Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/LQYNORBhyY8uLbl3IzAuzS6Pl3A.roa
File:                     LQYNORBhyY8uLbl3IzAuzS6Pl3A.roa (raw, json)
Hash identifier:          kmuywCebJSwq8F2RUs3rdzvnHjYFvCiVIBTFLkKRrqo=
Subject key identifier:   2D:06:0D:39:10:61:C9:8F:2E:2D:B9:77:23:30:2E:CD:2E:8F:97:70
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019425FD20DF01F7AC37FA16A79262A06A35
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/LQYNORBhyY8uLbl3IzAuzS6Pl3A.roa
Signing time:             Thu 02 Jan 2025 07:48:53 +0000
ROA not before:           Thu 02 Jan 2025 07:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50053
IP address blocks:        104.249.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:20:df:01:f7:ac:37:fa:16:a7:92:62:a0:6a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 07:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d060d391061c98f2e2db97723302ecd2e8f9770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b8:64:69:a3:5c:f7:0c:bc:98:e9:5c:f8:9c:
                    3e:87:67:40:9f:72:eb:27:cf:c0:54:3e:61:04:49:
                    b7:f1:92:ed:6c:e5:bc:ee:b2:04:9f:17:8c:36:d8:
                    f3:1b:57:51:69:40:cb:3b:ec:2d:1c:31:2b:b7:29:
                    97:15:0d:53:37:0c:6b:cf:d0:8a:46:a3:ce:d6:30:
                    8e:50:78:08:eb:c3:5a:ab:c1:83:0c:17:2c:12:ed:
                    01:7b:cb:9f:a3:38:9c:cb:a8:8f:b6:32:2a:53:a0:
                    85:15:d6:79:35:a7:14:43:e1:61:87:66:50:ff:6b:
                    b8:10:86:43:28:55:03:ab:ab:3d:4c:07:ef:35:e5:
                    dd:4c:57:5e:4a:0d:b7:f7:fb:9f:e8:9a:c0:00:de:
                    41:eb:e3:0b:f0:ce:74:ee:4f:72:38:38:51:98:6a:
                    77:75:9c:e5:ae:1f:45:50:50:70:8b:b7:a9:e7:36:
                    e9:da:39:eb:fd:db:aa:3b:f2:0f:f0:20:bd:c8:e7:
                    e0:91:49:9f:6b:0a:bd:fb:14:6d:f2:27:fe:95:3e:
                    bc:b7:76:71:1c:c0:2e:7b:e9:17:e4:0d:0d:59:63:
                    74:d2:9c:6a:99:df:f8:fe:3c:f8:ce:58:ed:6a:e2:
                    ea:46:7e:ec:e7:26:16:7f:42:6c:99:1a:ca:b9:b4:
                    7e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:06:0D:39:10:61:C9:8F:2E:2D:B9:77:23:30:2E:CD:2E:8F:97:70
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/LQYNORBhyY8uLbl3IzAuzS6Pl3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.249.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:94:30:5f:81:9c:9e:a7:69:f1:0b:34:5c:43:e7:19:60:d9:
         2d:02:b4:83:b8:de:aa:66:5d:cb:c2:ae:87:b8:de:2a:4e:da:
         60:30:99:43:e8:4e:78:e4:88:10:6a:2e:24:8e:a8:8a:73:f5:
         c5:66:1a:6a:9e:a5:81:d7:ac:8e:66:af:09:86:a0:4d:06:2b:
         6c:b6:d6:6e:5b:2d:59:63:fd:bd:1e:12:6a:5f:96:e8:88:5e:
         ea:50:47:67:d3:a2:7a:1c:10:c1:88:11:97:71:2c:05:43:b7:
         93:9e:b3:0b:c2:5a:54:54:4f:e0:66:dc:08:c9:52:d5:af:77:
         a8:a9:42:88:e4:40:19:32:42:86:16:00:ec:8b:2e:b9:b2:f1:
         4e:4e:0c:f3:d5:28:a1:6a:70:81:45:cf:e9:17:0f:bb:49:8f:
         6c:b8:35:50:72:43:0e:51:d8:89:fb:a2:21:9a:57:d4:e0:4f:
         60:10:39:35:96:2b:b8:ba:a3:b6:a5:24:72:7e:f7:99:b3:96:
         35:0c:6b:3e:0c:84:81:4e:1c:b6:75:9d:83:ec:f7:cd:d9:97:
         ee:2a:8c:7f:45:21:54:8f:20:6c:c9:fb:a4:59:3a:49:4a:78:
         2d:ae:12:87:c4:9c:f6:4f:4d:c8:bf:56:26:18:1b:79:78:4e:
         6a:9a:4c:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/SDfAfesN/oWp5JioGo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDA2MGQzOTEwNjFjOThmMmUyZGI5NzcyMzMwMmVjZDJlOGY5NzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLhkaaNc9wy8mOlc+Jw+h2dAn3Lr
J8/AVD5hBEm38ZLtbOW87rIEnxeMNtjzG1dRaUDLO+wtHDErtymXFQ1TNwxrz9CK
RqPO1jCOUHgI68Naq8GDDBcsEu0Be8ufozicy6iPtjIqU6CFFdZ5NacUQ+Fhh2ZQ
/2u4EIZDKFUDq6s9TAfvNeXdTFdeSg239/uf6JrAAN5B6+ML8M507k9yODhRmGp3
dZzlrh9FUFBwi7ep5zbp2jnr/duqO/IP8CC9yOfgkUmfawq9+xRt8if+lT68t3Zx
HMAue+kX5A0NWWN00pxqmd/4/jz4zljtauLqRn7s5yYWf0JsmRrKubR+uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0GDTkQYcmPLi25dyMwLs0uj5dwMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvTFFZTk9SQmh5WTh1TGJsM0l6QXV6UzZQbDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaPkoMA0G
CSqGSIb3DQEBCwUAA4IBAQADlDBfgZyep2nxCzRcQ+cZYNktArSDuN6qZl3Lwq6H
uN4qTtpgMJlD6E545IgQai4kjqiKc/XFZhpqnqWB16yOZq8JhqBNBitsttZuWy1Z
Y/29HhJqX5boiF7qUEdn06J6HBDBiBGXcSwFQ7eTnrMLwlpUVE/gZtwIyVLVr3eo
qUKI5EAZMkKGFgDsiy65svFOTgzz1SihanCBRc/pFw+7SY9suDVQckMOUdiJ+6Ih
mlfU4E9gEDk1liu4uqO2pSRyfveZs5Y1DGs+DISBThy2dZ2D7PfN2ZfuKox/RSFU
jyBsyfukWTpJSngtrhKHxJz2T03Iv1YmGBt5eE5qmkxP
-----END CERTIFICATE-----