Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/rSsqB6btLLlXFGHXjgqRdYUICvA.roa
File:                     rSsqB6btLLlXFGHXjgqRdYUICvA.roa (raw, json)
Hash identifier:          dqtC3PgDR70SBDQtq3zA59+GYIubU56skwUkLlhEaXY=
Subject key identifier:   AD:2B:2A:07:A6:ED:2C:B9:57:14:61:D7:8E:0A:91:75:85:08:0A:F0
Certificate issuer:       /CN=4568d0a7204560b6356d837bbf1510d9636df63a
Certificate serial:       019011CEA7B8F6FBC550948FE906BC7569FE
Authority key identifier: 45:68:D0:A7:20:45:60:B6:35:6D:83:7B:BF:15:10:D9:63:6D:F6:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/rSsqB6btLLlXFGHXjgqRdYUICvA.roa
Signing time:             Thu 13 Jun 2024 13:34:34 +0000
ROA not before:           Thu 13 Jun 2024 13:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20521
IP address blocks:        80.245.208.0/20 maxlen: 32
                          2a00:1cc0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:ce:a7:b8:f6:fb:c5:50:94:8f:e9:06:bc:75:69:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4568d0a7204560b6356d837bbf1510d9636df63a
        Validity
            Not Before: Jun 13 13:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad2b2a07a6ed2cb9571461d78e0a917585080af0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:02:f5:17:2c:a9:e0:15:2d:e9:b6:b3:88:be:
                    3a:08:56:33:2f:6a:fd:46:64:5f:ef:a4:58:8e:09:
                    d5:9e:08:07:a0:d0:f1:89:50:04:3c:16:38:69:8d:
                    54:04:4f:93:d8:6f:42:d4:56:95:f9:fe:6c:35:57:
                    d3:bc:1d:49:0a:0c:8a:7b:e0:62:c1:00:31:8f:90:
                    8d:f6:a4:2f:52:ce:b6:1c:c3:06:cc:a6:50:e4:e0:
                    83:82:ad:4e:39:47:64:22:88:c9:f3:81:27:28:5a:
                    2d:46:5e:32:71:35:9c:e6:62:63:8e:9a:cf:f5:b3:
                    fd:d3:7d:b3:09:84:01:3d:60:12:50:8f:0d:44:65:
                    f4:aa:ce:2a:9c:d1:3d:ef:02:78:3f:3c:65:fc:ce:
                    75:51:3d:50:e5:fa:4e:f1:2e:24:a1:79:a6:d9:4f:
                    fa:0b:4f:50:c6:a7:4a:fe:bc:be:03:0d:60:ea:e7:
                    8a:e1:c7:72:0a:ab:ee:a5:bc:ee:a6:af:67:cd:3a:
                    38:0e:df:82:3a:12:68:1e:50:8e:1e:b2:34:0f:ae:
                    e7:91:7b:36:9d:ac:21:ba:d8:8e:1a:fb:58:f0:27:
                    bb:76:3d:54:da:a0:0b:84:a3:ca:1f:f9:11:ee:ad:
                    d1:6c:03:d1:ea:ec:37:42:2b:56:6c:8d:e4:df:3f:
                    7f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:2B:2A:07:A6:ED:2C:B9:57:14:61:D7:8E:0A:91:75:85:08:0A:F0
            X509v3 Authority Key Identifier:
                keyid:45:68:D0:A7:20:45:60:B6:35:6D:83:7B:BF:15:10:D9:63:6D:F6:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/rSsqB6btLLlXFGHXjgqRdYUICvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.208.0/20
