Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/28a5f9-9071-4459-9829-55795c26eaca/1/nDnHQxLU1juGh65lVs1IJAbYGEw.roa
File:                     nDnHQxLU1juGh65lVs1IJAbYGEw.roa (raw, json)
Hash identifier:          xXKtIxwl3IMw8phrYXGLmjLoUlSKg3cyt92F3mRQNEU=
Subject key identifier:   9C:39:C7:43:12:D4:D6:3B:86:87:AE:65:56:CD:48:24:06:D8:18:4C
Certificate issuer:       /CN=4f525c4cbac8d7d9733245876a5cabe6b35e2fe9
Certificate serial:       018CC64B69C7D8E10B3B0028E5A44BDB44AC
Authority key identifier: 4F:52:5C:4C:BA:C8:D7:D9:73:32:45:87:6A:5C:AB:E6:B3:5E:2F:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T1JcTLrI19lzMkWHalyr5rNeL-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/28a5f9-9071-4459-9829-55795c26eaca/1/nDnHQxLU1juGh65lVs1IJAbYGEw.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43645
IP address blocks:        185.80.252.0/22 maxlen: 22
                          185.80.255.0/24 maxlen: 24
                          2a05:8380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/28a5f9-9071-4459-9829-55795c26eaca/1/T1JcTLrI19lzMkWHalyr5rNeL-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/28a5f9-9071-4459-9829-55795c26eaca/1/T1JcTLrI19lzMkWHalyr5rNeL-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T1JcTLrI19lzMkWHalyr5rNeL-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:69:c7:d8:e1:0b:3b:00:28:e5:a4:4b:db:44:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f525c4cbac8d7d9733245876a5cabe6b35e2fe9
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c39c74312d4d63b8687ae6556cd482406d8184c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:1b:0c:5a:10:7d:fb:b3:a7:8a:65:7f:19:ac:
                    55:3c:ea:1b:c8:15:8b:da:f8:a7:19:a2:6f:b8:73:
                    7e:f6:9f:53:c8:e1:21:20:c3:eb:52:b7:b7:b9:a1:
                    a7:77:53:b9:ae:b9:dc:ae:1b:ef:15:84:0d:6b:15:
                    02:93:42:7f:42:51:3b:07:ab:5f:3c:49:fa:c3:88:
                    5d:8e:f7:5a:07:b1:33:bf:75:59:5c:fa:87:9e:b7:
                    1a:83:56:22:92:4f:66:42:2b:09:ef:d4:84:d4:75:
                    ec:d9:01:3f:b7:e3:e6:cd:13:b5:7e:d9:6b:ba:7b:
                    00:62:90:c1:cc:b0:19:06:b3:ec:f2:cb:3c:14:1c:
                    36:9f:fb:50:55:e4:50:5c:8a:a5:b2:f0:00:24:3d:
                    fc:bf:7f:23:db:a9:45:90:51:58:39:5c:21:0d:63:
                    68:c4:0a:a4:bf:e7:5a:b9:7b:ed:67:5c:04:39:de:
                    bc:6e:ef:00:cf:97:2a:13:ea:19:93:50:da:b8:fa:
                    e2:1c:78:d5:ea:9f:2e:5a:ed:b7:c6:1f:94:57:28:
                    91:1f:ed:40:2a:b0:5e:1b:0c:e5:32:10:e3:6c:68:
                    9b:63:d7:10:e6:1e:a7:69:97:d4:8a:b5:2f:d2:db:
                    96:0b:74:4d:86:7d:84:d0:3e:77:2d:5f:bb:80:52:
                    c7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:39:C7:43:12:D4:D6:3B:86:87:AE:65:56:CD:48:24:06:D8:18:4C
            X509v3 Authority Key Identifier:
