Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/d-cXZlvvdlyn7ox05EmpqUd6gwY.roa
File:                     d-cXZlvvdlyn7ox05EmpqUd6gwY.roa (raw, json)
Hash identifier:          nBiz8J2UJroitgcJmWpKEDt0TmsVS2dSW257R8wSk2M=
Subject key identifier:   77:E7:17:66:5B:EF:76:5C:A7:EE:8C:74:E4:49:A9:A9:47:7A:83:06
Certificate issuer:       /CN=deb180ddc7143103f02e69cb9cda19c2395e57a1
Certificate serial:       0197834E04D90BC60CE8EA9D2E1CFB5B9CB9
Authority key identifier: DE:B1:80:DD:C7:14:31:03:F0:2E:69:CB:9C:DA:19:C2:39:5E:57:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3rGA3ccUMQPwLmnLnNoZwjleV6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/d-cXZlvvdlyn7ox05EmpqUd6gwY.roa
Signing time:             Wed 18 Jun 2025 13:50:17 +0000
ROA not before:           Wed 18 Jun 2025 13:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58243
IP address blocks:        80.246.112.0/20 maxlen: 20
                          80.246.112.0/22 maxlen: 22
                          80.246.120.0/23 maxlen: 23
                          80.246.124.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/3rGA3ccUMQPwLmnLnNoZwjleV6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/3rGA3ccUMQPwLmnLnNoZwjleV6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3rGA3ccUMQPwLmnLnNoZwjleV6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 04:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:83:4e:04:d9:0b:c6:0c:e8:ea:9d:2e:1c:fb:5b:9c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=deb180ddc7143103f02e69cb9cda19c2395e57a1
        Validity
            Not Before: Jun 18 13:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77e717665bef765ca7ee8c74e449a9a9477a8306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9f:ca:91:e1:f7:71:47:06:88:00:97:22:00:
                    3b:77:c4:12:c3:ff:80:55:ad:5f:02:3c:90:2a:eb:
                    66:4c:b1:ca:04:b2:c6:6f:03:28:75:c3:2b:9c:93:
                    61:04:de:c6:da:b7:74:62:10:ee:81:8f:44:27:44:
                    ed:e2:1e:69:9f:c9:0b:34:2c:d1:8c:1e:82:73:81:
                    50:67:c2:cc:c4:d1:1f:8b:99:aa:6d:08:61:58:ad:
                    af:0c:b2:82:7b:72:e9:05:b1:7e:7a:95:92:80:22:
                    5e:7b:ac:5f:b4:9d:4e:20:8f:c7:43:ea:04:fa:e7:
                    40:38:d3:01:ca:17:b2:01:01:b7:3b:9f:35:fd:f9:
                    77:f6:78:41:f0:64:6a:b8:e2:6b:f4:4c:b6:23:36:
                    b9:9e:54:dd:63:16:b3:5e:4a:6b:c1:78:ae:08:eb:
                    1d:fd:cc:a6:2d:05:0e:c3:e2:63:8e:76:10:16:58:
                    0c:5b:d1:06:43:b0:6a:c1:f9:99:65:19:94:3b:88:
                    61:64:03:33:3a:86:00:04:6f:4b:3f:f8:71:bb:25:
                    fe:05:b6:b9:e0:0b:f2:ac:3e:e4:e4:43:8b:c0:f0:
                    2d:b2:25:4b:2d:31:f7:40:ee:9c:15:b2:10:a2:6d:
                    74:85:dc:73:f5:a4:26:6c:e2:88:c2:e0:bb:fe:45:
                    7c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E7:17:66:5B:EF:76:5C:A7:EE:8C:74:E4:49:A9:A9:47:7A:83:06
