Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/iLANhbyVV3zbKcRa5e1j5ys5bQ8.roa
File:                     iLANhbyVV3zbKcRa5e1j5ys5bQ8.roa (raw, json)
Hash identifier:          HvIZEmUJodoCUOQJmSLlhYyGWehRd8s2eUB4GrSGatI=
Subject key identifier:   88:B0:0D:85:BC:95:57:7C:DB:29:C4:5A:E5:ED:63:E7:2B:39:6D:0F
Certificate issuer:       /CN=20820f796481ac0e9637c962414597b1fe227c24
Certificate serial:       01965D826B3549F84EB9D423D5E915A98D36
Authority key identifier: 20:82:0F:79:64:81:AC:0E:96:37:C9:62:41:45:97:B1:FE:22:7C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IIIPeWSBrA6WN8liQUWXsf4ifCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/iLANhbyVV3zbKcRa5e1j5ys5bQ8.roa
Signing time:             Tue 22 Apr 2025 12:39:10 +0000
ROA not before:           Tue 22 Apr 2025 12:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140079
IP address blocks:        5.145.180.0/23 maxlen: 23
                          5.145.180.0/24 maxlen: 24
                          5.145.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/IIIPeWSBrA6WN8liQUWXsf4ifCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/IIIPeWSBrA6WN8liQUWXsf4ifCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IIIPeWSBrA6WN8liQUWXsf4ifCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5d:82:6b:35:49:f8:4e:b9:d4:23:d5:e9:15:a9:8d:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20820f796481ac0e9637c962414597b1fe227c24
        Validity
            Not Before: Apr 22 12:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88b00d85bc95577cdb29c45ae5ed63e72b396d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e1:d0:e4:be:0b:8b:9e:78:b0:ac:e6:df:4e:
                    e1:88:19:cc:c2:5f:68:e7:b3:72:4e:9b:bc:17:65:
                    7b:ab:43:66:cd:a1:ef:37:e3:22:a9:f1:aa:3e:06:
                    f6:c0:4c:ea:fe:60:89:02:bb:d5:65:40:f2:88:54:
                    3c:41:a4:54:b6:bb:9f:a3:a8:ad:33:82:53:ab:7b:
                    6e:c2:b2:07:11:93:f8:70:d5:62:1c:f2:fb:f6:3f:
                    59:38:96:e5:c6:5d:84:3e:52:2b:c2:90:1c:c3:7e:
                    fd:a8:94:4b:c5:0a:71:c8:63:68:c2:49:d9:d9:82:
                    62:f4:79:aa:a9:8c:8c:d8:55:54:aa:9d:e0:ef:9e:
                    08:de:31:f6:26:42:00:9f:8c:3c:1c:53:78:d0:ce:
                    53:30:7b:13:0a:a2:6a:59:60:7c:b8:af:0a:dd:80:
                    ad:ba:51:cb:35:ea:65:3f:24:b2:c6:e3:0e:ee:57:
                    78:ec:b3:22:d2:6c:cf:93:0a:f8:2f:26:d1:ca:f0:
                    0b:69:19:0c:71:97:1e:2c:cb:93:83:dd:cb:68:f6:
                    78:19:30:6e:9c:66:73:0f:7d:b5:21:04:79:6c:f2:
                    d3:f2:ee:69:e6:7e:d8:8c:c8:7b:56:5e:c7:0c:0a:
                    59:07:99:be:81:80:90:d6:a0:32:23:48:79:e2:59:
                    df:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B0:0D:85:BC:95:57:7C:DB:29:C4:5A:E5:ED:63:E7:2B:39:6D:0F
            X509v3 Authority Key Identifier:
                keyid:20:82:0F:79:64:81:AC:0E:96:37:C9:62:41:45:97:B1:FE:22:7C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IIIPeWSBrA6WN8liQUWXsf4ifCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/iLANhbyVV3zbKcRa5e1j5ys5bQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/IIIPeWSBrA6WN8liQUWXsf4ifCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:d0:e4:61:9f:38:bf:28:58:7d:33:78:6d:b8:5b:c8:0e:68:
         e6:00:01:1b:4a:a8:ab:18:3f:8b:04:72:8a:5b:27:b8:68:7e:
         c6:6b:36:fd:c2:22:4e:94:60:24:2e:94:0b:18:69:46:00:0a:
         1d:7a:00:df:5f:3e:60:45:f2:b8:68:94:6d:a2:c3:6b:b9:fa:
         1e:94:a2:65:1d:84:5e:65:7d:b6:63:65:7a:a8:ea:01:55:41:
         82:5b:f6:12:42:d0:23:48:1f:35:7f:ed:ba:2b:f2:e2:9d:48:
         f6:dc:3d:e1:5f:73:13:5d:3a:ca:ea:cb:69:77:5b:82:68:fd:
         35:06:18:e6:10:c0:b6:79:0a:f4:01:c6:f1:4e:5c:58:10:99:
         fd:04:5b:f6:da:7c:73:51:57:3d:db:33:1d:73:44:3a:b0:9f:
         25:f8:90:c1:b1:08:bd:d6:d2:a4:93:6b:53:95:bf:90:9d:aa:
         41:45:39:b6:06:c4:d9:23:ce:4f:f8:43:80:d4:9e:cc:cb:30:
         5f:d0:fc:28:17:6f:ca:2a:77:67:b7:c5:16:34:7d:79:44:27:
         c8:67:09:eb:fe:46:2c:cb:d4:7c:57:f9:49:76:24:97:f8:da:
         e0:48:55:be:00:a7:8c:57:ac:04:7d:6b:f4:48:d8:f9:82:ac:
         e2:55:2e:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZdgms1SfhOudQj1ekVqY02MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwODIwZjc5NjQ4MWFjMGU5NjM3Yzk2MjQxNDU5N2IxZmUy
MjdjMjQwHhcNMjUwNDIyMTIzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGIwMGQ4NWJjOTU1NzdjZGIyOWM0NWFlNWVkNjNlNzJiMzk2ZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+HQ5L4Li554sKzm307hiBnMwl9o
57NyTpu8F2V7q0NmzaHvN+MiqfGqPgb2wEzq/mCJArvVZUDyiFQ8QaRUtrufo6it
M4JTq3tuwrIHEZP4cNViHPL79j9ZOJblxl2EPlIrwpAcw379qJRLxQpxyGNowknZ
2YJi9HmqqYyM2FVUqp3g754I3jH2JkIAn4w8HFN40M5TMHsTCqJqWWB8uK8K3YCt
ulHLNeplPySyxuMO7ld47LMi0mzPkwr4LybRyvALaRkMcZceLMuTg93LaPZ4GTBu
nGZzD321IQR5bPLT8u5p5n7YjMh7Vl7HDApZB5m+gYCQ1qAyI0h54lnfQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiwDYW8lVd82ynEWuXtY+crOW0PMB8GA1UdIwQY
MBaAFCCCD3lkgawOljfJYkFFl7H+InwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUlJUGVXU0JyQTZXTjhsaVFVV1hzZjRpZkNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iOThiOWYtYjU4MS00ZTNlLWFlOGEt
OTg3ZDg2OTU2NmY2LzEvaUxBTmhieVZWM3piS2NSYTVlMWo1eXM1YlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iOThiOWYtYjU4MS00ZTNlLWFlOGEtOTg3ZDg2OTU2NmY2
LzEvSUlJUGVXU0JyQTZXTjhsaVFVV1hzZjRpZkNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBZG0MA0G
CSqGSIb3DQEBCwUAA4IBAQCL0ORhnzi/KFh9M3htuFvIDmjmAAEbSqirGD+LBHKK
Wye4aH7Gazb9wiJOlGAkLpQLGGlGAAodegDfXz5gRfK4aJRtosNrufoelKJlHYRe
ZX22Y2V6qOoBVUGCW/YSQtAjSB81f+26K/LinUj23D3hX3MTXTrK6stpd1uCaP01
BhjmEMC2eQr0AcbxTlxYEJn9BFv22nxzUVc92zMdc0Q6sJ8l+JDBsQi91tKkk2tT
lb+QnapBRTm2BsTZI85P+EOA1J7MyzBf0PwoF2/KKndnt8UWNH15RCfIZwnr/kYs
y9R8V/lJdiSX+NrgSFW+AKeMV6wEfWv0SNj5gqziVS6s
-----END CERTIFICATE-----