Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j8MXOx7IAf2KSqCp-jaAVv0pzxg.roa
File:                     j8MXOx7IAf2KSqCp-jaAVv0pzxg.roa (raw, json)
Hash identifier:          E8aLYB6SNTmeAHTqRh2dAkdFRmjbWJTPYcFub4aB9Jg=
Subject key identifier:   8F:C3:17:3B:1E:C8:01:FD:8A:4A:A0:A9:FA:36:80:56:FD:29:CF:18
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019422FB95C1991DBE4B319E3C8E7544E2CA
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j8MXOx7IAf2KSqCp-jaAVv0pzxg.roa
Signing time:             Wed 01 Jan 2025 17:48:20 +0000
ROA not before:           Wed 01 Jan 2025 17:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29657
IP address blocks:        5.180.123.0/24 maxlen: 24
                          92.52.221.0/24 maxlen: 24
                          194.41.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:95:c1:99:1d:be:4b:31:9e:3c:8e:75:44:e2:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 17:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fc3173b1ec801fd8a4aa0a9fa368056fd29cf18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ed:0b:6b:28:d1:87:bc:28:1e:a9:68:0d:f2:
                    93:1f:9d:c8:2a:55:f0:de:34:54:4c:a2:fb:f9:f2:
                    fe:b4:46:f8:bb:a1:ad:c2:34:f8:c5:76:f7:70:65:
                    bc:66:d6:a1:5b:2c:e8:32:7a:d5:d4:7d:c5:84:56:
                    92:fd:2a:33:5c:9b:93:b5:fa:3a:d9:8e:fe:36:05:
                    49:12:9a:d6:2a:10:c1:f8:fd:ec:b9:59:d0:bd:9a:
                    7f:1e:e2:61:ae:c0:8c:ed:cf:fd:4b:6b:dc:16:30:
                    f0:63:5f:61:c1:61:85:a7:d0:66:25:33:ef:14:3e:
                    c6:b4:7f:e8:62:f9:63:fa:66:49:5a:f7:0e:bb:71:
                    35:69:8f:a7:32:4f:7d:3d:54:c8:d5:05:8b:78:fc:
                    66:7f:bd:20:5f:a9:3b:91:33:b6:0a:43:99:55:dc:
                    2d:82:ea:98:ab:b7:cf:5f:67:48:f5:1e:7a:8d:7c:
                    e9:1d:9d:a9:9c:ec:08:dd:d4:6e:f3:59:1b:ea:1f:
                    29:a6:45:3d:a4:76:bd:2f:72:48:5e:d7:b9:a2:45:
                    cf:5d:7e:f3:43:0f:09:db:d6:fa:9f:69:ea:d1:a0:
                    d5:c8:ac:f7:4f:da:cd:db:fd:3f:b1:91:b9:a1:b6:
                    bf:67:88:9b:be:c9:ba:fd:24:bf:a3:5b:a9:33:2c:
                    3d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:C3:17:3B:1E:C8:01:FD:8A:4A:A0:A9:FA:36:80:56:FD:29:CF:18
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j8MXOx7IAf2KSqCp-jaAVv0pzxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.123.0/24
                  92.52.221.0/24
                  194.41.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:29:94:58:54:3c:ba:e3:d9:bf:a2:e5:5d:0d:ae:12:bf:e8:
         01:ce:82:0a:40:06:75:74:c0:82:f7:2c:b3:ee:f2:35:6c:ea:
         e6:21:ae:e7:c3:fe:14:8e:c8:d1:39:ac:9b:14:ca:17:63:eb:
         44:81:e2:72:af:2f:96:fd:3f:d8:92:7b:d3:73:5a:b1:33:56:
         0f:31:71:43:c4:4c:c2:8e:56:95:18:d0:96:52:e0:a6:68:44:
         e9:9a:9b:ea:34:e3:11:60:1b:40:34:70:b8:b4:db:70:64:84:
         df:9f:82:00:68:aa:4d:ad:1b:27:e9:9f:2e:3c:d0:7f:8d:76:
         01:0b:39:cf:d4:99:b9:a2:72:99:37:aa:3c:09:5d:82:95:16:
         85:e8:10:58:72:5c:4b:aa:95:1d:f0:f6:b9:e1:56:90:4d:d0:
         65:d9:18:c3:1a:cd:2e:7e:d2:21:d0:11:30:df:f9:cd:2a:7d:
         70:5f:e8:14:fb:ac:b8:e1:1e:47:1e:75:c3:51:1f:17:5d:2b:
         11:c4:f6:5a:58:b5:d6:a8:58:0e:84:f3:58:16:68:2d:e8:24:
         39:e9:ad:7c:09:82:06:16:60:7d:3c:ff:a7:31:0b:1c:6d:c8:
         0e:04:f8:e5:29:09:b0:fb:5e:d6:be:ad:47:e0:12:ab:8c:4f:
         4f:2a:e5:9a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQi+5XBmR2+SzGePI51ROLKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMTAxMTc0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmMzMTczYjFlYzgwMWZkOGE0YWEwYTlmYTM2ODA1NmZkMjljZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwu0LayjRh7woHqloDfKTH53IKlXw
3jRUTKL7+fL+tEb4u6GtwjT4xXb3cGW8ZtahWyzoMnrV1H3FhFaS/SozXJuTtfo6
2Y7+NgVJEprWKhDB+P3suVnQvZp/HuJhrsCM7c/9S2vcFjDwY19hwWGFp9BmJTPv
FD7GtH/oYvlj+mZJWvcOu3E1aY+nMk99PVTI1QWLePxmf70gX6k7kTO2CkOZVdwt
guqYq7fPX2dI9R56jXzpHZ2pnOwI3dRu81kb6h8ppkU9pHa9L3JIXte5okXPXX7z
Qw8J29b6n2nq0aDVyKz3T9rN2/0/sZG5oba/Z4ibvsm6/SS/o1upMyw9/QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI/DFzseyAH9ikqgqfo2gFb9Kc8YMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvajhNWE94N0lBZjJLU3FDcC1qYUFWdjBwenhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbR7AwQA
XDTdAwQAwikuMA0GCSqGSIb3DQEBCwUAA4IBAQCRKZRYVDy649m/ouVdDa4Sv+gB
zoIKQAZ1dMCC9yyz7vI1bOrmIa7nw/4UjsjROaybFMoXY+tEgeJyry+W/T/YknvT
c1qxM1YPMXFDxEzCjlaVGNCWUuCmaETpmpvqNOMRYBtANHC4tNtwZITfn4IAaKpN
rRsn6Z8uPNB/jXYBCznP1Jm5onKZN6o8CV2ClRaF6BBYclxLqpUd8Pa54VaQTdBl
2RjDGs0uftIh0BEw3/nNKn1wX+gU+6y44R5HHnXDUR8XXSsRxPZaWLXWqFgOhPNY
Fmgt6CQ56a18CYIGFmB9PP+nMQscbcgOBPjlKQmw+17Wvq1H4BKrjE9PKuWa
-----END CERTIFICATE-----