Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/6f6b7c-c0a9-4953-9865-de4bdaa37203/1/_dX4f78r8ar055s65dZPENw-y4Y.roa
File:                     _dX4f78r8ar055s65dZPENw-y4Y.roa (raw, json)
Hash identifier:          YAHCWNUUSCjGUaMNs/qPZDcoPmc5Fkj8HR1jTR9dAy4=
Subject key identifier:   FD:D5:F8:7F:BF:2B:F1:AA:F4:E7:9B:3A:E5:D6:4F:10:DC:3E:CB:86
Certificate issuer:       /CN=596a5fee9345fcd48010348877b7853afccc6474
Certificate serial:       0194258EA5F4DC937AF98525EA58BA0D8B54
Authority key identifier: 59:6A:5F:EE:93:45:FC:D4:80:10:34:88:77:B7:85:3A:FC:CC:64:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WWpf7pNF_NSAEDSId7eFOvzMZHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/6f6b7c-c0a9-4953-9865-de4bdaa37203/1/_dX4f78r8ar055s65dZPENw-y4Y.roa
Signing time:             Thu 02 Jan 2025 05:48:13 +0000
ROA not before:           Thu 02 Jan 2025 05:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52164
IP address blocks:        80.244.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/6f6b7c-c0a9-4953-9865-de4bdaa37203/1/WWpf7pNF_NSAEDSId7eFOvzMZHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/6f6b7c-c0a9-4953-9865-de4bdaa37203/1/WWpf7pNF_NSAEDSId7eFOvzMZHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WWpf7pNF_NSAEDSId7eFOvzMZHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:a5:f4:dc:93:7a:f9:85:25:ea:58:ba:0d:8b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=596a5fee9345fcd48010348877b7853afccc6474
        Validity
            Not Before: Jan  2 05:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdd5f87fbf2bf1aaf4e79b3ae5d64f10dc3ecb86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ef:67:1e:a2:06:c6:7e:e4:f3:4f:5f:0a:76:
                    4d:ca:e6:4f:34:f8:35:90:06:29:9b:1a:19:75:ba:
                    05:8c:26:e8:b1:c1:74:c7:e5:52:6a:b5:ea:45:f2:
                    ac:97:d0:44:5a:1f:d3:cf:bf:48:c9:ab:4e:fb:77:
                    2f:89:a7:aa:5c:a1:99:aa:29:5c:fd:41:55:7a:57:
                    f6:bf:7e:d8:94:42:a8:88:45:08:93:bd:86:b9:5d:
                    b6:0b:54:39:fd:b3:78:db:d7:96:60:83:de:50:31:
                    44:dc:c9:af:ab:2d:21:bc:96:78:08:00:d5:7c:5f:
                    e5:6c:95:a3:06:9e:c8:c4:8c:a2:f5:41:70:8e:d0:
                    f2:7f:93:65:e0:ff:73:b9:af:c5:20:64:f5:8c:e9:
                    f9:fa:86:1e:23:99:d6:0b:3c:9f:80:cd:c0:df:1d:
                    ed:a3:16:c6:e4:35:5f:76:85:93:fb:81:14:d5:92:
                    8b:48:7e:06:88:90:0c:6c:74:51:f2:6b:db:1f:53:
                    cf:98:c3:34:53:42:d0:d7:ca:8a:3c:67:6d:ed:6b:
                    74:98:cc:e3:12:1b:f6:13:8c:fa:86:80:c2:0a:51:
                    26:09:c9:10:7f:b1:7d:58:2f:7c:ef:38:a2:ba:cd:
                    2f:01:7d:bf:04:92:03:90:da:d8:02:db:08:e0:c9:
                    55:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D5:F8:7F:BF:2B:F1:AA:F4:E7:9B:3A:E5:D6:4F:10:DC:3E:CB:86
            X509v3 Authority Key Identifier:
