Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/DabYXvkPXs2hMRDEyX4PYlbXIAE.roa
File:                     DabYXvkPXs2hMRDEyX4PYlbXIAE.roa (raw, json)
Hash identifier:          R2xE23w7lL76/16oIpYK1R1COeQ1JGJ7JM3U0zJz/2Q=
Subject key identifier:   0D:A6:D8:5E:F9:0F:5E:CD:A1:31:10:C4:C9:7E:0F:62:56:D7:20:01
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       019422FB43C65BD79B3E0502D35F3FFD56F4
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/DabYXvkPXs2hMRDEyX4PYlbXIAE.roa
Signing time:             Wed 01 Jan 2025 17:47:59 +0000
ROA not before:           Wed 01 Jan 2025 17:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        45.89.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:43:c6:5b:d7:9b:3e:05:02:d3:5f:3f:fd:56:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Jan  1 17:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0da6d85ef90f5ecda13110c4c97e0f6256d72001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:eb:ee:62:b7:84:20:1f:ce:e0:23:b0:88:15:
                    c4:76:03:be:bf:6d:49:cd:ce:6d:56:46:32:f0:73:
                    b6:95:63:4a:af:87:2e:1e:7c:0c:e5:5d:e7:f3:6a:
                    ec:f1:0e:6e:76:e9:cd:1c:69:cf:6a:79:29:77:67:
                    dc:60:c8:f8:f8:e4:98:8d:84:fc:8b:f8:9f:ed:99:
                    5e:fe:3c:06:27:fa:ac:43:ee:0d:64:24:d3:fa:44:
                    b4:e7:22:b6:22:58:c9:dd:5a:81:4a:55:83:3e:44:
                    ec:33:e9:d4:66:e8:b6:05:5b:38:c9:03:4c:64:28:
                    ca:e3:76:cd:bb:75:63:6d:23:dd:da:bf:f3:2a:6a:
                    48:fe:e8:8c:86:91:36:e4:6c:8c:58:ff:b5:ea:bf:
                    22:65:8c:b1:b4:68:59:0e:75:f0:d6:9b:23:17:ff:
                    de:05:a2:72:63:c5:e9:81:04:4d:03:16:15:68:a2:
                    1b:61:f4:cd:9d:27:6a:97:1f:ab:d3:57:cf:a4:0b:
                    10:97:00:fd:83:1b:c2:c6:e8:76:e3:3c:16:94:26:
                    b6:e2:fa:cf:f8:1c:52:9a:6e:78:08:78:a6:44:d8:
                    57:e7:72:56:10:2c:c2:20:7b:bc:17:30:6c:d7:9f:
                    af:49:17:53:92:13:d4:65:94:e9:55:f6:1c:14:9a:
                    25:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:A6:D8:5E:F9:0F:5E:CD:A1:31:10:C4:C9:7E:0F:62:56:D7:20:01
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/DabYXvkPXs2hMRDEyX4PYlbXIAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:5e:41:5f:58:59:f6:9b:3d:57:cf:1c:71:cf:5c:46:9c:a9:
         3e:dc:da:be:b6:a6:e8:86:17:7f:ca:34:e7:58:fb:c5:a6:7b:
         f1:d2:85:bc:05:d8:b6:c7:91:16:46:28:d2:56:ee:11:70:23:
         b4:4b:17:07:bc:20:ac:c6:34:ae:73:4a:77:25:74:db:be:27:
         c7:de:f9:4c:cd:2a:c4:98:d7:e0:2c:92:bf:13:4f:fe:5b:38:
         fb:e3:db:45:2d:b8:d9:f1:63:e2:1e:65:46:c7:8d:7a:69:26:
         81:e9:2d:6d:0a:d3:8b:aa:9f:7a:56:18:97:1b:7c:69:c4:62:
         63:8d:7f:ca:e1:52:0e:09:92:1d:c1:15:5a:29:c4:ff:9c:c9:
         c2:b6:f3:cf:7f:b1:38:05:82:4b:b4:fe:02:2a:49:6a:85:1f:
         bc:72:54:4f:2c:24:0e:c5:de:26:62:c8:53:09:7b:9b:a1:7d:
         8c:91:1d:94:62:30:9c:63:86:a0:1f:8a:59:1f:cf:61:f1:1b:
         82:33:de:6a:e2:b1:07:cd:a4:57:8b:ed:5f:45:0f:7c:80:66:
         81:06:89:5a:db:5f:51:2c:49:f8:c9:9e:0f:1e:4b:b1:6e:84:
         5c:4b:4b:9c:92:e3:43:d9:d6:81:4e:2f:6f:76:59:61:4e:c0:
         12:b3:14:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+0PGW9ebPgUC018//Vb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjUwMTAxMTc0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGE2ZDg1ZWY5MGY1ZWNkYTEzMTEwYzRjOTdlMGY2MjU2ZDcyMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArevuYreEIB/O4COwiBXEdgO+v21J
zc5tVkYy8HO2lWNKr4cuHnwM5V3n82rs8Q5udunNHGnPankpd2fcYMj4+OSYjYT8
i/if7Zle/jwGJ/qsQ+4NZCTT+kS05yK2IljJ3VqBSlWDPkTsM+nUZui2BVs4yQNM
ZCjK43bNu3VjbSPd2r/zKmpI/uiMhpE25GyMWP+16r8iZYyxtGhZDnXw1psjF//e
BaJyY8XpgQRNAxYVaKIbYfTNnSdqlx+r01fPpAsQlwD9gxvCxuh24zwWlCa24vrP
+BxSmm54CHimRNhX53JWECzCIHu8FzBs15+vSRdTkhPUZZTpVfYcFJolQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2m2F75D17NoTEQxMl+D2JW1yABMB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEvRGFiWVh2a1BYczJoTVJERXlYNFBZbGJYSUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkeMA0G
CSqGSIb3DQEBCwUAA4IBAQAcXkFfWFn2mz1Xzxxxz1xGnKk+3Nq+tqbohhd/yjTn
WPvFpnvx0oW8Bdi2x5EWRijSVu4RcCO0SxcHvCCsxjSuc0p3JXTbvifH3vlMzSrE
mNfgLJK/E0/+Wzj749tFLbjZ8WPiHmVGx416aSaB6S1tCtOLqp96VhiXG3xpxGJj
jX/K4VIOCZIdwRVaKcT/nMnCtvPPf7E4BYJLtP4CKklqhR+8clRPLCQOxd4mYshT
CXuboX2MkR2UYjCcY4agH4pZH89h8RuCM95q4rEHzaRXi+1fRQ98gGaBBola219R
LEn4yZ4PHkuxboRcS0uckuND2daBTi9vdllhTsASsxTV
-----END CERTIFICATE-----