Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/dd00c1-728a-4abb-8cc2-c9640d250afc/1/9VRbY37PKRH0-UJUOvI3sW7GRqg.roa
File:                     9VRbY37PKRH0-UJUOvI3sW7GRqg.roa (raw, json)
Hash identifier:          JnDLn69G2OWz5ad5UI+dtO7s/dZ3uGdaBQeH20/IDXs=
Subject key identifier:   F5:54:5B:63:7E:CF:29:11:F4:F9:42:54:3A:F2:37:B1:6E:C6:46:A8
Certificate issuer:       /CN=5a5d45654fa597d3522eda168839193ebe782eef
Certificate serial:       01941F8C76D1577509241C5EDA0D102C6BFC
Authority key identifier: 5A:5D:45:65:4F:A5:97:D3:52:2E:DA:16:88:39:19:3E:BE:78:2E:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wl1FZU-ll9NSLtoWiDkZPr54Lu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/dd00c1-728a-4abb-8cc2-c9640d250afc/1/9VRbY37PKRH0-UJUOvI3sW7GRqg.roa
Signing time:             Wed 01 Jan 2025 01:48:06 +0000
ROA not before:           Wed 01 Jan 2025 01:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39078
IP address blocks:        81.25.80.0/21 maxlen: 21
                          217.68.32.0/20 maxlen: 20
                          2a06:3640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/dd00c1-728a-4abb-8cc2-c9640d250afc/1/Wl1FZU-ll9NSLtoWiDkZPr54Lu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/dd00c1-728a-4abb-8cc2-c9640d250afc/1/Wl1FZU-ll9NSLtoWiDkZPr54Lu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wl1FZU-ll9NSLtoWiDkZPr54Lu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:76:d1:57:75:09:24:1c:5e:da:0d:10:2c:6b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a5d45654fa597d3522eda168839193ebe782eef
        Validity
            Not Before: Jan  1 01:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5545b637ecf2911f4f942543af237b16ec646a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:df:b4:6a:b6:bf:c8:b2:c0:a0:94:e7:16:c3:
                    c8:6d:94:8d:4a:02:4f:81:05:4b:27:b8:4d:b5:3c:
                    9c:79:74:51:87:c9:1c:b1:8c:98:89:4a:63:10:85:
                    a1:34:3d:7a:4b:90:92:b6:a4:a1:b6:38:aa:c7:3e:
                    e6:dc:88:4d:e2:53:d6:e3:2c:6b:fd:d5:0c:16:55:
                    1a:dc:42:9d:04:9e:75:85:01:73:ad:d1:a7:8b:b1:
                    a4:8d:bf:f5:01:75:7d:2f:7a:e0:dd:30:63:a3:a0:
                    79:b1:0b:06:d4:55:98:7b:26:e4:2f:bf:ce:96:3c:
                    89:01:ed:85:d0:36:11:6a:18:74:e8:f6:ff:13:67:
                    06:e8:85:dd:8b:d7:b8:26:0f:7f:02:f4:5e:9e:86:
                    5d:a6:3d:9d:27:81:a1:df:9c:17:85:6c:67:ea:77:
                    f1:04:7a:f6:55:7b:3e:af:1d:84:83:69:21:f5:cd:
                    92:18:c1:c7:2c:f8:4c:43:44:32:a7:b6:52:6a:9d:
                    04:1f:20:03:b2:7d:02:e3:2c:8b:16:52:6f:d1:2c:
                    08:d2:ea:98:6f:ef:70:92:3e:2b:54:78:43:d0:6f:
                    04:f5:22:8c:21:b8:24:82:34:6b:58:5e:ec:41:7c:
                    2a:c7:31:03:f4:c5:4a:a5:8c:18:67:7f:5d:09:e6:
                    75:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:54:5B:63:7E:CF:29:11:F4:F9:42:54:3A:F2:37:B1:6E:C6:46:A8
            X509v3 Authority Key Identifier:
