Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/z-DUiZFtLvh-aQ88JuiXNF-uCZU.roa
File:                     z-DUiZFtLvh-aQ88JuiXNF-uCZU.roa (raw, json)
Hash identifier:          OsSV+SevTLS8zOe5NZt8r9ilRd3hG9M0aRr4amaL0CM=
Subject key identifier:   CF:E0:D4:89:91:6D:2E:F8:7E:69:0F:3C:26:E8:97:34:5F:AE:09:95
Certificate issuer:       /CN=4568d0a7204560b6356d837bbf1510d9636df63a
Certificate serial:       019011CCD32640B1BA1E7135E7223C8317C8
Authority key identifier: 45:68:D0:A7:20:45:60:B6:35:6D:83:7B:BF:15:10:D9:63:6D:F6:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/z-DUiZFtLvh-aQ88JuiXNF-uCZU.roa
Signing time:             Thu 13 Jun 2024 13:32:34 +0000
ROA not before:           Thu 13 Jun 2024 13:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202
IP address blocks:        80.245.208.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:cc:d3:26:40:b1:ba:1e:71:35:e7:22:3c:83:17:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4568d0a7204560b6356d837bbf1510d9636df63a
        Validity
            Not Before: Jun 13 13:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfe0d489916d2ef87e690f3c26e897345fae0995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:43:a3:c0:19:79:42:ba:30:7f:22:4e:3c:89:
                    50:53:54:de:6f:c6:f1:44:40:2b:46:8e:df:35:44:
                    6c:ba:c4:a9:98:68:11:74:19:42:09:74:b8:27:23:
                    90:2f:6f:ba:3a:2b:65:53:fc:7c:3b:69:48:b5:3e:
                    a3:d6:b5:43:9c:50:de:70:51:f5:ba:1d:4b:a6:1a:
                    ad:38:47:76:9f:82:43:1b:df:45:5a:35:61:08:ba:
                    9e:f3:85:fc:66:3b:52:ce:ca:17:6a:5e:89:f8:c0:
                    64:e9:27:59:c5:4e:e7:34:3e:82:67:56:5b:5d:f2:
                    dc:48:d0:3b:e7:c5:1a:37:7c:3a:b9:49:33:8b:2c:
                    98:58:fe:52:56:38:6e:f0:88:93:1a:11:bd:3e:4d:
                    d8:5a:a9:ac:48:94:3e:42:ea:e8:80:e7:c2:4a:1b:
                    49:e0:1c:cf:b5:d2:1d:53:5d:e1:c7:eb:3f:83:f5:
                    1b:0d:27:6a:ea:d4:05:c2:d3:cb:82:19:57:7d:ee:
                    14:47:d6:25:f3:5e:46:73:a8:e9:49:f4:70:20:65:
                    89:f9:49:f2:56:98:87:b0:a5:25:48:bd:e9:a3:26:
                    d9:db:57:d7:37:89:e8:53:38:2c:c4:bf:e8:0c:83:
                    87:78:fd:81:7d:b1:fe:c9:63:ad:b1:fb:8d:45:ab:
                    3b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:E0:D4:89:91:6D:2E:F8:7E:69:0F:3C:26:E8:97:34:5F:AE:09:95
            X509v3 Authority Key Identifier:
                keyid:45:68:D0:A7:20:45:60:B6:35:6D:83:7B:BF:15:10:D9:63:6D:F6:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/z-DUiZFtLvh-aQ88JuiXNF-uCZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b0fb0b-b96a-4390-86a8-6fe35ae54a5b/1/RWjQpyBFYLY1bYN7vxUQ2WNt9jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8b:df:41:26:2d:d9:29:00:53:9f:d9:59:ef:e7:a8:0a:a5:b2:
         f3:8f:a5:49:2c:22:59:26:3a:35:61:0f:9d:9a:ec:fa:93:be:
         83:4c:33:b8:90:01:07:07:0a:3e:4a:49:5e:3d:1a:fe:bc:92:
         74:a7:7e:09:43:23:dd:cd:bf:9d:22:de:9b:1e:08:62:24:50:
         3e:b3:da:54:07:0a:28:2b:6b:30:46:0a:e1:ef:36:1b:b4:03:
         04:b3:6e:04:87:6f:de:6a:a8:c0:e4:4b:72:68:2f:43:3f:9d:
         16:1e:12:8c:cd:4e:6a:92:9f:1f:84:e8:06:59:39:44:68:bc:
         66:9a:fe:7d:96:6f:f2:fa:86:7d:ca:7b:9f:1c:d0:e8:9d:9f:
         82:86:b2:d4:ec:17:3f:6e:e4:ad:44:46:82:8f:f9:ea:fa:0e:
         4c:50:40:e9:7a:95:14:cd:75:4c:b2:5c:ae:ef:26:fd:18:c0:
         cd:74:45:6b:c1:18:73:75:73:0f:70:2d:4e:a9:ef:2f:bf:00:
         8d:14:a2:ab:44:64:c9:53:6a:23:53:ba:5d:fd:eb:b7:b4:1b:
         33:04:84:e2:a9:e8:ea:46:7f:c0:b7:c8:1a:0d:ad:cb:68:ac:
         0d:c3:66:20:25:ff:ca:ba:a5:07:bc:28:85:84:80:3a:e8:d8:
         c6:60:f7:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZARzNMmQLG6HnE15yI8gxfIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NjhkMGE3MjA0NTYwYjYzNTZkODM3YmJmMTUxMGQ5NjM2
ZGY2M2EwHhcNMjQwNjEzMTMzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmUwZDQ4OTkxNmQyZWY4N2U2OTBmM2MyNmU4OTczNDVmYWUwOTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0OjwBl5QrowfyJOPIlQU1Teb8bx
REArRo7fNURsusSpmGgRdBlCCXS4JyOQL2+6OitlU/x8O2lItT6j1rVDnFDecFH1
uh1LphqtOEd2n4JDG99FWjVhCLqe84X8ZjtSzsoXal6J+MBk6SdZxU7nND6CZ1Zb
XfLcSNA758UaN3w6uUkziyyYWP5SVjhu8IiTGhG9Pk3YWqmsSJQ+QurogOfCShtJ
4BzPtdIdU13hx+s/g/UbDSdq6tQFwtPLghlXfe4UR9Yl815Gc6jpSfRwIGWJ+Uny
VpiHsKUlSL3poybZ21fXN4noUzgsxL/oDIOHeP2BfbH+yWOtsfuNRas7kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/g1ImRbS74fmkPPCbolzRfrgmVMB8GA1UdIwQY
MBaAFEVo0KcgRWC2NW2De78VENljbfY6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUldqUXB5QkZZTFkxYllON3Z4VVEyV050OWpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iMGZiMGItYjk2YS00MzkwLTg2YTgt
NmZlMzVhZTU0YTViLzEvei1EVWlaRnRMdmgtYVE4OEp1aVhORi11Q1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iMGZiMGItYjk2YS00MzkwLTg2YTgtNmZlMzVhZTU0YTVi
LzEvUldqUXB5QkZZTFkxYllON3Z4VVEyV050OWpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPXQMA0G
CSqGSIb3DQEBCwUAA4IBAQCL30EmLdkpAFOf2Vnv56gKpbLzj6VJLCJZJjo1YQ+d
muz6k76DTDO4kAEHBwo+SklePRr+vJJ0p34JQyPdzb+dIt6bHghiJFA+s9pUBwoo
K2swRgrh7zYbtAMEs24Eh2/eaqjA5EtyaC9DP50WHhKMzU5qkp8fhOgGWTlEaLxm
mv59lm/y+oZ9ynufHNDonZ+ChrLU7Bc/buStREaCj/nq+g5MUEDpepUUzXVMslyu
7yb9GMDNdEVrwRhzdXMPcC1Oqe8vvwCNFKKrRGTJU2ojU7pd/eu3tBszBITiqejq
Rn/At8gaDa3LaKwNw2YgJf/KuqUHvCiFhIA66NjGYPci
-----END CERTIFICATE-----