Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/5uOG9VsGdNJNlgejT8Tsht1nhUM.roa
File:                     5uOG9VsGdNJNlgejT8Tsht1nhUM.roa (raw, json)
Hash identifier:          QHz3YA+lDZCYqWA6U89tXxR1bP5hoykMs2MJZrJs1qQ=
Subject key identifier:   E6:E3:86:F5:5B:06:74:D2:4D:96:07:A3:4F:C4:EC:86:DD:67:85:43
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019425FD20221C77BDD6E4C871068FB5EBE5
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/5uOG9VsGdNJNlgejT8Tsht1nhUM.roa
Signing time:             Thu 02 Jan 2025 07:48:53 +0000
ROA not before:           Thu 02 Jan 2025 07:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49791
IP address blocks:        45.43.137.0/24 maxlen: 24
                          64.137.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 14:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:20:22:1c:77:bd:d6:e4:c8:71:06:8f:b5:eb:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 07:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6e386f55b0674d24d9607a34fc4ec86dd678543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:27:d7:08:f4:c7:dd:76:b7:fd:9f:fc:26:93:
                    4e:7d:36:7e:64:a7:5c:7f:d3:8a:79:e8:61:f2:5b:
                    f5:da:b8:63:71:4b:eb:c3:43:70:21:f1:e2:26:3d:
                    a2:f1:cb:22:ea:c9:94:fa:cd:1a:96:27:49:39:c4:
                    14:d1:9e:80:d0:60:d5:7e:c8:0d:5e:99:26:a1:cf:
                    3f:55:67:e4:e4:c8:f2:da:10:d1:01:59:5d:41:76:
                    df:a5:62:68:01:df:a1:a8:8d:6c:77:f4:00:2f:8a:
                    8b:16:9c:4b:f2:b2:7b:65:ac:db:9a:49:e1:06:fc:
                    80:65:2c:d2:75:54:60:b4:11:8e:69:83:87:a4:dd:
                    c8:69:e9:0d:6e:a0:c4:4b:4b:66:04:14:0b:8a:b8:
                    f1:ed:3b:1d:50:81:79:e3:cc:10:47:79:47:37:fa:
                    48:4e:33:c2:73:e3:83:33:0a:bc:00:7a:5a:c3:9e:
                    5f:9b:c5:52:13:03:fa:62:de:b7:57:85:d7:b7:2c:
                    9c:74:99:f4:a9:a9:70:db:7f:bd:9f:82:d1:6a:65:
                    89:7e:08:a4:41:de:da:72:c7:72:4e:a0:e3:92:8e:
                    1f:1e:b6:b5:2b:bc:7f:23:d2:90:d2:f8:21:36:1b:
                    40:cf:33:30:39:0e:f1:93:f4:7d:fe:8e:4b:97:4f:
                    2b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:E3:86:F5:5B:06:74:D2:4D:96:07:A3:4F:C4:EC:86:DD:67:85:43
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/5uOG9VsGdNJNlgejT8Tsht1nhUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.137.0/24
                  64.137.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:91:de:bf:79:42:f4:ef:da:b7:e8:62:70:de:21:8d:7d:86:
         7e:da:e8:2b:f0:c4:0b:50:b8:ea:7d:7b:b7:6d:9b:a3:30:7a:
         8f:03:87:9b:eb:59:b6:58:d2:25:60:52:72:ba:a5:a6:85:48:
         15:7b:91:42:59:64:c5:7b:6b:92:72:bc:22:a2:c1:f1:86:29:
         b5:d2:55:a1:ed:ec:73:c8:ad:73:1f:a8:9a:6e:c0:04:29:f0:
         d8:ec:8c:5e:66:9c:e1:e1:82:1e:84:af:8b:9e:03:a2:e9:ee:
         2e:a1:e4:6e:4f:7d:e0:72:c5:6c:df:f2:34:11:e1:d6:6e:4f:
         50:91:32:46:cf:cb:e3:c5:d6:87:0d:39:80:96:91:4f:23:90:
         b1:b9:7b:31:06:02:e0:2d:7b:69:50:b5:71:c2:15:c9:39:6d:
         76:80:9c:dd:34:e5:72:54:47:62:8a:4c:cb:0d:ca:43:8a:f9:
         d5:68:63:12:5a:8b:0a:e9:3a:b4:28:f7:fa:45:a8:d4:68:8a:
         3e:6d:3d:91:d0:07:a3:49:b7:43:7e:fd:08:2d:80:bb:40:b1:
         ec:a4:1c:3c:c7:c1:f8:cf:bc:27:1f:a3:a4:d6:ed:a5:2a:7b:
         03:84:99:dc:d8:f3:de:80:65:0e:e0:dd:fb:bd:8c:db:5c:71:
         fd:15:65:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/SAiHHe91uTIcQaPtevlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmUzODZmNTViMDY3NGQyNGQ5NjA3YTM0ZmM0ZWM4NmRkNjc4NTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyifXCPTH3Xa3/Z/8JpNOfTZ+ZKdc
f9OKeehh8lv12rhjcUvrw0NwIfHiJj2i8csi6smU+s0alidJOcQU0Z6A0GDVfsgN
Xpkmoc8/VWfk5Mjy2hDRAVldQXbfpWJoAd+hqI1sd/QAL4qLFpxL8rJ7Zazbmknh
BvyAZSzSdVRgtBGOaYOHpN3IaekNbqDES0tmBBQLirjx7TsdUIF548wQR3lHN/pI
TjPCc+ODMwq8AHpaw55fm8VSEwP6Yt63V4XXtyycdJn0qalw23+9n4LRamWJfgik
Qd7acsdyTqDjko4fHra1K7x/I9KQ0vghNhtAzzMwOQ7xk/R9/o5Ll08rOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFObjhvVbBnTSTZYHo0/E7IbdZ4VDMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvNXVPRzlWc0dkTkpObGdlalQ4VHNodDFuaFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALSuJAwQA
QIkJMA0GCSqGSIb3DQEBCwUAA4IBAQAckd6/eUL079q36GJw3iGNfYZ+2ugr8MQL
ULjqfXu3bZujMHqPA4eb61m2WNIlYFJyuqWmhUgVe5FCWWTFe2uScrwiosHxhim1
0lWh7exzyK1zH6iabsAEKfDY7IxeZpzh4YIehK+LngOi6e4uoeRuT33gcsVs3/I0
EeHWbk9QkTJGz8vjxdaHDTmAlpFPI5CxuXsxBgLgLXtpULVxwhXJOW12gJzdNOVy
VEdiikzLDcpDivnVaGMSWosK6Tq0KPf6RajUaIo+bT2R0AejSbdDfv0ILYC7QLHs
pBw8x8H4z7wnH6Ok1u2lKnsDhJnc2PPegGUO4N37vYzbXHH9FWUn
-----END CERTIFICATE-----