Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/5hY0DjosoIfSaOxh5Ng3XkuAoWE.roa
File:                     5hY0DjosoIfSaOxh5Ng3XkuAoWE.roa (raw, json)
Hash identifier:          zlhYvo7Dd756ZyhVWxqlN4tDlyvI5VN1a9Hign3hS+8=
Subject key identifier:   E6:16:34:0E:3A:2C:A0:87:D2:68:EC:61:E4:D8:37:5E:4B:80:A1:61
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       01941FFA79C2B5F99DE0FA9AAF0B7F3D9E0A
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/5hY0DjosoIfSaOxh5Ng3XkuAoWE.roa
Signing time:             Wed 01 Jan 2025 03:48:16 +0000
ROA not before:           Wed 01 Jan 2025 03:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203261
IP address blocks:        82.160.149.0/24 maxlen: 24
                          82.160.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:79:c2:b5:f9:9d:e0:fa:9a:af:0b:7f:3d:9e:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 03:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e616340e3a2ca087d268ec61e4d8375e4b80a161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bf:c5:02:39:ff:31:4a:c0:78:c4:99:2b:bd:
                    1e:73:12:64:95:2a:27:56:3a:41:97:a5:73:b4:93:
                    8c:09:3e:a6:71:5e:22:9b:56:f9:b0:4e:07:f4:4e:
                    c1:d7:75:73:83:9f:f0:4d:0d:25:4a:40:c1:96:59:
                    d1:af:cc:b7:a4:c3:5b:82:10:af:4c:23:3d:6e:c6:
                    e5:fc:42:af:6b:91:81:9a:eb:87:5b:01:06:20:14:
                    cf:80:68:ff:b8:fe:bb:43:a7:f2:29:fa:81:bb:87:
                    73:5d:d5:ac:fc:7a:c1:69:4e:10:56:54:c8:f8:5c:
                    3b:fa:c6:6b:ea:f7:88:35:02:65:5e:9f:f3:18:f3:
                    ba:96:5a:e0:64:92:24:54:26:0a:2c:57:86:e3:2c:
                    30:b3:e3:26:a9:2b:8f:8b:c9:7b:d2:92:4d:d2:0e:
                    a3:e3:61:42:ff:43:6d:90:f6:e7:6b:ee:fa:30:b9:
                    d2:91:ae:1a:ae:23:1f:47:bc:a4:74:90:70:06:c1:
                    c6:c3:23:a1:01:3b:e1:91:b7:f3:03:12:50:f1:bf:
                    68:b5:2d:fa:47:e5:67:5b:0e:91:2b:55:c2:87:ff:
                    8f:01:93:31:7f:89:37:8b:e6:0d:ee:24:31:7e:6f:
                    35:3b:18:8a:3e:f6:18:0a:2c:73:4b:7b:a4:87:71:
                    51:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:16:34:0E:3A:2C:A0:87:D2:68:EC:61:E4:D8:37:5E:4B:80:A1:61
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/5hY0DjosoIfSaOxh5Ng3XkuAoWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.160.149.0-82.160.150.255

    Signature Algorithm: sha256WithRSAEncryption
         81:34:0a:ae:be:9f:98:5f:12:0e:fd:f7:ef:2a:74:c9:2f:b9:
         a0:06:64:55:e5:a1:b6:1b:58:77:60:b0:d7:1c:87:67:05:fd:
         1c:7d:3f:39:0c:13:ba:7e:92:0f:e5:1a:3d:fe:03:e2:1f:b7:
         90:9a:e4:78:08:98:82:23:61:6a:e5:2d:62:94:c6:d3:e4:47:
         5e:23:65:9b:9f:27:42:0d:c2:2e:3a:b5:8c:ad:8a:19:b8:b4:
         67:96:e8:66:76:bf:10:2a:d9:cd:43:1b:2f:b9:f4:a4:99:94:
         2f:94:f3:88:8e:07:9b:2e:13:66:26:f1:92:fa:f3:44:28:3f:
         52:9d:31:4c:b8:07:8d:6a:73:a0:84:c2:56:9f:df:2b:5d:9f:
         85:58:b9:b2:3c:36:76:21:e4:85:57:d0:70:d6:25:4c:79:55:
         c8:03:db:c6:8c:af:67:6f:80:3d:7f:51:a0:f3:b1:5a:50:18:
         51:70:5f:5a:b1:73:8c:d0:dd:c0:47:22:d3:62:dc:83:39:48:
         22:fe:da:29:bc:ab:d0:0b:8c:b8:24:ab:30:c2:23:7b:e0:62:
         dd:5d:ea:dd:88:17:f0:b6:88:df:bf:e0:2e:7c:35:32:e2:b2:
         aa:12:e9:3a:d8:12:9e:a0:d5:c5:83:d0:b3:77:17:77:bc:0e:
         af:fc:f1:c5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQf+nnCtfmd4Pqarwt/PZ4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE2MzQwZTNhMmNhMDg3ZDI2OGVjNjFlNGQ4Mzc1ZTRiODBhMTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApb/FAjn/MUrAeMSZK70ecxJklSon
VjpBl6VztJOMCT6mcV4im1b5sE4H9E7B13Vzg5/wTQ0lSkDBllnRr8y3pMNbghCv
TCM9bsbl/EKva5GBmuuHWwEGIBTPgGj/uP67Q6fyKfqBu4dzXdWs/HrBaU4QVlTI
+Fw7+sZr6veINQJlXp/zGPO6llrgZJIkVCYKLFeG4ywws+MmqSuPi8l70pJN0g6j
42FC/0NtkPbna+76MLnSka4ariMfR7ykdJBwBsHGwyOhATvhkbfzAxJQ8b9otS36
R+VnWw6RK1XCh/+PAZMxf4k3i+YN7iQxfm81OxiKPvYYCixzS3ukh3FRawIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOYWNA46LKCH0mjsYeTYN15LgKFhMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvNWhZMERqb3NvSWZTYU94aDVOZzNYa3VBb1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABSoJUD
BABSoJYwDQYJKoZIhvcNAQELBQADggEBAIE0Cq6+n5hfEg799+8qdMkvuaAGZFXl
obYbWHdgsNcch2cF/Rx9PzkME7p+kg/lGj3+A+Ift5Ca5HgImIIjYWrlLWKUxtPk
R14jZZufJ0INwi46tYytihm4tGeW6GZ2vxAq2c1DGy+59KSZlC+U84iOB5suE2Ym
8ZL680QoP1KdMUy4B41qc6CEwlaf3ytdn4VYubI8NnYh5IVX0HDWJUx5VcgD28aM
r2dvgD1/UaDzsVpQGFFwX1qxc4zQ3cBHItNi3IM5SCL+2im8q9ALjLgkqzDCI3vg
Yt1d6t2IF/C2iN+/4C58NTLisqoS6TrYEp6g1cWD0LN3F3e8Dq/88cU=
-----END CERTIFICATE-----