Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/46bd33-b527-462e-81e0-8677b3dd8707/1/dG3vSEaAbpBYGMjnVqj3IkRAi0o.roa
File:                     dG3vSEaAbpBYGMjnVqj3IkRAi0o.roa (raw, json)
Hash identifier:          gF5q2naGzlJIG0YvikJ9g/7wr5QlHQs7okrQO5XF9dA=
Subject key identifier:   74:6D:EF:48:46:80:6E:90:58:18:C8:E7:56:A8:F7:22:44:40:8B:4A
Certificate issuer:       /CN=015f0e665a9c74223c4bfe270a1659ade4cef31f
Certificate serial:       019642AFF6AA9B082444FCF9A6236B6AF3FE
Authority key identifier: 01:5F:0E:66:5A:9C:74:22:3C:4B:FE:27:0A:16:59:AD:E4:CE:F3:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AV8OZlqcdCI8S_4nChZZreTO8x8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/46bd33-b527-462e-81e0-8677b3dd8707/1/dG3vSEaAbpBYGMjnVqj3IkRAi0o.roa
Signing time:             Thu 17 Apr 2025 07:39:10 +0000
ROA not before:           Thu 17 Apr 2025 07:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48817
IP address blocks:        80.244.1.0/24 maxlen: 24
                          185.137.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/46bd33-b527-462e-81e0-8677b3dd8707/1/AV8OZlqcdCI8S_4nChZZreTO8x8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/46bd33-b527-462e-81e0-8677b3dd8707/1/AV8OZlqcdCI8S_4nChZZreTO8x8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AV8OZlqcdCI8S_4nChZZreTO8x8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:42:af:f6:aa:9b:08:24:44:fc:f9:a6:23:6b:6a:f3:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015f0e665a9c74223c4bfe270a1659ade4cef31f
        Validity
            Not Before: Apr 17 07:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=746def4846806e905818c8e756a8f72244408b4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:26:9b:61:d8:74:0a:07:03:cb:8e:b4:75:38:
                    3c:16:4b:87:47:6d:3f:f4:f7:57:97:9f:67:15:4d:
                    81:35:d0:39:61:3a:c4:ca:7e:12:7d:cb:98:84:d1:
                    b0:3c:28:c8:70:82:19:8a:ac:72:4e:2c:e5:ae:29:
                    9c:53:5f:32:7d:72:71:a6:bd:c6:a2:bc:44:36:29:
                    f5:ce:2f:52:46:96:34:9f:16:70:d7:c3:65:a6:34:
                    7c:94:8c:78:73:a3:a5:a6:4a:a0:58:8d:3d:f9:30:
                    09:e2:e4:85:07:27:09:6c:71:84:c9:a8:e2:a7:f8:
                    81:ef:25:8b:25:59:c9:aa:28:b2:e9:23:41:20:0d:
                    ea:d1:65:3b:f8:c2:37:cb:d0:5f:bb:08:8f:76:83:
                    f5:9c:77:29:8e:6a:bc:34:c0:c9:d1:6e:4c:dd:44:
                    f5:2c:84:87:fd:d0:50:99:a8:56:8c:74:b6:56:25:
                    68:af:98:36:8c:c6:d1:71:98:59:3c:19:4c:39:ed:
                    1a:a5:8f:a7:d6:3e:6d:21:d0:96:b4:a3:ec:1d:80:
                    7a:03:e0:68:72:bf:0e:ca:08:11:ed:19:03:70:79:
                    40:c7:a0:ac:fc:79:ca:a9:8f:73:fc:d2:d3:6f:f2:
                    ec:58:10:30:3a:c6:59:77:06:b8:70:96:77:38:be:
                    cd:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:6D:EF:48:46:80:6E:90:58:18:C8:E7:56:A8:F7:22:44:40:8B:4A
            X509v3 Authority Key Identifier:
