Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/5P3mKL29f50qrvtxGQQfXzr32bE.roa
File:                     5P3mKL29f50qrvtxGQQfXzr32bE.roa (raw, json)
Hash identifier:          GDRogNEmhG6d2MaPKLX2IC8xlLG6AhaooNXub4REgOY=
Subject key identifier:   E4:FD:E6:28:BD:BD:7F:9D:2A:AE:FB:71:19:04:1F:5F:3A:F7:D9:B1
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BCA6BD774109C5B0953F36DF46D1C4
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/5P3mKL29f50qrvtxGQQfXzr32bE.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6905
IP address blocks:        145.30.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a6:bd:77:41:09:c5:b0:95:3f:36:df:46:d1:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4fde628bdbd7f9d2aaefb7119041f5f3af7d9b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:00:0f:81:10:46:d9:21:f8:9a:e2:31:0b:c6:
                    8f:99:cb:fe:9a:cf:e2:d1:b1:10:85:57:c2:ba:83:
                    f5:0b:c7:cb:75:29:f0:eb:16:41:03:6f:7f:52:47:
                    55:40:a5:8b:b8:9f:5e:a5:51:c5:ec:c6:77:f2:04:
                    2d:94:c5:cf:bd:3b:22:82:ea:ce:dd:8a:61:5d:86:
                    61:71:5c:47:f4:3d:8a:7e:14:55:ee:88:50:b9:0a:
                    52:b2:18:a4:a6:35:28:dd:ca:e8:37:6e:bd:4f:14:
                    e9:74:00:71:c8:63:ef:07:b3:e9:7c:da:8b:4b:cb:
                    4a:05:15:24:c8:68:35:aa:9e:ab:f1:be:83:37:75:
                    6d:31:c9:0b:97:19:ce:5a:10:f7:20:f5:14:b1:cf:
                    99:f2:f2:e0:e2:21:f2:99:f8:4a:0e:f4:6b:bc:88:
                    74:ca:79:5c:ad:24:7a:4d:e4:42:4c:c8:45:34:f1:
                    81:ee:38:25:a7:6f:ed:d4:47:f5:94:95:63:56:39:
                    22:98:9c:0a:2e:9f:a1:bb:53:f7:39:61:da:3a:29:
                    0a:13:f3:2f:0a:51:cb:ac:a1:56:5c:f6:26:e7:85:
                    ae:e3:17:47:81:4d:1c:f6:7a:43:80:37:1e:62:4e:
                    81:c5:a6:d3:fe:11:71:f5:f7:a1:8c:ec:3a:74:2d:
                    6e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:FD:E6:28:BD:BD:7F:9D:2A:AE:FB:71:19:04:1F:5F:3A:F7:D9:B1
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/5P3mKL29f50qrvtxGQQfXzr32bE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.30.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:a3:70:1c:4e:c7:9e:d9:8f:03:43:fd:1c:f3:4e:5f:66:25:
         ac:5a:6e:64:25:4f:9c:a8:e6:98:59:54:13:ae:29:c6:4d:cc:
         2b:21:8d:00:73:c2:c9:92:d9:56:1b:17:be:d6:7d:60:93:00:
         d1:0c:2c:24:22:46:fe:8f:1c:93:98:18:ec:48:7a:8b:da:c8:
         b7:00:74:8f:a9:85:7f:a5:ed:0c:bb:db:2a:c6:b6:a8:de:60:
         0b:ab:ee:5f:05:83:2a:c4:73:f8:70:3d:9c:1b:27:ae:b4:6b:
         a7:02:cc:fd:57:84:28:2f:59:e1:a9:c5:52:c6:a3:4e:40:3a:
         51:b2:34:52:e2:63:41:99:e9:ae:e0:c0:d0:5b:c9:de:24:3f:
         22:2b:b5:e2:8e:34:a5:d1:59:b1:25:09:89:44:f7:f3:7b:e1:
         85:2e:e5:c5:0b:4e:45:37:65:a9:59:2c:80:f5:02:d6:65:bb:
         f7:8e:65:65:ff:7c:f1:ea:81:43:b1:bd:c9:a4:54:f2:88:e2:
         b7:ce:12:f2:88:94:79:da:27:58:6c:73:09:b4:bf:dc:75:b3:
         c6:e9:38:9f:bf:61:3e:88:2a:34:c3:ba:9e:1c:9b:49:9c:6a:
         c5:84:f6:e5:d5:4b:11:c1:eb:e5:1b:af:5e:a8:f0:41:91:89:
         fd:8a:1d:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKa9d0EJxbCVPzbfRtHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGZkZTYyOGJkYmQ3ZjlkMmFhZWZiNzExOTA0MWY1ZjNhZjdkOWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAAPgRBG2SH4muIxC8aPmcv+ms/i
0bEQhVfCuoP1C8fLdSnw6xZBA29/UkdVQKWLuJ9epVHF7MZ38gQtlMXPvTsigurO
3YphXYZhcVxH9D2KfhRV7ohQuQpSshikpjUo3croN269TxTpdABxyGPvB7PpfNqL
S8tKBRUkyGg1qp6r8b6DN3VtMckLlxnOWhD3IPUUsc+Z8vLg4iHymfhKDvRrvIh0
ynlcrSR6TeRCTMhFNPGB7jglp2/t1Ef1lJVjVjkimJwKLp+hu1P3OWHaOikKE/Mv
ClHLrKFWXPYm54Wu4xdHgU0c9npDgDceYk6BxabT/hFx9fehjOw6dC1ukwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOT95ii9vX+dKq77cRkEH18699mxMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvNVAzbUtMMjlmNTBxcnZ0eEdRUWZYenIzMmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkR58MA0G
CSqGSIb3DQEBCwUAA4IBAQCto3AcTsee2Y8DQ/0c805fZiWsWm5kJU+cqOaYWVQT
rinGTcwrIY0Ac8LJktlWGxe+1n1gkwDRDCwkIkb+jxyTmBjsSHqL2si3AHSPqYV/
pe0Mu9sqxrao3mALq+5fBYMqxHP4cD2cGyeutGunAsz9V4QoL1nhqcVSxqNOQDpR
sjRS4mNBmemu4MDQW8neJD8iK7XijjSl0VmxJQmJRPfze+GFLuXFC05FN2WpWSyA
9QLWZbv3jmVl/3zx6oFDsb3JpFTyiOK3zhLyiJR52idYbHMJtL/cdbPG6Tifv2E+
iCo0w7qeHJtJnGrFhPbl1UsRwevlG69eqPBBkYn9ih3T
-----END CERTIFICATE-----