Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/RfDUK-g_4ciPKWxKzsIzGbnXSw4.roa
File:                     RfDUK-g_4ciPKWxKzsIzGbnXSw4.roa (raw, json)
Hash identifier:          KjPS6okwubpbXMXEgYpvaZPqS6MnEfX3MAlMwdnE+CQ=
Subject key identifier:   45:F0:D4:2B:E8:3F:E1:C8:8F:29:6C:4A:CE:C2:33:19:B9:D7:4B:0E
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C80D7DB41489C594ACB743ED66C75
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/RfDUK-g_4ciPKWxKzsIzGbnXSw4.roa
Signing time:             Thu 02 Jan 2025 09:50:32 +0000
ROA not before:           Thu 02 Jan 2025 09:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60716
IP address blocks:        5.140.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:80:d7:db:41:48:9c:59:4a:cb:74:3e:d6:6c:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45f0d42be83fe1c88f296c4acec23319b9d74b0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3f:72:fd:e2:bc:d0:35:b2:74:64:98:87:fe:
                    c5:2b:1e:1a:f8:e9:3b:fe:c7:54:6c:f1:42:3a:60:
                    a6:03:cf:8d:cb:0b:15:94:3a:31:bf:87:dc:9c:1d:
                    89:d6:ca:71:9d:77:25:f5:d1:9e:9d:66:57:d8:07:
                    62:b4:a6:a3:9c:c0:40:36:ea:39:fb:2d:87:92:14:
                    37:f0:77:bb:41:a7:46:15:61:9d:35:f6:2a:0d:71:
                    b6:20:54:45:2e:db:cb:89:f7:ff:13:a0:72:56:95:
                    47:1c:64:69:61:23:c0:c1:a4:64:1d:68:b6:90:c0:
                    9e:59:14:ec:96:88:ce:74:3b:a2:bf:98:3c:6a:ce:
                    25:cc:82:ef:20:f5:2c:d9:8b:25:3c:72:a0:65:5b:
                    2b:7f:c8:bd:84:ea:51:c0:21:f7:87:aa:55:8b:ae:
                    e8:fc:2f:0a:82:48:f9:e3:8d:f9:86:9f:63:32:24:
                    15:27:6d:0e:e2:78:a3:5e:e8:fb:9b:72:2c:66:8b:
                    06:93:c1:ad:04:03:91:a5:77:36:a4:5d:0b:9a:a2:
                    b2:ba:49:cf:63:0b:1e:b7:4f:f2:e4:32:0e:69:8c:
                    d5:e0:ad:0a:e8:bf:87:8c:96:63:ab:43:54:73:5c:
                    54:61:08:73:bf:f2:8c:9f:c2:63:bb:69:c8:ab:1e:
                    2d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:F0:D4:2B:E8:3F:E1:C8:8F:29:6C:4A:CE:C2:33:19:B9:D7:4B:0E
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/RfDUK-g_4ciPKWxKzsIzGbnXSw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.140.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:eb:39:34:01:88:55:5c:b7:6b:58:a3:68:ab:48:22:14:15:
         b5:8a:e8:ef:00:40:ba:80:27:92:36:91:2d:ff:ff:93:0d:2f:
         9a:11:9b:aa:86:f4:a4:bb:92:09:18:9b:aa:d0:21:f9:44:cd:
         81:a4:db:0c:18:ce:a0:6e:fc:73:55:b3:68:93:81:84:a2:81:
         c9:c5:4f:98:95:2a:61:85:74:4d:a5:b8:5a:ae:6f:46:a9:56:
         07:74:95:84:b9:59:39:6d:ef:ac:d1:86:44:03:20:2a:5b:88:
         eb:e5:20:c7:86:ab:04:51:67:9a:51:02:53:0e:06:43:d5:42:
         8a:de:c0:ba:80:08:37:10:69:0a:e3:aa:0c:67:66:9c:4b:d0:
         b3:e3:79:c9:bf:d4:7e:f1:ca:04:70:13:d9:cf:ef:84:76:70:
         e0:04:06:cb:19:45:3c:24:0a:a6:e8:0a:6e:b2:10:40:6c:dd:
         86:ff:7f:78:cd:9f:35:da:f6:4c:42:7f:dc:33:a0:d2:ca:2d:
         4d:ee:2c:f2:5a:ef:b6:46:b8:55:15:36:bb:c0:e5:fb:13:18:
         ad:02:91:93:94:3f:28:9d:da:69:94:16:78:e6:77:b4:1a:80:
         2c:b8:e6:43:d0:c4:08:f6:4a:fb:d2:bd:1e:cb:fe:37:03:76:
         8a:6d:fc:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbIDX20FInFlKy3Q+1mx1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWYwZDQyYmU4M2ZlMWM4OGYyOTZjNGFjZWMyMzMxOWI5ZDc0YjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuT9y/eK80DWydGSYh/7FKx4a+Ok7
/sdUbPFCOmCmA8+NywsVlDoxv4fcnB2J1spxnXcl9dGenWZX2AditKajnMBANuo5
+y2HkhQ38He7QadGFWGdNfYqDXG2IFRFLtvLiff/E6ByVpVHHGRpYSPAwaRkHWi2
kMCeWRTslojOdDuiv5g8as4lzILvIPUs2YslPHKgZVsrf8i9hOpRwCH3h6pVi67o
/C8Kgkj54435hp9jMiQVJ20O4nijXuj7m3IsZosGk8GtBAORpXc2pF0LmqKyuknP
Ywset0/y5DIOaYzV4K0K6L+HjJZjq0NUc1xUYQhzv/KMn8Jju2nIqx4t5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXw1CvoP+HIjylsSs7CMxm510sOMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvUmZEVUstZ180Y2lQS1d4S3pzSXpHYm5YU3c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYyhMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ6zk0AYhVXLdrWKNoq0giFBW1iujvAEC6gCeSNpEt
//+TDS+aEZuqhvSku5IJGJuq0CH5RM2BpNsMGM6gbvxzVbNok4GEooHJxU+YlSph
hXRNpbharm9GqVYHdJWEuVk5be+s0YZEAyAqW4jr5SDHhqsEUWeaUQJTDgZD1UKK
3sC6gAg3EGkK46oMZ2acS9Cz43nJv9R+8coEcBPZz++EdnDgBAbLGUU8JAqm6Apu
shBAbN2G/394zZ812vZMQn/cM6DSyi1N7izyWu+2RrhVFTa7wOX7ExitApGTlD8o
ndpplBZ45ne0GoAsuOZD0MQI9kr70r0ey/43A3aKbfyF
-----END CERTIFICATE-----