Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/hcjkkYdDMvDTB6awXKaDITEAwpo.roa
File:                     hcjkkYdDMvDTB6awXKaDITEAwpo.roa (raw, json)
Hash identifier:          KEMvpzPBZgpdi1pREzI+OtXwdb2E3WocfCFjJRmZEqE=
Subject key identifier:   85:C8:E4:91:87:43:32:F0:D3:07:A6:B0:5C:A6:83:21:31:00:C2:9A
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018E856596B910C863582BBF7B48A57588D8
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/hcjkkYdDMvDTB6awXKaDITEAwpo.roa
Signing time:             Thu 28 Mar 2024 14:10:11 +0000
ROA not before:           Thu 28 Mar 2024 14:10:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        45.129.79.0/24 maxlen: 24
                          2a01:48a0:4201::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 14:06:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:65:96:b9:10:c8:63:58:2b:bf:7b:48:a5:75:88:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Mar 28 14:10:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85c8e491874332f0d307a6b05ca683213100c29a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ac:f5:48:0c:61:24:dd:cc:96:5d:59:47:76:
                    37:24:47:79:d7:25:45:c0:19:e7:c5:1d:91:41:d2:
                    b9:a3:4f:bc:ce:4b:28:6f:2a:ac:56:c1:8e:d4:88:
                    76:36:0b:b8:ca:c2:bc:be:66:ca:b7:94:e4:8a:6e:
                    2f:8c:ed:e2:5e:fe:53:bd:20:be:1d:65:e2:f7:ea:
                    3e:fa:3b:46:fd:99:ef:68:ab:25:9b:24:70:58:fe:
                    8a:bf:da:69:fa:b1:1f:69:f4:f6:44:ff:ac:a4:01:
                    7a:42:9e:b4:f0:50:df:b7:be:f1:cf:81:56:38:28:
                    3b:4c:61:82:40:e0:82:f5:96:46:96:90:ad:dc:c1:
                    b1:5b:3a:d7:7d:16:13:37:29:4e:69:de:4c:d1:22:
                    4c:8e:37:3b:92:1e:24:b3:55:8d:fc:fb:d5:db:7f:
                    93:c7:46:0a:7d:88:f4:26:9c:d5:45:06:80:2a:bc:
                    3c:8a:0c:da:96:17:68:f0:6e:8f:99:f8:34:64:fe:
                    84:90:5e:ec:d1:3d:b6:c9:e5:b1:95:cd:ad:8d:9a:
                    66:5a:be:e3:70:aa:bb:0c:89:8a:a3:16:ec:56:30:
                    5d:49:8b:63:f7:8e:c0:0f:f3:3d:01:dc:4e:ef:a0:
                    42:6e:70:36:5a:96:57:a3:e9:d2:9f:26:71:19:4b:
                    8f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:C8:E4:91:87:43:32:F0:D3:07:A6:B0:5C:A6:83:21:31:00:C2:9A
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/hcjkkYdDMvDTB6awXKaDITEAwpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.79.0/24
                IPv6:
                  2a01:48a0:4201::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:f4:bc:cd:b4:f9:20:fb:13:6c:14:bb:f0:2c:53:10:f1:fc:
         4f:01:5a:4c:82:74:6c:33:ba:71:bb:85:89:8d:94:6f:7a:f2:
         de:b3:10:66:0c:74:1f:96:c0:b2:22:ee:28:5e:43:d0:77:b0:
         8e:43:b6:6e:0d:ad:bb:4e:90:e5:cc:68:91:36:b1:01:ba:ee:
         10:0f:f4:fe:28:5e:0b:a2:57:7a:60:80:37:0d:15:74:8b:29:
         54:f8:b3:2e:c3:57:72:46:fa:37:2e:36:a2:60:e5:87:81:f9:
         42:af:7c:c4:34:7f:9a:29:00:5a:92:d6:e6:94:c7:49:cd:77:
         be:a9:04:db:52:01:b7:5f:88:0f:a0:5a:4b:ce:26:1f:30:06:
         96:19:35:a4:15:54:69:2f:08:c0:6d:86:4f:96:89:37:de:7f:
         9d:9c:28:dd:61:c9:ef:28:80:1d:01:6f:79:53:5a:c3:d1:f9:
         8a:eb:af:28:b4:b1:e7:ee:63:13:7c:81:be:10:80:f2:e1:10:
         4f:6c:48:01:d5:22:e1:a5:62:b0:1c:e9:2c:09:95:7a:0e:f9:
         c8:2a:3a:66:a8:a8:0f:d6:3e:f1:7c:2b:45:de:9d:35:15:f2:
         56:62:69:ec:2c:f4:8a:68:4d:18:89:44:a2:f4:c1:44:d1:f8:
         71:f9:b2:19
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY6FZZa5EMhjWCu/e0ildYjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMzI4MTQxMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWM4ZTQ5MTg3NDMzMmYwZDMwN2E2YjA1Y2E2ODMyMTMxMDBjMjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKz1SAxhJN3Mll1ZR3Y3JEd51yVF
wBnnxR2RQdK5o0+8zksobyqsVsGO1Ih2Ngu4ysK8vmbKt5Tkim4vjO3iXv5TvSC+
HWXi9+o++jtG/ZnvaKslmyRwWP6Kv9pp+rEfafT2RP+spAF6Qp608FDft77xz4FW
OCg7TGGCQOCC9ZZGlpCt3MGxWzrXfRYTNylOad5M0SJMjjc7kh4ks1WN/PvV23+T
x0YKfYj0JpzVRQaAKrw8igzalhdo8G6Pmfg0ZP6EkF7s0T22yeWxlc2tjZpmWr7j
cKq7DImKoxbsVjBdSYtj947AD/M9AdxO76BCbnA2WpZXo+nSnyZxGUuPLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIXI5JGHQzLw0wemsFymgyExAMKaMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvaGNqa2tZZERNdkRUQjZhd1hLYURJVEVBd3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALYFPMA8E
AgACMAkDBwAqAUigQgEwDQYJKoZIhvcNAQELBQADggEBAEP0vM20+SD7E2wUu/As
UxDx/E8BWkyCdGwzunG7hYmNlG968t6zEGYMdB+WwLIi7iheQ9B3sI5Dtm4NrbtO
kOXMaJE2sQG67hAP9P4oXguiV3pggDcNFXSLKVT4sy7DV3JG+jcuNqJg5YeB+UKv
fMQ0f5opAFqS1uaUx0nNd76pBNtSAbdfiA+gWkvOJh8wBpYZNaQVVGkvCMBthk+W
iTfef52cKN1hye8ogB0Bb3lTWsPR+Yrrryi0sefuYxN8gb4QgPLhEE9sSAHVIuGl
YrAc6SwJlXoO+cgqOmaoqA/WPvF8K0XenTUV8lZiaews9IpoTRiJRKL0wUTR+HH5
shk=
-----END CERTIFICATE-----