Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/s5dxYiB9Gl46l9OI-oBQkPHsB5c.roa
File:                     s5dxYiB9Gl46l9OI-oBQkPHsB5c.roa (raw, json)
Hash identifier:          GmqIgSNFyM7jr2DKPly+VsAPd7JfDn9lu127LyfeGNI=
Subject key identifier:   B3:97:71:62:20:7D:1A:5E:3A:97:D3:88:FA:80:50:90:F1:EC:07:97
Certificate issuer:       /CN=dbe0ca7c1e0e8a1c7ad02d0bb828b41188ae5243
Certificate serial:       019426D9D0C4531C160AF87FAFE81F6EF288
Authority key identifier: DB:E0:CA:7C:1E:0E:8A:1C:7A:D0:2D:0B:B8:28:B4:11:88:AE:52:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-DKfB4Oihx60C0LuCi0EYiuUkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/s5dxYiB9Gl46l9OI-oBQkPHsB5c.roa
Signing time:             Thu 02 Jan 2025 11:49:56 +0000
ROA not before:           Thu 02 Jan 2025 11:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34026
IP address blocks:        80.93.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/2-DKfB4Oihx60C0LuCi0EYiuUkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/2-DKfB4Oihx60C0LuCi0EYiuUkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-DKfB4Oihx60C0LuCi0EYiuUkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d0:c4:53:1c:16:0a:f8:7f:af:e8:1f:6e:f2:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe0ca7c1e0e8a1c7ad02d0bb828b41188ae5243
        Validity
            Not Before: Jan  2 11:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3977162207d1a5e3a97d388fa805090f1ec0797
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5c:82:68:f1:39:69:e6:10:b8:86:d8:6d:52:
                    5c:9c:d9:c5:6e:13:d6:6b:c0:45:71:4c:7b:80:a2:
                    d4:3d:d9:ed:de:c4:cf:d9:e9:d8:da:23:08:c8:91:
                    09:48:69:76:c9:dc:a8:5e:e4:c3:61:e4:de:7d:90:
                    37:a6:31:af:fb:fe:4e:d1:a4:f1:6c:91:27:fd:63:
                    4b:d8:ea:93:e4:c0:d1:a4:e2:aa:bf:bb:bf:81:62:
                    9b:32:71:fa:4c:0b:04:70:36:2f:8d:78:55:85:59:
                    bb:80:c6:9b:4c:7b:6e:04:19:3b:27:d5:9e:39:ab:
                    0c:09:3a:4f:17:30:e4:d5:4d:41:24:82:e0:40:11:
                    d5:19:f9:48:b1:98:da:e5:7a:8e:6b:4a:2a:0c:c8:
                    32:7c:32:6a:df:46:cb:bb:b2:a5:7a:4b:f0:4d:ea:
                    f4:dd:6b:92:1c:3d:0a:87:eb:97:32:29:0d:b3:42:
                    35:25:ed:09:2f:b8:f5:d2:4e:e5:9f:4c:86:83:a2:
                    d0:be:0e:5e:ef:b9:4a:7c:5e:69:0f:5c:be:3b:72:
                    12:b6:b3:3b:29:91:5f:ae:d2:ce:87:bc:29:bc:3b:
                    d6:20:54:9b:9c:20:b1:fa:49:56:45:e9:a3:7b:fe:
                    01:ca:34:b6:dd:ad:fc:f8:bf:90:af:56:ec:23:16:
                    b5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:97:71:62:20:7D:1A:5E:3A:97:D3:88:FA:80:50:90:F1:EC:07:97
            X509v3 Authority Key Identifier:
