Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/X5-V0n6yN80zazhfKC-inEW3Q-g.roa
File:                     X5-V0n6yN80zazhfKC-inEW3Q-g.roa (raw, json)
Hash identifier:          ltmVmMUB0Wliy/gqDGqir6t9HKhl/Si7s3Wu5L76zuU=
Subject key identifier:   5F:9F:95:D2:7E:B2:37:CD:33:6B:38:5F:28:2F:A2:9C:45:B7:43:E8
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       01953DB627848BDB0F5381B438AF78B066D4
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/X5-V0n6yN80zazhfKC-inEW3Q-g.roa
Signing time:             Tue 25 Feb 2025 15:25:02 +0000
ROA not before:           Tue 25 Feb 2025 15:25:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        80.85.242.0/24 maxlen: 24
                          80.85.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3d:b6:27:84:8b:db:0f:53:81:b4:38:af:78:b0:66:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Feb 25 15:25:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f9f95d27eb237cd336b385f282fa29c45b743e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:80:49:f9:23:b5:1e:07:30:60:3a:f8:ab:ed:
                    b2:98:a8:9e:1b:b9:6e:a8:40:63:e1:16:82:c3:93:
                    17:fc:f5:2e:b5:6c:61:1a:04:ee:3f:87:68:43:ef:
                    1c:77:78:ae:3a:54:b7:96:6f:37:54:42:d5:eb:81:
                    c5:d6:1a:ef:9b:37:aa:03:98:1e:b0:66:30:80:51:
                    65:65:7f:e3:6a:32:ea:f9:8f:32:9c:d6:51:4d:59:
                    0b:81:5a:9a:0b:66:9b:aa:ba:08:06:df:4c:02:b2:
                    a5:ba:d4:13:bd:77:19:2e:dc:48:b1:f5:00:67:0d:
                    83:bd:c4:eb:39:9f:2c:a7:8b:e9:79:0b:9a:e1:52:
                    11:46:aa:74:b9:78:52:4b:d9:91:65:f2:57:fa:73:
                    99:b3:9e:43:97:3b:df:ae:48:7c:8c:bd:69:a1:80:
                    c3:49:d8:3a:f5:16:17:27:c2:be:d3:11:17:5e:50:
                    30:06:03:76:63:6b:52:11:af:c5:e2:de:dc:5e:4f:
                    99:19:6f:e7:3e:b5:3b:47:3c:bf:d8:01:85:9d:8b:
                    69:11:7d:71:4a:b6:07:de:82:1f:89:e4:cc:70:e9:
                    bd:36:e5:3e:1b:1b:21:1b:04:a7:cb:f9:1b:9f:b0:
                    82:1c:98:a3:66:8c:7e:a9:6c:0b:20:ce:f4:22:43:
                    f5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:9F:95:D2:7E:B2:37:CD:33:6B:38:5F:28:2F:A2:9C:45:B7:43:E8
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/X5-V0n6yN80zazhfKC-inEW3Q-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:14:24:9f:25:be:d3:55:1f:3f:6f:dd:a6:69:3d:dc:b8:d4:
         df:33:19:df:1d:16:68:40:16:29:b6:cd:4b:82:72:e6:48:99:
         c5:92:f0:3c:2e:82:36:61:95:5a:7b:2d:1e:64:80:8b:55:d7:
         82:3a:f4:d7:42:53:3e:90:dd:bc:88:9b:1e:ab:c6:52:47:21:
         9c:28:ac:c5:7e:10:fd:f0:63:10:9e:5f:6d:61:94:cb:c7:71:
         0a:b5:56:7b:90:bc:82:74:2a:1a:0a:e6:d9:dc:f1:5e:53:20:
         5d:4f:ad:70:2e:cb:59:7f:b3:43:c8:c3:3e:91:d0:9c:27:7c:
         7d:30:60:2f:d1:9c:fd:b6:75:79:3d:e4:51:54:28:a0:b4:f1:
         99:72:54:21:0f:39:1b:75:b8:5e:03:a9:6c:11:59:7b:cf:2e:
         2c:b8:8f:a9:0c:e0:b1:2a:01:1a:61:c2:df:a2:b4:9b:65:bc:
         01:4d:b2:c1:77:ce:4c:c7:8e:09:da:e7:c1:4a:c1:9d:66:c2:
         b7:79:52:b8:7c:04:06:f0:23:0f:fa:c2:24:a3:75:83:2e:de:
         9c:ca:9b:8e:dd:97:d3:61:ac:52:7e:16:e2:37:af:24:ed:45:
         ca:39:d0:88:53:56:cd:7a:10:a3:dd:80:07:65:86:bd:65:11:
         43:51:99:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU9tieEi9sPU4G0OK94sGbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwMjI1MTUyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjlmOTVkMjdlYjIzN2NkMzM2YjM4NWYyODJmYTI5YzQ1Yjc0M2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYBJ+SO1HgcwYDr4q+2ymKieG7lu
qEBj4RaCw5MX/PUutWxhGgTuP4doQ+8cd3iuOlS3lm83VELV64HF1hrvmzeqA5ge
sGYwgFFlZX/jajLq+Y8ynNZRTVkLgVqaC2abqroIBt9MArKlutQTvXcZLtxIsfUA
Zw2DvcTrOZ8sp4vpeQua4VIRRqp0uXhSS9mRZfJX+nOZs55Dlzvfrkh8jL1poYDD
Sdg69RYXJ8K+0xEXXlAwBgN2Y2tSEa/F4t7cXk+ZGW/nPrU7Rzy/2AGFnYtpEX1x
SrYH3oIfieTMcOm9NuU+GxshGwSny/kbn7CCHJijZox+qWwLIM70IkP1nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+fldJ+sjfNM2s4XygvopxFt0PoMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvWDUtVjBuNnlOODB6YXpoZktDLWluRVczUS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFXyMA0G
CSqGSIb3DQEBCwUAA4IBAQBhFCSfJb7TVR8/b92maT3cuNTfMxnfHRZoQBYpts1L
gnLmSJnFkvA8LoI2YZVaey0eZICLVdeCOvTXQlM+kN28iJseq8ZSRyGcKKzFfhD9
8GMQnl9tYZTLx3EKtVZ7kLyCdCoaCubZ3PFeUyBdT61wLstZf7NDyMM+kdCcJ3x9
MGAv0Zz9tnV5PeRRVCigtPGZclQhDzkbdbheA6lsEVl7zy4suI+pDOCxKgEaYcLf
orSbZbwBTbLBd85Mx44J2ufBSsGdZsK3eVK4fAQG8CMP+sIko3WDLt6cypuO3ZfT
YaxSfhbiN68k7UXKOdCIU1bNehCj3YAHZYa9ZRFDUZnm
-----END CERTIFICATE-----