                keyid:59:6A:5F:EE:93:45:FC:D4:80:10:34:88:77:B7:85:3A:FC:CC:64:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WWpf7pNF_NSAEDSId7eFOvzMZHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/6f6b7c-c0a9-4953-9865-de4bdaa37203/1/_dX4f78r8ar055s65dZPENw-y4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/6f6b7c-c0a9-4953-9865-de4bdaa37203/1/WWpf7pNF_NSAEDSId7eFOvzMZHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:5b:7d:37:26:6c:e9:95:d7:60:3d:d7:6a:36:92:3a:da:6f:
         28:6c:31:ab:14:c6:f4:fa:4f:79:3f:a9:48:43:3e:99:24:03:
         fa:2b:12:7a:ab:ac:0f:46:fe:43:43:bf:07:55:6b:a1:17:34:
         74:e1:1b:26:98:68:c1:85:80:5b:e3:62:7b:90:68:43:c1:d4:
         da:72:6c:5a:2e:d3:fa:cb:da:60:66:c3:da:6f:fd:cc:42:3f:
         e5:48:b9:a8:d6:f8:7b:ff:9d:c6:47:5f:36:48:33:27:f2:40:
         19:8a:79:4e:0d:25:1e:3f:33:eb:3f:b5:c1:ce:e7:8d:65:b7:
         c1:b9:a8:a0:8b:29:b4:62:28:41:2e:9c:c0:90:40:a6:77:15:
         99:df:7b:03:4a:27:36:8e:2a:36:33:df:61:84:2f:0f:98:4b:
         0d:9d:86:e6:32:75:02:6e:b4:10:72:24:68:83:ee:ad:e4:9e:
         60:1a:20:ba:f2:4b:bd:39:99:76:fa:81:76:a2:4a:c0:f4:7d:
         bb:c1:e7:76:8d:97:5f:0e:a3:5b:65:59:0f:66:56:76:87:e6:
         89:08:c4:83:45:b2:dc:c5:87:68:fb:91:8a:84:6a:ed:20:60:
         c0:83:8e:1d:6f:a1:67:9a:ac:3b:0d:fd:f7:68:cc:b4:c6:09:
         c5:fe:d2:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljqX03JN6+YUl6li6DYtUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NmE1ZmVlOTM0NWZjZDQ4MDEwMzQ4ODc3Yjc4NTNhZmNj
YzY0NzQwHhcNMjUwMTAyMDU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQ1Zjg3ZmJmMmJmMWFhZjRlNzliM2FlNWQ2NGYxMGRjM2VjYjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte9nHqIGxn7k809fCnZNyuZPNPg1
kAYpmxoZdboFjCboscF0x+VSarXqRfKsl9BEWh/Tz79IyatO+3cviaeqXKGZqilc
/UFVelf2v37YlEKoiEUIk72GuV22C1Q5/bN429eWYIPeUDFE3Mmvqy0hvJZ4CADV
fF/lbJWjBp7IxIyi9UFwjtDyf5Nl4P9zua/FIGT1jOn5+oYeI5nWCzyfgM3A3x3t
oxbG5DVfdoWT+4EU1ZKLSH4GiJAMbHRR8mvbH1PPmMM0U0LQ18qKPGdt7Wt0mMzj
Ehv2E4z6hoDCClEmCckQf7F9WC987ziius0vAX2/BJIDkNrYAtsI4MlVAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3V+H+/K/Gq9OebOuXWTxDcPsuGMB8GA1UdIwQY
MBaAFFlqX+6TRfzUgBA0iHe3hTr8zGR0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1dwZjdwTkZfTlNBRURTSWQ3ZUZPdnpNWkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi82ZjZiN2MtYzBhOS00OTUzLTk4NjUt
ZGU0YmRhYTM3MjAzLzEvX2RYNGY3OHI4YXIwNTVzNjVkWlBFTncteTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi82ZjZiN2MtYzBhOS00OTUzLTk4NjUtZGU0YmRhYTM3MjAz
LzEvV1dwZjdwTkZfTlNBRURTSWQ3ZUZPdnpNWkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPQGMA0G
CSqGSIb3DQEBCwUAA4IBAQCuW303JmzplddgPddqNpI62m8obDGrFMb0+k95P6lI
Qz6ZJAP6KxJ6q6wPRv5DQ78HVWuhFzR04RsmmGjBhYBb42J7kGhDwdTacmxaLtP6
y9pgZsPab/3MQj/lSLmo1vh7/53GR182SDMn8kAZinlODSUePzPrP7XBzueNZbfB
uaigiym0YihBLpzAkECmdxWZ33sDSic2jio2M99hhC8PmEsNnYbmMnUCbrQQciRo
g+6t5J5gGiC68ku9OZl2+oF2okrA9H27wed2jZdfDqNbZVkPZlZ2h+aJCMSDRbLc
xYdo+5GKhGrtIGDAg44db6Fnmqw7Df33aMy0xgnF/tLz
-----END CERTIFICATE-----