Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/Vd0XtyBnRcCvi23S5DW74wg8olM.roa
File:                     Vd0XtyBnRcCvi23S5DW74wg8olM.roa (raw, json)
Hash identifier:          m1YREIth5q1agOZ+NVQNHYRarbhYgsJz39jSftEcZpc=
Subject key identifier:   55:DD:17:B7:20:67:45:C0:AF:8B:6D:D2:E4:35:BB:E3:08:3C:A2:53
Certificate issuer:       /CN=e4cd6e61c14e8391005a817b2722f7c4a81eb993
Certificate serial:       0192D778E40FD0F3B008A72CEA442155051B
Authority key identifier: E4:CD:6E:61:C1:4E:83:91:00:5A:81:7B:27:22:F7:C4:A8:1E:B9:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5M1uYcFOg5EAWoF7JyL3xKgeuZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/Vd0XtyBnRcCvi23S5DW74wg8olM.roa
Signing time:             Tue 29 Oct 2024 08:51:16 +0000
ROA not before:           Tue 29 Oct 2024 08:51:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202468
IP address blocks:        5.34.192.0/20 maxlen: 24
                          128.0.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/5M1uYcFOg5EAWoF7JyL3xKgeuZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/5M1uYcFOg5EAWoF7JyL3xKgeuZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5M1uYcFOg5EAWoF7JyL3xKgeuZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:78:e4:0f:d0:f3:b0:08:a7:2c:ea:44:21:55:05:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4cd6e61c14e8391005a817b2722f7c4a81eb993
        Validity
            Not Before: Oct 29 08:51:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55dd17b7206745c0af8b6dd2e435bbe3083ca253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:17:86:4d:ed:a0:35:48:1b:5c:1c:00:ac:b9:
                    3b:87:6f:28:84:49:8b:ad:a3:6d:9e:ea:a9:bb:71:
                    43:c8:d9:9b:1a:c9:27:31:63:0d:be:de:d5:19:93:
                    3f:0c:a1:fb:c3:31:ae:86:ff:53:90:b2:bb:d6:c1:
                    9b:ca:ad:bd:4e:b3:31:03:4f:3f:51:c0:2d:1b:b3:
                    58:5b:e2:65:4d:1c:83:84:ba:10:3a:a1:bd:c4:02:
                    7c:a4:ce:01:ff:56:63:88:ab:6d:12:f6:dc:f8:a2:
                    b4:6b:2b:48:4e:0f:ce:14:3f:cd:72:1a:7c:83:6b:
                    cf:06:5a:bc:32:c3:8b:df:72:c4:6e:ea:14:40:f0:
                    b3:d4:fb:60:22:c5:49:d5:5c:74:da:9d:82:fa:a1:
                    e7:5d:2c:52:c9:83:9c:87:da:4c:a0:5a:be:8d:d1:
                    0e:06:61:8e:b0:96:71:c7:da:96:a2:c3:94:60:65:
                    0b:5a:6d:62:5a:dc:73:4e:f8:48:c0:0e:7c:93:d9:
                    c0:38:9a:da:43:a7:38:12:b4:83:6d:2e:ef:06:43:
                    c5:f3:a5:84:2e:bc:83:be:9f:31:b6:12:11:7c:24:
                    93:de:cf:bd:a9:97:34:1d:e9:49:be:8f:fe:45:c2:
                    27:7f:8e:58:08:5b:f5:86:99:ec:c2:05:31:bc:52:
                    bd:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:DD:17:B7:20:67:45:C0:AF:8B:6D:D2:E4:35:BB:E3:08:3C:A2:53
            X509v3 Authority Key Identifier:
                keyid:E4:CD:6E:61:C1:4E:83:91:00:5A:81:7B:27:22:F7:C4:A8:1E:B9:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5M1uYcFOg5EAWoF7JyL3xKgeuZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/Vd0XtyBnRcCvi23S5DW74wg8olM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/da40cf-9836-482b-b7a6-c5ad16a55c5f/1/5M1uYcFOg5EAWoF7JyL3xKgeuZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.192.0/20
                  128.0.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:86:0d:f1:68:03:7a:fa:c2:a6:25:3a:b3:f4:87:e3:fb:bc:
         21:c0:f7:f3:16:b1:bb:9a:47:70:80:34:66:dd:d6:d4:20:b0:
         12:99:f7:90:56:c5:e4:5f:8e:48:0d:de:67:76:ea:14:55:22:
         80:36:fb:6a:9d:35:a0:d3:59:b4:98:98:c3:2f:e8:44:f0:27:
         72:24:6e:8c:f5:b0:9b:5d:27:9f:70:4b:e1:26:8e:ac:38:ab:
         15:cf:64:a9:56:e7:ab:6b:52:33:ad:39:2f:00:f4:c3:42:f8:
         b0:f5:f0:b6:9f:85:78:ed:19:42:29:5d:ab:2b:35:19:60:c7:
         e9:61:42:f7:c0:44:35:8b:b7:24:f0:5a:3c:66:ae:88:fb:88:
         3b:14:a2:49:85:2e:a1:7e:39:72:c0:2e:40:ef:c3:c0:ea:be:
         53:c1:b4:49:91:08:24:5d:d0:74:fb:59:aa:80:e8:e8:e5:e8:
         18:41:6b:93:ed:44:d4:3b:b3:fe:a5:40:aa:76:8c:a6:5e:14:
         86:fd:44:a8:58:37:ad:88:d6:d2:2a:ce:ec:d8:fc:e5:c3:3a:
         4b:e1:4a:10:f7:1e:a7:9c:11:f3:64:21:35:07:96:87:92:3a:
         3f:0e:99:61:76:63:93:77:fe:91:d8:43:59:ec:99:63:7d:ed:
         ed:dd:d8:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLXeOQP0POwCKcs6kQhVQUbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Y2Q2ZTYxYzE0ZTgzOTEwMDVhODE3YjI3MjJmN2M0YTgx
ZWI5OTMwHhcNMjQxMDI5MDg1MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWRkMTdiNzIwNjc0NWMwYWY4YjZkZDJlNDM1YmJlMzA4M2NhMjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxeGTe2gNUgbXBwArLk7h28ohEmL
raNtnuqpu3FDyNmbGsknMWMNvt7VGZM/DKH7wzGuhv9TkLK71sGbyq29TrMxA08/
UcAtG7NYW+JlTRyDhLoQOqG9xAJ8pM4B/1ZjiKttEvbc+KK0aytITg/OFD/Nchp8
g2vPBlq8MsOL33LEbuoUQPCz1PtgIsVJ1Vx02p2C+qHnXSxSyYOch9pMoFq+jdEO
BmGOsJZxx9qWosOUYGULWm1iWtxzTvhIwA58k9nAOJraQ6c4ErSDbS7vBkPF86WE
LryDvp8xthIRfCST3s+9qZc0HelJvo/+RcInf45YCFv1hpnswgUxvFK92QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFXdF7cgZ0XAr4tt0uQ1u+MIPKJTMB8GA1UdIwQY
MBaAFOTNbmHBToORAFqBeyci98SoHrmTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU0xdVljRk9nNUVBV29GN0p5TDN4S2dldVpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kYTQwY2YtOTgzNi00ODJiLWI3YTYt
YzVhZDE2YTU1YzVmLzEvVmQwWHR5Qm5SY0N2aTIzUzVEVzc0d2c4b2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kYTQwY2YtOTgzNi00ODJiLWI3YTYtYzVhZDE2YTU1YzVm
LzEvNU0xdVljRk9nNUVBV29GN0p5TDN4S2dldVpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEBSLAAwQA
gABpMA0GCSqGSIb3DQEBCwUAA4IBAQDbhg3xaAN6+sKmJTqz9Ifj+7whwPfzFrG7
mkdwgDRm3dbUILASmfeQVsXkX45IDd5nduoUVSKANvtqnTWg01m0mJjDL+hE8Cdy
JG6M9bCbXSefcEvhJo6sOKsVz2SpVuera1IzrTkvAPTDQviw9fC2n4V47RlCKV2r
KzUZYMfpYUL3wEQ1i7ck8Fo8Zq6I+4g7FKJJhS6hfjlywC5A78PA6r5TwbRJkQgk
XdB0+1mqgOjo5egYQWuT7UTUO7P+pUCqdoymXhSG/USoWDetiNbSKs7s2PzlwzpL
4UoQ9x6nnBHzZCE1B5aHkjo/DplhdmOTd/6R2ENZ7Jljfe3t3dhM
-----END CERTIFICATE-----