            X509v3 Authority Key Identifier:
                keyid:DE:B1:80:DD:C7:14:31:03:F0:2E:69:CB:9C:DA:19:C2:39:5E:57:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3rGA3ccUMQPwLmnLnNoZwjleV6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/d-cXZlvvdlyn7ox05EmpqUd6gwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/3rGA3ccUMQPwLmnLnNoZwjleV6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         97:43:e3:6a:f4:50:16:16:42:a9:72:d3:93:73:0f:49:0f:17:
         7d:54:5c:70:c5:fa:28:99:93:dd:36:da:de:5e:e5:dc:e9:5a:
         82:75:31:b9:db:6a:48:c1:48:a0:8b:86:fc:ac:77:14:65:4e:
         27:a5:ad:9a:d2:db:79:13:b2:34:4f:89:31:fc:76:f5:c8:5a:
         3d:dd:69:c5:63:7d:c5:6a:c1:35:77:c5:39:b2:98:19:10:83:
         ea:6c:04:96:ee:a6:4f:34:79:62:9b:d0:a5:a1:96:ff:3b:5f:
         2e:27:83:8e:ed:71:74:df:a1:8b:78:4a:59:01:b8:d8:3e:91:
         8f:63:ba:b5:4e:6f:45:77:34:3f:79:7c:f3:6e:03:b1:67:08:
         2a:2b:a0:c0:49:ed:a8:d7:cf:e7:8e:b5:86:11:86:8d:67:fa:
         bd:38:9a:22:3e:97:e7:51:d2:ac:92:0c:26:ed:fe:c8:d8:91:
         bc:7a:1e:84:78:d2:88:a8:30:28:cb:77:bc:0e:0d:c1:94:47:
         57:ad:a7:2e:ea:d9:72:b4:c4:c7:8f:53:6a:f2:7e:60:a0:93:
         72:0b:8f:93:94:85:f8:c5:83:31:d9:bb:e3:c9:31:e7:4c:d9:
         36:4d:1c:eb:a8:6f:d0:63:b0:2e:d6:b4:06:38:44:bb:fd:1c:
         52:00:a4:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeDTgTZC8YM6OqdLhz7W5y5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYjE4MGRkYzcxNDMxMDNmMDJlNjljYjljZGExOWMyMzk1
ZTU3YTEwHhcNMjUwNjE4MTM1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U3MTc2NjViZWY3NjVjYTdlZThjNzRlNDQ5YTlhOTQ3N2E4MzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJ/KkeH3cUcGiACXIgA7d8QSw/+A
Va1fAjyQKutmTLHKBLLGbwModcMrnJNhBN7G2rd0YhDugY9EJ0Tt4h5pn8kLNCzR
jB6Cc4FQZ8LMxNEfi5mqbQhhWK2vDLKCe3LpBbF+epWSgCJee6xftJ1OII/HQ+oE
+udAONMByheyAQG3O581/fl39nhB8GRquOJr9Ey2Iza5nlTdYxazXkprwXiuCOsd
/cymLQUOw+JjjnYQFlgMW9EGQ7BqwfmZZRmUO4hhZAMzOoYABG9LP/hxuyX+Bba5
4AvyrD7k5EOLwPAtsiVLLTH3QO6cFbIQom10hdxz9aQmbOKIwuC7/kV8AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfnF2Zb73Zcp+6MdORJqalHeoMGMB8GA1UdIwQY
MBaAFN6xgN3HFDED8C5py5zaGcI5XlehMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3JHQTNjY1VNUVB3TG1uTG5Ob1p3amxlVjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mOTA4ODMtZTQ4MC00Y2YxLWFiZDIt
OTA5MWNkNzNkMzhjLzEvZC1jWFpsdnZkbHluN294MDVFbXBxVWQ2Z3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mOTA4ODMtZTQ4MC00Y2YxLWFiZDItOTA5MWNkNzNkMzhj
LzEvM3JHQTNjY1VNUVB3TG1uTG5Ob1p3amxlVjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPZwMA0G
CSqGSIb3DQEBCwUAA4IBAQCXQ+Nq9FAWFkKpctOTcw9JDxd9VFxwxfoomZPdNtre
XuXc6VqCdTG522pIwUigi4b8rHcUZU4npa2a0tt5E7I0T4kx/Hb1yFo93WnFY33F
asE1d8U5spgZEIPqbASW7qZPNHlim9CloZb/O18uJ4OO7XF036GLeEpZAbjYPpGP
Y7q1Tm9FdzQ/eXzzbgOxZwgqK6DASe2o18/njrWGEYaNZ/q9OJoiPpfnUdKskgwm
7f7I2JG8eh6EeNKIqDAoy3e8Dg3BlEdXracu6tlytMTHj1Nq8n5goJNyC4+TlIX4
xYMx2bvjyTHnTNk2TRzrqG/QY7Au1rQGOES7/RxSAKQ1
-----END CERTIFICATE-----