Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/luEbamkkQ3JNKI_McJaQ-rwJjV0.roa
File:                     luEbamkkQ3JNKI_McJaQ-rwJjV0.roa (raw, json)
Hash identifier:          ErxV+CJ+EDpVd4vCMZWyy26jRiSWzXrUb4kdxbwG3ZY=
Subject key identifier:   96:E1:1B:6A:69:24:43:72:4D:28:8F:CC:70:96:90:FA:BC:09:8D:5D
Certificate issuer:       /CN=64685a6d73ff5a27e1bc1f9617dfb5508bad293b
Certificate serial:       019420D60BF1AC00C3F56CD247ADB9621D2D
Authority key identifier: 64:68:5A:6D:73:FF:5A:27:E1:BC:1F:96:17:DF:B5:50:8B:AD:29:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZGhabXP_WifhvB-WF9-1UIutKTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/luEbamkkQ3JNKI_McJaQ-rwJjV0.roa
Signing time:             Wed 01 Jan 2025 07:48:06 +0000
ROA not before:           Wed 01 Jan 2025 07:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205000
IP address blocks:        5.182.104.0/23 maxlen: 23
                          194.30.171.0/24 maxlen: 24
                          2a0f:dc80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/ZGhabXP_WifhvB-WF9-1UIutKTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/ZGhabXP_WifhvB-WF9-1UIutKTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZGhabXP_WifhvB-WF9-1UIutKTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:0b:f1:ac:00:c3:f5:6c:d2:47:ad:b9:62:1d:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64685a6d73ff5a27e1bc1f9617dfb5508bad293b
        Validity
            Not Before: Jan  1 07:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96e11b6a692443724d288fcc709690fabc098d5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e9:87:b5:b5:44:4f:ff:02:41:f5:62:69:a2:
                    c0:b2:19:2b:9b:f9:22:a0:60:b4:23:43:87:3a:8f:
                    ef:78:ca:d6:d1:65:32:5c:91:4e:9c:2d:1b:69:08:
                    66:ee:10:a2:6e:a3:f4:59:0d:49:3b:19:ab:b8:75:
                    ad:bc:03:63:5f:eb:fb:de:69:29:3e:56:11:6f:77:
                    53:a8:23:75:d8:b7:fe:6a:d0:30:72:30:50:b2:3e:
                    f0:97:2c:9d:a8:b0:bb:bc:41:f9:3c:ff:2f:b9:82:
                    2f:5a:58:38:8c:67:1f:c4:de:89:69:59:cb:dc:00:
                    18:72:f4:b9:03:a3:a8:81:e2:ec:d4:57:3a:86:bf:
                    94:fc:f3:08:1b:27:45:ef:90:55:fc:82:93:1b:c0:
                    6f:bb:ad:e1:b6:c9:2c:ca:39:4c:e4:c8:ad:ae:ad:
                    e6:17:0c:ea:3a:58:a5:ff:c0:14:ba:15:d5:18:65:
                    ec:4a:00:a0:16:53:7b:31:f5:aa:40:a6:36:b0:7b:
                    97:5c:86:7d:9f:68:83:41:3f:1b:9f:a7:3c:f7:dc:
                    c0:31:87:af:45:c1:f3:48:11:40:9f:3f:99:c5:86:
                    85:1e:66:01:bc:ae:7d:f2:ca:03:95:34:3a:47:b1:
                    2d:1b:06:5a:52:48:93:71:9b:0e:d7:79:5d:ad:12:
                    0d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:E1:1B:6A:69:24:43:72:4D:28:8F:CC:70:96:90:FA:BC:09:8D:5D
            X509v3 Authority Key Identifier:
                keyid:64:68:5A:6D:73:FF:5A:27:E1:BC:1F:96:17:DF:B5:50:8B:AD:29:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZGhabXP_WifhvB-WF9-1UIutKTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/luEbamkkQ3JNKI_McJaQ-rwJjV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/ZGhabXP_WifhvB-WF9-1UIutKTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.104.0/23
                  194.30.171.0/24
                IPv6:
                  2a0f:dc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:26:6b:aa:5f:fa:b9:27:f7:e6:5a:63:a2:be:9a:49:dc:8a:
         df:1e:92:8e:02:d9:22:36:83:74:18:27:4f:e6:84:e8:0f:24:
         1f:bb:e7:a1:c4:74:d3:23:5f:dc:c1:dc:71:13:18:a7:e5:ed:
         48:f9:0d:7c:9d:c0:6d:a4:e2:01:37:23:fc:2d:2c:52:97:e8:
         81:36:e6:a1:59:5e:b6:bb:da:c6:d7:26:33:49:a3:e3:03:90:
         70:35:ee:64:20:d8:a3:73:41:bc:3a:73:9c:de:36:b8:9d:c5:
         91:8d:94:92:6f:0e:d0:3f:f7:22:8e:c5:96:35:fb:dd:41:1a:
         b4:aa:5c:83:6c:f1:2f:6c:f6:9c:73:f4:45:77:8b:0e:54:6f:
         b1:7f:81:16:b1:61:73:22:ec:06:66:29:ae:95:69:e0:80:87:
         12:2c:78:ea:46:24:87:bb:05:68:c1:dd:17:a7:ae:d9:3b:92:
         95:21:15:9d:cc:41:56:27:45:e8:bd:b0:c4:d1:72:c5:85:9d:
         43:5f:aa:cd:5d:7c:4f:8f:f8:7d:ca:52:d2:28:4a:eb:f3:f5:
         2d:31:fb:c7:3a:31:8b:fc:9d:3a:78:d4:36:aa:a3:f7:da:32:
         03:1e:3b:2a:c7:c5:71:b7:55:ff:62:74:9d:81:03:3a:00:19:
         c5:fd:9a:cc
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1gvxrADD9WzSR625Yh0tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0Njg1YTZkNzNmZjVhMjdlMWJjMWY5NjE3ZGZiNTUwOGJh
ZDI5M2IwHhcNMjUwMTAxMDc0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmUxMWI2YTY5MjQ0MzcyNGQyODhmY2M3MDk2OTBmYWJjMDk4ZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OmHtbVET/8CQfViaaLAshkrm/ki
oGC0I0OHOo/veMrW0WUyXJFOnC0baQhm7hCibqP0WQ1JOxmruHWtvANjX+v73mkp
PlYRb3dTqCN12Lf+atAwcjBQsj7wlyydqLC7vEH5PP8vuYIvWlg4jGcfxN6JaVnL
3AAYcvS5A6OogeLs1Fc6hr+U/PMIGydF75BV/IKTG8Bvu63htsksyjlM5Mitrq3m
FwzqOlil/8AUuhXVGGXsSgCgFlN7MfWqQKY2sHuXXIZ9n2iDQT8bn6c899zAMYev
RcHzSBFAnz+ZxYaFHmYBvK598soDlTQ6R7EtGwZaUkiTcZsO13ldrRINiwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJbhG2ppJENyTSiPzHCWkPq8CY1dMB8GA1UdIwQY
MBaAFGRoWm1z/1on4bwflhfftVCLrSk7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkdoYWJYUF9XaWZodkItV0Y5LTFVSXV0S1RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYjNmMWMtYmJlZi00ZDM1LTgxNDYt
YzQ4YjI1Zjc4NDZmLzEvbHVFYmFta2tRM0pOS0lfTWNKYVEtcndKalYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYjNmMWMtYmJlZi00ZDM1LTgxNDYtYzQ4YjI1Zjc4NDZm
LzEvWkdoYWJYUF9XaWZodkItV0Y5LTFVSXV0S1RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBBbZoAwQA
wh6rMA0EAgACMAcDBQMqD9yAMA0GCSqGSIb3DQEBCwUAA4IBAQBFJmuqX/q5J/fm
WmOivppJ3IrfHpKOAtkiNoN0GCdP5oToDyQfu+ehxHTTI1/cwdxxExin5e1I+Q18
ncBtpOIBNyP8LSxSl+iBNuahWV62u9rG1yYzSaPjA5BwNe5kINijc0G8OnOc3ja4
ncWRjZSSbw7QP/cijsWWNfvdQRq0qlyDbPEvbPacc/RFd4sOVG+xf4EWsWFzIuwG
ZimulWnggIcSLHjqRiSHuwVowd0Xp67ZO5KVIRWdzEFWJ0XovbDE0XLFhZ1DX6rN
XXxPj/h9ylLSKErr8/UtMfvHOjGL/J06eNQ2qqP32jIDHjsqx8Vxt1X/YnSdgQM6
ABnF/ZrM
-----END CERTIFICATE-----