Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1fdk-_4vlOvjXTORV0hZeKSdx50.roa
File:                     1fdk-_4vlOvjXTORV0hZeKSdx50.roa (raw, json)
Hash identifier:          HFHF+BTJulCp3WKjtBBjO1f7FaKmMng+DNzzhqMVDQg=
Subject key identifier:   D5:F7:64:FB:FE:2F:94:EB:E3:5D:33:91:57:48:59:78:A4:9D:C7:9D
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019737097BBCF4AB14B12F39D4B0C5B4EA0D
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1fdk-_4vlOvjXTORV0hZeKSdx50.roa
Signing time:             Tue 03 Jun 2025 18:24:17 +0000
ROA not before:           Tue 03 Jun 2025 18:24:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211659
IP address blocks:        80.64.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:09:7b:bc:f4:ab:14:b1:2f:39:d4:b0:c5:b4:ea:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jun  3 18:24:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5f764fbfe2f94ebe35d339157485978a49dc79d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:06:57:8f:f5:26:5a:45:80:da:b7:72:aa:db:
                    72:77:6d:c6:cb:57:38:56:57:4f:37:e9:34:7f:50:
                    7e:ad:f6:29:29:3d:7b:be:69:c1:13:7c:d6:c3:8a:
                    f1:0b:3c:1f:3b:6a:19:6a:48:ce:d5:b3:a5:a6:82:
                    06:94:9c:25:97:c9:aa:0f:f6:7f:0c:37:75:fc:4c:
                    bc:c0:b7:a0:3f:d8:10:4a:fc:15:2d:b4:31:e1:05:
                    ab:d9:9f:f5:9d:52:7c:d9:42:c8:5f:8a:41:73:59:
                    27:d9:f5:19:5d:90:62:36:50:9c:bc:85:a5:2d:56:
                    a1:f1:e8:6d:18:b5:a0:90:5f:21:db:03:d6:03:27:
                    4d:c0:c5:a2:95:0b:37:34:e1:4a:72:6c:f9:ab:b1:
                    6a:f6:dc:e5:e0:b5:9c:ba:d7:cc:46:68:6d:36:9d:
                    44:7d:32:cb:7a:ac:29:95:11:55:ec:60:a0:73:98:
                    a7:15:88:eb:a9:d5:1c:04:dd:d7:36:04:f7:37:8b:
                    82:c9:c3:12:fc:df:f4:ef:6f:2e:f8:e4:3a:0b:b9:
                    46:39:e2:d0:2a:0e:a0:70:66:f6:7b:cb:78:86:1d:
                    12:ca:29:c6:d6:d6:55:7c:08:c4:a5:4b:98:86:97:
                    57:f7:bc:80:54:04:91:44:84:9c:fa:90:eb:e8:dc:
                    f6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F7:64:FB:FE:2F:94:EB:E3:5D:33:91:57:48:59:78:A4:9D:C7:9D
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1fdk-_4vlOvjXTORV0hZeKSdx50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:7d:3e:08:f2:f8:63:64:64:c8:87:88:ed:82:06:f9:5f:78:
         be:76:a9:1b:aa:8b:02:1f:78:43:fc:ad:1a:b4:f3:c7:ff:c8:
         46:48:39:9a:b5:28:45:4c:f7:b3:23:e8:ed:fd:fd:d1:58:06:
         29:53:21:bd:22:b4:b4:53:a8:99:3c:fc:eb:4a:e6:04:7f:9d:
         9b:d3:6c:b1:45:36:d9:01:4d:c5:b4:01:49:14:e5:79:00:b2:
         8e:3f:ab:45:bb:13:46:44:0e:78:b5:f1:0b:84:e9:47:92:1a:
         4c:48:82:2a:16:b2:0f:33:d8:8d:35:11:3a:24:bf:75:a6:ef:
         1a:c1:19:0c:49:8d:a3:99:58:d1:15:e2:0f:6a:93:ce:c1:9a:
         c1:c0:2f:42:70:a6:47:96:b6:ff:28:7a:59:03:df:89:64:6d:
         5f:d3:f6:f0:43:a1:c8:15:b0:a3:34:3e:fa:62:5a:94:e1:ef:
         32:2f:66:51:de:f8:83:33:60:e8:5b:d0:62:c1:70:4d:e8:5b:
         1d:a0:4f:c8:73:6e:53:48:64:80:1a:4b:86:36:27:a8:45:18:
         4f:b0:0e:65:55:b2:ff:9c:63:b8:f6:bb:8d:33:ba:7e:e3:42:
         0a:51:26:fc:b0:a8:89:d7:52:cd:d5:bf:50:cc:c9:31:cc:63:
         14:0c:79:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc3CXu89KsUsS851LDFtOoNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwNjAzMTgyNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWY3NjRmYmZlMmY5NGViZTM1ZDMzOTE1NzQ4NTk3OGE0OWRjNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAZXj/UmWkWA2rdyqttyd23Gy1c4
VldPN+k0f1B+rfYpKT17vmnBE3zWw4rxCzwfO2oZakjO1bOlpoIGlJwll8mqD/Z/
DDd1/Ey8wLegP9gQSvwVLbQx4QWr2Z/1nVJ82ULIX4pBc1kn2fUZXZBiNlCcvIWl
LVah8ehtGLWgkF8h2wPWAydNwMWilQs3NOFKcmz5q7Fq9tzl4LWcutfMRmhtNp1E
fTLLeqwplRFV7GCgc5inFYjrqdUcBN3XNgT3N4uCycMS/N/0728u+OQ6C7lGOeLQ
Kg6gcGb2e8t4hh0SyinG1tZVfAjEpUuYhpdX97yAVASRRISc+pDr6Nz2JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNX3ZPv+L5Tr410zkVdIWXikncedMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvMWZkay1fNHZsT3ZqWFRPUlYwaFplS1NkeDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEASMA0G
CSqGSIb3DQEBCwUAA4IBAQBmfT4I8vhjZGTIh4jtggb5X3i+dqkbqosCH3hD/K0a
tPPH/8hGSDmatShFTPezI+jt/f3RWAYpUyG9IrS0U6iZPPzrSuYEf52b02yxRTbZ
AU3FtAFJFOV5ALKOP6tFuxNGRA54tfELhOlHkhpMSIIqFrIPM9iNNRE6JL91pu8a
wRkMSY2jmVjRFeIPapPOwZrBwC9CcKZHlrb/KHpZA9+JZG1f0/bwQ6HIFbCjND76
YlqU4e8yL2ZR3viDM2DoW9BiwXBN6FsdoE/Ic25TSGSAGkuGNieoRRhPsA5lVbL/
nGO49ruNM7p+40IKUSb8sKiJ11LN1b9QzMkxzGMUDHmI
-----END CERTIFICATE-----