Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/gKXToOCXWGhDYi3ZHv8ThkFEZ2Q.roa
File:                     gKXToOCXWGhDYi3ZHv8ThkFEZ2Q.roa (raw, json)
Hash identifier:          Vj4UEf6oL2ec4eCk5J0yzfYd0dusFxPLMFxF7Ovyi+I=
Subject key identifier:   80:A5:D3:A0:E0:97:58:68:43:62:2D:D9:1E:FF:13:86:41:44:67:64
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018CC794C9C4F5924BD94F3F3687D2A27E0D
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/gKXToOCXWGhDYi3ZHv8ThkFEZ2Q.roa
Signing time:             Tue 02 Jan 2024 00:31:06 +0000
ROA not before:           Tue 02 Jan 2024 00:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6461
IP address blocks:        104.249.56.0/22 maxlen: 22
                          45.43.132.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:c9:c4:f5:92:4b:d9:4f:3f:36:87:d2:a2:7e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 00:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80a5d3a0e097586843622dd91eff138641446764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:42:cc:7b:c9:a5:e9:94:cb:b9:84:b4:f1:81:
                    75:8d:40:36:81:18:91:a3:dc:4e:ff:d3:15:66:03:
                    9b:9e:e0:68:aa:c0:0e:bd:b0:9e:5b:3d:22:6a:87:
                    95:4a:59:96:e7:37:45:e5:90:c7:38:98:54:29:21:
                    b7:d5:f9:02:d9:8c:4d:eb:b7:46:b3:25:50:42:f3:
                    48:d1:4b:30:16:ec:e1:1d:06:cb:7d:97:f2:0c:b0:
                    19:a2:7c:16:9c:e3:2f:e1:c6:86:f6:9e:c7:f3:da:
                    25:eb:07:58:8b:4f:bf:ba:e7:3e:c5:70:8f:9a:cd:
                    1d:a3:05:66:d1:11:3e:6a:19:5b:01:7a:6c:16:7f:
                    d0:c6:ad:90:d0:48:9a:98:de:e3:0e:76:97:ed:7d:
                    37:e8:a9:62:86:3a:dd:5f:4b:7e:a0:e4:78:de:2a:
                    85:08:a3:7e:50:99:a6:2e:25:e2:ae:83:2d:bc:71:
                    c4:29:4c:c3:eb:1a:28:e6:ba:d1:4e:d3:68:5c:b4:
                    76:ed:06:bf:b6:30:60:99:ed:eb:be:f9:e3:cb:22:
                    b8:3a:16:ea:a1:61:54:d1:db:f1:d6:6c:04:7e:2a:
                    38:89:17:c9:89:1c:2c:fe:c4:3b:70:71:28:11:80:
                    85:da:2e:a1:07:16:0e:52:c9:3a:4a:81:9d:36:4c:
                    2f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:A5:D3:A0:E0:97:58:68:43:62:2D:D9:1E:FF:13:86:41:44:67:64
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/gKXToOCXWGhDYi3ZHv8ThkFEZ2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.132.0/22
                  104.249.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:a4:64:68:16:da:f4:84:e4:38:91:79:de:a4:3e:22:aa:c2:
         2a:ea:07:3d:ae:b9:88:49:6c:76:39:c0:d3:4d:e9:e8:55:04:
         ae:e9:6e:09:e2:78:d7:9a:33:e8:16:dd:d6:fc:e2:a7:f6:f7:
         23:28:c9:0f:0e:08:8e:bc:0e:25:61:89:28:ca:74:6a:d4:3f:
         bd:ce:11:08:f7:a1:8d:de:59:66:88:9c:07:35:da:c9:80:f5:
         8e:f6:a8:de:c3:fa:7d:51:7d:6b:06:e2:17:31:36:63:eb:ff:
         12:96:81:2b:80:9c:42:7d:d3:1e:64:c3:84:b6:7b:82:dc:42:
         21:ef:38:fd:d9:11:ca:89:5f:62:ac:c3:94:1d:1b:29:e4:91:
         b2:74:3e:a6:92:42:90:8f:57:4e:2b:c8:1d:ec:fe:2a:f2:44:
         0b:10:97:f8:2d:b7:d5:0e:43:21:19:b5:6d:a6:73:08:35:f0:
         d2:92:db:e2:c1:44:8a:37:f9:8a:b7:0d:c6:3a:a5:66:23:28:
         a1:22:5b:4b:f2:c9:ed:35:f9:02:e2:ad:5a:ef:bc:81:bd:5e:
         9c:7c:e4:70:41:0a:00:3b:46:cd:d9:f4:1b:64:c9:ea:0c:e7:
         9e:2c:cd:08:cb:7e:25:1f:6b:a7:70:b9:93:f2:0e:ca:2e:7d:
         c0:df:2a:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlMnE9ZJL2U8/NofSon4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwMTAyMDAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGE1ZDNhMGUwOTc1ODY4NDM2MjJkZDkxZWZmMTM4NjQxNDQ2NzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgULMe8ml6ZTLuYS08YF1jUA2gRiR
o9xO/9MVZgObnuBoqsAOvbCeWz0iaoeVSlmW5zdF5ZDHOJhUKSG31fkC2YxN67dG
syVQQvNI0UswFuzhHQbLfZfyDLAZonwWnOMv4caG9p7H89ol6wdYi0+/uuc+xXCP
ms0dowVm0RE+ahlbAXpsFn/Qxq2Q0EiamN7jDnaX7X036KlihjrdX0t+oOR43iqF
CKN+UJmmLiXiroMtvHHEKUzD6xoo5rrRTtNoXLR27Qa/tjBgme3rvvnjyyK4Ohbq
oWFU0dvx1mwEfio4iRfJiRws/sQ7cHEoEYCF2i6hBxYOUsk6SoGdNkwvLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFICl06Dgl1hoQ2It2R7/E4ZBRGdkMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvZ0tYVG9PQ1hXR2hEWWkzWkh2OFRoa0ZFWjJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLSuEAwQC
aPk4MA0GCSqGSIb3DQEBCwUAA4IBAQBrpGRoFtr0hOQ4kXnepD4iqsIq6gc9rrmI
SWx2OcDTTenoVQSu6W4J4njXmjPoFt3W/OKn9vcjKMkPDgiOvA4lYYkoynRq1D+9
zhEI96GN3llmiJwHNdrJgPWO9qjew/p9UX1rBuIXMTZj6/8SloErgJxCfdMeZMOE
tnuC3EIh7zj92RHKiV9irMOUHRsp5JGydD6mkkKQj1dOK8gd7P4q8kQLEJf4LbfV
DkMhGbVtpnMINfDSktviwUSKN/mKtw3GOqVmIyihIltL8sntNfkC4q1a77yBvV6c
fORwQQoAO0bN2fQbZMnqDOeeLM0Iy34lH2uncLmT8g7KLn3A3yof
-----END CERTIFICATE-----