Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/pZZ3wnBxApb1KwligAZ4R37ajfY.roa
File:                     pZZ3wnBxApb1KwligAZ4R37ajfY.roa (raw, json)
Hash identifier:          wKFDbvvByNKOBObnqtXQ4D0MrP5IbC5928b62wl8kus=
Subject key identifier:   A5:96:77:C2:70:71:02:96:F5:2B:09:62:80:06:78:47:7E:DA:8D:F6
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       019305C51209DE36404793CB96E81CEF106C
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/pZZ3wnBxApb1KwligAZ4R37ajfY.roa
Signing time:             Thu 07 Nov 2024 08:37:01 +0000
ROA not before:           Thu 07 Nov 2024 08:37:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        114.69.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:05:c5:12:09:de:36:40:47:93:cb:96:e8:1c:ef:10:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Nov  7 08:37:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a59677c270710296f52b0962800678477eda8df6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6e:13:a8:33:71:ca:15:fa:3f:6e:63:09:08:
                    a5:f6:2c:97:a8:7d:68:10:d1:34:b0:60:49:92:bd:
                    f1:ea:cd:28:2b:12:e7:f8:9d:38:e1:c1:92:cc:90:
                    81:0f:41:e8:dc:ca:7e:35:1f:52:5b:3a:30:d6:5d:
                    3e:4e:d8:2a:1b:3a:04:c1:d6:6f:19:c4:e7:a7:2e:
                    73:c4:ad:78:ba:63:fe:56:8f:e8:a6:40:2e:e8:60:
                    5e:34:26:05:71:d3:14:42:d3:4b:dc:35:da:0d:78:
                    2f:a0:c7:b0:90:0b:be:22:39:e3:56:a4:35:3f:37:
                    d9:b8:d9:6f:b2:1e:30:1b:61:09:56:c9:03:20:67:
                    65:1e:9f:05:2a:49:c8:ee:88:47:e3:81:c1:80:53:
                    0b:e0:b9:32:89:02:ff:ad:7d:e0:99:58:ea:d7:7a:
                    65:ca:b7:20:6d:a6:47:33:08:18:36:13:98:53:13:
                    27:ae:77:d7:5a:de:b5:11:5e:00:c6:8a:92:f6:91:
                    09:1d:7d:4c:f9:a1:a2:32:39:98:54:bc:e0:ef:ab:
                    91:d6:3f:58:1f:7e:da:54:45:d4:ce:71:c5:e7:39:
                    e9:ed:14:19:0d:85:b3:bc:e0:7c:0e:70:bc:4a:38:
                    dc:9c:2f:04:f8:3c:a4:2a:c7:aa:f9:ba:5f:e9:45:
                    63:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:96:77:C2:70:71:02:96:F5:2B:09:62:80:06:78:47:7E:DA:8D:F6
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/pZZ3wnBxApb1KwligAZ4R37ajfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.69.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:70:e2:9e:eb:ee:50:31:c4:c9:9c:65:24:df:25:cf:01:5e:
         b5:14:14:0a:d9:d5:c6:35:3e:f5:d7:36:7e:e2:80:62:85:94:
         32:b3:d4:93:06:2f:63:c3:c3:b4:a2:28:f1:1b:18:d8:a7:9d:
         8e:a2:b3:53:e3:a7:e6:7a:3c:71:4c:c7:46:5f:9c:f9:52:ef:
         d6:5a:fd:67:ee:72:97:72:ee:b1:e3:bc:fe:f7:3d:e8:d1:75:
         2b:61:b1:3e:68:27:f2:15:81:01:d2:53:84:0f:f1:f0:81:17:
         cd:2e:a8:21:38:cb:dd:ce:e9:38:a5:f2:f9:23:ef:f7:e9:55:
         8d:67:bb:9e:f7:70:93:84:80:24:65:b6:5b:be:b8:c5:45:6b:
         fb:22:c6:fe:46:62:c8:cd:b1:b2:8f:df:ee:50:ad:a2:ef:3f:
         29:dc:e8:c0:8e:6b:a8:51:b5:57:f5:6d:a9:22:60:db:b2:e2:
         d9:31:c1:da:59:4b:a9:eb:b6:7b:f3:3c:2a:11:04:51:38:88:
         80:c3:0e:8b:54:30:11:ce:f4:d2:3e:b6:41:ff:0e:2b:a1:eb:
         47:ea:62:e6:a0:b5:5f:fc:93:0f:fa:63:20:1a:57:4d:96:84:
         b3:6c:6e:2a:7d:a8:fb:1e:9f:45:7a:fc:dc:d1:57:80:43:6c:
         03:54:4d:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMFxRIJ3jZAR5PLlugc7xBsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQxMTA3MDgzNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTk2NzdjMjcwNzEwMjk2ZjUyYjA5NjI4MDA2Nzg0NzdlZGE4ZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj24TqDNxyhX6P25jCQil9iyXqH1o
ENE0sGBJkr3x6s0oKxLn+J044cGSzJCBD0Ho3Mp+NR9SWzow1l0+TtgqGzoEwdZv
GcTnpy5zxK14umP+Vo/opkAu6GBeNCYFcdMUQtNL3DXaDXgvoMewkAu+IjnjVqQ1
PzfZuNlvsh4wG2EJVskDIGdlHp8FKknI7ohH44HBgFML4LkyiQL/rX3gmVjq13pl
yrcgbaZHMwgYNhOYUxMnrnfXWt61EV4AxoqS9pEJHX1M+aGiMjmYVLzg76uR1j9Y
H37aVEXUznHF5znp7RQZDYWzvOB8DnC8SjjcnC8E+DykKseq+bpf6UVj7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWWd8JwcQKW9SsJYoAGeEd+2o32MB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvcFpaM3duQnhBcGIxS3dsaWdBWjRSMzdhamZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAckX1MA0G
CSqGSIb3DQEBCwUAA4IBAQCDcOKe6+5QMcTJnGUk3yXPAV61FBQK2dXGNT711zZ+
4oBihZQys9STBi9jw8O0oijxGxjYp52OorNT46fmejxxTMdGX5z5Uu/WWv1n7nKX
cu6x47z+9z3o0XUrYbE+aCfyFYEB0lOED/HwgRfNLqghOMvdzuk4pfL5I+/36VWN
Z7ue93CThIAkZbZbvrjFRWv7Isb+RmLIzbGyj9/uUK2i7z8p3OjAjmuoUbVX9W2p
ImDbsuLZMcHaWUup67Z78zwqEQRROIiAww6LVDARzvTSPrZB/w4roetH6mLmoLVf
/JMP+mMgGldNloSzbG4qfaj7Hp9Fevzc0VeAQ2wDVE2B
-----END CERTIFICATE-----