Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/xd68Uzc7_M44plAufbmV8mthICI.roa
File:                     xd68Uzc7_M44plAufbmV8mthICI.roa (raw, json)
Hash identifier:          n4Lxnlhf3i7uy3oySy0zpwQYnbK5dqfAn++RkVBCL/I=
Subject key identifier:   C5:DE:BC:53:37:3B:FC:CE:38:A6:50:2E:7D:B9:95:F2:6B:61:20:22
Certificate issuer:       /CN=5d6f2e49a31e8df9c5aa08aaf240b5c832b9cb93
Certificate serial:       01941F8C4AAF7C5477ED8BC1C780C2BF60C6
Authority key identifier: 5D:6F:2E:49:A3:1E:8D:F9:C5:AA:08:AA:F2:40:B5:C8:32:B9:CB:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XW8uSaMejfnFqgiq8kC1yDK5y5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/xd68Uzc7_M44plAufbmV8mthICI.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200751
IP address blocks:        80.247.80.0/21 maxlen: 21
                          80.247.88.0/22 maxlen: 22
                          80.247.92.0/23 maxlen: 23
                          80.247.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/XW8uSaMejfnFqgiq8kC1yDK5y5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/XW8uSaMejfnFqgiq8kC1yDK5y5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XW8uSaMejfnFqgiq8kC1yDK5y5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4a:af:7c:54:77:ed:8b:c1:c7:80:c2:bf:60:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d6f2e49a31e8df9c5aa08aaf240b5c832b9cb93
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5debc53373bfcce38a6502e7db995f26b612022
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:19:8c:e6:b9:05:f0:80:44:39:b0:c4:4f:7b:
                    63:9e:01:95:3d:64:9d:ac:51:6a:2f:74:ba:d8:8e:
                    c2:ca:47:12:75:50:f9:fa:52:74:a9:e7:bc:07:0f:
                    7a:71:5b:57:3f:ec:3a:5c:5a:f7:53:ab:32:e0:21:
                    49:94:f8:02:82:cb:99:78:4b:81:b1:0b:a8:94:3a:
                    08:96:f8:f3:70:13:34:a2:a5:09:f0:43:24:3c:8a:
                    4d:da:2d:21:4e:40:e4:23:5d:5e:c4:5f:cc:cf:db:
                    09:a6:44:a4:63:23:ed:a9:68:15:b3:57:20:80:b5:
                    97:3f:f3:6a:de:48:07:08:d1:ca:94:cc:1b:99:66:
                    46:e8:58:73:df:d2:48:6d:25:59:15:bf:5f:3b:9a:
                    1f:72:24:4b:77:75:b7:c3:f0:dd:88:11:cb:26:3c:
                    2e:d5:74:6c:c7:de:34:b8:c5:97:57:5d:72:97:bb:
                    e3:d8:fb:da:a0:f3:d2:8b:f2:60:c5:99:22:aa:55:
                    e8:33:9a:3b:2b:8e:15:e3:b7:1e:ed:fa:9c:51:03:
                    8e:3f:89:ca:a8:95:e4:93:94:be:65:7a:f7:66:c1:
                    01:5d:8d:fe:81:99:27:f5:e5:46:cc:bb:11:aa:09:
                    0f:db:6d:14:ff:44:08:3a:49:4a:ea:15:0b:a0:5a:
                    fc:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:DE:BC:53:37:3B:FC:CE:38:A6:50:2E:7D:B9:95:F2:6B:61:20:22
            X509v3 Authority Key Identifier:
