Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/MpASwdWDMjWaB21dT3K3sLgwB5Y.roa
File:                     MpASwdWDMjWaB21dT3K3sLgwB5Y.roa (raw, json)
Hash identifier:          qWQr/a1kR8hooDKQfxYLiHJvLn9j2c/yNXcapTum6Vw=
Subject key identifier:   32:90:12:C1:D5:83:32:35:9A:07:6D:5D:4F:72:B7:B0:B8:30:07:96
Certificate issuer:       /CN=4568d0a7204560b6356d837bbf1510d9636df63a
Certificate serial:       019011C83F34017766D32188021DBC7F3F4C
Authority key identifier: 45:68:D0:A7:20:45:60:B6:35:6D:83:7B:BF:15:10:D9:63:6D:F6:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/MpASwdWDMjWaB21dT3K3sLgwB5Y.roa
Signing time:             Thu 13 Jun 2024 13:27:34 +0000
ROA not before:           Thu 13 Jun 2024 13:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        80.245.208.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:c8:3f:34:01:77:66:d3:21:88:02:1d:bc:7f:3f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4568d0a7204560b6356d837bbf1510d9636df63a
        Validity
            Not Before: Jun 13 13:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=329012c1d58332359a076d5d4f72b7b0b8300796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:c7:de:35:aa:50:b5:06:66:a8:c4:81:a7:5a:
                    d8:87:ab:7f:3d:86:81:8a:33:ef:48:e5:51:73:07:
                    7b:d2:a1:86:3f:ab:94:e9:12:31:89:25:2f:d8:bd:
                    f9:3d:0c:68:35:10:3e:3e:94:4c:f6:7e:bc:21:18:
                    83:9e:40:58:38:cc:53:9d:85:64:6d:06:d7:89:bc:
                    c4:48:69:8a:da:ba:b2:2c:24:11:de:19:b2:55:d1:
                    97:e4:be:b3:20:a9:33:96:ad:28:2a:58:9b:47:5d:
                    93:4c:59:68:56:2c:61:f1:e8:eb:3c:84:2e:38:22:
                    e9:a2:1a:bf:84:2a:c9:24:d5:55:f8:87:1a:10:ef:
                    73:f7:d2:60:31:2e:c4:1a:f9:0b:e2:5f:85:d2:4e:
                    a6:68:44:74:18:53:43:b4:92:3f:41:32:62:05:58:
                    af:2b:c8:af:6e:13:48:8d:d8:bd:be:00:51:4e:87:
                    13:f1:5a:4c:2b:46:97:3f:f3:a2:f0:65:85:3a:00:
                    e5:97:1e:f0:1d:3d:96:bd:57:35:33:cb:a4:4f:1b:
                    2e:f4:bf:b7:b0:07:3a:a4:82:93:a8:0e:b5:ce:b8:
                    d3:5a:42:3a:f7:28:1b:98:74:1c:3d:8f:aa:50:e1:
                    59:09:87:b2:8a:7c:f3:9d:89:a1:22:dc:f9:0f:f5:
                    dc:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:90:12:C1:D5:83:32:35:9A:07:6D:5D:4F:72:B7:B0:B8:30:07:96
            X509v3 Authority Key Identifier:
                keyid:45:68:D0:A7:20:45:60:B6:35:6D:83:7B:BF:15:10:D9:63:6D:F6:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/MpASwdWDMjWaB21dT3K3sLgwB5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8d:d6:ba:51:24:32:cf:4e:53:ac:1e:1b:b7:80:05:b7:40:9a:
