Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/5y30p7raCKJYfbSEuqmSkSYDtZA.roa
File:                     5y30p7raCKJYfbSEuqmSkSYDtZA.roa (raw, json)
Hash identifier:          Q9POdVDuj+/Z03r+yT0jSMbPBlZ31szcDGTnnw3yZCk=
Subject key identifier:   E7:2D:F4:A7:BA:DA:08:A2:58:7D:B4:84:BA:A9:92:91:26:03:B5:90
Certificate issuer:       /CN=5fc065098574629d4a7e2d2b2055aa7bf2302fee
Certificate serial:       019422FAE859B43BFD0EA548DC2711497AD7
Authority key identifier: 5F:C0:65:09:85:74:62:9D:4A:7E:2D:2B:20:55:AA:7B:F2:30:2F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/5y30p7raCKJYfbSEuqmSkSYDtZA.roa
Signing time:             Wed 01 Jan 2025 17:47:36 +0000
ROA not before:           Wed 01 Jan 2025 17:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59645
IP address blocks:        45.91.12.0/22 maxlen: 24
                          2a0e:a40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:e8:59:b4:3b:fd:0e:a5:48:dc:27:11:49:7a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc065098574629d4a7e2d2b2055aa7bf2302fee
        Validity
            Not Before: Jan  1 17:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e72df4a7bada08a2587db484baa992912603b590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:43:50:30:de:85:a1:89:aa:a1:b0:54:b4:f9:
                    b1:f3:fc:6e:af:30:9a:91:ae:23:42:26:2a:9c:8e:
                    77:17:a2:cd:3a:9f:57:be:f6:b5:78:8d:f7:73:1c:
                    df:58:6e:49:17:0a:05:a9:83:eb:96:24:e7:2a:50:
                    6d:69:d1:13:5d:52:20:f5:74:00:cd:ef:4c:72:a4:
                    4a:16:8f:78:89:d8:27:13:a3:99:5d:d9:c9:ba:1a:
                    46:2d:78:82:2b:8d:a4:77:b2:c0:53:db:ae:bd:ce:
                    3f:13:97:ef:11:4e:4e:6d:31:2c:d3:c2:15:ec:e7:
                    8f:5c:41:01:7d:49:4f:6c:de:ea:26:2d:3b:85:e2:
                    eb:76:42:70:d3:c2:d7:c0:f9:d4:a3:b5:3c:81:a5:
                    1a:9c:60:ba:c6:c1:ac:e1:9c:aa:d2:8a:63:40:3b:
                    68:f9:b2:2c:cb:e2:33:07:b8:e3:61:e7:1e:d6:20:
                    e2:11:78:1b:86:df:2d:15:11:a9:ba:75:04:c2:e2:
                    54:5f:ab:9c:1e:2a:2b:fb:10:26:8e:32:29:be:50:
                    be:df:f2:f5:09:13:14:a3:11:5b:b8:c0:1b:f0:ed:
                    b6:7e:04:da:f8:06:e8:eb:1d:15:a8:d0:42:eb:6a:
                    9f:09:af:94:7d:ab:f1:4a:a3:27:c1:92:84:05:3d:
                    05:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2D:F4:A7:BA:DA:08:A2:58:7D:B4:84:BA:A9:92:91:26:03:B5:90
            X509v3 Authority Key Identifier:
                keyid:5F:C0:65:09:85:74:62:9D:4A:7E:2D:2B:20:55:AA:7B:F2:30:2F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/5y30p7raCKJYfbSEuqmSkSYDtZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.12.0/22