                keyid:5D:6F:2E:49:A3:1E:8D:F9:C5:AA:08:AA:F2:40:B5:C8:32:B9:CB:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XW8uSaMejfnFqgiq8kC1yDK5y5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/xd68Uzc7_M44plAufbmV8mthICI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/XW8uSaMejfnFqgiq8kC1yDK5y5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.247.80.0-80.247.94.255

    Signature Algorithm: sha256WithRSAEncryption
         52:8e:8b:53:ef:2c:ea:11:11:6c:57:70:71:e9:c3:39:8a:be:
         3e:13:44:95:ab:4a:21:9d:57:8e:cf:b0:44:ca:b2:5e:f1:9f:
         7c:1f:f5:5e:d6:70:f5:16:8b:e9:17:e1:8f:aa:4f:a9:bc:dc:
         7f:bc:72:0d:35:cf:65:80:8e:88:27:89:c7:31:54:3f:30:93:
         21:d8:e0:27:c0:54:45:fd:fe:64:10:4a:8f:2b:eb:8f:d8:f1:
         2b:b6:b1:58:45:fb:3f:fe:0a:ec:38:9c:6f:4f:da:ad:83:dc:
         37:3f:bd:ca:75:f6:ed:df:6c:12:d9:2c:11:5d:db:03:30:4d:
         21:b7:dd:a3:ac:cc:1f:d2:fe:69:00:b6:2a:2e:bd:80:df:46:
         f3:9a:d6:53:b1:15:dd:50:63:e0:c1:a2:f7:23:0e:00:f0:0f:
         c4:c6:0b:56:f1:da:dc:38:b8:c7:f1:91:5b:69:c0:72:5f:2e:
         e2:ce:60:34:ea:8c:aa:c6:94:e9:98:76:ae:4f:3f:f0:2d:ee:
         8c:c4:1b:e7:16:ad:64:0f:92:63:50:41:eb:da:13:b8:67:48:
         16:c8:00:f2:12:8a:07:35:dc:bc:27:bd:e5:a4:b7:79:b2:7b:
         75:5a:a0:ad:a8:70:62:75:0a:de:3a:e5:ed:99:2d:0a:f5:8d:
         9d:12:08:e5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQfjEqvfFR37YvBx4DCv2DGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNmYyZTQ5YTMxZThkZjljNWFhMDhhYWYyNDBiNWM4MzJi
OWNiOTMwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWRlYmM1MzM3M2JmY2NlMzhhNjUwMmU3ZGI5OTVmMjZiNjEyMDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBmM5rkF8IBEObDET3tjngGVPWSd
rFFqL3S62I7CykcSdVD5+lJ0qee8Bw96cVtXP+w6XFr3U6sy4CFJlPgCgsuZeEuB
sQuolDoIlvjzcBM0oqUJ8EMkPIpN2i0hTkDkI11exF/Mz9sJpkSkYyPtqWgVs1cg
gLWXP/Nq3kgHCNHKlMwbmWZG6Fhz39JIbSVZFb9fO5ofciRLd3W3w/DdiBHLJjwu
1XRsx940uMWXV11yl7vj2PvaoPPSi/JgxZkiqlXoM5o7K44V47ce7fqcUQOOP4nK
qJXkk5S+ZXr3ZsEBXY3+gZkn9eVGzLsRqgkP220U/0QIOklK6hULoFr8nQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMXevFM3O/zOOKZQLn25lfJrYSAiMB8GA1UdIwQY
MBaAFF1vLkmjHo35xaoIqvJAtcgyucuTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFc4dVNhTWVqZm5GcWdpcThrQzF5REs1eTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi81NTIxZjctMmY3MS00YmY5LWExNDgt
MmU5ZGUyNTJkMWY2LzEveGQ2OFV6YzdfTTQ0cGxBdWZibVY4bXRoSUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi81NTIxZjctMmY3MS00YmY5LWExNDgtMmU5ZGUyNTJkMWY2
LzEvWFc4dVNhTWVqZm5GcWdpcThrQzF5REs1eTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARQ91AD
BABQ914wDQYJKoZIhvcNAQELBQADggEBAFKOi1PvLOoREWxXcHHpwzmKvj4TRJWr
SiGdV47PsETKsl7xn3wf9V7WcPUWi+kX4Y+qT6m83H+8cg01z2WAjogniccxVD8w
kyHY4CfAVEX9/mQQSo8r64/Y8Su2sVhF+z/+Cuw4nG9P2q2D3Dc/vcp19u3fbBLZ
LBFd2wMwTSG33aOszB/S/mkAtiouvYDfRvOa1lOxFd1QY+DBovcjDgDwD8TGC1bx
2tw4uMfxkVtpwHJfLuLOYDTqjKrGlOmYdq5PP/At7ozEG+cWrWQPkmNQQevaE7hn
SBbIAPISigc13LwnveWkt3mye3VaoK2ocGJ1Ct465e2ZLQr1jZ0SCOU=
-----END CERTIFICATE-----