Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/lrVdWYePrfvjN2tTsNMy_Nf4Gn4.roa
File:                     lrVdWYePrfvjN2tTsNMy_Nf4Gn4.roa (raw, json)
Hash identifier:          twkAP7rnPOwhMAXsaX+PpZC1dZNkXLlK0+tLwfHke2I=
Subject key identifier:   96:B5:5D:59:87:8F:AD:FB:E3:37:6B:53:B0:D3:32:FC:D7:F8:1A:7E
Certificate issuer:       /CN=80043f23936622824111e8865a50002067d95a62
Certificate serial:       019420D5E07D2DF3856605B36AEFC96D91EB
Authority key identifier: 80:04:3F:23:93:66:22:82:41:11:E8:86:5A:50:00:20:67:D9:5A:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/lrVdWYePrfvjN2tTsNMy_Nf4Gn4.roa
Signing time:             Wed 01 Jan 2025 07:47:55 +0000
ROA not before:           Wed 01 Jan 2025 07:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42160
IP address blocks:        185.18.148.0/23 maxlen: 23
                          2a04:b80:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e0:7d:2d:f3:85:66:05:b3:6a:ef:c9:6d:91:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80043f23936622824111e8865a50002067d95a62
        Validity
            Not Before: Jan  1 07:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96b55d59878fadfbe3376b53b0d332fcd7f81a7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b3:2a:58:01:3f:ef:b0:89:e4:1c:4f:d6:e5:
                    b0:87:eb:38:76:27:f9:3c:42:38:03:b4:0e:af:b0:
                    d1:bb:72:13:8a:f7:3a:a1:ff:74:89:30:5b:e9:1c:
                    67:ef:9b:93:0c:03:7b:d7:77:0c:ba:fd:14:75:1a:
                    75:5a:8b:56:01:64:cd:66:d5:6d:c9:15:28:33:b3:
                    bb:55:41:cf:3e:25:24:15:15:b5:4b:94:5e:53:38:
                    13:f1:fc:8e:62:44:52:45:49:5e:90:8f:f2:ee:97:
                    e9:9d:7a:ef:79:a0:18:a1:7c:c7:0a:a8:6b:c1:11:
                    e4:fb:c5:98:d8:7c:b1:1d:16:a3:11:56:02:dd:77:
                    d1:19:a3:1b:ef:d0:17:d1:68:e3:26:81:b2:b3:90:
                    8a:33:b3:96:87:68:93:45:1f:e8:82:9f:11:48:70:
                    61:29:ce:a1:67:78:a3:0e:84:60:be:61:a2:fa:88:
                    d9:53:78:9e:78:7f:b8:e6:bc:7b:33:c2:dc:1c:b1:
                    25:17:71:b2:1e:00:ed:84:33:1d:16:11:9d:b1:71:
                    d6:25:32:2c:45:83:c4:08:c5:44:a6:ce:c1:59:63:
                    5f:35:9e:3a:08:63:ff:07:ec:82:1d:2f:3e:55:be:
                    35:91:b6:db:33:95:22:4d:61:7f:b3:8f:7e:97:c8:
                    76:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B5:5D:59:87:8F:AD:FB:E3:37:6B:53:B0:D3:32:FC:D7:F8:1A:7E
            X509v3 Authority Key Identifier:
                keyid:80:04:3F:23:93:66:22:82:41:11:E8:86:5A:50:00:20:67:D9:5A:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/lrVdWYePrfvjN2tTsNMy_Nf4Gn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/39f28c-9eb8-4cae-8d98-68cdc692ad09/1/gAQ_I5NmIoJBEeiGWlAAIGfZWmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.148.0/23
