Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/SlYMmAICb8HbyGHP_Vnxv-4Fj6w.roa
File:                     SlYMmAICb8HbyGHP_Vnxv-4Fj6w.roa (raw, json)
Hash identifier:          HgRW+R9snP3UMWLesDAzp78gH6EZAYQYPah0SUB/b8E=
Subject key identifier:   4A:56:0C:98:02:02:6F:C1:DB:C8:61:CF:FD:59:F1:BF:EE:05:8F:AC
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       019648CE6EC95F34E1C172C33346F7154581
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/SlYMmAICb8HbyGHP_Vnxv-4Fj6w.roa
Signing time:             Fri 18 Apr 2025 12:10:10 +0000
ROA not before:           Fri 18 Apr 2025 12:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210976
IP address blocks:        80.85.242.0/24 maxlen: 24
                          80.85.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 16:41:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:48:ce:6e:c9:5f:34:e1:c1:72:c3:33:46:f7:15:45:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Apr 18 12:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a560c9802026fc1dbc861cffd59f1bfee058fac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:bd:a7:6f:ec:95:6d:50:0d:70:bd:97:d1:c0:
                    7a:21:3b:ab:67:49:47:d3:56:c2:a9:fb:be:1a:8c:
                    3a:1f:d4:f4:7d:56:26:90:88:b5:b3:71:39:4f:a4:
                    d0:c4:4d:80:28:ef:ec:cc:c7:05:77:92:10:cc:9d:
                    b3:da:03:29:9e:6c:be:af:00:61:34:a4:d3:02:62:
                    b8:c8:db:cf:d6:82:ff:ae:2f:89:5c:a2:85:6e:df:
                    61:86:19:f9:4d:53:6b:de:e9:d0:51:3e:43:1c:0d:
                    02:a6:25:11:d4:a2:b4:d1:88:16:b9:03:4f:84:39:
                    28:fb:47:82:9a:42:16:26:d0:09:a5:55:95:3a:4a:
                    a0:ed:7b:64:59:39:34:2b:be:9b:32:3c:f1:73:20:
                    f5:e9:9d:bf:21:60:aa:70:0e:00:e6:96:60:47:a6:
                    be:6c:28:d0:b6:c7:01:b2:20:66:a7:7d:9a:ed:57:
                    b0:05:91:b8:9b:0a:4f:f8:eb:5c:79:a3:b7:02:d6:
                    28:56:43:0a:f7:7b:36:e0:47:89:f2:fe:b5:38:63:
                    ee:b3:b4:95:75:ff:a1:8b:d7:e1:3f:48:38:20:20:
                    3c:aa:67:37:dd:df:4f:25:1f:fc:cc:aa:d8:80:18:
                    42:9b:90:b9:27:0d:68:fc:bd:6c:eb:11:53:b8:7f:
                    d8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:56:0C:98:02:02:6F:C1:DB:C8:61:CF:FD:59:F1:BF:EE:05:8F:AC
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/SlYMmAICb8HbyGHP_Vnxv-4Fj6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:5b:7a:77:1a:8b:4f:9b:70:1a:c6:94:58:92:56:59:45:7e:
         d5:a1:a0:a3:bc:b2:4a:6b:06:a6:38:55:78:cc:e5:52:0c:ab:
         a8:2e:44:77:cf:c9:67:8b:ea:42:df:d9:33:71:83:a4:0c:2e:
         e7:17:ba:3f:fb:99:17:b8:40:3c:27:22:78:00:29:8e:ff:9c:
         11:90:11:30:19:80:57:e2:d2:70:bb:8d:ea:d7:45:b5:54:7d:
         4b:b3:55:b4:30:b8:52:6d:74:1a:c4:71:26:34:d5:e8:00:ae:
         7a:16:83:d7:1f:d5:42:5c:b3:25:d8:30:b9:79:cd:d3:b2:e0:
         32:74:97:25:67:92:2f:ef:e0:08:df:73:ba:23:d6:16:70:12:
         16:95:04:5c:77:40:12:cb:ff:c4:c5:2c:1b:8f:06:ca:66:b5:
         df:08:40:44:2f:a8:68:51:4e:d2:f0:6b:cf:d7:cf:83:ab:58:
         86:e5:7a:7d:a0:a3:89:32:3c:ed:7c:04:04:b9:3f:2c:60:1e:
         8f:f7:2b:80:c4:71:38:53:47:fe:17:78:4d:c6:27:38:c5:f0:
         b6:98:e1:b4:52:3b:7b:ce:8e:3d:8e:3a:58:60:b0:58:c4:40:
         4d:a2:28:fd:a4:77:23:0c:cc:86:5f:66:71:ab:5d:68:d8:84:
         cc:11:3c:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZIzm7JXzThwXLDM0b3FUWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwNDE4MTIxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTU2MGM5ODAyMDI2ZmMxZGJjODYxY2ZmZDU5ZjFiZmVlMDU4ZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiL2nb+yVbVANcL2X0cB6ITurZ0lH
01bCqfu+Gow6H9T0fVYmkIi1s3E5T6TQxE2AKO/szMcFd5IQzJ2z2gMpnmy+rwBh
NKTTAmK4yNvP1oL/ri+JXKKFbt9hhhn5TVNr3unQUT5DHA0CpiUR1KK00YgWuQNP
hDko+0eCmkIWJtAJpVWVOkqg7XtkWTk0K76bMjzxcyD16Z2/IWCqcA4A5pZgR6a+
bCjQtscBsiBmp32a7VewBZG4mwpP+OtceaO3AtYoVkMK93s24EeJ8v61OGPus7SV
df+hi9fhP0g4ICA8qmc33d9PJR/8zKrYgBhCm5C5Jw1o/L1s6xFTuH/Y7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpWDJgCAm/B28hhz/1Z8b/uBY+sMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvU2xZTW1BSUNiOEhieUdIUF9Wbnh2LTRGajZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFXyMA0G
CSqGSIb3DQEBCwUAA4IBAQAdW3p3GotPm3AaxpRYklZZRX7VoaCjvLJKawamOFV4
zOVSDKuoLkR3z8lni+pC39kzcYOkDC7nF7o/+5kXuEA8JyJ4ACmO/5wRkBEwGYBX
4tJwu43q10W1VH1Ls1W0MLhSbXQaxHEmNNXoAK56FoPXH9VCXLMl2DC5ec3TsuAy
dJclZ5Iv7+AI33O6I9YWcBIWlQRcd0ASy//ExSwbjwbKZrXfCEBEL6hoUU7S8GvP
18+Dq1iG5Xp9oKOJMjztfAQEuT8sYB6P9yuAxHE4U0f+F3hNxic4xfC2mOG0Ujt7
zo49jjpYYLBYxEBNoij9pHcjDMyGX2Zxq11o2ITMETxc
-----END CERTIFICATE-----