Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/OLK5mMnmLhitHumO0d8oeeJuOEI.roa
File:                     OLK5mMnmLhitHumO0d8oeeJuOEI.roa (raw, json)
Hash identifier:          mWUPjiXDM5Ph9fy+UpY4upkwILUsr72MpLxd1gsl6bA=
Subject key identifier:   38:B2:B9:98:C9:E6:2E:18:AD:1E:E9:8E:D1:DF:28:79:E2:6E:38:42
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F85DBA929ABAF332D23AA92149671
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/OLK5mMnmLhitHumO0d8oeeJuOEI.roa
Signing time:             Thu 02 Jan 2025 05:49:10 +0000
ROA not before:           Thu 02 Jan 2025 05:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24940
IP address blocks:        45.148.28.0/22 maxlen: 22
                          217.78.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:85:db:a9:29:ab:af:33:2d:23:aa:92:14:96:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38b2b998c9e62e18ad1ee98ed1df2879e26e3842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:00:04:db:db:f3:f9:15:6b:27:94:b9:05:9c:
                    7f:aa:11:62:ae:e8:94:26:61:43:9f:05:61:8e:7a:
                    1b:76:2e:2c:ac:15:d7:c2:7b:70:0e:c5:56:62:24:
                    4e:0d:f7:0f:5f:3e:91:64:32:ac:ae:13:4a:bf:0a:
                    20:31:25:b2:59:f0:67:5e:2f:75:86:50:a9:66:c3:
                    4a:f5:4c:0b:eb:b2:11:57:6f:1e:af:32:1d:7e:c1:
                    3a:f7:47:f7:86:bc:89:1e:70:71:a2:ce:48:dd:7c:
                    ea:5a:66:fc:f9:8b:8b:df:7b:b5:c9:26:1c:4b:1f:
                    3f:bd:e5:1d:c7:02:9f:94:b2:84:ef:ae:83:bd:61:
                    2b:5c:38:7d:dd:97:94:d3:08:14:1d:db:0b:f7:fc:
                    c3:4e:5a:8f:54:8b:2c:eb:73:96:c4:42:ed:bf:a9:
                    76:77:af:3d:3b:85:b3:e4:67:e9:87:1e:51:35:c0:
                    6f:52:ee:eb:61:ab:d5:94:18:3c:c8:71:0a:ed:22:
                    de:8c:d5:48:6d:ce:64:ec:c4:ff:aa:30:76:88:c6:
                    5f:e9:91:47:dc:f2:92:bc:71:62:37:c5:69:3d:2c:
                    cc:5e:78:1b:85:79:cd:21:95:ca:9f:8d:85:97:31:
                    c9:74:c4:6b:63:70:4d:ba:f6:c9:f1:63:c7:1d:d5:
                    28:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B2:B9:98:C9:E6:2E:18:AD:1E:E9:8E:D1:DF:28:79:E2:6E:38:42
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/OLK5mMnmLhitHumO0d8oeeJuOEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.28.0/22
                  217.78.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:26:bc:fe:11:5d:df:4c:07:c1:31:77:5f:37:80:73:2d:73:
         86:24:d0:dc:d8:92:c7:f2:6f:6b:1a:20:4f:65:c7:55:7b:e7:
         ee:af:69:2c:dd:5f:0c:59:70:69:14:fa:7e:d0:d4:7a:d7:b5:
         04:fa:b1:64:bd:f9:ca:45:f1:c3:52:1c:1a:4d:95:41:2e:f8:
         58:ae:5d:b4:84:b5:0d:ae:05:59:90:dc:55:f4:d7:ee:d0:9e:
         b1:cf:58:58:c2:18:05:db:70:31:cd:bc:23:ba:cd:5f:73:28:
         8a:d8:6d:9f:5a:5b:c9:8f:df:65:9d:73:95:66:a9:a3:43:f5:
         a8:54:7e:5f:8b:19:13:0b:52:8b:0b:4f:9d:45:55:fa:eb:01:
         2b:5c:a5:dc:2a:b9:b3:10:9e:c2:b3:46:ef:55:b7:17:a2:8e:
         c6:94:94:c9:1a:06:75:f3:ae:e0:db:a3:d4:d9:b8:85:84:c2:
         f6:f5:71:11:e0:a5:43:2e:71:a1:33:5f:63:31:74:2f:1f:f6:
         76:6d:85:14:8c:88:94:92:52:82:46:e1:59:d1:c4:56:38:ac:
         f9:17:04:92:88:27:6d:9e:8f:e7:c7:b1:90:23:f7:67:30:64:
         ff:77:ec:2c:5b:5c:f0:db:f9:25:04:d6:f9:aa:d5:e8:1c:49:
         aa:ec:0d:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj4XbqSmrrzMtI6qSFJZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGIyYjk5OGM5ZTYyZTE4YWQxZWU5OGVkMWRmMjg3OWUyNmUzODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAAE29vz+RVrJ5S5BZx/qhFiruiU
JmFDnwVhjnobdi4srBXXwntwDsVWYiRODfcPXz6RZDKsrhNKvwogMSWyWfBnXi91
hlCpZsNK9UwL67IRV28erzIdfsE690f3hryJHnBxos5I3XzqWmb8+YuL33u1ySYc
Sx8/veUdxwKflLKE766DvWErXDh93ZeU0wgUHdsL9/zDTlqPVIss63OWxELtv6l2
d689O4Wz5Gfphx5RNcBvUu7rYavVlBg8yHEK7SLejNVIbc5k7MT/qjB2iMZf6ZFH
3PKSvHFiN8VpPSzMXngbhXnNIZXKn42FlzHJdMRrY3BNuvbJ8WPHHdUoowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDiyuZjJ5i4YrR7pjtHfKHnibjhCMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvT0xLNW1Nbm1MaGl0SHVtTzBkOG9lZUp1T0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZQcAwQA
2U7tMA0GCSqGSIb3DQEBCwUAA4IBAQANJrz+EV3fTAfBMXdfN4BzLXOGJNDc2JLH
8m9rGiBPZcdVe+fur2ks3V8MWXBpFPp+0NR617UE+rFkvfnKRfHDUhwaTZVBLvhY
rl20hLUNrgVZkNxV9Nfu0J6xz1hYwhgF23Axzbwjus1fcyiK2G2fWlvJj99lnXOV
ZqmjQ/WoVH5fixkTC1KLC0+dRVX66wErXKXcKrmzEJ7Cs0bvVbcXoo7GlJTJGgZ1
867g26PU2biFhML29XER4KVDLnGhM19jMXQvH/Z2bYUUjIiUklKCRuFZ0cRWOKz5
FwSSiCdtno/nx7GQI/dnMGT/d+wsW1zw2/klBNb5qtXoHEmq7A1Z
-----END CERTIFICATE-----