                keyid:4F:52:5C:4C:BA:C8:D7:D9:73:32:45:87:6A:5C:AB:E6:B3:5E:2F:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T1JcTLrI19lzMkWHalyr5rNeL-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/28a5f9-9071-4459-9829-55795c26eaca/1/nDnHQxLU1juGh65lVs1IJAbYGEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/28a5f9-9071-4459-9829-55795c26eaca/1/T1JcTLrI19lzMkWHalyr5rNeL-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.252.0/22
                IPv6:
                  2a05:8380::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:61:e4:c3:f1:ed:35:08:84:f4:e6:de:73:7a:5b:c3:e9:f8:
         24:80:cb:ae:f7:f6:4e:75:1d:af:50:42:5d:25:c9:50:ea:24:
         f4:13:80:e1:f3:37:7d:ef:6f:c6:24:6f:4e:dd:43:88:41:d5:
         19:4b:a9:61:ea:84:05:df:48:ab:54:7c:30:2b:4f:0a:49:f2:
         37:c2:aa:dd:7f:c9:e9:a5:93:a4:61:1e:6a:1e:42:8e:7f:3a:
         31:8b:96:bf:30:a8:1d:15:dd:52:f8:d0:7b:51:a5:05:c6:69:
         d9:c5:bb:a5:54:c3:2a:af:b8:a2:29:7c:bd:7d:5d:6a:57:da:
         c8:ed:f3:c7:80:c6:ec:5c:4f:cb:ba:6c:47:1b:55:78:dd:35:
         72:32:9c:df:24:6f:16:54:2e:b5:c9:24:1e:8c:ba:a8:63:74:
         81:71:07:ae:ca:69:ef:6a:b3:33:13:ac:0a:a2:90:e9:02:0b:
         48:85:91:33:e3:92:ae:a5:b5:37:b6:ac:b6:99:8b:8d:f0:de:
         be:ea:0f:a1:1f:f0:9f:ae:40:b4:8a:53:41:66:04:49:41:14:
         b2:1b:bd:da:82:ac:e3:3e:d8:3c:12:41:de:d2:f3:88:c5:79:
         a1:07:8e:22:8a:31:ff:52:45:f9:a9:7e:5c:a3:b2:7f:a0:bb:
         49:3b:a7:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS2nH2OELOwAo5aRL20SsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNTI1YzRjYmFjOGQ3ZDk3MzMyNDU4NzZhNWNhYmU2YjM1
ZTJmZTkwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzM5Yzc0MzEyZDRkNjNiODY4N2FlNjU1NmNkNDgyNDA2ZDgxODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BsMWhB9+7OnimV/GaxVPOobyBWL
2vinGaJvuHN+9p9TyOEhIMPrUre3uaGnd1O5rrncrhvvFYQNaxUCk0J/QlE7B6tf
PEn6w4hdjvdaB7Ezv3VZXPqHnrcag1Yikk9mQisJ79SE1HXs2QE/t+PmzRO1ftlr
unsAYpDBzLAZBrPs8ss8FBw2n/tQVeRQXIqlsvAAJD38v38j26lFkFFYOVwhDWNo
xAqkv+dauXvtZ1wEOd68bu8Az5cqE+oZk1DauPriHHjV6p8uWu23xh+UVyiRH+1A
KrBeGwzlMhDjbGibY9cQ5h6naZfUirUv0tuWC3RNhn2E0D53LV+7gFLHFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJw5x0MS1NY7hoeuZVbNSCQG2BhMMB8GA1UdIwQY
MBaAFE9SXEy6yNfZczJFh2pcq+azXi/pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDFKY1RMckkxOWx6TWtXSGFseXI1ck5lTC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8yOGE1ZjktOTA3MS00NDU5LTk4Mjkt
NTU3OTVjMjZlYWNhLzEvbkRuSFF4TFUxanVHaDY1bFZzMUlKQWJZR0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8yOGE1ZjktOTA3MS00NDU5LTk4MjktNTU3OTVjMjZlYWNh
LzEvVDFKY1RMckkxOWx6TWtXSGFseXI1ck5lTC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVD8MA0E
AgACMAcDBQMqBYOAMA0GCSqGSIb3DQEBCwUAA4IBAQCZYeTD8e01CIT05t5zelvD
6fgkgMuu9/ZOdR2vUEJdJclQ6iT0E4Dh8zd972/GJG9O3UOIQdUZS6lh6oQF30ir
VHwwK08KSfI3wqrdf8nppZOkYR5qHkKOfzoxi5a/MKgdFd1S+NB7UaUFxmnZxbul
VMMqr7iiKXy9fV1qV9rI7fPHgMbsXE/LumxHG1V43TVyMpzfJG8WVC61ySQejLqo
Y3SBcQeuymnvarMzE6wKopDpAgtIhZEz45KupbU3tqy2mYuN8N6+6g+hH/CfrkC0
ilNBZgRJQRSyG73agqzjPtg8EkHe0vOIxXmhB44iijH/UkX5qX5co7J/oLtJO6dD
-----END CERTIFICATE-----