Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/5rqBzJIpRo5cPDGFcsErAcqKSpQ.roa
File:                     5rqBzJIpRo5cPDGFcsErAcqKSpQ.roa (raw, json)
Hash identifier:          zxUa/sHXaTmymGKJChSZzWhfRwdQS4375t+Zf/Qhiyk=
Subject key identifier:   E6:BA:81:CC:92:29:46:8E:5C:3C:31:85:72:C1:2B:01:CA:8A:4A:94
Certificate issuer:       /CN=13e281475b7bf8d0fa1f669d5ad2de1635e8c04f
Certificate serial:       018CC500FDE10E1E9B6A16E1909E5F74B8A0
Authority key identifier: 13:E2:81:47:5B:7B:F8:D0:FA:1F:66:9D:5A:D2:DE:16:35:E8:C0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/5rqBzJIpRo5cPDGFcsErAcqKSpQ.roa
Signing time:             Mon 01 Jan 2024 12:30:25 +0000
ROA not before:           Mon 01 Jan 2024 12:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        45.80.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:fd:e1:0e:1e:9b:6a:16:e1:90:9e:5f:74:b8:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13e281475b7bf8d0fa1f669d5ad2de1635e8c04f
        Validity
            Not Before: Jan  1 12:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6ba81cc9229468e5c3c318572c12b01ca8a4a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:94:7c:7e:7a:d8:a0:a6:c9:ce:08:a5:61:ec:
                    70:dd:00:da:43:c6:3c:4d:ca:70:bd:5a:0e:c4:5b:
                    fc:1c:df:50:70:e9:90:7e:b2:e8:c2:14:68:96:c8:
                    1a:71:c0:94:ca:01:68:29:aa:d7:a8:2f:9e:4b:35:
                    d0:b4:9c:ad:5a:ff:23:10:38:ac:d0:00:2b:7e:e1:
                    08:f1:cc:7e:ad:41:d0:90:f5:03:08:6e:e3:17:2c:
                    75:84:03:33:2c:24:a8:2b:64:b0:c2:55:2d:bd:ac:
                    4a:57:37:79:2b:b4:61:91:5f:d9:ba:34:1e:95:75:
                    14:ce:51:62:70:71:01:1e:e6:58:9a:04:cc:df:d3:
                    dc:c8:9d:e1:ff:39:ca:52:0a:c8:81:6b:ee:77:9b:
                    02:00:ed:3c:7f:a7:bb:4a:39:3f:ac:8d:bc:c2:de:
                    a3:26:50:cb:a3:bf:cf:5f:18:6a:98:c9:59:48:90:
                    6a:2e:48:41:21:e0:05:a2:16:56:9c:77:35:e1:d7:
                    ed:2c:8d:44:e5:6d:57:ae:48:22:48:9b:c9:15:69:
                    fb:47:12:d8:f1:27:56:ec:cd:d8:1a:b4:77:36:ab:
                    c7:68:90:d5:2a:62:22:48:a3:bb:11:61:3f:4d:4b:
                    8e:c5:14:99:6b:c9:0a:bb:f1:a3:9f:8c:2f:e5:bc:
                    95:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:BA:81:CC:92:29:46:8E:5C:3C:31:85:72:C1:2B:01:CA:8A:4A:94
            X509v3 Authority Key Identifier:
                keyid:13:E2:81:47:5B:7B:F8:D0:FA:1F:66:9D:5A:D2:DE:16:35:E8:C0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/5rqBzJIpRo5cPDGFcsErAcqKSpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:65:bd:2a:65:7c:e0:a4:af:fc:91:46:5c:2a:b5:32:cc:2c:
         f9:f3:74:48:40:82:cd:b2:b2:17:5d:3b:4e:e2:40:02:54:28:
         c1:e1:43:f6:2b:82:16:cb:5a:dc:4e:a4:03:c0:45:cf:80:4c:
         c4:8c:d6:4a:ad:00:29:08:73:ff:41:e8:79:90:b9:82:52:14:
         aa:56:30:37:e0:8b:48:ad:49:35:5c:b5:36:37:58:d7:07:bb:
         f7:b4:f2:a2:a7:20:52:3a:74:7f:72:bf:ae:76:53:a7:74:23:
         26:a9:5b:66:7a:ca:82:37:94:fe:21:1d:48:aa:1e:7b:c4:55:
         62:d6:91:87:b4:8e:ab:f7:f4:76:19:e4:84:37:e6:2a:18:f0:
         53:c8:cb:53:4f:82:cf:35:99:34:69:99:27:29:3e:60:46:29:
         3d:ea:80:bf:43:e6:89:a7:91:a7:66:c5:ec:2c:5f:a2:86:d8:
         d0:1e:42:b9:27:c8:c2:af:88:d8:04:cf:0e:c5:76:93:9c:cb:
         5c:72:fc:69:f7:06:4a:5e:9f:f0:6b:df:43:e8:83:91:9f:e7:
         7d:f1:73:f1:c8:1f:8d:4e:a6:66:79:13:a3:09:09:a1:a5:5c:
         86:c3:50:02:85:59:22:ee:be:2f:64:e9:0e:a9:b6:22:b0:0d:
         f2:16:c6:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAP3hDh6bahbhkJ5fdLigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZTI4MTQ3NWI3YmY4ZDBmYTFmNjY5ZDVhZDJkZTE2MzVl
OGMwNGYwHhcNMjQwMTAxMTIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmJhODFjYzkyMjk0NjhlNWMzYzMxODU3MmMxMmIwMWNhOGE0YTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5R8fnrYoKbJzgilYexw3QDaQ8Y8
TcpwvVoOxFv8HN9QcOmQfrLowhRolsgaccCUygFoKarXqC+eSzXQtJytWv8jEDis
0AArfuEI8cx+rUHQkPUDCG7jFyx1hAMzLCSoK2SwwlUtvaxKVzd5K7RhkV/ZujQe
lXUUzlFicHEBHuZYmgTM39PcyJ3h/znKUgrIgWvud5sCAO08f6e7Sjk/rI28wt6j
JlDLo7/PXxhqmMlZSJBqLkhBIeAFohZWnHc14dftLI1E5W1XrkgiSJvJFWn7RxLY
8SdW7M3YGrR3NqvHaJDVKmIiSKO7EWE/TUuOxRSZa8kKu/Gjn4wv5byV5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOa6gcySKUaOXDwxhXLBKwHKikqUMB8GA1UdIwQY
MBaAFBPigUdbe/jQ+h9mnVrS3hY16MBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1LQlIxdDctTkQ2SDJhZFd0TGVGalhvd0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8wNWI1ZDgtNDU0MS00OGE5LThjMGEt
NDRmZDA0MzkzZTJiLzEvNXJxQnpKSXBSbzVjUERHRmNzRXJBY3FLU3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8wNWI1ZDgtNDU0MS00OGE5LThjMGEtNDRmZDA0MzkzZTJi
LzEvRS1LQlIxdDctTkQ2SDJhZFd0TGVGalhvd0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVAwMA0G
CSqGSIb3DQEBCwUAA4IBAQCJZb0qZXzgpK/8kUZcKrUyzCz583RIQILNsrIXXTtO
4kACVCjB4UP2K4IWy1rcTqQDwEXPgEzEjNZKrQApCHP/Qeh5kLmCUhSqVjA34ItI
rUk1XLU2N1jXB7v3tPKipyBSOnR/cr+udlOndCMmqVtmesqCN5T+IR1Iqh57xFVi
1pGHtI6r9/R2GeSEN+YqGPBTyMtTT4LPNZk0aZknKT5gRik96oC/Q+aJp5GnZsXs
LF+ihtjQHkK5J8jCr4jYBM8OxXaTnMtccvxp9wZKXp/wa99D6IORn+d98XPxyB+N
TqZmeROjCQmhpVyGw1AChVki7r4vZOkOqbYisA3yFsbm
-----END CERTIFICATE-----