Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dfd8c0-d7af-4db1-9e04-975a80d0d93f/1/Odu_8Z8wYQ4rAwGBZ2rfmaKWPvY.roa
File:                     Odu_8Z8wYQ4rAwGBZ2rfmaKWPvY.roa (raw, json)
Hash identifier:          G+0rnOlwTF853BxAQkBgLndsmH7cjPaqnqIy5TqAej8=
Subject key identifier:   39:DB:BF:F1:9F:30:61:0E:2B:03:01:81:67:6A:DF:99:A2:96:3E:F6
Certificate issuer:       /CN=8c0cf65badd9a88accc327500b5ff29d1ff09196
Certificate serial:       0196F2C6730C451CACA89B12935B1A471C52
Authority key identifier: 8C:0C:F6:5B:AD:D9:A8:8A:CC:C3:27:50:0B:5F:F2:9D:1F:F0:91:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jAz2W63ZqIrMwydQC1_ynR_wkZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dfd8c0-d7af-4db1-9e04-975a80d0d93f/1/Odu_8Z8wYQ4rAwGBZ2rfmaKWPvY.roa
Signing time:             Wed 21 May 2025 12:16:53 +0000
ROA not before:           Wed 21 May 2025 12:16:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212916
IP address blocks:        5.180.72.0/22 maxlen: 24
                          2a09:fa40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/dfd8c0-d7af-4db1-9e04-975a80d0d93f/1/jAz2W63ZqIrMwydQC1_ynR_wkZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/dfd8c0-d7af-4db1-9e04-975a80d0d93f/1/jAz2W63ZqIrMwydQC1_ynR_wkZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jAz2W63ZqIrMwydQC1_ynR_wkZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:c6:73:0c:45:1c:ac:a8:9b:12:93:5b:1a:47:1c:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c0cf65badd9a88accc327500b5ff29d1ff09196
        Validity
            Not Before: May 21 12:16:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39dbbff19f30610e2b030181676adf99a2963ef6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:85:12:f2:d8:09:cd:f3:0b:60:98:dd:dd:e9:
                    c3:6c:5b:e7:b9:97:73:33:cf:e4:97:3e:0a:69:78:
                    2a:bd:c9:29:67:0b:ee:10:14:b6:94:b3:11:51:2c:
                    e6:75:20:17:44:b1:b2:4d:02:ab:50:32:ff:00:73:
                    bf:87:57:70:fa:bc:7b:7c:ed:99:8d:bb:82:00:14:
                    2e:21:5c:6d:8a:07:49:81:0b:cd:cb:58:cc:ed:7b:
                    56:77:e6:2f:0e:1f:78:67:7b:5f:43:97:6d:50:59:
                    06:d4:4c:5d:4b:69:e6:03:d6:b2:05:7a:bd:46:7d:
                    df:75:ac:12:7d:e0:54:79:81:d3:6b:72:3b:2e:c7:
                    49:d9:50:ce:8e:bd:62:cc:bd:24:5e:ed:37:e9:2d:
                    c9:0d:c3:fd:ae:fe:57:0d:e3:e1:fb:26:db:d9:91:
                    34:5b:17:08:57:c2:88:fc:f8:1c:69:81:4e:b4:4d:
                    e8:33:c3:db:90:7e:88:57:ed:7f:7e:00:62:e2:af:
                    e4:8f:b5:85:0e:3b:46:c8:54:89:d2:27:be:ef:de:
                    b7:15:0c:31:ab:bc:7d:55:43:83:2e:dc:a2:5e:46:
                    30:c4:b0:9d:67:09:20:68:75:e8:28:e6:19:a9:1a:
                    48:ac:0c:e2:a5:40:ee:13:96:dc:47:5c:32:b9:a1:
                    6a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:DB:BF:F1:9F:30:61:0E:2B:03:01:81:67:6A:DF:99:A2:96:3E:F6
            X509v3 Authority Key Identifier:
                keyid:8C:0C:F6:5B:AD:D9:A8:8A:CC:C3:27:50:0B:5F:F2:9D:1F:F0:91:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jAz2W63ZqIrMwydQC1_ynR_wkZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dfd8c0-d7af-4db1-9e04-975a80d0d93f/1/Odu_8Z8wYQ4rAwGBZ2rfmaKWPvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dfd8c0-d7af-4db1-9e04-975a80d0d93f/1/jAz2W63ZqIrMwydQC1_ynR_wkZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.72.0/22
                IPv6:
                  2a09:fa40::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:8e:87:e7:e7:53:3f:09:7a:2d:90:46:38:4e:ab:47:00:31:
         69:21:67:f2:ac:20:e1:4b:ce:70:c9:ba:35:84:3a:5b:f4:4f:
         e7:82:66:55:96:a4:eb:d3:48:3c:d9:80:96:a4:aa:3f:6a:e9:
         68:5f:e7:37:90:c1:c4:66:fd:6f:1c:55:8f:3e:80:da:d6:7b:
         82:b3:60:84:e5:63:e8:cd:e2:5c:9a:66:55:2f:15:6f:6d:31:
         cc:b3:16:2c:ef:c5:af:d7:dc:9a:36:d2:c4:a8:77:0b:b6:a1:
         9f:d8:56:6a:da:fb:43:2b:55:2f:69:5e:75:9f:6f:39:dc:5a:
         7d:d3:44:01:dd:bd:78:76:50:4d:72:39:9e:4c:2f:d5:72:99:
         d5:ee:67:01:70:f8:a3:a6:c3:58:50:09:e4:4e:52:a7:cd:51:
         7f:e5:79:17:6a:56:27:3d:3d:76:9a:36:03:44:a6:ce:4f:06:
         ec:57:ae:cb:97:1b:55:34:99:72:4a:77:67:44:1a:9d:af:8b:
         36:3b:f7:2a:db:e2:ef:14:23:a3:c7:9d:f5:df:de:c1:35:a6:
         3b:39:c2:d6:bb:23:2d:8c:de:b0:8c:88:f1:ae:75:f5:1e:e4:
         b7:93:5d:89:00:6c:bd:2b:3f:bf:9d:73:a2:78:16:77:13:da:
         b2:58:8c:f7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZbyxnMMRRysqJsSk1saRxxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMGNmNjViYWRkOWE4OGFjY2MzMjc1MDBiNWZmMjlkMWZm
MDkxOTYwHhcNMjUwNTIxMTIxNjUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWRiYmZmMTlmMzA2MTBlMmIwMzAxODE2NzZhZGY5OWEyOTYzZWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIUS8tgJzfMLYJjd3enDbFvnuZdz
M8/klz4KaXgqvckpZwvuEBS2lLMRUSzmdSAXRLGyTQKrUDL/AHO/h1dw+rx7fO2Z
jbuCABQuIVxtigdJgQvNy1jM7XtWd+YvDh94Z3tfQ5dtUFkG1ExdS2nmA9ayBXq9
Rn3fdawSfeBUeYHTa3I7LsdJ2VDOjr1izL0kXu036S3JDcP9rv5XDePh+ybb2ZE0
WxcIV8KI/PgcaYFOtE3oM8PbkH6IV+1/fgBi4q/kj7WFDjtGyFSJ0ie+7963FQwx
q7x9VUODLtyiXkYwxLCdZwkgaHXoKOYZqRpIrAzipUDuE5bcR1wyuaFqxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDnbv/GfMGEOKwMBgWdq35milj72MB8GA1UdIwQY
MBaAFIwM9lut2aiKzMMnUAtf8p0f8JGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakF6Mlc2M1pxSXJNd3lkUUMxX3luUl93a1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZmQ4YzAtZDdhZi00ZGIxLTllMDQt
OTc1YTgwZDBkOTNmLzEvT2R1XzhaOHdZUTRyQXdHQloycmZtYUtXUHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZmQ4YzAtZDdhZi00ZGIxLTllMDQtOTc1YTgwZDBkOTNm
LzEvakF6Mlc2M1pxSXJNd3lkUUMxX3luUl93a1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCBbRIMA0E
AgACMAcDBQMqCfpAMA0GCSqGSIb3DQEBCwUAA4IBAQBwjofn51M/CXotkEY4TqtH
ADFpIWfyrCDhS85wybo1hDpb9E/ngmZVlqTr00g82YCWpKo/auloX+c3kMHEZv1v
HFWPPoDa1nuCs2CE5WPozeJcmmZVLxVvbTHMsxYs78Wv19yaNtLEqHcLtqGf2FZq
2vtDK1UvaV51n2853Fp900QB3b14dlBNcjmeTC/VcpnV7mcBcPijpsNYUAnkTlKn
zVF/5XkXalYnPT12mjYDRKbOTwbsV67LlxtVNJlySndnRBqdr4s2O/cq2+LvFCOj
x531397BNaY7OcLWuyMtjN6wjIjxrnX1HuS3k12JAGy9Kz+/nXOieBZ3E9qyWIz3
-----END CERTIFICATE-----