Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/decwyQByL9jlEF-fUB7pfHoFmgQ.roa
File:                     decwyQByL9jlEF-fUB7pfHoFmgQ.roa (raw, json)
Hash identifier:          5O1HhNbTc555c6OiBZaMXaTg/2tAkc4lpEKBesV7WOU=
Subject key identifier:   75:E7:30:C9:00:72:2F:D8:E5:10:5F:9F:50:1E:E9:7C:7A:05:9A:04
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0194228D644E00EC959EE9C5306CDDE03072
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/decwyQByL9jlEF-fUB7pfHoFmgQ.roa
Signing time:             Wed 01 Jan 2025 15:47:59 +0000
ROA not before:           Wed 01 Jan 2025 15:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50673
IP address blocks:        5.45.72.0/22 maxlen: 22
                          5.45.76.0/22 maxlen: 22
                          5.45.88.0/22 maxlen: 22
                          37.252.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:64:4e:00:ec:95:9e:e9:c5:30:6c:dd:e0:30:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  1 15:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75e730c900722fd8e5105f9f501ee97c7a059a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:31:b8:d8:61:94:9f:d9:da:a7:2b:6e:91:b2:
                    20:3b:71:e9:62:93:bb:7d:e9:d0:b2:51:21:a6:82:
                    c7:ae:a3:17:34:ef:a7:d9:00:ed:b3:7f:c6:81:15:
                    3b:2c:ba:4b:97:1d:2c:aa:26:5f:c7:09:0f:6d:1d:
                    57:d5:c2:78:6d:ae:4d:24:e0:ee:6b:f3:5b:19:b5:
                    10:6c:19:3c:0f:cc:54:72:db:de:bf:b7:56:a1:3a:
                    4c:cb:43:bf:99:21:9b:ff:cf:8b:11:46:6d:5a:1f:
                    8c:cb:1f:7b:9b:4d:f5:e3:1a:ca:33:79:8d:fd:df:
                    87:5f:56:41:fe:1c:99:75:f4:ca:72:3c:96:6b:2a:
                    84:5c:b1:c0:87:20:4e:91:5b:32:1b:f3:d2:45:8f:
                    19:5c:94:06:47:8b:04:08:5d:54:08:7d:92:d4:8d:
                    ed:c7:87:3e:ff:55:48:40:6a:6d:42:b7:eb:d6:4c:
                    7e:86:8f:38:06:ca:6e:ee:eb:23:37:26:87:98:b9:
                    db:3a:4d:e6:df:e5:80:b3:70:65:6c:7b:40:16:66:
                    46:97:04:b8:e8:83:67:9b:a8:61:ae:59:6d:eb:1b:
                    13:3b:f4:d2:97:38:18:44:cb:be:47:54:e3:14:75:
                    41:99:05:27:d2:3f:b4:9b:b5:06:0a:e4:93:0f:c9:
                    0c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:E7:30:C9:00:72:2F:D8:E5:10:5F:9F:50:1E:E9:7C:7A:05:9A:04
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/decwyQByL9jlEF-fUB7pfHoFmgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.72.0/21
                  5.45.88.0/22
                  37.252.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:63:1f:0c:eb:59:9c:af:24:37:4c:38:6e:69:b9:02:a7:4c:
         03:c5:82:3f:5b:91:bf:29:85:f1:eb:18:33:6e:9f:22:44:d2:
         fa:e0:50:32:e1:58:c5:50:19:a0:f0:33:94:f1:b8:32:43:14:
         81:5a:19:8a:bf:15:93:bd:e3:c5:0b:c2:59:34:7a:a5:05:e2:
         46:71:6c:69:23:b1:2a:db:5f:9e:6e:54:e5:d6:06:26:d5:de:
         0b:61:db:f9:ed:a6:45:61:01:7f:57:b8:e0:63:f5:3a:5e:f2:
         1a:4b:c8:99:05:c4:58:a0:7a:eb:3c:dd:ad:91:ff:c1:8e:29:
         4c:25:03:b6:8d:d0:47:0e:05:df:63:63:30:83:c2:26:1f:a7:
         98:97:fc:5b:6e:9f:23:18:5b:4f:cf:23:29:32:97:5c:fa:b9:
         a7:7f:06:21:91:69:f1:55:3e:1b:ed:62:74:bc:e1:5b:92:7d:
         6a:f5:d5:1a:80:e9:cf:d4:de:83:c0:ad:db:28:fb:bd:cc:19:
         53:92:62:98:5c:aa:71:5b:97:af:8c:b4:a4:04:76:b6:b7:93:
         51:c7:b1:c4:d3:0e:97:e9:cb:71:61:65:c7:0e:bd:8f:94:40:
         2c:38:9b:e0:95:6d:60:70:55:c4:cd:c5:70:c0:ca:5c:8f:c9:
         19:b2:2c:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQijWROAOyVnunFMGzd4DByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwMTAxMTU0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWU3MzBjOTAwNzIyZmQ4ZTUxMDVmOWY1MDFlZTk3YzdhMDU5YTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DG42GGUn9napytukbIgO3HpYpO7
fenQslEhpoLHrqMXNO+n2QDts3/GgRU7LLpLlx0sqiZfxwkPbR1X1cJ4ba5NJODu
a/NbGbUQbBk8D8xUctvev7dWoTpMy0O/mSGb/8+LEUZtWh+Myx97m0314xrKM3mN
/d+HX1ZB/hyZdfTKcjyWayqEXLHAhyBOkVsyG/PSRY8ZXJQGR4sECF1UCH2S1I3t
x4c+/1VIQGptQrfr1kx+ho84Bspu7usjNyaHmLnbOk3m3+WAs3BlbHtAFmZGlwS4
6INnm6hhrllt6xsTO/TSlzgYRMu+R1TjFHVBmQUn0j+0m7UGCuSTD8kMywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHXnMMkAci/Y5RBfn1Ae6Xx6BZoEMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvZGVjd3lRQnlMOWpsRUYtZlVCN3BmSG9GbWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBS1IAwQC
BS1YAwQAJfwDMA0GCSqGSIb3DQEBCwUAA4IBAQBQYx8M61mcryQ3TDhuabkCp0wD
xYI/W5G/KYXx6xgzbp8iRNL64FAy4VjFUBmg8DOU8bgyQxSBWhmKvxWTvePFC8JZ
NHqlBeJGcWxpI7Eq21+eblTl1gYm1d4LYdv57aZFYQF/V7jgY/U6XvIaS8iZBcRY
oHrrPN2tkf/BjilMJQO2jdBHDgXfY2Mwg8ImH6eYl/xbbp8jGFtPzyMpMpdc+rmn
fwYhkWnxVT4b7WJ0vOFbkn1q9dUagOnP1N6DwK3bKPu9zBlTkmKYXKpxW5evjLSk
BHa2t5NRx7HE0w6X6ctxYWXHDr2PlEAsOJvglW1gcFXEzcVwwMpcj8kZsix9
-----END CERTIFICATE-----