Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/OjOSiVLO01NbQEy7fCWWb1dleI0.roa
File:                     OjOSiVLO01NbQEy7fCWWb1dleI0.roa (raw, json)
Hash identifier:          1R3ScnGJJHnWlOylikh2Ppg5Q/7g7edL0CQoeTE72rs=
Subject key identifier:   3A:33:92:89:52:CE:D3:53:5B:40:4C:BB:7C:25:96:6F:57:65:78:8D
Certificate issuer:       /CN=7b48945b9d716cd47fbde2860d8100fcda987496
Certificate serial:       019424B3936B7604574EC99662DA47A6BDBD
Authority key identifier: 7B:48:94:5B:9D:71:6C:D4:7F:BD:E2:86:0D:81:00:FC:DA:98:74:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e0iUW51xbNR_veKGDYEA_NqYdJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/OjOSiVLO01NbQEy7fCWWb1dleI0.roa
Signing time:             Thu 02 Jan 2025 01:48:56 +0000
ROA not before:           Thu 02 Jan 2025 01:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        5.22.145.0/24 maxlen: 24
                          2a00:18e0:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/e0iUW51xbNR_veKGDYEA_NqYdJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/e0iUW51xbNR_veKGDYEA_NqYdJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e0iUW51xbNR_veKGDYEA_NqYdJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:93:6b:76:04:57:4e:c9:96:62:da:47:a6:bd:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b48945b9d716cd47fbde2860d8100fcda987496
        Validity
            Not Before: Jan  2 01:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a33928952ced3535b404cbb7c25966f5765788d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:2a:06:2d:cf:56:dc:d6:3f:b8:0f:a4:14:cf:
                    c3:5f:2d:5a:98:ca:8c:41:df:b1:de:8a:7e:43:8a:
                    5e:0a:b7:9e:e1:de:28:28:db:b2:52:3c:3a:c3:ff:
                    27:70:83:8a:6e:6c:c7:72:5d:05:6c:a5:74:23:79:
                    0e:60:dc:1e:29:92:ac:4c:4c:ff:c6:1d:4e:58:30:
                    e3:f9:34:d9:e3:54:e8:c1:4e:dd:b6:c9:0d:e1:78:
                    9e:05:f8:c7:b5:c6:07:7b:99:b8:e5:5c:fe:f6:73:
                    2d:94:a4:74:9c:5c:05:3f:c4:58:2c:b9:c3:c8:1c:
                    5f:50:65:dc:4f:1b:84:d4:f0:6c:87:23:aa:c5:18:
                    98:38:51:4e:05:14:8c:e6:e5:13:5f:4c:81:85:7d:
                    58:82:25:b2:67:ef:aa:1f:17:30:b3:17:48:b2:b7:
                    34:47:fb:16:26:f8:89:8e:31:77:50:81:14:22:42:
                    bc:f2:e0:09:86:83:ce:5e:50:94:b0:29:0a:f0:49:
                    08:dd:35:67:81:15:d3:43:f8:4e:9b:d3:3d:05:04:
                    37:bf:96:5a:92:fb:d8:56:71:ee:ee:b5:07:ab:d6:
                    61:8f:c8:03:b9:01:34:df:1a:12:9f:40:ab:28:16:
                    ff:9b:c4:7e:3d:b1:d5:03:11:82:6a:e7:c8:bc:f1:
                    5b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:33:92:89:52:CE:D3:53:5B:40:4C:BB:7C:25:96:6F:57:65:78:8D
            X509v3 Authority Key Identifier:
