Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/xA85fZrKXIvbQJ6oc6-mqnEdELY.roa
File:                     xA85fZrKXIvbQJ6oc6-mqnEdELY.roa (raw, json)
Hash identifier:          8cwQi8z5HjQHanuvxnu5K05S/zJnPIlg5zp5tzEef1I=
Subject key identifier:   C4:0F:39:7D:9A:CA:5C:8B:DB:40:9E:A8:73:AF:A6:AA:71:1D:10:B6
Certificate issuer:       /CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
Certificate serial:       018E32EC36D47FAB096434C861494DC71E0F
Authority key identifier: 53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/xA85fZrKXIvbQJ6oc6-mqnEdELY.roa
Signing time:             Tue 12 Mar 2024 13:48:44 +0000
ROA not before:           Tue 12 Mar 2024 13:48:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42695
IP address blocks:        80.254.229.0/24 maxlen: 24
                          80.254.230.0/24 maxlen: 24
                          2a13:5243::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:ec:36:d4:7f:ab:09:64:34:c8:61:49:4d:c7:1e:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
        Validity
            Not Before: Mar 12 13:48:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c40f397d9aca5c8bdb409ea873afa6aa711d10b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:20:02:a6:42:4c:3e:f5:ab:04:13:7d:f3:53:
                    f3:ed:f5:76:ed:ef:c2:31:29:36:32:32:0f:c1:74:
                    b3:12:bf:8c:19:6f:16:d2:cc:58:4c:08:3e:37:f3:
                    fe:56:9a:7a:bd:8b:22:fa:ae:5f:ec:73:58:82:f7:
                    c3:06:8e:4a:d2:76:dd:b3:f4:6a:1c:35:77:1f:ae:
                    29:0a:d2:07:ca:66:8c:29:1a:1a:4e:50:7b:56:e2:
                    72:75:df:1f:bd:e8:26:b8:a1:60:b5:53:ca:80:61:
                    3c:58:9a:01:13:10:37:7c:ca:5d:5c:4a:34:6a:26:
                    25:ee:e3:b3:20:c0:96:87:34:91:1d:9d:b2:89:71:
                    d5:7a:96:46:8e:73:57:be:e6:f4:dd:88:a7:3d:f7:
                    58:fe:2b:29:75:60:d9:8e:eb:36:4d:51:f5:39:18:
                    23:46:f3:85:04:10:94:2d:96:71:0a:e2:78:d8:4e:
                    bc:2c:53:9c:c7:f1:60:4d:30:1f:b6:21:b5:cc:7f:
                    fe:00:86:98:33:80:67:70:06:70:0a:9d:9d:27:86:
                    dc:5b:31:51:09:fd:20:64:db:aa:a9:de:23:ec:fa:
                    26:be:94:67:b8:c0:cb:59:1d:03:55:72:42:30:52:
                    f4:de:c5:7b:41:bc:f1:0b:d5:2c:08:13:f5:e3:8c:
                    c0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:0F:39:7D:9A:CA:5C:8B:DB:40:9E:A8:73:AF:A6:AA:71:1D:10:B6
            X509v3 Authority Key Identifier:
                keyid:53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/xA85fZrKXIvbQJ6oc6-mqnEdELY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.254.229.0-80.254.230.255
                IPv6:
                  2a13:5243::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:d7:08:6f:fa:fd:57:d8:f6:3d:71:c4:db:6e:33:5d:07:d6:
         91:c5:94:e8:4c:97:ab:05:ac:d8:23:df:b0:a4:1e:23:b6:45:
         c6:e7:39:61:21:88:d6:3f:cf:d3:9b:bd:c3:ec:39:90:bf:2c:
         e4:96:db:1c:c2:25:3b:53:ee:f3:de:48:8b:75:f3:1f:07:95:
         34:26:da:f8:fc:57:bc:f4:8b:83:0a:87:8d:5f:c8:2a:dd:d4:
         78:d5:0e:7f:05:cd:2b:1f:8a:b9:20:e1:16:99:69:02:08:9f:
         3f:7a:af:e7:62:6d:a2:88:20:69:c1:ba:ae:85:bf:8e:45:b3:
         e5:98:c7:73:e8:aa:b2:42:19:df:c2:a1:4d:0f:62:78:f2:00:
         0c:82:ed:34:e3:91:3d:b1:fd:5f:88:dc:89:35:4d:b5:12:0e:
         ff:6b:3d:9b:3d:20:f9:4a:75:11:c0:19:4b:16:d6:ea:24:4e:
         d5:13:35:5d:24:a1:72:47:89:db:38:53:a9:1d:b8:09:09:34:
         97:57:e0:7f:d0:2d:66:03:91:7a:b9:8a:57:53:79:d9:e4:bd:
         92:75:aa:78:7e:ee:67:be:23:2a:79:d2:ff:d7:c2:0e:ff:42:
         1d:7c:ba:c0:9b:58:5c:b1:81:ad:2d:85:be:09:d4:01:36:7b:
         8c:4b:51:c5
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY4y7DbUf6sJZDTIYUlNxx4PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjQ2YWI3OWI5ZmM1OGY1ZGM0Y2YyOWQ3MmRjNTI2N2Vj
M2VkZGUwHhcNMjQwMzEyMTM0ODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDBmMzk3ZDlhY2E1YzhiZGI0MDllYTg3M2FmYTZhYTcxMWQxMGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiACpkJMPvWrBBN981Pz7fV27e/C
MSk2MjIPwXSzEr+MGW8W0sxYTAg+N/P+Vpp6vYsi+q5f7HNYgvfDBo5K0nbds/Rq
HDV3H64pCtIHymaMKRoaTlB7VuJydd8fvegmuKFgtVPKgGE8WJoBExA3fMpdXEo0
aiYl7uOzIMCWhzSRHZ2yiXHVepZGjnNXvub03YinPfdY/ispdWDZjus2TVH1ORgj
RvOFBBCULZZxCuJ42E68LFOcx/FgTTAftiG1zH/+AIaYM4BncAZwCp2dJ4bcWzFR
Cf0gZNuqqd4j7PomvpRnuMDLWR0DVXJCMFL03sV7QbzxC9UsCBP144zAhQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMQPOX2aylyL20CeqHOvpqpxHRC2MB8GA1UdIwQY
MBaAFFO0arebn8WPXcTPKdctxSZ+w+3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQt
MDYwYTQ3MzgwOTFkLzEveEE4NWZacktYSXZiUUo2b2M2LW1xbkVkRUxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQtMDYwYTQ3MzgwOTFk
LzEvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBABQ/uUD
BABQ/uYwDQQCAAIwBwMFACoTUkMwDQYJKoZIhvcNAQELBQADggEBAJnXCG/6/VfY
9j1xxNtuM10H1pHFlOhMl6sFrNgj37CkHiO2RcbnOWEhiNY/z9ObvcPsOZC/LOSW
2xzCJTtT7vPeSIt18x8HlTQm2vj8V7z0i4MKh41fyCrd1HjVDn8FzSsfirkg4RaZ
aQIInz96r+dibaKIIGnBuq6Fv45Fs+WYx3PoqrJCGd/CoU0PYnjyAAyC7TTjkT2x
/V+I3Ik1TbUSDv9rPZs9IPlKdRHAGUsW1uokTtUTNV0koXJHids4U6kduAkJNJdX
4H/QLWYDkXq5ildTednkvZJ1qnh+7me+Iyp50v/Xwg7/Qh18usCbWFyxga0thb4J
1AE2e4xLUcU=
-----END CERTIFICATE-----