                IPv6:
                  2a00:1cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:6e:8b:73:1c:f8:77:18:9c:3c:c5:ab:95:69:86:16:b8:c3:
         aa:3a:4e:76:e7:97:db:24:81:fd:29:8d:a8:d4:2f:c6:de:2d:
         3f:d9:0e:54:3c:08:8c:dc:ac:e6:d2:4f:56:a1:38:ef:85:4f:
         57:1c:32:35:9a:ac:e3:a4:57:3c:0f:c3:fa:08:e6:29:8a:51:
         66:3b:61:c6:c6:bd:a7:53:6d:1b:c4:83:61:7d:c8:78:c9:6e:
         68:bd:3f:f4:0b:91:7d:97:9d:d9:3b:44:a1:04:b8:59:a1:8f:
         81:fa:4e:11:c1:fb:2b:8b:35:58:10:1b:62:c5:92:d2:34:8d:
         8e:37:5d:c0:09:a3:63:55:9b:ed:9f:e5:1f:e1:9c:fb:03:8f:
         bb:cc:8e:3c:a5:84:ce:ed:15:27:1b:ba:60:a2:cc:de:b8:75:
         76:c6:ec:48:e7:f6:fc:62:02:d2:d0:2b:f1:66:d0:db:ad:88:
         48:4c:b5:c7:ba:c3:61:78:45:88:7a:51:af:bc:1f:f2:fe:d7:
         73:5c:9f:c8:9e:34:49:19:4a:34:dc:d9:ae:c2:37:96:88:d3:
         fd:50:9a:d3:0f:05:b0:94:f3:0b:83:e4:2f:de:7f:2e:a3:cd:
         f7:e3:4e:b3:c6:6d:8f:15:e3:4e:28:5a:6c:84:8e:c4:0c:27:
         b0:05:0a:6f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZARzqe49vvFUJSP6Qa8dWn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NjhkMGE3MjA0NTYwYjYzNTZkODM3YmJmMTUxMGQ5NjM2
ZGY2M2EwHhcNMjQwNjEzMTMzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDJiMmEwN2E2ZWQyY2I5NTcxNDYxZDc4ZTBhOTE3NTg1MDgwYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogL1Fyyp4BUt6baziL46CFYzL2r9
RmRf76RYjgnVnggHoNDxiVAEPBY4aY1UBE+T2G9C1FaV+f5sNVfTvB1JCgyKe+Bi
wQAxj5CN9qQvUs62HMMGzKZQ5OCDgq1OOUdkIojJ84EnKFotRl4ycTWc5mJjjprP
9bP9032zCYQBPWASUI8NRGX0qs4qnNE97wJ4Pzxl/M51UT1Q5fpO8S4koXmm2U/6
C09QxqdK/ry+Aw1g6ueK4cdyCqvupbzupq9nzTo4Dt+COhJoHlCOHrI0D67nkXs2
nawhutiOGvtY8Ce7dj1U2qALhKPKH/kR7q3RbAPR6uw3QitWbI3k3z9/nQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK0rKgem7Sy5VxRh144KkXWFCArwMB8GA1UdIwQY
MBaAFEVo0KcgRWC2NW2De78VENljbfY6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUldqUXB5QkZZTFkxYllON3Z4VVEyV050OWpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iMGZiMGItYjk2YS00MzkwLTg2YTgt
NmZlMzVhZTU0YTViLzEvclNzcUI2YnRMTGxYRkdIWGpncVJkWVVJQ3ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iMGZiMGItYjk2YS00MzkwLTg2YTgtNmZlMzVhZTU0YTVi
LzEvUldqUXB5QkZZTFkxYllON3Z4VVEyV050OWpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUPXQMA0E
AgACMAcDBQAqABzAMA0GCSqGSIb3DQEBCwUAA4IBAQBJbotzHPh3GJw8xauVaYYW
uMOqOk5255fbJIH9KY2o1C/G3i0/2Q5UPAiM3Kzm0k9WoTjvhU9XHDI1mqzjpFc8
D8P6COYpilFmO2HGxr2nU20bxINhfch4yW5ovT/0C5F9l53ZO0ShBLhZoY+B+k4R
wfsrizVYEBtixZLSNI2ON13ACaNjVZvtn+Uf4Zz7A4+7zI48pYTO7RUnG7pgosze
uHV2xuxI5/b8YgLS0CvxZtDbrYhITLXHusNheEWIelGvvB/y/tdzXJ/InjRJGUo0
3NmuwjeWiNP9UJrTDwWwlPMLg+Qv3n8uo833406zxm2PFeNOKFpshI7EDCewBQpv
-----END CERTIFICATE-----