Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/LDDZckQu8etcoEliDlwcSGLi7Wg.roa
File:                     LDDZckQu8etcoEliDlwcSGLi7Wg.roa (raw, json)
Hash identifier:          5cDxW24hT695hAk3sTvnzRnASpuCS2xwFxSE0g8f/+8=
Subject key identifier:   2C:30:D9:72:44:2E:F1:EB:5C:A0:49:62:0E:5C:1C:48:62:E2:ED:68
Certificate issuer:       /CN=e466483396afb377e5e379d1615bde0fd4d9ed47
Certificate serial:       01924D86BCA777DE6EC8978D9FE139F42D67
Authority key identifier: E4:66:48:33:96:AF:B3:77:E5:E3:79:D1:61:5B:DE:0F:D4:D9:ED:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5GZIM5avs3fl43nRYVveD9TZ7Uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/LDDZckQu8etcoEliDlwcSGLi7Wg.roa
Signing time:             Wed 02 Oct 2024 13:58:48 +0000
ROA not before:           Wed 02 Oct 2024 13:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60268
IP address blocks:        5.44.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/5GZIM5avs3fl43nRYVveD9TZ7Uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/5GZIM5avs3fl43nRYVveD9TZ7Uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5GZIM5avs3fl43nRYVveD9TZ7Uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4d:86:bc:a7:77:de:6e:c8:97:8d:9f:e1:39:f4:2d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e466483396afb377e5e379d1615bde0fd4d9ed47
        Validity
            Not Before: Oct  2 13:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c30d972442ef1eb5ca049620e5c1c4862e2ed68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6f:ac:02:c6:fa:f5:b2:80:df:6b:52:0e:1f:
                    1c:fc:c9:09:9d:d9:ab:92:b2:b8:8c:48:b3:dc:73:
                    34:86:a2:31:7b:00:b7:40:34:9c:2e:9e:2a:46:2c:
                    d6:5c:c3:7c:c8:80:e3:46:de:2c:13:40:86:56:43:
                    ba:b0:e2:b6:ec:10:da:43:41:24:a0:07:23:dd:fd:
                    8c:7c:1b:d2:4b:fe:77:c0:e9:a8:aa:5c:64:e0:6b:
                    cd:df:ff:33:d1:0f:21:ee:ce:4d:d1:85:31:f5:03:
                    17:4a:b7:89:92:71:b9:42:8d:0a:7e:d1:25:6c:92:
                    e0:9e:b6:e0:2f:8e:e6:69:ef:19:a3:87:18:58:4e:
                    43:46:d1:61:78:c6:7e:7f:18:f5:2e:8e:8d:39:1f:
                    28:da:21:fc:53:75:dd:2f:a9:6c:69:0b:2f:ab:1e:
                    6a:06:dd:b9:09:1c:34:a3:18:09:6f:de:e0:29:9f:
                    1c:17:25:ad:7b:00:83:2f:86:05:e9:b9:93:f8:93:
                    c6:47:cb:4f:4b:12:2e:24:ff:1d:35:45:c6:24:58:
                    c6:f5:11:db:cb:ac:3c:43:87:e5:a1:b3:6a:4e:e1:
                    98:ad:3c:2d:28:b7:29:45:65:18:a2:c4:c7:f4:9f:
                    1a:49:e2:36:b9:5a:5f:b1:20:d7:e7:6d:c7:b1:dd:
                    28:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:30:D9:72:44:2E:F1:EB:5C:A0:49:62:0E:5C:1C:48:62:E2:ED:68
            X509v3 Authority Key Identifier:
                keyid:E4:66:48:33:96:AF:B3:77:E5:E3:79:D1:61:5B:DE:0F:D4:D9:ED:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5GZIM5avs3fl43nRYVveD9TZ7Uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/LDDZckQu8etcoEliDlwcSGLi7Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/18b5bb-8e41-4e88-bdbe-341c63614280/1/5GZIM5avs3fl43nRYVveD9TZ7Uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:39:98:95:73:c3:95:25:c8:57:4c:31:80:88:bf:5e:6a:74:
         d5:f7:58:a7:c9:11:d4:f0:09:d8:de:f8:75:c8:07:c2:b6:44:
         fa:78:76:fc:ba:55:f2:50:3d:08:f1:c8:c1:71:85:ec:3a:5a:
         0e:28:57:66:9d:68:14:aa:80:70:c7:e3:de:60:10:0e:5e:99:
         0c:4c:e7:1f:90:29:0b:fb:cf:93:f8:fd:37:2a:3c:16:18:93:
         54:2e:87:99:ef:f5:57:ce:c9:4c:42:df:f1:a3:fd:86:ed:ad:
         32:99:8f:95:ad:2b:84:38:1e:0d:be:88:72:18:b0:54:56:cc:
         03:8d:2d:d3:47:14:1c:36:93:4b:0d:db:ac:af:54:4a:11:59:
         4f:c8:c9:11:da:b9:4b:15:50:f4:95:6a:ac:28:9e:c6:f5:93:
         3c:81:12:30:fe:57:f5:2b:11:8d:45:d2:26:16:06:33:49:dc:
         2d:c2:39:f8:f4:e9:97:f2:da:d9:83:f8:5b:dc:2d:cc:14:b6:
         fe:2e:f2:ae:3c:6d:7f:33:8d:87:34:cb:93:c2:55:f3:6d:54:
         f7:ae:7a:44:c0:9b:37:b5:cf:43:d6:57:1a:40:5f:87:38:27:
         10:39:08:30:cd:2a:9e:c8:ff:1f:51:81:93:fc:8c:41:31:3b:
         26:f0:f7:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJNhrynd95uyJeNn+E59C1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NjY0ODMzOTZhZmIzNzdlNWUzNzlkMTYxNWJkZTBmZDRk
OWVkNDcwHhcNMjQxMDAyMTM1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzMwZDk3MjQ0MmVmMWViNWNhMDQ5NjIwZTVjMWM0ODYyZTJlZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2+sAsb69bKA32tSDh8c/MkJndmr
krK4jEiz3HM0hqIxewC3QDScLp4qRizWXMN8yIDjRt4sE0CGVkO6sOK27BDaQ0Ek
oAcj3f2MfBvSS/53wOmoqlxk4GvN3/8z0Q8h7s5N0YUx9QMXSreJknG5Qo0KftEl
bJLgnrbgL47mae8Zo4cYWE5DRtFheMZ+fxj1Lo6NOR8o2iH8U3XdL6lsaQsvqx5q
Bt25CRw0oxgJb97gKZ8cFyWtewCDL4YF6bmT+JPGR8tPSxIuJP8dNUXGJFjG9RHb
y6w8Q4flobNqTuGYrTwtKLcpRWUYosTH9J8aSeI2uVpfsSDX523Hsd0ohwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCww2XJELvHrXKBJYg5cHEhi4u1oMB8GA1UdIwQY
MBaAFORmSDOWr7N35eN50WFb3g/U2e1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUdaSU01YXZzM2ZsNDNuUllWdmVEOVRaN1VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8xOGI1YmItOGU0MS00ZTg4LWJkYmUt
MzQxYzYzNjE0MjgwLzEvTEREWmNrUXU4ZXRjb0VsaURsd2NTR0xpN1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8xOGI1YmItOGU0MS00ZTg4LWJkYmUtMzQxYzYzNjE0Mjgw
LzEvNUdaSU01YXZzM2ZsNDNuUllWdmVEOVRaN1VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSz+MA0G
CSqGSIb3DQEBCwUAA4IBAQBjOZiVc8OVJchXTDGAiL9eanTV91inyRHU8AnY3vh1
yAfCtkT6eHb8ulXyUD0I8cjBcYXsOloOKFdmnWgUqoBwx+PeYBAOXpkMTOcfkCkL
+8+T+P03KjwWGJNULoeZ7/VXzslMQt/xo/2G7a0ymY+VrSuEOB4NvohyGLBUVswD
jS3TRxQcNpNLDdusr1RKEVlPyMkR2rlLFVD0lWqsKJ7G9ZM8gRIw/lf1KxGNRdIm
FgYzSdwtwjn49OmX8trZg/hb3C3MFLb+LvKuPG1/M42HNMuTwlXzbVT3rnpEwJs3
tc9D1lcaQF+HOCcQOQgwzSqeyP8fUYGT/IxBMTsm8PeB
-----END CERTIFICATE-----