Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/5LG9RMhV18dr8GgPsdzIKX_6c5E.roa
File:                     5LG9RMhV18dr8GgPsdzIKX_6c5E.roa (raw, json)
Hash identifier:          yQ4O/sKhd/WYzyVfF6fy/8EkCAeHl8sCtmg9+DRLuVk=
Subject key identifier:   E4:B1:BD:44:C8:55:D7:C7:6B:F0:68:0F:B1:DC:C8:29:7F:FA:73:91
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B39498B8A29B0968A094998129190E
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/5LG9RMhV18dr8GgPsdzIKX_6c5E.roa
Signing time:             Thu 02 Jan 2025 15:47:47 +0000
ROA not before:           Thu 02 Jan 2025 15:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.138.17.0/24 maxlen: 24
                          2a0f:e380::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:94:98:b8:a2:9b:09:68:a0:94:99:81:29:19:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4b1bd44c855d7c76bf0680fb1dcc8297ffa7391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:87:38:e6:9d:03:36:96:f9:81:7f:35:c2:57:
                    6b:23:d4:be:8a:82:57:56:c2:d8:85:34:65:51:ec:
                    87:81:f1:bc:9e:93:5a:62:4f:95:78:1d:f6:02:51:
                    ca:eb:df:fa:6d:c0:51:68:c5:f4:2f:fb:45:50:17:
                    28:c0:52:1a:94:f3:a0:c6:a0:44:a0:99:d1:68:58:
                    c0:63:0d:03:1a:7d:7b:d5:02:8b:fa:54:6d:ac:e7:
                    56:8c:12:15:4f:65:bd:67:20:3b:e8:cd:a2:69:f1:
                    ff:74:a0:9b:a8:4f:a8:7c:54:6a:fc:88:66:46:8e:
                    9b:1e:a5:19:38:1a:87:a3:c9:9a:ad:b3:38:0e:8b:
                    c0:e8:d4:5d:2f:ed:6f:ff:84:67:6e:58:c7:e0:6b:
                    b7:b6:c6:84:07:1f:a2:17:2f:71:3f:e2:c0:b1:ac:
                    99:3a:5e:78:1c:ce:1e:b5:9c:be:95:e9:41:89:d9:
                    b9:4d:a5:dd:4a:2a:d1:96:d7:11:f7:1e:c4:3f:bf:
                    c1:b5:dc:30:b8:67:91:7d:ea:48:28:c4:fd:8d:6c:
                    1b:bb:10:c1:aa:73:dc:85:5e:21:7c:a5:6e:e9:00:
                    d7:fb:51:d3:6f:48:a4:42:f3:d2:fc:3b:33:24:00:
                    17:23:e4:53:0c:3c:4c:44:b3:56:05:27:72:b3:cb:
                    a6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B1:BD:44:C8:55:D7:C7:6B:F0:68:0F:B1:DC:C8:29:7F:FA:73:91
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/5LG9RMhV18dr8GgPsdzIKX_6c5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.17.0/24
                IPv6:
                  2a0f:e380::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:3f:8a:1a:bf:9d:19:b4:d9:a2:88:da:a9:4b:8a:80:48:3a:
         88:1d:30:5e:d1:59:3a:b0:71:d1:00:fb:cb:d2:de:f0:52:58:
         8d:8e:12:a9:8e:41:00:5d:4d:1f:4f:37:bc:31:1c:09:bd:cb:
         a4:3a:93:61:ca:bc:1c:27:ce:86:a7:20:2c:30:bf:96:09:b2:
         95:ba:fc:79:a7:d7:df:8d:3e:4f:4d:64:09:a7:8d:f9:7a:58:
         c8:6b:14:72:5a:ad:45:1b:79:e7:c4:7b:f0:3e:80:e1:80:5a:
         ff:28:28:08:e7:5b:5a:71:0d:5f:5d:0f:a1:57:9a:ed:ba:96:
         91:10:33:50:76:22:8a:77:65:eb:5f:60:1b:01:b9:bf:b9:d7:
         2a:59:ca:90:ce:10:08:59:d5:a0:87:08:3c:47:c3:7b:9e:0a:
         bd:e3:10:ea:a9:04:9c:74:cd:fd:e2:89:b3:10:c2:14:63:bc:
         ba:f3:b2:ac:7e:cc:c7:e9:22:94:79:22:05:79:ce:12:03:62:
         a9:76:f6:0c:9f:4d:fa:01:c0:04:97:c1:9e:e1:3f:41:62:54:
         e3:e1:9d:23:28:97:2e:ea:8c:a0:d0:67:fc:7e:68:81:04:fd:
         e6:48:da:30:d4:25:9f:8c:7a:0d:4f:9d:c7:ca:49:e2:f3:ee:
         85:76:5e:8a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQns5SYuKKbCWiglJmBKRkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGIxYmQ0NGM4NTVkN2M3NmJmMDY4MGZiMWRjYzgyOTdmZmE3MzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoc45p0DNpb5gX81wldrI9S+ioJX
VsLYhTRlUeyHgfG8npNaYk+VeB32AlHK69/6bcBRaMX0L/tFUBcowFIalPOgxqBE
oJnRaFjAYw0DGn171QKL+lRtrOdWjBIVT2W9ZyA76M2iafH/dKCbqE+ofFRq/Ihm
Ro6bHqUZOBqHo8marbM4DovA6NRdL+1v/4RnbljH4Gu3tsaEBx+iFy9xP+LAsayZ
Ol54HM4etZy+lelBidm5TaXdSirRltcR9x7EP7/BtdwwuGeRfepIKMT9jWwbuxDB
qnPchV4hfKVu6QDX+1HTb0ikQvPS/DszJAAXI+RTDDxMRLNWBSdys8umVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOSxvUTIVdfHa/BoD7HcyCl/+nORMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvNUxHOVJNaFYxOGRyOEdnUHNkeklLWF82YzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYoRMA0E
AgACMAcDBQAqD+OAMA0GCSqGSIb3DQEBCwUAA4IBAQA9P4oav50ZtNmiiNqpS4qA
SDqIHTBe0Vk6sHHRAPvL0t7wUliNjhKpjkEAXU0fTze8MRwJvcukOpNhyrwcJ86G
pyAsML+WCbKVuvx5p9ffjT5PTWQJp435eljIaxRyWq1FG3nnxHvwPoDhgFr/KCgI
51tacQ1fXQ+hV5rtupaREDNQdiKKd2XrX2AbAbm/udcqWcqQzhAIWdWghwg8R8N7
ngq94xDqqQScdM394omzEMIUY7y687KsfszH6SKUeSIFec4SA2KpdvYMn036AcAE
l8Ge4T9BYlTj4Z0jKJcu6oyg0Gf8fmiBBP3mSNow1CWfjHoNT53Hykni8+6Fdl6K
-----END CERTIFICATE-----