Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/5XvwNjKkTW4R5dUHAdjDeBB-HdM.roa
File:                     5XvwNjKkTW4R5dUHAdjDeBB-HdM.roa (raw, json)
Hash identifier:          nANU17Vrmt0dljIHFCFYl4/voRlTQLrNLZPakIq330c=
Subject key identifier:   E5:7B:F0:36:32:A4:4D:6E:11:E5:D5:07:01:D8:C3:78:10:7E:1D:D3
Certificate issuer:       /CN=d020f10832c49bad6f15a96058c5ba18572ac52a
Certificate serial:       018CC64B16D5FE0A0BAA1FA50AEA3CECCF78
Authority key identifier: D0:20:F1:08:32:C4:9B:AD:6F:15:A9:60:58:C5:BA:18:57:2A:C5:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0CDxCDLEm61vFalgWMW6GFcqxSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/5XvwNjKkTW4R5dUHAdjDeBB-HdM.roa
Signing time:             Mon 01 Jan 2024 18:30:58 +0000
ROA not before:           Mon 01 Jan 2024 18:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21364
IP address blocks:        80.245.0.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/0CDxCDLEm61vFalgWMW6GFcqxSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/0CDxCDLEm61vFalgWMW6GFcqxSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0CDxCDLEm61vFalgWMW6GFcqxSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:16:d5:fe:0a:0b:aa:1f:a5:0a:ea:3c:ec:cf:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d020f10832c49bad6f15a96058c5ba18572ac52a
        Validity
            Not Before: Jan  1 18:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e57bf03632a44d6e11e5d50701d8c378107e1dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:62:6f:e4:50:27:e5:66:34:d8:02:81:97:d7:
                    36:0c:63:a7:70:46:34:5b:e3:e7:5f:f9:de:50:73:
                    c3:f6:ae:71:81:9d:64:8a:b1:f1:21:8a:57:7a:bc:
                    c3:1e:01:89:fe:c2:53:fa:f0:30:1f:c9:0a:f0:ef:
                    41:89:54:7e:96:d7:fe:35:1c:56:9e:dc:69:f0:0f:
                    4a:a0:63:88:73:ed:aa:99:44:98:5f:41:9c:c0:6f:
                    41:17:8b:2a:06:9b:aa:c6:c3:cd:42:1b:45:59:a3:
                    4f:7b:2f:12:34:67:44:72:6b:e0:79:30:d1:6f:ef:
                    3c:2e:80:7e:d8:77:49:74:c1:78:19:03:6e:2e:f8:
                    88:75:e7:86:de:eb:a9:d4:23:ea:8e:48:b9:75:3b:
                    ca:8f:d9:2b:0d:9c:9e:28:aa:95:83:dd:d0:bc:93:
                    39:00:e7:df:92:0f:43:df:b5:1f:bf:26:96:0a:fb:
                    0b:0d:57:30:3c:74:9f:be:16:65:a8:3c:03:9f:cf:
                    2c:d2:a0:0e:cf:fd:f4:68:6a:30:a6:d9:5c:2f:c6:
                    05:45:5c:54:8c:bd:59:a7:8d:4a:df:c0:e5:72:5f:
                    c5:19:12:42:7b:07:25:b0:8c:e8:d4:b2:34:cb:44:
                    bf:2e:3f:b0:d3:4d:33:16:88:a3:ad:11:b6:1e:3f:
                    75:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7B:F0:36:32:A4:4D:6E:11:E5:D5:07:01:D8:C3:78:10:7E:1D:D3
            X509v3 Authority Key Identifier:
