Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/ndVdTlP2yJ-0G_GHIXmWRjlPQkQ.roa
File:                     ndVdTlP2yJ-0G_GHIXmWRjlPQkQ.roa (raw, json)
Hash identifier:          gf7TzYgYjJjzwvUmAmjxdofGiI3yR5rQyMZf05JCJlE=
Subject key identifier:   9D:D5:5D:4E:53:F6:C8:9F:B4:1B:F1:87:21:79:96:46:39:4F:42:44
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       019355B5FCC05000FC8028F5646D30F86711
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/ndVdTlP2yJ-0G_GHIXmWRjlPQkQ.roa
Signing time:             Fri 22 Nov 2024 21:10:10 +0000
ROA not before:           Fri 22 Nov 2024 21:10:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56582
IP address blocks:        80.245.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:55:b5:fc:c0:50:00:fc:80:28:f5:64:6d:30:f8:67:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Nov 22 21:10:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dd55d4e53f6c89fb41bf18721799646394f4244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c1:d7:71:1d:ca:80:09:77:26:5f:74:11:de:
                    64:a3:46:e8:b8:c2:4f:43:01:c7:a5:ba:81:80:4f:
                    b8:07:31:03:d1:3e:50:f2:c4:c2:2f:00:88:17:39:
                    2e:80:48:db:92:42:61:a1:26:e9:eb:0b:2c:fd:23:
                    8c:32:0d:77:30:3f:a4:cd:1d:1b:98:b4:95:63:c3:
                    97:13:5f:87:70:98:41:45:63:5b:01:1d:9f:d9:01:
                    d1:52:8d:6b:ce:56:74:0d:0c:e5:24:d9:9f:c1:4d:
                    9f:ab:29:fb:6a:ae:da:9f:1f:f1:a2:83:4c:be:f6:
                    59:56:7b:e9:24:68:78:a0:d5:71:07:cf:d0:01:5a:
                    77:f6:78:84:d4:95:b3:fc:04:e5:74:f9:f2:f5:1e:
                    e8:0d:a4:80:20:5f:eb:7a:09:59:1e:c2:b6:8b:e7:
                    50:ba:a2:e9:f2:bf:70:e6:6b:28:7a:64:b2:a6:c7:
                    a9:bc:67:17:8d:78:7b:50:b3:82:c9:ef:7d:13:f6:
                    85:04:65:dd:eb:3f:9a:60:b8:c4:d6:ad:54:5e:e4:
                    a7:dd:32:54:fa:71:75:d8:43:1c:56:05:9a:b9:d2:
                    08:24:8f:6f:ce:98:b8:0c:42:85:89:f1:e0:53:da:
                    bc:22:d9:25:ad:5c:bd:74:89:48:b1:00:c7:38:1f:
                    16:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D5:5D:4E:53:F6:C8:9F:B4:1B:F1:87:21:79:96:46:39:4F:42:44
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/ndVdTlP2yJ-0G_GHIXmWRjlPQkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:55:88:5e:e7:4b:71:5a:02:6e:82:cd:1d:6e:57:6e:8c:95:
         5f:59:e9:14:8a:88:40:95:47:4f:2d:c0:b6:d2:95:f3:32:6b:
         ab:eb:f5:1b:37:da:bf:45:85:a0:d8:ca:f5:07:62:fe:58:0d:
         b8:0e:5a:66:b2:ba:a3:4c:68:8f:3e:a4:9d:4a:1c:38:34:d1:
         fe:ea:b7:47:56:17:51:ce:2e:c8:cd:8a:9c:12:66:04:07:58:
         23:f1:66:56:e9:35:cc:56:6c:01:79:d4:15:76:c5:d5:98:8e:
         3e:3f:1c:0c:ba:0c:ff:92:5c:2d:37:0a:02:d4:96:b7:96:bc:
         66:7e:53:8c:d5:bf:f0:e6:68:03:35:65:48:01:0a:e7:3b:0e:
         2e:c9:b6:fb:e9:86:85:36:52:e8:60:69:66:fe:21:ad:55:ad:
         07:8c:3f:2b:c2:4e:59:3b:ab:a5:e4:d7:f1:78:79:43:9b:d2:
         c0:c2:3e:4a:ba:3b:d4:a2:ce:0c:ce:ee:8a:c9:fa:87:7e:b5:
         1b:c3:47:02:28:16:f8:07:05:e1:2d:51:38:6d:2f:a3:db:47:
         37:23:a1:e6:bc:62:d6:e6:14:b0:5c:ee:22:c7:b0:24:c7:1f:
         c4:4c:48:d3:02:ab:36:9a:1f:c1:8a:3c:8a:a1:20:46:a2:2b:
         32:54:31:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNVtfzAUAD8gCj1ZG0w+GcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjQxMTIyMjExMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQ1NWQ0ZTUzZjZjODlmYjQxYmYxODcyMTc5OTY0NjM5NGY0MjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsHXcR3KgAl3Jl90Ed5ko0bouMJP
QwHHpbqBgE+4BzED0T5Q8sTCLwCIFzkugEjbkkJhoSbp6wss/SOMMg13MD+kzR0b
mLSVY8OXE1+HcJhBRWNbAR2f2QHRUo1rzlZ0DQzlJNmfwU2fqyn7aq7anx/xooNM
vvZZVnvpJGh4oNVxB8/QAVp39niE1JWz/ATldPny9R7oDaSAIF/reglZHsK2i+dQ
uqLp8r9w5msoemSypsepvGcXjXh7ULOCye99E/aFBGXd6z+aYLjE1q1UXuSn3TJU
+nF12EMcVgWaudIIJI9vzpi4DEKFifHgU9q8ItklrVy9dIlIsQDHOB8W9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3VXU5T9siftBvxhyF5lkY5T0JEMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvbmRWZFRsUDJ5Si0wR19HSElYbVdSamxQUWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPUvMA0G
CSqGSIb3DQEBCwUAA4IBAQA9VYhe50txWgJugs0dbldujJVfWekUiohAlUdPLcC2
0pXzMmur6/UbN9q/RYWg2Mr1B2L+WA24DlpmsrqjTGiPPqSdShw4NNH+6rdHVhdR
zi7IzYqcEmYEB1gj8WZW6TXMVmwBedQVdsXVmI4+PxwMugz/klwtNwoC1Ja3lrxm
flOM1b/w5mgDNWVIAQrnOw4uybb76YaFNlLoYGlm/iGtVa0HjD8rwk5ZO6ul5Nfx
eHlDm9LAwj5KujvUos4Mzu6KyfqHfrUbw0cCKBb4BwXhLVE4bS+j20c3I6HmvGLW
5hSwXO4ix7Akxx/ETEjTAqs2mh/BijyKoSBGoisyVDHF
-----END CERTIFICATE-----