                keyid:01:5F:0E:66:5A:9C:74:22:3C:4B:FE:27:0A:16:59:AD:E4:CE:F3:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AV8OZlqcdCI8S_4nChZZreTO8x8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/46bd33-b527-462e-81e0-8677b3dd8707/1/dG3vSEaAbpBYGMjnVqj3IkRAi0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/46bd33-b527-462e-81e0-8677b3dd8707/1/AV8OZlqcdCI8S_4nChZZreTO8x8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.1.0/24
                  185.137.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:11:db:7b:34:38:b6:7f:db:da:7f:17:79:84:d8:9c:56:93:
         3d:94:71:57:82:52:97:73:87:51:cb:25:a1:49:63:59:8a:dc:
         c3:e9:c3:06:b4:9d:43:ee:e7:b8:77:73:e5:1d:1c:25:2f:88:
         d4:b6:cb:ea:74:02:6d:83:2b:7e:d7:f5:43:af:8d:0d:57:e8:
         31:fd:4f:f5:bc:45:76:1f:c9:63:d2:d7:cc:48:42:ba:33:ea:
         21:28:9e:ad:39:d5:2a:9c:b5:5f:2b:a9:53:0d:e5:e9:9e:d4:
         6e:9c:61:4f:e4:86:d6:e8:0b:8a:16:6d:39:94:e7:4a:95:21:
         aa:89:13:94:bb:fb:fc:62:5f:45:68:f5:99:9c:32:a9:9d:c7:
         84:94:24:b8:5f:06:95:7e:d2:e6:92:1d:b6:04:da:e0:8a:fa:
         a2:ee:03:74:d5:54:62:25:ed:cc:22:a7:b8:6d:51:32:f8:57:
         e9:c9:5b:72:cc:3c:3a:31:ce:63:d0:c4:b7:32:b0:e1:7a:51:
         ca:c5:d5:e3:d5:d5:a4:5b:8e:1c:f3:6b:36:b1:85:de:9c:65:
         e0:33:9f:a1:69:95:df:96:56:72:bc:bc:5f:37:40:dd:68:84:
         d6:36:20:98:83:f5:23:61:04:0f:7b:28:d8:b2:d8:e9:14:2e:
         fe:56:68:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZCr/aqmwgkRPz5piNravP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWYwZTY2NWE5Yzc0MjIzYzRiZmUyNzBhMTY1OWFkZTRj
ZWYzMWYwHhcNMjUwNDE3MDczOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDZkZWY0ODQ2ODA2ZTkwNTgxOGM4ZTc1NmE4ZjcyMjQ0NDA4YjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyabYdh0CgcDy460dTg8FkuHR20/
9PdXl59nFU2BNdA5YTrEyn4SfcuYhNGwPCjIcIIZiqxyTizlrimcU18yfXJxpr3G
orxENin1zi9SRpY0nxZw18NlpjR8lIx4c6OlpkqgWI09+TAJ4uSFBycJbHGEyaji
p/iB7yWLJVnJqiiy6SNBIA3q0WU7+MI3y9BfuwiPdoP1nHcpjmq8NMDJ0W5M3UT1
LISH/dBQmahWjHS2ViVor5g2jMbRcZhZPBlMOe0apY+n1j5tIdCWtKPsHYB6A+Bo
cr8OyggR7RkDcHlAx6Cs/HnKqY9z/NLTb/LsWBAwOsZZdwa4cJZ3OL7NjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHRt70hGgG6QWBjI51ao9yJEQItKMB8GA1UdIwQY
MBaAFAFfDmZanHQiPEv+JwoWWa3kzvMfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVY4T1pscWNkQ0k4U180bkNoWlpyZVRPOHg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80NmJkMzMtYjUyNy00NjJlLTgxZTAt
ODY3N2IzZGQ4NzA3LzEvZEczdlNFYUFicEJZR01qblZxajNJa1JBaTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80NmJkMzMtYjUyNy00NjJlLTgxZTAtODY3N2IzZGQ4NzA3
LzEvQVY4T1pscWNkQ0k4U180bkNoWlpyZVRPOHg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPQBAwQA
uYmnMA0GCSqGSIb3DQEBCwUAA4IBAQBqEdt7NDi2f9vafxd5hNicVpM9lHFXglKX
c4dRyyWhSWNZitzD6cMGtJ1D7ue4d3PlHRwlL4jUtsvqdAJtgyt+1/VDr40NV+gx
/U/1vEV2H8lj0tfMSEK6M+ohKJ6tOdUqnLVfK6lTDeXpntRunGFP5IbW6AuKFm05
lOdKlSGqiROUu/v8Yl9FaPWZnDKpnceElCS4XwaVftLmkh22BNrgivqi7gN01VRi
Je3MIqe4bVEy+FfpyVtyzDw6Mc5j0MS3MrDhelHKxdXj1dWkW44c82s2sYXenGXg
M5+haZXfllZyvLxfN0DdaITWNiCYg/UjYQQPeyjYstjpFC7+Vmit
-----END CERTIFICATE-----