Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/2_Lor6pJoPyeGobTxIk3qzMNWfo.roa
File:                     2_Lor6pJoPyeGobTxIk3qzMNWfo.roa (raw, json)
Hash identifier:          C3p+fj9T6wVc3CfOCCVHQWPcTJC80MTrbouZx+LQzng=
Subject key identifier:   DB:F2:E8:AF:AA:49:A0:FC:9E:1A:86:D3:C4:89:37:AB:33:0D:59:FA
Certificate issuer:       /CN=72f47539f19f0f5a13b0b69bc796278f0bf4aea4
Certificate serial:       018CC56DFD0764CA93FEADC7F80DA137E446
Authority key identifier: 72:F4:75:39:F1:9F:0F:5A:13:B0:B6:9B:C7:96:27:8F:0B:F4:AE:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cvR1OfGfD1oTsLabx5Ynjwv0rqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/2_Lor6pJoPyeGobTxIk3qzMNWfo.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44381
IP address blocks:        5.145.152.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/cvR1OfGfD1oTsLabx5Ynjwv0rqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/cvR1OfGfD1oTsLabx5Ynjwv0rqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cvR1OfGfD1oTsLabx5Ynjwv0rqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fd:07:64:ca:93:fe:ad:c7:f8:0d:a1:37:e4:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72f47539f19f0f5a13b0b69bc796278f0bf4aea4
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbf2e8afaa49a0fc9e1a86d3c48937ab330d59fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b1:f8:cc:11:44:15:40:5e:48:3c:d1:37:8e:
                    21:f5:1f:e0:ba:99:3a:2c:31:d8:5c:ca:67:70:5e:
                    09:6a:01:9c:5d:b2:18:9e:ff:2d:ed:07:77:f3:89:
                    69:d0:95:aa:05:32:0d:ce:58:12:7a:21:30:a1:1a:
                    74:bf:30:64:2c:de:49:60:1d:b3:7b:05:2f:d6:d9:
                    f4:76:40:db:7d:e1:9b:8a:fb:b7:fd:e3:3b:93:d1:
                    bc:db:0b:d1:af:ae:25:23:b3:54:36:71:2f:1b:d8:
                    ed:a2:06:56:68:51:64:8a:2c:ab:20:b2:65:fc:22:
                    bf:b0:15:4a:11:b8:c2:ff:16:b9:9f:4a:85:77:c3:
                    35:3a:a8:2f:c0:42:5b:5c:a0:dd:b3:01:82:3d:f2:
                    86:39:95:a9:d8:72:db:5e:52:76:ce:63:2a:77:cb:
                    b6:d4:ba:d0:99:f3:68:fe:86:18:57:b8:de:af:7c:
                    ae:2f:42:ed:2c:6c:96:74:ae:77:0a:59:21:1c:c8:
                    71:f3:86:64:df:18:18:21:f5:88:ca:c7:ee:ed:37:
                    c1:06:67:71:39:05:fd:fe:f7:cf:0d:f2:fd:45:a4:
                    1f:04:fc:02:15:08:54:39:b5:ac:81:87:80:09:76:
                    5f:be:d0:69:aa:2a:d8:84:6b:51:6c:18:a0:29:fc:
                    13:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F2:E8:AF:AA:49:A0:FC:9E:1A:86:D3:C4:89:37:AB:33:0D:59:FA
            X509v3 Authority Key Identifier:
                keyid:72:F4:75:39:F1:9F:0F:5A:13:B0:B6:9B:C7:96:27:8F:0B:F4:AE:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cvR1OfGfD1oTsLabx5Ynjwv0rqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/2_Lor6pJoPyeGobTxIk3qzMNWfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/573d9d-32ad-46ff-ae23-2ea6ec285a15/1/cvR1OfGfD1oTsLabx5Ynjwv0rqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ba:f6:d6:e0:ec:2e:28:61:c5:b9:43:39:ff:28:8c:cb:f8:1c:
         3d:ae:3f:9a:4c:fd:18:52:78:e1:80:b6:cb:cf:89:24:86:30:
         11:c2:34:b4:67:aa:c4:9d:18:2f:1c:91:1a:09:c0:7d:56:30:
         18:4e:d1:b2:a9:28:25:02:65:39:a6:b9:7a:91:f6:b5:e6:01:
         8a:ae:23:97:c3:36:7e:16:cb:0e:ba:16:4c:0c:71:ed:c1:84:
         d1:62:0f:ad:03:9e:c1:6d:bb:34:fb:e3:49:69:23:01:97:67:
         cf:6a:12:c6:20:a8:9a:3d:39:ce:f6:c1:44:58:4f:0b:5f:30:
         fb:4e:4b:77:01:48:0f:2c:8b:e9:fe:8b:2f:3a:70:e4:f3:09:
         24:09:8e:8f:cd:f2:f4:f8:7e:17:98:ea:52:b7:c4:56:12:c4:
         98:9f:90:01:c0:43:e2:ef:63:bb:32:a7:52:f1:80:4c:bb:3b:
         77:72:fb:9a:a3:3b:24:76:6d:5b:6c:a2:47:b2:6d:9b:9b:5e:
         42:1f:e4:04:bb:60:d7:81:81:3e:5d:f2:74:49:e0:b7:68:70:
         e8:c6:64:77:f7:8e:9e:14:93:6d:fb:b1:8b:a8:28:90:d6:af:
         9d:d8:1e:4c:56:63:87:60:b7:1d:b6:f2:9c:37:40:61:f7:84:
         fe:a1:14:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf0HZMqT/q3H+A2hN+RGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZjQ3NTM5ZjE5ZjBmNWExM2IwYjY5YmM3OTYyNzhmMGJm
NGFlYTQwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmYyZThhZmFhNDlhMGZjOWUxYTg2ZDNjNDg5MzdhYjMzMGQ1OWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbH4zBFEFUBeSDzRN44h9R/gupk6
LDHYXMpncF4JagGcXbIYnv8t7Qd384lp0JWqBTINzlgSeiEwoRp0vzBkLN5JYB2z
ewUv1tn0dkDbfeGbivu3/eM7k9G82wvRr64lI7NUNnEvG9jtogZWaFFkiiyrILJl
/CK/sBVKEbjC/xa5n0qFd8M1OqgvwEJbXKDdswGCPfKGOZWp2HLbXlJ2zmMqd8u2
1LrQmfNo/oYYV7jer3yuL0LtLGyWdK53ClkhHMhx84Zk3xgYIfWIysfu7TfBBmdx
OQX9/vfPDfL9RaQfBPwCFQhUObWsgYeACXZfvtBpqirYhGtRbBigKfwT1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvy6K+qSaD8nhqG08SJN6szDVn6MB8GA1UdIwQY
MBaAFHL0dTnxnw9aE7C2m8eWJ48L9K6kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3ZSMU9mR2ZEMW9Uc0xhYng1WW5qd3YwcnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81NzNkOWQtMzJhZC00NmZmLWFlMjMt
MmVhNmVjMjg1YTE1LzEvMl9Mb3I2cEpvUHllR29iVHhJazNxek1OV2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81NzNkOWQtMzJhZC00NmZmLWFlMjMtMmVhNmVjMjg1YTE1
LzEvY3ZSMU9mR2ZEMW9Uc0xhYng1WW5qd3YwcnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQC69tbg7C4oYcW5Qzn/KIzL+Bw9rj+aTP0YUnjhgLbL
z4kkhjARwjS0Z6rEnRgvHJEaCcB9VjAYTtGyqSglAmU5prl6kfa15gGKriOXwzZ+
FssOuhZMDHHtwYTRYg+tA57Bbbs0++NJaSMBl2fPahLGIKiaPTnO9sFEWE8LXzD7
Tkt3AUgPLIvp/osvOnDk8wkkCY6PzfL0+H4XmOpSt8RWEsSYn5ABwEPi72O7MqdS
8YBMuzt3cvuaozskdm1bbKJHsm2bm15CH+QEu2DXgYE+XfJ0SeC3aHDoxmR3946e
FJNt+7GLqCiQ1q+d2B5MVmOHYLcdtvKcN0Bh94T+oRTm
-----END CERTIFICATE-----