                keyid:DB:E0:CA:7C:1E:0E:8A:1C:7A:D0:2D:0B:B8:28:B4:11:88:AE:52:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-DKfB4Oihx60C0LuCi0EYiuUkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/s5dxYiB9Gl46l9OI-oBQkPHsB5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f3c8e8-c5bc-4211-a9ac-4f9112ede968/1/2-DKfB4Oihx60C0LuCi0EYiuUkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:e1:a6:6b:2f:88:93:d3:d3:2b:48:96:02:5f:b5:8d:13:60:
         15:1e:16:dc:64:48:61:73:35:28:3d:2d:f5:ed:c5:56:8b:bc:
         49:de:26:cf:b5:72:2e:e4:31:97:13:6b:98:53:d9:df:b0:30:
         41:31:44:e9:ee:91:f7:db:d8:57:0c:16:ec:e9:a5:c1:c3:af:
         34:ad:d7:93:85:fe:d4:37:71:4c:61:ec:ec:39:09:1e:7f:43:
         17:b6:6a:6a:46:8f:4d:52:b7:22:29:76:d4:d9:46:27:0a:51:
         86:5c:34:c7:75:f1:b9:d5:f5:09:a9:1e:94:0f:3e:ff:fb:9d:
         01:e9:78:8d:60:23:89:7a:9e:d3:ab:71:18:96:71:24:b4:3c:
         9a:e1:62:60:35:4d:56:a3:00:14:84:14:e7:fc:36:ad:cb:a2:
         1a:1a:a4:86:e5:f7:40:a3:45:f1:98:0e:52:d5:20:de:98:3a:
         4e:88:25:fc:92:63:67:83:31:cd:da:34:38:59:46:48:15:9a:
         5f:e5:3f:a2:bb:17:85:ac:3d:a3:e3:ac:52:ac:33:46:11:3c:
         cf:7a:34:5a:ef:1d:e7:b5:7e:a2:2a:94:9c:85:6d:3a:23:53:
         78:63:a4:02:88:c9:15:a5:de:9c:c2:77:ba:02:37:dc:ce:bc:
         bb:d6:96:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2dDEUxwWCvh/r+gfbvKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTBjYTdjMWUwZThhMWM3YWQwMmQwYmI4MjhiNDExODhh
ZTUyNDMwHhcNMjUwMTAyMTE0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzk3NzE2MjIwN2QxYTVlM2E5N2QzODhmYTgwNTA5MGYxZWMwNzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1yCaPE5aeYQuIbYbVJcnNnFbhPW
a8BFcUx7gKLUPdnt3sTP2enY2iMIyJEJSGl2ydyoXuTDYeTefZA3pjGv+/5O0aTx
bJEn/WNL2OqT5MDRpOKqv7u/gWKbMnH6TAsEcDYvjXhVhVm7gMabTHtuBBk7J9We
OasMCTpPFzDk1U1BJILgQBHVGflIsZja5XqOa0oqDMgyfDJq30bLu7KlekvwTer0
3WuSHD0Kh+uXMikNs0I1Je0JL7j10k7ln0yGg6LQvg5e77lKfF5pD1y+O3IStrM7
KZFfrtLOh7wpvDvWIFSbnCCx+klWRemje/4ByjS23a38+L+Qr1bsIxa1aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOXcWIgfRpeOpfTiPqAUJDx7AeXMB8GA1UdIwQY
MBaAFNvgynweDoocetAtC7gotBGIrlJDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1ES2ZCNE9paHg2MEMwTHVDaTBFWWl1VWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mM2M4ZTgtYzViYy00MjExLWE5YWMt
NGY5MTEyZWRlOTY4LzEvczVkeFlpQjlHbDQ2bDlPSS1vQlFrUEhzQjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mM2M4ZTgtYzViYy00MjExLWE5YWMtNGY5MTEyZWRlOTY4
LzEvMi1ES2ZCNE9paHg2MEMwTHVDaTBFWWl1VWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF2qMA0G
CSqGSIb3DQEBCwUAA4IBAQAj4aZrL4iT09MrSJYCX7WNE2AVHhbcZEhhczUoPS31
7cVWi7xJ3ibPtXIu5DGXE2uYU9nfsDBBMUTp7pH329hXDBbs6aXBw680rdeThf7U
N3FMYezsOQkef0MXtmpqRo9NUrciKXbU2UYnClGGXDTHdfG51fUJqR6UDz7/+50B
6XiNYCOJep7Tq3EYlnEktDya4WJgNU1WowAUhBTn/Daty6IaGqSG5fdAo0XxmA5S
1SDemDpOiCX8kmNngzHN2jQ4WUZIFZpf5T+iuxeFrD2j46xSrDNGETzPejRa7x3n
tX6iKpSchW06I1N4Y6QCiMkVpd6cwne6Ajfczry71pZb
-----END CERTIFICATE-----