                keyid:5A:5D:45:65:4F:A5:97:D3:52:2E:DA:16:88:39:19:3E:BE:78:2E:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wl1FZU-ll9NSLtoWiDkZPr54Lu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/dd00c1-728a-4abb-8cc2-c9640d250afc/1/9VRbY37PKRH0-UJUOvI3sW7GRqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/dd00c1-728a-4abb-8cc2-c9640d250afc/1/Wl1FZU-ll9NSLtoWiDkZPr54Lu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.25.80.0/21
                  217.68.32.0/20
                IPv6:
                  2a06:3640::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:cd:51:55:6f:84:fb:6e:8e:0d:11:a9:b4:8d:b4:6b:13:60:
         1a:a5:a7:02:56:c9:65:ab:46:ca:93:48:21:48:fb:e3:9f:49:
         84:64:e8:8a:57:56:da:d7:bf:e9:31:d7:ba:a1:d6:bf:a1:f8:
         b4:40:0e:97:ca:db:ba:8a:be:b2:94:cf:0a:c7:16:ed:10:d4:
         90:71:c9:0a:e7:4e:29:2b:a9:ce:87:f9:07:1c:8a:d7:78:77:
         d6:d7:20:7c:96:10:f9:65:1e:19:60:68:30:b9:82:76:fd:ce:
         01:59:2a:68:84:6d:fd:ed:fc:7c:08:4a:d5:be:21:4b:4e:fc:
         88:57:8f:c9:db:5c:45:da:1d:de:a4:4e:5d:ec:22:07:51:59:
         f9:58:e8:99:45:0d:74:96:83:8f:2b:23:b2:7e:b8:1c:e5:36:
         db:e0:38:a0:e2:cf:db:25:c8:af:d3:84:43:53:c9:ff:f1:f6:
         94:44:96:c5:98:d9:39:b0:b4:ba:0b:1b:bc:8c:fb:14:e0:5c:
         00:18:d3:f4:07:35:70:58:22:31:f4:d4:1d:2f:fa:f7:4e:9f:
         30:6c:83:3e:5d:31:dd:cb:19:45:cc:f9:83:b2:e8:ea:75:cc:
         70:db:92:32:e7:c5:83:a9:c5:e8:88:28:02:05:ad:f4:c0:5f:
         1f:d3:6b:ea
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQfjHbRV3UJJBxe2g0QLGv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNWQ0NTY1NGZhNTk3ZDM1MjJlZGExNjg4MzkxOTNlYmU3
ODJlZWYwHhcNMjUwMTAxMDE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTU0NWI2MzdlY2YyOTExZjRmOTQyNTQzYWYyMzdiMTZlYzY0NmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9+0ara/yLLAoJTnFsPIbZSNSgJP
gQVLJ7hNtTyceXRRh8kcsYyYiUpjEIWhND16S5CStqShtjiqxz7m3IhN4lPW4yxr
/dUMFlUa3EKdBJ51hQFzrdGni7Gkjb/1AXV9L3rg3TBjo6B5sQsG1FWYeybkL7/O
ljyJAe2F0DYRahh06Pb/E2cG6IXdi9e4Jg9/AvRenoZdpj2dJ4Gh35wXhWxn6nfx
BHr2VXs+rx2Eg2kh9c2SGMHHLPhMQ0Qyp7ZSap0EHyADsn0C4yyLFlJv0SwI0uqY
b+9wkj4rVHhD0G8E9SKMIbgkgjRrWF7sQXwqxzED9MVKpYwYZ39dCeZ1uwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPVUW2N+zykR9PlCVDryN7FuxkaoMB8GA1UdIwQY
MBaAFFpdRWVPpZfTUi7aFog5GT6+eC7vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2wxRlpVLWxsOU5TTHRvV2lEa1pQcjU0THU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9kZDAwYzEtNzI4YS00YWJiLThjYzIt
Yzk2NDBkMjUwYWZjLzEvOVZSYlkzN1BLUkgwLVVKVU92STNzVzdHUnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9kZDAwYzEtNzI4YS00YWJiLThjYzItYzk2NDBkMjUwYWZj
LzEvV2wxRlpVLWxsOU5TTHRvV2lEa1pQcjU0THU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDURlQAwQE
2UQgMA0EAgACMAcDBQMqBjZAMA0GCSqGSIb3DQEBCwUAA4IBAQACzVFVb4T7bo4N
Eam0jbRrE2AapacCVsllq0bKk0ghSPvjn0mEZOiKV1ba17/pMde6oda/ofi0QA6X
ytu6ir6ylM8KxxbtENSQcckK504pK6nOh/kHHIrXeHfW1yB8lhD5ZR4ZYGgwuYJ2
/c4BWSpohG397fx8CErVviFLTvyIV4/J21xF2h3epE5d7CIHUVn5WOiZRQ10loOP
KyOyfrgc5Tbb4Dig4s/bJciv04RDU8n/8faURJbFmNk5sLS6Cxu8jPsU4FwAGNP0
BzVwWCIx9NQdL/r3Tp8wbIM+XTHdyxlFzPmDsujqdcxw25Iy58WDqcXoiCgCBa30
wF8f02vq
-----END CERTIFICATE-----