Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/G5aSz4shLC5EKgp2SbNK-UcpZls.roa
File:                     G5aSz4shLC5EKgp2SbNK-UcpZls.roa (raw, json)
Hash identifier:          ao0JJHFk2t7w93DBJFTmDX4+D2u79wITuPAaWZsRu74=
Subject key identifier:   1B:96:92:CF:8B:21:2C:2E:44:2A:0A:76:49:B3:4A:F9:47:29:66:5B
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       019421B1B0F46D7F1ED7D7EB1F7CF3048695
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/G5aSz4shLC5EKgp2SbNK-UcpZls.roa
Signing time:             Wed 01 Jan 2025 11:48:00 +0000
ROA not before:           Wed 01 Jan 2025 11:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213296
IP address blocks:        45.80.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b0:f4:6d:7f:1e:d7:d7:eb:1f:7c:f3:04:86:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  1 11:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b9692cf8b212c2e442a0a7649b34af94729665b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:07:48:cd:f4:31:17:b4:6b:21:0e:58:c3:4c:
                    df:0c:87:95:c1:a0:d2:4b:43:93:0b:34:b8:65:11:
                    8d:ec:60:aa:9e:6c:28:f7:0f:0e:b8:a0:64:64:0f:
                    bf:0c:91:19:0f:69:63:2a:31:8a:08:69:09:b2:cc:
                    10:34:33:64:6e:b7:ad:ea:e2:36:bb:cb:ef:00:c3:
                    a7:8f:d1:28:c5:d0:1c:d6:8e:0f:42:18:79:1e:78:
                    56:dd:4d:b1:bc:0a:d4:d0:f7:01:3b:87:f8:c0:78:
                    f0:91:ad:bf:06:3e:ef:ec:87:2c:34:8f:a7:e8:be:
                    9e:12:38:ec:83:51:b3:2a:7a:75:e0:6f:65:ce:e6:
                    86:6c:87:07:86:cc:4f:57:49:b3:21:c1:4f:3d:13:
                    dc:2c:a2:81:3a:38:84:89:82:d8:9f:c2:6b:51:e7:
                    c7:23:44:af:e9:73:cc:f1:59:14:cd:82:80:97:ef:
                    82:8f:05:b4:23:27:af:e1:26:0e:e4:7a:9e:82:b2:
                    3f:f4:54:5a:86:6d:b5:1c:e9:07:16:92:33:11:b1:
                    34:37:64:f4:6c:43:4d:02:23:ac:d3:1a:f4:e1:2b:
                    8f:df:e7:5a:60:59:e9:01:75:b1:7b:90:59:ad:2f:
                    dd:56:97:ef:86:b5:fb:e5:07:71:b2:fc:00:4c:40:
                    27:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:96:92:CF:8B:21:2C:2E:44:2A:0A:76:49:B3:4A:F9:47:29:66:5B
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/G5aSz4shLC5EKgp2SbNK-UcpZls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:da:b8:c5:93:b6:45:7c:1e:28:d8:ea:8e:f4:d3:34:b9:c8:
         21:c1:16:a7:4a:44:11:82:e1:08:67:b7:a7:c7:09:0d:17:e8:
         ff:45:3e:95:bf:e8:4d:c9:0f:08:01:04:73:b0:81:a1:96:82:
         ca:73:fe:f5:e8:22:27:40:c8:ff:4e:12:a5:74:e9:22:18:80:
         1b:03:85:2d:43:2c:30:2e:7e:86:82:9c:63:5f:36:0b:f6:8b:
         40:43:bb:f2:d5:7e:b3:ae:92:80:1c:c9:6f:8e:67:12:ad:48:
         4f:2f:64:c4:04:54:42:3d:28:ac:11:1a:93:b5:e5:37:a7:13:
         42:c0:35:6c:44:02:79:91:3d:0d:be:fe:c8:1d:22:78:e0:ac:
         1b:4f:a3:81:f9:99:81:2c:56:64:91:48:d7:72:2f:a4:27:d2:
         ac:15:95:69:89:86:8f:78:de:f9:59:1b:23:7a:12:f0:07:d1:
         e0:91:27:8d:1f:04:13:0d:e5:b8:15:5f:af:fa:44:f6:af:c1:
         c1:12:22:70:5d:9b:61:82:e1:ba:5c:6a:06:1b:04:7b:1b:97:
         6d:c9:2b:d4:13:26:0d:46:c3:44:34:42:05:56:e1:8d:ee:9f:
         9e:5b:85:63:1a:12:03:4e:c8:35:42:aa:ec:d3:1e:4a:c5:da:
         84:88:44:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbD0bX8e19frH3zzBIaVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjUwMTAxMTE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjk2OTJjZjhiMjEyYzJlNDQyYTBhNzY0OWIzNGFmOTQ3Mjk2NjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAdIzfQxF7RrIQ5Yw0zfDIeVwaDS
S0OTCzS4ZRGN7GCqnmwo9w8OuKBkZA+/DJEZD2ljKjGKCGkJsswQNDNkbret6uI2
u8vvAMOnj9EoxdAc1o4PQhh5HnhW3U2xvArU0PcBO4f4wHjwka2/Bj7v7IcsNI+n
6L6eEjjsg1GzKnp14G9lzuaGbIcHhsxPV0mzIcFPPRPcLKKBOjiEiYLYn8JrUefH
I0Sv6XPM8VkUzYKAl++CjwW0Iyev4SYO5HqegrI/9FRahm21HOkHFpIzEbE0N2T0
bENNAiOs0xr04SuP3+daYFnpAXWxe5BZrS/dVpfvhrX75QdxsvwATEAnYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuWks+LISwuRCoKdkmzSvlHKWZbMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvRzVhU3o0c2hMQzVFS2dwMlNiTkstVWNwWmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVDkMA0G
CSqGSIb3DQEBCwUAA4IBAQB/2rjFk7ZFfB4o2OqO9NM0ucghwRanSkQRguEIZ7en
xwkNF+j/RT6Vv+hNyQ8IAQRzsIGhloLKc/716CInQMj/ThKldOkiGIAbA4UtQyww
Ln6GgpxjXzYL9otAQ7vy1X6zrpKAHMlvjmcSrUhPL2TEBFRCPSisERqTteU3pxNC
wDVsRAJ5kT0Nvv7IHSJ44KwbT6OB+ZmBLFZkkUjXci+kJ9KsFZVpiYaPeN75WRsj
ehLwB9HgkSeNHwQTDeW4FV+v+kT2r8HBEiJwXZthguG6XGoGGwR7G5dtySvUEyYN
RsNENEIFVuGN7p+eW4VjGhIDTsg1Qqrs0x5KxdqEiESB
-----END CERTIFICATE-----