         ce:85:3b:8a:eb:a9:20:09:15:cd:7a:87:60:f7:af:74:2a:1f:
         8a:f1:62:96:a4:2a:66:b5:21:04:0f:e0:29:7b:3f:48:86:bf:
         de:47:8e:0c:08:f5:b4:05:1a:f9:37:31:ba:12:86:2c:7e:35:
         cb:69:cc:a5:91:0c:d7:ba:6f:d8:79:b4:40:d8:90:e2:10:e7:
         95:d6:38:d4:05:58:60:d6:44:1c:72:73:f4:ce:b8:5b:15:01:
         3d:e3:67:f1:5e:e3:c9:cb:5b:e8:9c:a5:d4:de:55:54:7b:50:
         7d:30:dd:f3:9c:a0:df:ec:42:e6:fd:fd:39:2b:33:59:db:09:
         0b:e9:a3:cd:5c:24:3f:24:f3:30:8f:0f:42:50:c9:92:ab:6b:
         0b:02:e6:71:70:6c:bf:e2:a8:c1:bc:07:e5:bf:a3:0b:d4:b1:
         b5:46:91:b9:75:ba:38:39:e4:86:19:8a:57:f6:5b:a0:a6:9f:
         fc:79:56:ec:35:ab:fa:e5:bd:da:61:36:27:69:43:08:a9:4a:
         49:3b:30:aa:2a:4e:8a:08:a7:81:3b:0d:24:e0:39:15:1a:cf:
         2e:40:94:3c:57:27:a0:e0:71:0e:bc:71:a2:79:f4:b8:8f:99:
         08:ea:39:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZARyD80AXdm0yGIAh28fz9MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NjhkMGE3MjA0NTYwYjYzNTZkODM3YmJmMTUxMGQ5NjM2
ZGY2M2EwHhcNMjQwNjEzMTMyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjkwMTJjMWQ1ODMzMjM1OWEwNzZkNWQ0ZjcyYjdiMGI4MzAwNzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sfeNapQtQZmqMSBp1rYh6t/PYaB
ijPvSOVRcwd70qGGP6uU6RIxiSUv2L35PQxoNRA+PpRM9n68IRiDnkBYOMxTnYVk
bQbXibzESGmK2rqyLCQR3hmyVdGX5L6zIKkzlq0oKlibR12TTFloVixh8ejrPIQu
OCLpohq/hCrJJNVV+IcaEO9z99JgMS7EGvkL4l+F0k6maER0GFNDtJI/QTJiBViv
K8ivbhNIjdi9vgBRTocT8VpMK0aXP/Oi8GWFOgDllx7wHT2WvVc1M8ukTxsu9L+3
sAc6pIKTqA61zrjTWkI69ygbmHQcPY+qUOFZCYeyinzznYmhItz5D/XccwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKQEsHVgzI1mgdtXU9yt7C4MAeWMB8GA1UdIwQY
MBaAFEVo0KcgRWC2NW2De78VENljbfY6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUldqUXB5QkZZTFkxYllON3Z4VVEyV050OWpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iMGZiMGItYjk2YS00MzkwLTg2YTgt
NmZlMzVhZTU0YTViLzEvTXBBU3dkV0RNaldhQjIxZFQzSzNzTGd3QjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iMGZiMGItYjk2YS00MzkwLTg2YTgtNmZlMzVhZTU0YTVi
LzEvUldqUXB5QkZZTFkxYllON3Z4VVEyV050OWpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPXQMA0G
CSqGSIb3DQEBCwUAA4IBAQCN1rpRJDLPTlOsHhu3gAW3QJrOhTuK66kgCRXNeodg
9690Kh+K8WKWpCpmtSEED+Apez9Ihr/eR44MCPW0BRr5NzG6EoYsfjXLacylkQzX
um/YebRA2JDiEOeV1jjUBVhg1kQccnP0zrhbFQE942fxXuPJy1vonKXU3lVUe1B9
MN3znKDf7ELm/f05KzNZ2wkL6aPNXCQ/JPMwjw9CUMmSq2sLAuZxcGy/4qjBvAfl
v6ML1LG1RpG5dbo4OeSGGYpX9lugpp/8eVbsNav65b3aYTYnaUMIqUpJOzCqKk6K
CKeBOw0k4DkVGs8uQJQ8Vyeg4HEOvHGiefS4j5kI6jkJ
-----END CERTIFICATE-----