Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/cQDUoTmzh16X21EUYU6Rst7gwN4.roa
File:                     cQDUoTmzh16X21EUYU6Rst7gwN4.roa (raw, json)
Hash identifier:          VpP4wKEnD3uBwSFEK90HjJtm7jaN6/opZLM04PiBqsA=
Subject key identifier:   71:00:D4:A1:39:B3:87:5E:97:DB:51:14:61:4E:91:B2:DE:E0:C0:DE
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019420D623ADA7D92FFB88A2CD018E2EBDEF
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/cQDUoTmzh16X21EUYU6Rst7gwN4.roa
Signing time:             Wed 01 Jan 2025 07:48:12 +0000
ROA not before:           Wed 01 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        5.181.200.0/24 maxlen: 24
                          45.158.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 18:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:23:ad:a7:d9:2f:fb:88:a2:cd:01:8e:2e:bd:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7100d4a139b3875e97db5114614e91b2dee0c0de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a5:00:bc:5a:21:9a:28:9e:97:47:e6:97:44:
                    c7:5f:92:19:5f:f2:99:34:57:74:1c:77:79:02:0d:
                    a8:c6:71:fc:ce:30:06:dc:62:4c:ca:6d:f8:a5:2a:
                    c6:70:03:2b:47:4e:86:4d:ae:b9:b9:ff:af:8e:53:
                    b4:b8:01:2d:0f:48:96:06:8e:40:4e:9d:29:f1:f4:
                    af:0e:74:f9:44:21:b1:3e:6e:7b:d3:66:4a:ae:e8:
                    d3:8a:60:6b:55:90:5e:77:1d:67:8a:0e:79:76:63:
                    7a:4b:d6:88:71:15:1f:1f:20:16:c4:1b:5f:9b:35:
                    e3:e7:72:64:6d:64:d3:f0:8b:cd:2c:38:53:55:e0:
                    ce:17:b7:26:3b:40:31:40:11:65:40:ea:88:8d:16:
                    37:70:2f:11:f6:e2:1c:9a:c6:1b:74:5e:d6:41:2e:
                    be:e7:e3:40:2e:9a:8e:ba:3f:7b:9d:91:92:d0:df:
                    48:56:ab:21:66:1c:7e:2d:2e:e0:98:64:70:8f:bc:
                    00:b5:c7:24:3e:38:66:9e:4a:45:a6:0d:da:d3:47:
                    56:cb:c7:c7:0f:38:98:08:ef:a4:c6:06:c2:85:69:
                    48:0f:2b:f9:4d:21:ee:ba:e3:5a:25:5d:01:83:81:
                    33:a3:d7:23:15:b2:da:ba:ce:eb:00:4a:0a:30:30:
                    1b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:00:D4:A1:39:B3:87:5E:97:DB:51:14:61:4E:91:B2:DE:E0:C0:DE
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/cQDUoTmzh16X21EUYU6Rst7gwN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.200.0/24
                  45.158.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:89:ee:14:cd:a3:38:e5:99:90:cd:23:8b:7b:77:e9:d6:3a:
         12:b8:f7:00:8e:49:bb:2d:5e:46:22:08:c3:68:85:91:d4:c6:
         68:ef:21:c9:1b:6f:f6:f1:db:7f:19:06:84:1c:54:11:21:39:
         2b:a4:42:7c:7c:84:c0:e3:92:fa:26:13:84:62:dd:0c:39:12:
         ca:2a:32:03:59:cf:fd:a5:98:28:d4:2f:72:fb:79:e2:8d:0e:
         b9:73:9a:45:8d:40:2b:a1:9f:dd:bd:f8:63:25:33:95:68:72:
         a6:c0:55:ac:dd:4d:a7:6c:ad:bc:c1:c5:f8:59:65:a7:55:bc:
         7e:f2:19:d4:ed:b2:08:65:8f:88:ce:46:8e:4e:b1:90:48:61:
         80:24:df:46:af:e7:4a:26:bc:08:5e:b8:f2:96:01:38:25:67:
         1d:bc:d5:aa:1d:f7:32:13:7c:ff:c0:6e:0c:d7:ce:13:c8:e8:
         a2:58:d3:dd:99:2f:04:ce:ec:79:8b:80:49:f0:3c:f2:2e:72:
         d7:29:9c:98:5f:f3:df:b5:04:e0:d5:a9:7c:51:d1:45:a3:ef:
         ae:b5:37:40:5c:62:51:4c:5e:9c:77:80:fe:da:5e:b6:96:33:
         ac:4f:b9:72:e1:04:1d:f1:14:f7:c2:a2:c8:c2:19:cb:a6:dc:
         27:f4:7f:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1iOtp9kv+4iizQGOLr3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTAwZDRhMTM5YjM4NzVlOTdkYjUxMTQ2MTRlOTFiMmRlZTBjMGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqUAvFohmiiel0fml0THX5IZX/KZ
NFd0HHd5Ag2oxnH8zjAG3GJMym34pSrGcAMrR06GTa65uf+vjlO0uAEtD0iWBo5A
Tp0p8fSvDnT5RCGxPm5702ZKrujTimBrVZBedx1nig55dmN6S9aIcRUfHyAWxBtf
mzXj53JkbWTT8IvNLDhTVeDOF7cmO0AxQBFlQOqIjRY3cC8R9uIcmsYbdF7WQS6+
5+NALpqOuj97nZGS0N9IVqshZhx+LS7gmGRwj7wAtcckPjhmnkpFpg3a00dWy8fH
DziYCO+kxgbChWlIDyv5TSHuuuNaJV0Bg4Ezo9cjFbLaus7rAEoKMDAbKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHEA1KE5s4del9tRFGFOkbLe4MDeMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvY1FEVW9UbXpoMTZYMjFFVVlVNlJzdDdnd040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbXIAwQA
LZ5TMA0GCSqGSIb3DQEBCwUAA4IBAQA6ie4UzaM45ZmQzSOLe3fp1joSuPcAjkm7
LV5GIgjDaIWR1MZo7yHJG2/28dt/GQaEHFQRITkrpEJ8fITA45L6JhOEYt0MORLK
KjIDWc/9pZgo1C9y+3nijQ65c5pFjUAroZ/dvfhjJTOVaHKmwFWs3U2nbK28wcX4
WWWnVbx+8hnU7bIIZY+IzkaOTrGQSGGAJN9Gr+dKJrwIXrjylgE4JWcdvNWqHfcy
E3z/wG4M184TyOiiWNPdmS8Ezux5i4BJ8DzyLnLXKZyYX/PftQTg1al8UdFFo++u
tTdAXGJRTF6cd4D+2l62ljOsT7ly4QQd8RT3wqLIwhnLptwn9H/Q
-----END CERTIFICATE-----