Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/5Qc6C6XAUxeWDomixUSnkRG8m-A.roa
File:                     5Qc6C6XAUxeWDomixUSnkRG8m-A.roa (raw, json)
Hash identifier:          PaHxvnvCv2103ZVw8avQreXVKUJe2rYs5jEFfb674EU=
Subject key identifier:   E5:07:3A:0B:A5:C0:53:17:96:0E:89:A2:C5:44:A7:91:11:BC:9B:E0
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F218A8861367062B3C79B7745A866
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/5Qc6C6XAUxeWDomixUSnkRG8m-A.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33517
IP address blocks:        80.231.219.0/24 maxlen: 24
                          80.231.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:21:8a:88:61:36:70:62:b3:c7:9b:77:45:a8:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5073a0ba5c05317960e89a2c544a79111bc9be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:39:e1:6e:b7:c6:dd:45:02:8f:11:ac:61:ea:
                    12:1c:50:21:a1:f3:d6:42:e8:bf:24:28:9b:67:a2:
                    1a:98:5d:3e:1f:d0:b4:f9:0e:49:98:66:e9:3f:78:
                    74:0e:88:5b:63:9e:79:37:d1:dd:a6:62:5b:fe:44:
                    89:73:b2:07:b7:e2:4e:2b:2a:00:4f:a8:87:6d:64:
                    ba:26:58:04:5a:dd:ee:cc:fb:79:b6:41:af:f2:d9:
                    43:17:e7:9b:e7:0d:4c:8b:0b:3b:71:b1:26:75:da:
                    13:52:95:ce:53:64:25:c2:d6:44:91:37:eb:f6:97:
                    fe:63:84:b4:69:a4:e2:71:df:da:e4:0f:0f:e9:a9:
                    47:b0:97:8e:01:06:96:c5:f7:8a:1d:22:bd:98:ca:
                    d6:3b:f9:03:b6:ce:4c:51:24:39:9d:ca:9c:29:71:
                    53:2e:cb:13:bc:4d:e3:99:04:0b:a6:89:68:a3:9c:
                    8a:a5:e4:0e:41:0a:d1:75:1b:40:b4:f3:ff:ac:dc:
                    30:49:b8:86:7e:93:82:dc:3c:45:40:3d:e0:be:98:
                    c0:5f:da:fc:dd:d8:20:3a:b4:7d:b3:33:8d:da:52:
                    ae:92:68:9c:60:85:eb:7e:59:c8:5f:61:ab:68:fd:
                    2b:67:ed:22:c0:1e:9e:1b:53:4a:d2:7d:54:af:dd:
                    3b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:07:3A:0B:A5:C0:53:17:96:0E:89:A2:C5:44:A7:91:11:BC:9B:E0
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/5Qc6C6XAUxeWDomixUSnkRG8m-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.231.25.0/24
                  80.231.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:90:cf:78:be:0c:a6:cd:ee:9b:06:31:c3:7f:02:85:ec:36:
         3d:bc:d6:84:0f:48:6f:b3:b2:42:59:00:d0:53:bc:0b:f4:c3:
         b7:bc:24:20:7f:34:c4:8f:09:b1:43:c8:09:1e:00:7b:c6:d2:
         57:e9:e9:37:1a:b2:bc:4f:15:46:3a:65:4f:b0:6a:25:ee:20:
         3f:21:6b:c0:34:97:60:13:fb:be:45:1a:9a:fd:71:36:76:73:
         4e:25:4c:05:06:b7:f6:9a:bd:be:c9:8a:10:1a:a9:00:97:88:
         ab:65:58:de:8b:02:af:45:bf:84:c2:54:63:00:f8:47:db:38:
         7f:bc:28:8d:83:d8:0f:8b:0d:61:2f:bc:9d:d0:c2:1b:1d:2b:
         cf:ec:4e:8b:b0:f3:54:ea:48:9c:0f:4d:5c:45:49:b0:e3:91:
         d7:b4:8d:24:e4:ad:72:79:a6:fa:38:6b:fb:ba:a9:93:af:6a:
         74:5d:21:09:b1:24:f7:c9:dc:35:e3:20:1c:12:dd:77:50:a6:
         5c:cc:2f:cb:a0:51:9c:c2:fd:00:a8:b6:9c:d7:6d:87:1d:cd:
         27:9f:99:2c:e8:32:fd:b6:72:65:22:fc:6c:43:93:f4:40:95:
         f8:b2:c2:11:99:fc:f9:77:56:7e:82:b0:dd:70:a2:5c:39:a5:
         09:c8:d7:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIbyGKiGE2cGKzx5t3RahmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTA3M2EwYmE1YzA1MzE3OTYwZTg5YTJjNTQ0YTc5MTExYmM5YmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoznhbrfG3UUCjxGsYeoSHFAhofPW
Qui/JCibZ6IamF0+H9C0+Q5JmGbpP3h0DohbY555N9HdpmJb/kSJc7IHt+JOKyoA
T6iHbWS6JlgEWt3uzPt5tkGv8tlDF+eb5w1Miws7cbEmddoTUpXOU2QlwtZEkTfr
9pf+Y4S0aaTicd/a5A8P6alHsJeOAQaWxfeKHSK9mMrWO/kDts5MUSQ5ncqcKXFT
LssTvE3jmQQLpoloo5yKpeQOQQrRdRtAtPP/rNwwSbiGfpOC3DxFQD3gvpjAX9r8
3dggOrR9szON2lKukmicYIXrflnIX2GraP0rZ+0iwB6eG1NK0n1Ur907BQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOUHOgulwFMXlg6JosVEp5ERvJvgMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvNVFjNkM2WEFVeGVXRG9taXhVU25rUkc4bS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUOcZAwQA
UOfbMA0GCSqGSIb3DQEBCwUAA4IBAQAhkM94vgymze6bBjHDfwKF7DY9vNaED0hv
s7JCWQDQU7wL9MO3vCQgfzTEjwmxQ8gJHgB7xtJX6ek3GrK8TxVGOmVPsGol7iA/
IWvANJdgE/u+RRqa/XE2dnNOJUwFBrf2mr2+yYoQGqkAl4irZVjeiwKvRb+EwlRj
APhH2zh/vCiNg9gPiw1hL7yd0MIbHSvP7E6LsPNU6kicD01cRUmw45HXtI0k5K1y
eab6OGv7uqmTr2p0XSEJsST3ydw14yAcEt13UKZczC/LoFGcwv0AqLac122HHc0n
n5ks6DL9tnJlIvxsQ5P0QJX4ssIRmfz5d1Z+grDdcKJcOaUJyNcB
-----END CERTIFICATE-----