Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ldbZHv2thMeZxsZDg7x8wRMENBk.roa
File:                     ldbZHv2thMeZxsZDg7x8wRMENBk.roa (raw, json)
Hash identifier:          UxhBCBKsIKJeDA4PtEND1X9jK0f1GPspP6dDePUAadY=
Subject key identifier:   95:D6:D9:1E:FD:AD:84:C7:99:C6:C6:43:83:BC:7C:C1:13:04:34:19
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019310DD09B6052DFBEFF78D482ABB56199C
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ldbZHv2thMeZxsZDg7x8wRMENBk.roa
Signing time:             Sat 09 Nov 2024 12:19:01 +0000
ROA not before:           Sat 09 Nov 2024 12:19:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202243
IP address blocks:        80.85.48.0/21 maxlen: 24
                          92.52.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:10:dd:09:b6:05:2d:fb:ef:f7:8d:48:2a:bb:56:19:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Nov  9 12:19:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95d6d91efdad84c799c6c64383bc7cc113043419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:20:c4:84:30:5a:f3:09:93:05:7b:4c:a0:98:
                    53:b9:54:8a:bf:00:ea:58:71:7c:cd:b9:22:5b:6a:
                    a3:60:8a:97:48:f9:ab:df:dd:01:b2:67:12:32:ad:
                    0b:74:71:57:9a:cd:c1:0d:d5:6f:fc:8c:98:ed:0c:
                    02:55:85:ca:7d:cb:29:6d:ae:3b:7c:6c:07:5b:a2:
                    d8:70:b5:d5:12:bd:d6:0f:32:a2:f6:d0:a5:35:90:
                    96:01:60:64:ef:5f:b4:d5:78:fe:3a:d1:f8:60:16:
                    e8:58:7b:5e:ed:83:fd:ae:ee:00:12:7a:35:cb:40:
                    b2:b0:e5:50:bc:f9:53:56:a4:47:15:8e:f7:19:81:
                    ea:2e:e1:e6:a0:6d:ed:6d:04:20:c6:3b:89:e5:6f:
                    df:55:03:83:1e:e3:8a:d2:55:57:b0:70:80:d8:1b:
                    80:76:71:25:f2:71:42:37:77:c5:e1:04:ef:95:3d:
                    ab:dd:75:55:81:95:64:7d:2b:c1:e1:25:d5:a4:82:
                    05:a7:6d:db:62:44:ed:9c:21:91:f6:39:65:c9:49:
                    a8:39:1f:2c:56:0d:62:f7:23:6f:ad:79:3b:71:6b:
                    1f:c1:80:2f:6f:2d:6e:c3:37:ef:c3:68:83:1f:0b:
                    fb:85:37:c2:aa:39:81:1b:a2:97:88:04:9f:81:87:
                    45:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D6:D9:1E:FD:AD:84:C7:99:C6:C6:43:83:BC:7C:C1:13:04:34:19
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ldbZHv2thMeZxsZDg7x8wRMENBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.48.0/21
                  92.52.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:c1:31:fd:6e:67:a8:26:24:cb:d7:b7:a2:72:cd:1c:40:d1:
         f4:41:b5:c0:33:1d:68:ca:9c:8a:12:67:14:ea:f0:91:85:3f:
         bd:fa:b7:73:49:66:dc:58:19:6f:e0:78:c0:02:c1:8a:35:84:
         5b:95:4d:ff:5c:09:ea:1d:96:29:e2:00:a6:12:d0:1e:f8:8b:
         3a:ca:07:e1:1e:f8:1f:0d:1c:a8:23:e5:ac:b6:a5:3e:b8:03:
         6a:89:d9:07:1f:08:df:f0:6d:42:fc:b5:a2:f7:b6:c2:74:27:
         d4:77:96:94:b6:4c:ff:91:61:43:c6:e7:79:1b:23:69:75:4a:
         d1:20:0f:d9:70:e7:f5:67:51:5b:50:66:fc:92:59:1d:15:d2:
         af:05:60:32:7b:e9:91:42:70:cf:fa:5a:f2:c9:f6:61:f9:14:
         7d:30:c9:66:a1:8c:56:2f:52:10:7d:90:a0:ed:0e:1d:b0:86:
         74:d8:93:9f:c1:e9:48:02:e8:b9:2c:eb:d5:09:f5:7b:90:0b:
         96:71:63:86:e7:69:a4:bb:c4:3b:32:e3:70:b9:1e:5d:4a:84:
         64:68:7b:a5:f0:c0:02:74:dc:9a:a7:3f:d1:46:cf:4a:ee:76:
         50:dd:89:92:c5:b3:67:4b:4f:a7:44:39:2c:3d:92:48:68:3b:
         72:cc:1f:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMQ3Qm2BS377/eNSCq7VhmcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQxMTA5MTIxOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQ2ZDkxZWZkYWQ4NGM3OTljNmM2NDM4M2JjN2NjMTEzMDQzNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSDEhDBa8wmTBXtMoJhTuVSKvwDq
WHF8zbkiW2qjYIqXSPmr390BsmcSMq0LdHFXms3BDdVv/IyY7QwCVYXKfcspba47
fGwHW6LYcLXVEr3WDzKi9tClNZCWAWBk71+01Xj+OtH4YBboWHte7YP9ru4AEno1
y0CysOVQvPlTVqRHFY73GYHqLuHmoG3tbQQgxjuJ5W/fVQODHuOK0lVXsHCA2BuA
dnEl8nFCN3fF4QTvlT2r3XVVgZVkfSvB4SXVpIIFp23bYkTtnCGR9jllyUmoOR8s
Vg1i9yNvrXk7cWsfwYAvby1uwzfvw2iDHwv7hTfCqjmBG6KXiASfgYdFqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJXW2R79rYTHmcbGQ4O8fMETBDQZMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvbGRiWkh2MnRoTWVaeHNaRGc3eDh3Uk1FTkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDUFUwAwQA
XDTcMA0GCSqGSIb3DQEBCwUAA4IBAQCnwTH9bmeoJiTL17eics0cQNH0QbXAMx1o
ypyKEmcU6vCRhT+9+rdzSWbcWBlv4HjAAsGKNYRblU3/XAnqHZYp4gCmEtAe+Is6
ygfhHvgfDRyoI+WstqU+uANqidkHHwjf8G1C/LWi97bCdCfUd5aUtkz/kWFDxud5
GyNpdUrRIA/ZcOf1Z1FbUGb8klkdFdKvBWAye+mRQnDP+lryyfZh+RR9MMlmoYxW
L1IQfZCg7Q4dsIZ02JOfwelIAui5LOvVCfV7kAuWcWOG52mku8Q7MuNwuR5dSoRk
aHul8MACdNyapz/RRs9K7nZQ3YmSxbNnS0+nRDksPZJIaDtyzB9v
-----END CERTIFICATE-----