                keyid:D0:20:F1:08:32:C4:9B:AD:6F:15:A9:60:58:C5:BA:18:57:2A:C5:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0CDxCDLEm61vFalgWMW6GFcqxSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/5XvwNjKkTW4R5dUHAdjDeBB-HdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/0CDxCDLEm61vFalgWMW6GFcqxSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         69:89:08:a6:4d:b0:bb:a7:fa:7f:a9:a4:2d:5e:eb:20:1a:b3:
         ee:82:8f:f4:e6:7c:c7:81:1a:db:8a:c7:50:b8:e4:57:a2:51:
         a3:ae:b5:75:7b:03:9a:f6:b1:94:6d:06:45:ac:a6:e6:16:f1:
         8f:89:2f:ae:2e:b1:76:6c:23:ca:8d:51:3d:aa:0c:4b:6f:8e:
         c9:34:e5:1a:65:de:1c:f8:a2:80:5f:ab:aa:eb:e6:2c:18:a9:
         0d:fe:2d:3b:25:1a:d2:08:60:64:3b:1b:61:1b:6b:54:c4:a3:
         53:b7:49:9a:e0:cc:8d:7a:91:4b:d0:69:95:d3:7f:60:f6:95:
         10:49:87:ad:22:fe:c3:bc:70:e3:a5:eb:62:cb:6d:5c:4e:f9:
         44:1e:9e:5c:b6:94:0c:4c:f1:39:32:f2:14:45:41:1c:92:10:
         32:49:5c:e7:82:85:0c:6e:c2:3a:f3:0f:ba:69:f2:56:43:11:
         da:3f:f8:00:3a:02:dd:f5:70:08:9b:2a:1a:d6:7b:01:38:a2:
         8a:0f:27:04:c7:ae:62:0e:d3:93:a3:9d:0e:b7:3f:60:7d:a9:
         5c:df:39:df:d8:38:c7:80:cc:16:a2:d2:a4:97:38:22:53:56:
         3e:17:c6:f1:03:48:d8:2e:b5:5b:69:e5:71:3a:33:14:ed:f4:
         54:b3:95:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxbV/goLqh+lCuo87M94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjBmMTA4MzJjNDliYWQ2ZjE1YTk2MDU4YzViYTE4NTcy
YWM1MmEwHhcNMjQwMTAxMTgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTdiZjAzNjMyYTQ0ZDZlMTFlNWQ1MDcwMWQ4YzM3ODEwN2UxZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmJv5FAn5WY02AKBl9c2DGOncEY0
W+PnX/neUHPD9q5xgZ1kirHxIYpXerzDHgGJ/sJT+vAwH8kK8O9BiVR+ltf+NRxW
ntxp8A9KoGOIc+2qmUSYX0GcwG9BF4sqBpuqxsPNQhtFWaNPey8SNGdEcmvgeTDR
b+88LoB+2HdJdMF4GQNuLviIdeeG3uup1CPqjki5dTvKj9krDZyeKKqVg93QvJM5
AOffkg9D37UfvyaWCvsLDVcwPHSfvhZlqDwDn88s0qAOz/30aGowptlcL8YFRVxU
jL1Zp41K38Dlcl/FGRJCewclsIzo1LI0y0S/Lj+w000zFoijrRG2Hj91LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOV78DYypE1uEeXVBwHYw3gQfh3TMB8GA1UdIwQY
MBaAFNAg8QgyxJutbxWpYFjFuhhXKsUqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENEeENETEVtNjF2RmFsZ1dNVzZHRmNxeFNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8yYzExYzEtNDI1MC00Mzg3LWE0ZGIt
MjcwMWQ1OTFkZWFlLzEvNVh2d05qS2tUVzRSNWRVSEFkakRlQkItSGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8yYzExYzEtNDI1MC00Mzg3LWE0ZGItMjcwMWQ1OTFkZWFl
LzEvMENEeENETEVtNjF2RmFsZ1dNVzZHRmNxeFNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPUAMA0G
CSqGSIb3DQEBCwUAA4IBAQBpiQimTbC7p/p/qaQtXusgGrPugo/05nzHgRrbisdQ
uORXolGjrrV1ewOa9rGUbQZFrKbmFvGPiS+uLrF2bCPKjVE9qgxLb47JNOUaZd4c
+KKAX6uq6+YsGKkN/i07JRrSCGBkOxthG2tUxKNTt0ma4MyNepFL0GmV039g9pUQ
SYetIv7DvHDjpetiy21cTvlEHp5ctpQMTPE5MvIURUEckhAySVzngoUMbsI68w+6
afJWQxHaP/gAOgLd9XAImyoa1nsBOKKKDycEx65iDtOTo50Otz9gfalc3znf2DjH
gMwWotKklzgiU1Y+F8bxA0jYLrVbaeVxOjMU7fRUs5Wn
-----END CERTIFICATE-----