Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/5-w01zdJUfDLAONR3jRV7wpxKRQ.roa
File:                     5-w01zdJUfDLAONR3jRV7wpxKRQ.roa (raw, json)
Hash identifier:          3cI9udimSKLhglcF/vT0gRuvZ3dcegvrNMPiDTXiov8=
Subject key identifier:   E7:EC:34:D7:37:49:51:F0:CB:00:E3:51:DE:34:55:EF:0A:71:29:14
Certificate issuer:       /CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
Certificate serial:       019302D6A1CFDDB95B5F4602B7713EE44746
Authority key identifier: 25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/5-w01zdJUfDLAONR3jRV7wpxKRQ.roa
Signing time:             Wed 06 Nov 2024 18:57:20 +0000
ROA not before:           Wed 06 Nov 2024 18:57:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61125
IP address blocks:        45.66.35.0/24 maxlen: 24
                          2a09:61c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:d6:a1:cf:dd:b9:5b:5f:46:02:b7:71:3e:e4:47:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
        Validity
            Not Before: Nov  6 18:57:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7ec34d7374951f0cb00e351de3455ef0a712914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f1:8e:11:1f:0e:ea:76:15:24:de:00:ae:78:
                    e3:0c:06:77:2f:be:2a:3a:89:4e:e7:89:c0:0e:77:
                    cd:fa:8b:ba:9a:4d:d7:90:90:aa:1c:82:19:61:e5:
                    76:90:85:4c:47:15:75:00:9f:f2:b8:25:da:1a:e2:
                    ba:04:2d:c4:03:99:8b:76:a1:2d:74:b3:04:37:f8:
                    b4:3c:57:0d:b6:e3:a5:9e:69:c5:67:d0:ba:cd:d6:
                    12:07:cc:78:d3:9e:1d:db:1e:f4:c9:d0:af:8a:cb:
                    01:5d:94:1f:8b:6f:eb:6d:cb:5c:f0:ff:52:28:23:
                    57:f0:5e:54:57:9d:42:d7:bc:a4:9a:c3:d7:a3:5b:
                    01:24:a0:73:26:dd:96:d1:74:2e:a6:08:15:08:13:
                    2f:8d:7a:4c:05:d5:3e:11:12:c5:c4:0e:27:c7:d7:
                    7c:42:55:a1:a6:6f:63:e5:83:55:fe:7c:98:e8:fc:
                    16:95:22:57:26:74:99:78:9d:02:e9:61:8b:cd:ee:
                    ba:4f:03:6f:fa:a7:e9:de:49:23:26:f5:8b:80:96:
                    82:4c:e5:2b:ad:cd:e1:6b:6c:44:15:cd:1a:60:cd:
                    b6:0e:7b:13:26:cc:5c:3e:01:c1:4a:ab:79:c7:d6:
                    9e:1b:7c:67:95:35:8a:7e:b5:14:82:6b:f7:2c:ce:
                    c4:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:EC:34:D7:37:49:51:F0:CB:00:E3:51:DE:34:55:EF:0A:71:29:14
            X509v3 Authority Key Identifier:
                keyid:25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/5-w01zdJUfDLAONR3jRV7wpxKRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.35.0/24
                IPv6:
                  2a09:61c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         c4:26:b6:48:0d:bf:fa:28:3f:25:bd:33:67:60:fb:6b:4f:92:
         fd:22:bc:30:3e:11:72:f0:a1:0a:6e:47:62:ea:3a:ca:b9:2f:
         c7:ed:3c:22:0d:68:b5:69:5c:64:40:a0:e6:d1:6b:3b:37:b6:
         3b:0f:e2:88:31:4e:b7:73:6e:03:62:ae:d6:b6:b2:f7:46:44:
         62:f0:e6:f3:a2:b7:60:f3:2c:bd:d1:f1:c4:b7:1e:53:03:61:
         1c:dc:0e:83:32:58:41:a3:79:1f:95:a2:8e:7f:2b:66:a8:8a:
         01:43:1d:2f:e2:48:ad:1c:b0:76:f8:6b:9e:e9:49:53:39:68:
         20:5e:6b:54:bc:e6:fd:85:33:9a:23:a4:97:2a:8f:ad:b1:dc:
         5c:04:39:ba:f2:e4:bc:12:56:0c:aa:da:44:a6:10:b2:4f:c4:
         8a:b0:6c:f4:95:2a:54:c5:32:89:7a:f9:43:dd:38:bf:03:a4:
         b9:b0:13:ec:ff:4a:0a:bc:6d:e6:d3:37:e9:63:17:7d:fb:40:
         e6:3a:83:7c:4f:76:57:9d:39:9a:41:f1:ca:ad:10:4c:22:c3:
         cb:15:ae:40:02:4e:72:cf:9e:5f:b2:20:74:81:f8:87:09:0f:
         2a:2f:f2:a3:4b:35:5f:48:f0:ea:0b:57:bd:6b:3b:dc:7e:2f:
         94:31:21:eb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZMC1qHP3blbX0YCt3E+5EdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Y2Y5ZDhkNTUyY2RjN2Q4YzBkYzZmNjQ5YjMwMWYyMzUx
NDA5ZWUwHhcNMjQxMTA2MTg1NzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2VjMzRkNzM3NDk1MWYwY2IwMGUzNTFkZTM0NTVlZjBhNzEyOTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfGOER8O6nYVJN4ArnjjDAZ3L74q
OolO54nADnfN+ou6mk3XkJCqHIIZYeV2kIVMRxV1AJ/yuCXaGuK6BC3EA5mLdqEt
dLMEN/i0PFcNtuOlnmnFZ9C6zdYSB8x4054d2x70ydCvissBXZQfi2/rbctc8P9S
KCNX8F5UV51C17ykmsPXo1sBJKBzJt2W0XQupggVCBMvjXpMBdU+ERLFxA4nx9d8
QlWhpm9j5YNV/nyY6PwWlSJXJnSZeJ0C6WGLze66TwNv+qfp3kkjJvWLgJaCTOUr
rc3ha2xEFc0aYM22DnsTJsxcPgHBSqt5x9aeG3xnlTWKfrUUgmv3LM7EZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOfsNNc3SVHwywDjUd40Ve8KcSkUMB8GA1UdIwQY
MBaAFCXPnY1VLNx9jA3G9kmzAfI1FAnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQt
YTEwNjkwYTc0NGU0LzEvNS13MDF6ZEpVZkRMQU9OUjNqUlY3d3B4S1JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQtYTEwNjkwYTc0NGU0
LzEvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALUIjMA8E
AgACMAkDBwAqCWHAAAAwDQYJKoZIhvcNAQELBQADggEBAMQmtkgNv/ooPyW9M2dg
+2tPkv0ivDA+EXLwoQpuR2LqOsq5L8ftPCINaLVpXGRAoObRazs3tjsP4ogxTrdz
bgNirta2svdGRGLw5vOit2DzLL3R8cS3HlMDYRzcDoMyWEGjeR+Voo5/K2aoigFD
HS/iSK0csHb4a57pSVM5aCBea1S85v2FM5ojpJcqj62x3FwEObry5LwSVgyq2kSm
ELJPxIqwbPSVKlTFMol6+UPdOL8DpLmwE+z/Sgq8bebTN+ljF337QOY6g3xPdled
OZpB8cqtEEwiw8sVrkACTnLPnl+yIHSB+IcJDyov8qNLNV9I8OoLV71rO9x+L5Qx
Ies=
-----END CERTIFICATE-----