Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/5h9YKKcY0SCe3wY81SGgqzZL2Wg.roa
File:                     5h9YKKcY0SCe3wY81SGgqzZL2Wg.roa (raw, json)
Hash identifier:          DnqD4SrY/yJiLItUsWI45RqIRXlmhQ4KxoFBdtJ9vq4=
Subject key identifier:   E6:1F:58:28:A7:18:D1:20:9E:DF:06:3C:D5:21:A0:AB:36:4B:D9:68
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B38DC2B016979CD008D2F0C5EE903A
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/5h9YKKcY0SCe3wY81SGgqzZL2Wg.roa
Signing time:             Thu 02 Jan 2025 15:47:46 +0000
ROA not before:           Thu 02 Jan 2025 15:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3170
IP address blocks:        45.87.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:8d:c2:b0:16:97:9c:d0:08:d2:f0:c5:ee:90:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e61f5828a718d1209edf063cd521a0ab364bd968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:ad:7c:f6:8a:a1:1c:f8:9b:8c:97:05:ca:
                    29:e6:df:7b:67:7e:43:f2:3f:04:16:df:3b:01:4f:
                    90:83:d5:d5:e4:95:37:5d:6d:ee:2b:66:3b:6d:a9:
                    7e:7c:43:93:e4:fb:0e:5d:7d:7e:5b:36:3d:8f:01:
                    cd:69:99:ef:16:b4:42:18:80:98:0c:80:5a:2c:1c:
                    38:3a:71:e1:c0:1a:ab:05:94:38:89:48:3c:26:83:
                    31:ae:50:9b:55:21:b6:29:1a:67:54:63:ec:41:a0:
                    14:00:f3:cc:4c:1e:db:bd:da:73:e6:de:37:4e:9a:
                    12:6c:86:4c:af:2a:cc:c1:7d:88:ae:a8:5b:57:63:
                    75:39:d5:c6:83:f2:05:b9:1d:92:94:a5:cc:41:e0:
                    ae:e7:b8:95:f2:49:ec:f4:a0:34:30:66:16:11:d5:
                    ec:f9:2e:58:38:bb:ad:06:92:04:bb:12:df:67:5e:
                    14:2e:8e:17:12:cf:62:bc:58:4d:00:3f:bc:78:86:
                    a0:2b:95:3e:8f:9f:c6:89:15:99:92:06:62:1d:27:
                    28:da:16:10:37:c7:61:ce:31:0f:38:cc:c6:24:e6:
                    9d:2d:ca:11:35:21:86:10:83:29:86:9f:87:8b:86:
                    fa:d8:9f:b3:1e:50:db:47:06:ea:fa:46:e0:6e:a6:
                    fd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:1F:58:28:A7:18:D1:20:9E:DF:06:3C:D5:21:A0:AB:36:4B:D9:68
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/5h9YKKcY0SCe3wY81SGgqzZL2Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:88:2b:4d:51:a5:25:66:f8:66:b8:ce:00:48:f0:bf:42:19:
         b2:be:28:30:f7:0b:d3:6a:3c:97:cc:9b:c4:64:71:ef:50:16:
         51:7c:09:d8:61:2d:33:df:10:17:15:d0:9d:36:6d:8b:73:a2:
         62:99:24:76:48:34:6d:7f:ac:dc:fe:34:62:9a:f2:05:2a:86:
         b8:cb:52:11:d5:30:4f:8e:ba:f8:46:47:26:3b:7d:0e:1f:1a:
         b2:d7:b3:39:48:4f:60:54:d7:e8:fb:b1:11:a2:c2:5a:2c:ea:
         16:3d:3e:53:0d:5b:57:7d:52:12:95:8d:5f:9d:ec:b8:de:6b:
         a2:9f:64:b7:74:03:ae:ea:48:4d:4b:91:33:90:9c:ca:7f:11:
         e3:f1:d4:57:28:d2:69:6f:45:93:d0:4b:8a:b4:98:66:b9:a3:
         f4:34:94:09:74:7b:fc:a3:94:fc:d8:0d:74:cb:82:58:38:5c:
         8c:45:2b:49:90:f2:ab:66:c6:25:7a:65:01:42:ba:c4:84:ac:
         e5:22:36:bc:0b:60:7e:11:bb:a3:9a:31:74:dc:43:2d:32:9d:
         c5:63:84:1f:28:37:13:6f:b0:3c:74:a2:bd:11:77:db:2a:e1:
         7e:3c:0b:8a:a3:e1:ec:cd:8f:d4:fe:fb:06:ad:ac:6d:8d:7b:
         ed:30:96:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns43CsBaXnNAI0vDF7pA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFmNTgyOGE3MThkMTIwOWVkZjA2M2NkNTIxYTBhYjM2NGJkOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnatfPaKoRz4m4yXBcop5t97Z35D
8j8EFt87AU+Qg9XV5JU3XW3uK2Y7bal+fEOT5PsOXX1+WzY9jwHNaZnvFrRCGICY
DIBaLBw4OnHhwBqrBZQ4iUg8JoMxrlCbVSG2KRpnVGPsQaAUAPPMTB7bvdpz5t43
TpoSbIZMryrMwX2IrqhbV2N1OdXGg/IFuR2SlKXMQeCu57iV8kns9KA0MGYWEdXs
+S5YOLutBpIEuxLfZ14ULo4XEs9ivFhNAD+8eIagK5U+j5/GiRWZkgZiHSco2hYQ
N8dhzjEPOMzGJOadLcoRNSGGEIMphp+Hi4b62J+zHlDbRwbq+kbgbqb9KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYfWCinGNEgnt8GPNUhoKs2S9loMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvNWg5WUtLY1kwU0NlM3dZODFTR2dxelpMMldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVccMA0G
CSqGSIb3DQEBCwUAA4IBAQBJiCtNUaUlZvhmuM4ASPC/Qhmyvigw9wvTajyXzJvE
ZHHvUBZRfAnYYS0z3xAXFdCdNm2Lc6JimSR2SDRtf6zc/jRimvIFKoa4y1IR1TBP
jrr4RkcmO30OHxqy17M5SE9gVNfo+7ERosJaLOoWPT5TDVtXfVISlY1fney43mui
n2S3dAOu6khNS5EzkJzKfxHj8dRXKNJpb0WT0EuKtJhmuaP0NJQJdHv8o5T82A10
y4JYOFyMRStJkPKrZsYlemUBQrrEhKzlIja8C2B+EbujmjF03EMtMp3FY4QfKDcT
b7A8dKK9EXfbKuF+PAuKo+HszY/U/vsGraxtjXvtMJag
-----END CERTIFICATE-----