                IPv6:
                  2a04:b80:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:02:49:eb:bb:a5:77:c5:88:a0:92:e7:7e:86:d6:09:f5:54:
         47:49:0b:60:c6:ba:7f:00:53:0f:c9:98:8d:f1:d5:61:5d:f3:
         a2:db:52:71:05:0e:85:34:68:e2:1a:38:f6:16:a5:e4:21:1d:
         9b:b0:bf:19:69:cd:33:74:9c:89:ef:e5:5d:62:1c:62:3b:3d:
         36:33:c8:02:46:e9:02:2a:d0:7e:64:7b:4e:b6:48:b0:04:5d:
         ef:f9:35:35:e7:09:7e:14:96:97:2b:f0:3a:ca:be:21:0b:77:
         3c:72:01:e5:18:2e:ff:72:fa:9c:1e:62:80:25:9f:4d:85:04:
         b0:25:df:3c:e5:69:b9:8b:b1:67:3e:1e:b0:fe:f8:e8:b0:d2:
         2e:b9:19:db:ec:ca:c0:69:b3:14:ba:68:dd:2d:f5:95:a4:c5:
         14:78:ea:7b:03:39:54:4e:f5:0b:4c:30:cf:b2:46:e3:85:17:
         0e:ae:1f:1a:e1:e2:fd:a8:34:e4:d6:23:0b:9e:e5:59:74:76:
         dd:65:63:f6:90:bc:a6:32:78:ca:30:08:d1:aa:03:f8:3f:32:
         54:99:a7:dd:2f:1e:59:e8:c4:dd:b3:3e:91:27:a2:6d:fd:a1:
         c2:4d:fa:2c:b0:b6:e0:cf:80:ad:7f:33:88:93:04:ae:87:c6:
         e8:02:20:41
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1eB9LfOFZgWzau/JbZHrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwMDQzZjIzOTM2NjIyODI0MTExZTg4NjVhNTAwMDIwNjdk
OTVhNjIwHhcNMjUwMTAxMDc0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmI1NWQ1OTg3OGZhZGZiZTMzNzZiNTNiMGQzMzJmY2Q3ZjgxYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrMqWAE/77CJ5BxP1uWwh+s4dif5
PEI4A7QOr7DRu3ITivc6of90iTBb6Rxn75uTDAN713cMuv0UdRp1WotWAWTNZtVt
yRUoM7O7VUHPPiUkFRW1S5ReUzgT8fyOYkRSRUlekI/y7pfpnXrveaAYoXzHCqhr
wRHk+8WY2HyxHRajEVYC3XfRGaMb79AX0WjjJoGys5CKM7OWh2iTRR/ogp8RSHBh
Kc6hZ3ijDoRgvmGi+ojZU3ieeH+45rx7M8LcHLElF3GyHgDthDMdFhGdsXHWJTIs
RYPECMVEps7BWWNfNZ46CGP/B+yCHS8+Vb41kbbbM5UiTWF/s49+l8h28wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJa1XVmHj6374zdrU7DTMvzX+Bp+MB8GA1UdIwQY
MBaAFIAEPyOTZiKCQRHohlpQACBn2VpiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0FRX0k1Tm1Jb0pCRWVpR1dsQUFJR2ZaV21JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zOWYyOGMtOWViOC00Y2FlLThkOTgt
NjhjZGM2OTJhZDA5LzEvbHJWZFdZZVByZnZqTjJ0VHNOTXlfTmY0R240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zOWYyOGMtOWViOC00Y2FlLThkOTgtNjhjZGM2OTJhZDA5
LzEvZ0FRX0k1Tm1Jb0pCRWVpR1dsQUFJR2ZaV21JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuRKUMA8E
AgACMAkDBwAqBAuAAAEwDQYJKoZIhvcNAQELBQADggEBAJwCSeu7pXfFiKCS536G
1gn1VEdJC2DGun8AUw/JmI3x1WFd86LbUnEFDoU0aOIaOPYWpeQhHZuwvxlpzTN0
nInv5V1iHGI7PTYzyAJG6QIq0H5ke062SLAEXe/5NTXnCX4Ulpcr8DrKviELdzxy
AeUYLv9y+pweYoAln02FBLAl3zzlabmLsWc+HrD++Oiw0i65GdvsysBpsxS6aN0t
9ZWkxRR46nsDOVRO9QtMMM+yRuOFFw6uHxrh4v2oNOTWIwue5Vl0dt1lY/aQvKYy
eMowCNGqA/g/MlSZp90vHlnoxN2zPpEnom39ocJN+iywtuDPgK1/M4iTBK6HxugC
IEE=
-----END CERTIFICATE-----