Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/rdclR5rmMPPiGdub64u9CAD4cr0.roa
File:                     rdclR5rmMPPiGdub64u9CAD4cr0.roa (raw, json)
Hash identifier:          wXgXLOiDxEJK62XQ7DLJMuxi7/zXmFbGyGpgUuOv+8k=
Subject key identifier:   AD:D7:25:47:9A:E6:30:F3:E2:19:DB:9B:EB:8B:BD:08:00:F8:72:BD
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019426D94EA120E2998FAB286B4875F1491C
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/rdclR5rmMPPiGdub64u9CAD4cr0.roa
Signing time:             Thu 02 Jan 2025 11:49:23 +0000
ROA not before:           Thu 02 Jan 2025 11:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200679
IP address blocks:        92.255.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:4e:a1:20:e2:99:8f:ab:28:6b:48:75:f1:49:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 11:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=add725479ae630f3e219db9beb8bbd0800f872bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c2:4d:2b:fc:09:0e:7a:ce:df:1b:a6:d0:8b:
                    55:fa:02:54:19:b2:5b:c5:3d:59:fb:9f:31:bf:f9:
                    bf:0a:c3:b8:0b:ce:34:6f:e6:96:6e:54:a7:6b:1c:
                    23:ca:96:7d:9c:55:12:f7:ac:97:11:22:23:5f:40:
                    6b:2e:5d:a6:0a:d0:e1:3d:64:a8:25:cc:e4:2e:67:
                    c1:d9:94:a5:31:31:6a:c7:ac:d6:89:20:b5:db:14:
                    12:8e:19:28:1a:d4:8d:6e:44:ac:0b:2b:46:7c:ec:
                    78:e8:8f:b1:58:da:2a:a3:8a:5c:34:42:0e:88:e0:
                    d7:0b:7b:3f:cc:42:7d:5a:eb:08:1e:7d:cd:91:97:
                    87:3a:e2:47:2f:a5:56:9a:27:63:88:60:59:31:9f:
                    76:55:1c:15:e0:5f:43:fd:c0:21:54:78:8e:97:fd:
                    5c:6f:ee:ea:6e:bf:92:f3:c9:bd:5d:21:e7:3a:a9:
                    68:cf:6e:e4:2e:5d:89:44:6e:99:ae:69:f3:ce:b6:
                    39:bd:76:d5:67:3c:40:af:be:4c:41:1c:3c:b0:92:
                    1f:c0:1d:9b:59:7e:27:ea:48:09:62:1a:c8:d2:53:
                    ba:a6:01:b1:b4:dc:da:48:1f:7b:ab:e0:50:68:4b:
                    b4:01:fa:90:93:3c:ba:20:be:37:75:06:e0:02:af:
                    84:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D7:25:47:9A:E6:30:F3:E2:19:DB:9B:EB:8B:BD:08:00:F8:72:BD
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/rdclR5rmMPPiGdub64u9CAD4cr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.255.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:a9:38:12:9f:a0:a4:1c:54:c6:04:c0:99:7e:41:b1:b8:a1:
         fd:0d:ae:bb:36:1f:e8:64:ba:fe:74:84:78:99:a3:c4:c5:24:
         c6:ee:ac:a0:02:d0:df:31:7f:53:9d:16:11:1a:09:a8:f1:34:
         f7:90:e2:e5:b4:2e:7b:80:a3:e5:c5:4d:a1:52:3b:f0:2f:c6:
         1c:7e:16:a9:b5:4c:9a:b5:03:d7:1d:fd:c2:af:5e:bf:46:d8:
         6e:1e:c4:f0:86:f8:6b:11:23:af:64:99:ad:2d:8d:a7:9c:63:
         2d:11:57:1d:07:7a:52:9c:4e:c2:f8:50:a4:1e:2d:14:27:b8:
         bc:6f:1c:10:42:f3:73:a0:99:f2:e9:af:ca:de:05:00:a3:81:
         4d:77:12:d9:f8:5e:bb:22:38:83:15:25:91:d1:92:a4:63:bb:
         bf:3a:76:01:63:66:6e:cc:61:92:42:36:e4:d4:b3:fc:a7:17:
         80:51:a9:86:ba:19:62:ef:21:cd:30:0b:e1:20:b3:68:53:3a:
         91:fa:10:13:a5:a4:0c:44:b0:73:5e:6a:58:69:c7:97:56:e2:
         15:87:07:f4:83:cb:45:98:17:a4:52:ff:ed:07:1c:9a:f3:6e:
         60:d1:55:e0:93:ab:48:b4:2f:5d:56:a1:44:9b:75:f8:63:56:
         55:4d:a6:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2U6hIOKZj6soa0h18UkcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjUwMTAyMTE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGQ3MjU0NzlhZTYzMGYzZTIxOWRiOWJlYjhiYmQwODAwZjg3MmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycJNK/wJDnrO3xum0ItV+gJUGbJb
xT1Z+58xv/m/CsO4C840b+aWblSnaxwjypZ9nFUS96yXESIjX0BrLl2mCtDhPWSo
JczkLmfB2ZSlMTFqx6zWiSC12xQSjhkoGtSNbkSsCytGfOx46I+xWNoqo4pcNEIO
iODXC3s/zEJ9WusIHn3NkZeHOuJHL6VWmidjiGBZMZ92VRwV4F9D/cAhVHiOl/1c
b+7qbr+S88m9XSHnOqloz27kLl2JRG6ZrmnzzrY5vXbVZzxAr75MQRw8sJIfwB2b
WX4n6kgJYhrI0lO6pgGxtNzaSB97q+BQaEu0AfqQkzy6IL43dQbgAq+EAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3XJUea5jDz4hnbm+uLvQgA+HK9MB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvcmRjbFI1cm1NUFBpR2R1YjY0dTlDQUQ0Y3IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXP81MA0G
CSqGSIb3DQEBCwUAA4IBAQBKqTgSn6CkHFTGBMCZfkGxuKH9Da67Nh/oZLr+dIR4
maPExSTG7qygAtDfMX9TnRYRGgmo8TT3kOLltC57gKPlxU2hUjvwL8YcfhaptUya
tQPXHf3Cr16/RthuHsTwhvhrESOvZJmtLY2nnGMtEVcdB3pSnE7C+FCkHi0UJ7i8
bxwQQvNzoJny6a/K3gUAo4FNdxLZ+F67IjiDFSWR0ZKkY7u/OnYBY2ZuzGGSQjbk
1LP8pxeAUamGuhli7yHNMAvhILNoUzqR+hATpaQMRLBzXmpYaceXVuIVhwf0g8tF
mBekUv/tBxya825g0VXgk6tItC9dVqFEm3X4Y1ZVTaaW
-----END CERTIFICATE-----