/Lh+oThLccr3+KcaloL6eIPAOXhqeFXLdkrJTPlOhm
yBkVAkJjGDYK+BAo+b99rKy7cN+F/GT+S4p7R50wB0DyAqBijuEO6jyy/XJVZBC8
1svR6ZKwyPJ01Cnda/Zl7V8BeAYKl9Jml/rXEKlY6ljq
-----END CERTIFICATE-----