                keyid:7B:48:94:5B:9D:71:6C:D4:7F:BD:E2:86:0D:81:00:FC:DA:98:74:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0iUW51xbNR_veKGDYEA_NqYdJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/OjOSiVLO01NbQEy7fCWWb1dleI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/e0iUW51xbNR_veKGDYEA_NqYdJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.145.0/24
                IPv6:
                  2a00:18e0:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:be:18:58:1d:14:1b:f8:cd:d1:50:7b:2c:70:7c:8f:2a:97:
         1f:4c:f0:b9:8a:a3:b0:d6:7f:10:18:1c:2e:5e:85:25:0d:84:
         3f:1c:b4:21:c9:00:f7:05:31:12:b4:45:ca:a1:04:9a:34:79:
         9b:a1:19:df:29:93:90:a9:3c:77:c1:b2:21:1c:f2:28:df:49:
         b4:e8:d0:19:b4:7f:69:e2:6b:44:20:05:55:f3:8b:f8:64:1b:
         c3:e1:34:0f:b1:d1:0d:65:8b:fa:09:ca:04:23:da:9e:60:75:
         0d:fb:e9:58:ef:98:a1:1d:8e:f0:57:b9:93:5b:af:14:00:7a:
         aa:0c:bc:59:d2:51:13:60:3c:3c:f4:79:da:90:c3:16:0b:dd:
         d7:12:22:b3:48:91:b1:7d:bc:4b:14:97:8b:e6:21:de:4b:75:
         d9:c0:d7:0d:46:27:63:1c:cc:08:79:55:1c:1b:e2:41:5f:e6:
         47:c8:84:73:a6:1b:83:a1:19:e1:7e:54:bc:68:32:87:77:07:
         53:e7:3d:8c:72:99:4b:65:16:19:cd:5b:4f:49:1e:e4:a5:0c:
         65:30:a8:3a:d4:41:7e:b7:15:a2:77:12:c5:df:00:42:da:b2:
         99:a2:77:d0:04:3c:f4:bf:bc:75:89:6c:4d:71:45:e8:b2:f2:
         ff:8e:90:68
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQks5NrdgRXTsmWYtpHpr29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNDg5NDViOWQ3MTZjZDQ3ZmJkZTI4NjBkODEwMGZjZGE5
ODc0OTYwHhcNMjUwMTAyMDE0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTMzOTI4OTUyY2VkMzUzNWI0MDRjYmI3YzI1OTY2ZjU3NjU3ODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CoGLc9W3NY/uA+kFM/DXy1amMqM
Qd+x3op+Q4peCree4d4oKNuyUjw6w/8ncIOKbmzHcl0FbKV0I3kOYNweKZKsTEz/
xh1OWDDj+TTZ41TowU7dtskN4XieBfjHtcYHe5m45Vz+9nMtlKR0nFwFP8RYLLnD
yBxfUGXcTxuE1PBshyOqxRiYOFFOBRSM5uUTX0yBhX1YgiWyZ++qHxcwsxdIsrc0
R/sWJviJjjF3UIEUIkK88uAJhoPOXlCUsCkK8EkI3TVngRXTQ/hOm9M9BQQ3v5Za
kvvYVnHu7rUHq9Zhj8gDuQE03xoSn0CrKBb/m8R+PbHVAxGCaufIvPFbiQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDozkolSztNTW0BMu3wllm9XZXiNMB8GA1UdIwQY
MBaAFHtIlFudcWzUf73ihg2BAPzamHSWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTBpVVc1MXhiTlJfdmVLR0RZRUFfTnFZZEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS81YjZiMDYtOWFmNi00MDI2LWI0N2Mt
NGU4NTg5N2YzMDljLzEvT2pPU2lWTE8wMU5iUUV5N2ZDV1diMWRsZUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS81YjZiMDYtOWFmNi00MDI2LWI0N2MtNGU4NTg5N2YzMDlj
LzEvZTBpVVc1MXhiTlJfdmVLR0RZRUFfTnFZZEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABRaRMA8E
AgACMAkDBwAqABjgAAUwDQYJKoZIhvcNAQELBQADggEBAFO+GFgdFBv4zdFQeyxw
fI8qlx9M8LmKo7DWfxAYHC5ehSUNhD8ctCHJAPcFMRK0RcqhBJo0eZuhGd8pk5Cp
PHfBsiEc8ijfSbTo0Bm0f2nia0QgBVXzi/hkG8PhNA+x0Q1li/oJygQj2p5gdQ37
6VjvmKEdjvBXuZNbrxQAeqoMvFnSURNgPDz0edqQwxYL3dcSIrNIkbF9vEsUl4vm
Id5LddnA1w1GJ2MczAh5VRwb4kFf5kfIhHOmG4OhGeF+VLxoMod3B1PnPYxymUtl
FhnNW09JHuSlDGUwqDrUQX63FaJ3EsXfAELaspmid9AEPPS/vHWJbE1xReiy8v+O
kGg=
-----END CERTIFICATE-----