Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/Dlg1wwlQI4GWU4jsoTwAetJQuqE.roa
File:                     Dlg1wwlQI4GWU4jsoTwAetJQuqE.roa (raw, json)
Hash identifier:          BhaFGn/eBUADFiWvOdxfaouWkhh8/r/9CybNKL+Gs0Y=
Subject key identifier:   0E:58:35:C3:09:50:23:81:96:53:88:EC:A1:3C:00:7A:D2:50:BA:A1
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0191698051BE34551CDFCEA54F628CF455A2
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/Dlg1wwlQI4GWU4jsoTwAetJQuqE.roa
Signing time:             Mon 19 Aug 2024 07:18:22 +0000
ROA not before:           Mon 19 Aug 2024 07:18:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        80.71.237.0/24 maxlen: 24
                          80.71.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:69:80:51:be:34:55:1c:df:ce:a5:4f:62:8c:f4:55:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Aug 19 07:18:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e5835c309502381965388eca13c007ad250baa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cb:50:7c:9d:0b:82:28:c4:0c:9a:ab:cb:64:
                    88:80:99:48:85:37:26:65:81:5c:bd:ab:4e:1c:f1:
                    52:3b:ba:63:8d:9f:16:25:9c:6b:cd:b5:3d:c6:d4:
                    ce:13:ed:18:77:01:52:c2:58:87:da:53:54:bf:ef:
                    52:d8:38:60:39:8a:bd:e9:39:34:04:0f:05:35:4b:
                    b1:68:ce:a1:1b:be:b0:8d:5b:0b:b1:d4:4b:bd:9e:
                    12:f2:f3:a1:33:11:d0:a4:63:8d:6a:4a:aa:36:94:
                    72:5a:93:7f:41:61:11:92:c4:35:71:35:7c:96:73:
                    31:41:92:30:43:81:3a:8c:6c:a1:cb:da:0b:c0:32:
                    cf:b3:d7:ce:4a:77:88:8d:09:e7:ce:75:e3:a9:51:
                    e8:4a:7e:0b:ee:46:9e:76:50:23:08:73:ff:59:28:
                    f5:42:4a:f9:fa:ce:94:fb:d1:12:68:46:95:b1:8e:
                    db:17:c4:b2:95:37:d2:7f:a9:03:43:1a:da:91:b5:
                    e9:d7:f8:b1:cd:5d:e3:22:59:01:91:fa:f1:9e:39:
                    b5:c2:25:9b:22:3d:60:15:8d:aa:ac:f4:ba:45:ec:
                    6b:04:f6:03:44:d2:da:95:55:a6:71:8b:58:28:cf:
                    2f:85:86:aa:9b:ce:60:c4:4b:db:c7:ae:3f:f2:aa:
                    b5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:58:35:C3:09:50:23:81:96:53:88:EC:A1:3C:00:7A:D2:50:BA:A1
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/Dlg1wwlQI4GWU4jsoTwAetJQuqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.237.0/24
                  80.71.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:bb:db:c5:83:d8:b4:e6:bf:00:15:9c:9e:59:d0:1d:87:68:
         6e:80:18:68:22:7c:f6:76:02:88:6b:70:f3:fb:ad:d8:3f:06:
         08:68:0e:32:2b:d8:ae:0e:dc:5f:6b:ea:65:9f:6a:c3:de:53:
         20:e3:18:aa:dc:dd:10:0f:db:87:76:fb:5a:6b:d3:0d:b6:48:
         6b:39:25:52:68:bf:aa:5d:d2:af:0f:6e:64:45:76:bb:62:2d:
         c0:10:c7:6e:51:ce:da:be:4e:25:66:38:60:75:1c:26:ff:9a:
         9a:b3:59:81:76:c5:c0:82:70:74:17:53:8f:6a:a8:e9:81:15:
         56:70:60:62:1b:56:ad:0d:58:e7:e0:84:82:40:bf:07:9e:ed:
         b9:a2:9e:c1:0c:01:01:53:ad:7c:a6:ef:44:a3:d2:ae:ce:c3:
         32:b5:aa:4f:3e:bc:78:69:0b:dd:36:bf:7f:33:1d:e5:6c:35:
         2d:48:1b:cf:a8:a7:87:e2:71:57:98:52:36:c7:eb:6b:94:d3:
         9e:58:cd:a3:e5:64:ae:67:d8:0c:ba:dd:09:2d:f8:76:5c:57:
         d5:d0:d0:d3:34:f3:e7:ad:68:db:9d:ad:9a:7d:72:58:9e:d4:
         61:f9:4b:4c:7b:13:0f:a2:d5:d1:23:f6:44:63:a1:5c:15:b2:
         39:21:23:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFpgFG+NFUc386lT2KM9FWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwODE5MDcxODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTU4MzVjMzA5NTAyMzgxOTY1Mzg4ZWNhMTNjMDA3YWQyNTBiYWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMtQfJ0LgijEDJqry2SIgJlIhTcm
ZYFcvatOHPFSO7pjjZ8WJZxrzbU9xtTOE+0YdwFSwliH2lNUv+9S2DhgOYq96Tk0
BA8FNUuxaM6hG76wjVsLsdRLvZ4S8vOhMxHQpGONakqqNpRyWpN/QWERksQ1cTV8
lnMxQZIwQ4E6jGyhy9oLwDLPs9fOSneIjQnnznXjqVHoSn4L7kaedlAjCHP/WSj1
Qkr5+s6U+9ESaEaVsY7bF8SylTfSf6kDQxrakbXp1/ixzV3jIlkBkfrxnjm1wiWb
Ij1gFY2qrPS6RexrBPYDRNLalVWmcYtYKM8vhYaqm85gxEvbx64/8qq1wwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA5YNcMJUCOBllOI7KE8AHrSULqhMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvRGxnMXd3bFFJNEdXVTRqc29Ud0FldEpRdXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEftAwQA
UEfvMA0GCSqGSIb3DQEBCwUAA4IBAQAiu9vFg9i05r8AFZyeWdAdh2hugBhoInz2
dgKIa3Dz+63YPwYIaA4yK9iuDtxfa+pln2rD3lMg4xiq3N0QD9uHdvtaa9MNtkhr
OSVSaL+qXdKvD25kRXa7Yi3AEMduUc7avk4lZjhgdRwm/5qas1mBdsXAgnB0F1OP
aqjpgRVWcGBiG1atDVjn4ISCQL8Hnu25op7BDAEBU618pu9Eo9KuzsMytapPPrx4
aQvdNr9/Mx3lbDUtSBvPqKeH4nFXmFI2x+trlNOeWM2j5WSuZ9gMut0JLfh2XFfV
0NDTNPPnrWjbna2afXJYntRh+UtMexMPotXRI/ZEY6FcFbI5ISOe
-----END CERTIFICATE-----