Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/xT_QNbaEsHShNwPnlOG7D27KR6I.roa
File:                     xT_QNbaEsHShNwPnlOG7D27KR6I.roa (raw, json)
Hash identifier:          Mw/4548MeQOvs37HbuZ+A8sJj11JYohArvbf7TjnWpk=
Subject key identifier:   C5:3F:D0:35:B6:84:B0:74:A1:37:03:E7:94:E1:BB:0F:6E:CA:47:A2
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019422FB9E8CF2477E0FE21339AB9047F6CE
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/xT_QNbaEsHShNwPnlOG7D27KR6I.roa
Signing time:             Wed 01 Jan 2025 17:48:22 +0000
ROA not before:           Wed 01 Jan 2025 17:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203084
IP address blocks:        5.180.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:9e:8c:f2:47:7e:0f:e2:13:39:ab:90:47:f6:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 17:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c53fd035b684b074a13703e794e1bb0f6eca47a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4a:5a:59:f5:81:38:67:31:1a:68:55:28:c2:
                    82:c4:03:4b:fa:10:ff:76:ab:2f:12:fd:6b:e0:94:
                    55:f7:39:f8:f7:db:8a:2b:ed:39:f7:ef:ed:d0:6e:
                    6e:c0:50:9c:51:3d:6d:9e:4b:73:2c:3c:c5:3d:f6:
                    0f:eb:b7:e9:d2:f5:90:af:96:ac:a5:5b:99:7b:51:
                    b2:4c:27:57:20:38:a2:6b:f9:e0:30:d7:ea:bc:14:
                    11:07:85:bb:00:81:01:63:37:00:a6:29:c3:7e:90:
                    e3:b8:a1:02:c3:a6:aa:50:35:c4:30:23:f6:eb:7f:
                    88:b4:7e:17:76:a4:26:a8:4e:d1:3b:f2:d5:65:8e:
                    4e:99:f8:be:f8:05:6a:ee:6a:72:a7:1e:d8:63:36:
                    a0:06:9d:e6:09:56:0a:d9:a2:4b:a5:15:a0:75:75:
                    b1:99:09:02:2e:d4:c6:72:64:63:2c:96:51:d1:4f:
                    f3:e5:72:74:0e:6c:c1:91:49:15:d1:fa:5e:e3:a1:
                    67:cc:0e:2b:98:da:5b:31:07:fc:a7:63:a7:b4:02:
                    72:f1:89:3a:cd:89:f5:99:8c:db:9e:22:83:ae:48:
                    ff:bf:94:d8:ac:e3:62:0f:e5:31:ec:27:10:bf:2e:
                    a1:d8:0f:f7:9f:24:e7:0f:61:8a:49:e3:df:44:af:
                    2a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:3F:D0:35:B6:84:B0:74:A1:37:03:E7:94:E1:BB:0F:6E:CA:47:A2
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/xT_QNbaEsHShNwPnlOG7D27KR6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:cd:cc:45:ee:ca:fb:ab:06:b1:47:6b:fa:75:c2:9e:dd:24:
         19:d9:c5:e9:fb:82:4a:73:76:5d:31:0f:86:9d:25:21:30:cc:
         8c:19:74:be:cf:d1:86:b2:9f:bd:16:66:54:5c:a9:c1:60:c4:
         db:e2:7f:ac:d0:aa:c5:be:e2:c9:38:e0:60:77:04:ed:d8:6f:
         d5:bb:b7:c7:5a:09:78:68:f3:d5:e0:78:43:73:57:30:f9:d6:
         94:95:27:9d:d1:bc:e6:01:52:a9:2d:e8:72:58:48:d4:bf:76:
         7f:1d:d7:21:7c:55:71:42:d7:b7:36:22:82:4a:50:90:f3:d6:
         12:14:dd:54:27:ef:6e:00:7d:2a:73:c6:38:d7:fd:98:4f:33:
         2d:8b:89:6f:66:3b:2e:ef:c5:bd:9f:95:a6:de:bc:2d:bf:9a:
         68:3a:f6:45:89:d3:a7:b9:9a:7a:ab:6d:25:ea:0f:f5:da:16:
         84:7a:6b:8f:a7:c4:6c:be:ed:ae:68:92:a2:61:a6:c7:83:30:
         e3:43:60:78:70:29:ba:d1:f2:d3:d8:17:8c:65:40:76:1c:25:
         e7:b1:35:08:9c:a8:16:0b:ec:07:9a:16:4b:a8:7a:03:10:2d:
         6f:ec:b0:59:24:3d:f5:f1:66:39:b8:b4:ee:4d:83:40:ca:21:
         ff:d9:25:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+56M8kd+D+ITOauQR/bOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMTAxMTc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTNmZDAzNWI2ODRiMDc0YTEzNzAzZTc5NGUxYmIwZjZlY2E0N2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskpaWfWBOGcxGmhVKMKCxANL+hD/
dqsvEv1r4JRV9zn499uKK+059+/t0G5uwFCcUT1tnktzLDzFPfYP67fp0vWQr5as
pVuZe1GyTCdXIDiia/ngMNfqvBQRB4W7AIEBYzcApinDfpDjuKECw6aqUDXEMCP2
63+ItH4XdqQmqE7RO/LVZY5Omfi++AVq7mpypx7YYzagBp3mCVYK2aJLpRWgdXWx
mQkCLtTGcmRjLJZR0U/z5XJ0DmzBkUkV0fpe46FnzA4rmNpbMQf8p2OntAJy8Yk6
zYn1mYzbniKDrkj/v5TYrONiD+Ux7CcQvy6h2A/3nyTnD2GKSePfRK8qPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMU/0DW2hLB0oTcD55Thuw9uykeiMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEveFRfUU5iYUVzSFNoTndQbmxPRzdEMjdLUjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbR6MA0G
CSqGSIb3DQEBCwUAA4IBAQCLzcxF7sr7qwaxR2v6dcKe3SQZ2cXp+4JKc3ZdMQ+G
nSUhMMyMGXS+z9GGsp+9FmZUXKnBYMTb4n+s0KrFvuLJOOBgdwTt2G/Vu7fHWgl4
aPPV4HhDc1cw+daUlSed0bzmAVKpLehyWEjUv3Z/HdchfFVxQte3NiKCSlCQ89YS
FN1UJ+9uAH0qc8Y41/2YTzMti4lvZjsu78W9n5Wm3rwtv5poOvZFidOnuZp6q20l
6g/12haEemuPp8Rsvu2uaJKiYabHgzDjQ2B4cCm60fLT2BeMZUB2HCXnsTUInKgW
C+wHmhZLqHoDEC1v7LBZJD318WY5uLTuTYNAyiH/2SXN
-----END CERTIFICATE-----