Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/Srd8y1uDTsRNNh5zxuhGC_3_ynA.roa
File:                     Srd8y1uDTsRNNh5zxuhGC_3_ynA.roa (raw, json)
Hash identifier:          RJvVVf3BXtar1QBf5Qs0uslArz8hoyrD19vpCenWfYQ=
Subject key identifier:   4A:B7:7C:CB:5B:83:4E:C4:4D:36:1E:73:C6:E8:46:0B:FD:FF:CA:70
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0194B216328845CE8D371B02D1FD082A9D64
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/Srd8y1uDTsRNNh5zxuhGC_3_ynA.roa
Signing time:             Wed 29 Jan 2025 12:43:06 +0000
ROA not before:           Wed 29 Jan 2025 12:43:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213665
IP address blocks:        212.80.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b2:16:32:88:45:ce:8d:37:1b:02:d1:fd:08:2a:9d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan 29 12:43:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ab77ccb5b834ec44d361e73c6e8460bfdffca70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ea:d9:15:7b:c2:88:4d:6c:7f:7d:33:5e:a5:
                    54:63:bd:c3:13:44:cd:9a:be:71:b6:3e:94:6c:79:
                    5b:87:5b:5e:d7:4e:cf:bf:e6:5e:d3:e0:21:f7:98:
                    9f:fa:a7:f7:3d:6c:54:ac:31:3e:98:dd:35:01:2d:
                    03:fe:bf:5b:1c:e5:fe:03:18:e4:24:2c:95:02:f6:
                    8a:ae:c5:f7:f6:d7:43:90:02:fe:46:0f:98:e4:12:
                    bb:d4:15:da:a0:65:70:18:0e:25:70:55:fb:72:f1:
                    e6:52:9e:14:a7:66:34:75:23:ae:f6:75:b1:42:ac:
                    8a:a5:3b:ed:24:4f:ac:58:65:1e:5d:71:79:59:25:
                    b4:de:bd:10:5b:14:d4:88:b6:e2:61:3c:05:95:be:
                    e7:ee:06:f9:9e:a6:98:40:87:b4:bd:ef:14:53:bf:
                    94:c4:2e:13:60:7f:ff:eb:26:3d:01:c5:39:c5:7d:
                    00:dd:46:cd:d5:60:5e:d0:38:bd:2c:fa:5c:60:9e:
                    0d:f9:33:4e:7a:78:a3:20:b5:93:53:15:21:f6:8b:
                    60:cc:4a:31:d2:ab:a4:19:43:c5:ea:4c:98:35:f6:
                    9c:c1:84:95:bb:af:64:e4:d5:4f:78:42:fd:df:be:
                    7c:cc:cd:21:ec:bb:68:e0:d9:a6:af:c1:d6:d0:11:
                    22:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:B7:7C:CB:5B:83:4E:C4:4D:36:1E:73:C6:E8:46:0B:FD:FF:CA:70
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/Srd8y1uDTsRNNh5zxuhGC_3_ynA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:b5:f7:ac:e7:5d:12:36:ac:15:81:60:4c:b8:35:ab:21:bb:
         fc:9b:2a:7a:0b:e2:33:92:f9:e2:4a:7f:29:7d:a2:b5:f1:0c:
         23:d3:ae:62:7f:a3:80:8a:33:97:d9:9e:39:80:f5:6c:d3:01:
         92:68:a7:0d:77:03:5f:64:01:66:d3:d4:8d:f3:53:cf:8c:c5:
         72:64:56:6a:b4:3d:fe:d0:84:00:f9:bb:b3:97:08:97:21:52:
         65:31:76:2d:11:6d:38:0d:c9:15:84:90:fb:b3:2e:b2:19:be:
         94:0e:1e:68:7c:33:7f:a1:6b:5c:31:cd:06:8c:ef:21:d7:2b:
         66:da:51:07:c7:42:8f:df:8b:31:18:87:a7:e8:e1:0a:41:29:
         5e:1f:a0:05:f4:c6:eb:96:d5:89:8a:4a:15:2d:bc:cc:dd:8b:
         da:21:a6:cc:22:59:a8:91:0a:a8:f6:03:3f:ff:5d:d1:a8:0e:
         c9:6e:e5:91:c1:03:6d:0d:68:9e:f0:c4:f0:fa:59:e4:bd:59:
         39:e5:6a:e7:15:87:7c:08:d2:c0:89:4f:cb:a8:8f:5e:92:01:
         05:fb:41:37:f9:a7:de:ae:83:b8:e2:dd:27:f1:11:76:6a:f0:
         e3:44:e1:43:33:9a:c6:e1:57:58:f7:b9:58:c4:5b:4c:99:67:
         f6:c2:4a:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSyFjKIRc6NNxsC0f0IKp1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwMTI5MTI0MzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWI3N2NjYjViODM0ZWM0NGQzNjFlNzNjNmU4NDYwYmZkZmZjYTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OrZFXvCiE1sf30zXqVUY73DE0TN
mr5xtj6UbHlbh1te107Pv+Ze0+Ah95if+qf3PWxUrDE+mN01AS0D/r9bHOX+Axjk
JCyVAvaKrsX39tdDkAL+Rg+Y5BK71BXaoGVwGA4lcFX7cvHmUp4Up2Y0dSOu9nWx
QqyKpTvtJE+sWGUeXXF5WSW03r0QWxTUiLbiYTwFlb7n7gb5nqaYQIe0ve8UU7+U
xC4TYH//6yY9AcU5xX0A3UbN1WBe0Di9LPpcYJ4N+TNOenijILWTUxUh9otgzEox
0qukGUPF6kyYNfacwYSVu69k5NVPeEL93758zM0h7Lto4Nmmr8HW0BEi5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEq3fMtbg07ETTYec8boRgv9/8pwMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvU3JkOHkxdURUc1JOTmg1enh1aEdDXzNfeW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FAYMA0G
CSqGSIb3DQEBCwUAA4IBAQBdtfes510SNqwVgWBMuDWrIbv8myp6C+IzkvniSn8p
faK18Qwj065if6OAijOX2Z45gPVs0wGSaKcNdwNfZAFm09SN81PPjMVyZFZqtD3+
0IQA+buzlwiXIVJlMXYtEW04DckVhJD7sy6yGb6UDh5ofDN/oWtcMc0GjO8h1ytm
2lEHx0KP34sxGIen6OEKQSleH6AF9MbrltWJikoVLbzM3YvaIabMIlmokQqo9gM/
/13RqA7JbuWRwQNtDWie8MTw+lnkvVk55WrnFYd8CNLAiU/LqI9ekgEF+0E3+afe
roO44t0n8RF2avDjROFDM5rG4VdY97lYxFtMmWf2wkoN
-----END CERTIFICATE-----