                IPv6:
                  2a0e:a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:af:86:40:43:25:a5:50:0c:6a:74:3e:86:86:da:7b:5c:c0:
         01:ff:89:d7:79:a1:e8:c9:16:27:b9:28:93:f5:fe:87:cb:1e:
         d1:dd:fb:4b:92:9b:63:db:ac:c1:4c:85:72:3a:90:3b:7b:e8:
         d0:fb:4e:87:1c:f4:61:13:36:86:ac:ca:68:07:cd:95:fa:de:
         ec:9d:e7:41:e4:e2:3d:ef:8e:f9:58:1c:a5:6a:93:b8:b5:66:
         8c:47:49:b2:dc:d7:96:87:ea:81:f1:58:72:ce:ed:07:78:19:
         b3:9c:bc:f6:b9:79:04:d1:9c:58:cf:14:1b:e9:3c:fa:c1:c9:
         41:71:41:d3:6d:b8:cc:d2:8a:8b:c6:04:ce:dc:a3:c0:9c:28:
         16:40:d6:e2:cd:08:5c:04:9d:ae:69:8a:ae:0d:ec:c2:8d:46:
         62:e2:d1:17:4f:03:ef:95:0b:1e:57:ee:d6:be:4b:57:be:58:
         56:64:e2:01:96:0f:72:f0:51:3d:08:6e:43:3a:22:e8:62:96:
         96:1f:9c:49:d9:95:21:aa:3c:15:2f:b3:15:49:30:a9:d2:84:
         a8:ec:44:78:a4:02:56:53:03:74:55:ab:b7:ac:d7:e1:3a:9c:
         23:5f:0b:6f:90:ea:91:63:52:8a:6f:3d:09:a5:7e:9b:a2:b9:
         a7:cb:a2:6f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+uhZtDv9DqVI3CcRSXrXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzA2NTA5ODU3NDYyOWQ0YTdlMmQyYjIwNTVhYTdiZjIz
MDJmZWUwHhcNMjUwMTAxMTc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzJkZjRhN2JhZGEwOGEyNTg3ZGI0ODRiYWE5OTI5MTI2MDNiNTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0NQMN6FoYmqobBUtPmx8/xurzCa
ka4jQiYqnI53F6LNOp9Xvva1eI33cxzfWG5JFwoFqYPrliTnKlBtadETXVIg9XQA
ze9McqRKFo94idgnE6OZXdnJuhpGLXiCK42kd7LAU9uuvc4/E5fvEU5ObTEs08IV
7OePXEEBfUlPbN7qJi07heLrdkJw08LXwPnUo7U8gaUanGC6xsGs4Zyq0opjQDto
+bIsy+IzB7jjYece1iDiEXgbht8tFRGpunUEwuJUX6ucHior+xAmjjIpvlC+3/L1
CRMUoxFbuMAb8O22fgTa+Abo6x0VqNBC62qfCa+UfavxSqMnwZKEBT0F/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOct9Ke62giiWH20hLqpkpEmA7WQMB8GA1UdIwQY
MBaAFF/AZQmFdGKdSn4tKyBVqnvyMC/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhCbENZVjBZcDFLZmkwcklGV3FlX0l3TC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iZmZhMDMtMWNkNi00MDM0LWE3YmQt
ODU3NTk5NjgzYzNlLzEvNXkzMHA3cmFDS0pZZmJTRXVxbVNrU1lEdFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iZmZhMDMtMWNkNi00MDM0LWE3YmQtODU3NTk5NjgzYzNl
LzEvWDhCbENZVjBZcDFLZmkwcklGV3FlX0l3TC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVsMMA0E
AgACMAcDBQMqDgpAMA0GCSqGSIb3DQEBCwUAA4IBAQBwr4ZAQyWlUAxqdD6Ghtp7
XMAB/4nXeaHoyRYnuSiT9f6Hyx7R3ftLkptj26zBTIVyOpA7e+jQ+06HHPRhEzaG
rMpoB82V+t7snedB5OI97475WBylapO4tWaMR0my3NeWh+qB8Vhyzu0HeBmznLz2
uXkE0ZxYzxQb6Tz6wclBcUHTbbjM0oqLxgTO3KPAnCgWQNbizQhcBJ2uaYquDezC
jUZi4tEXTwPvlQseV+7WvktXvlhWZOIBlg9y8FE9CG5DOiLoYpaWH5xJ2ZUhqjwV
L7MVSTCp0oSo7ER4pAJWUwN0Vau3rNfhOpwjXwtvkOqRY1KKbz0JpX6bormny6Jv
-----END CERTIFICATE-----