Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/epLnXQgY4Sg_HxDPLVz26RfDdCw.roa
File:                     epLnXQgY4Sg_HxDPLVz26RfDdCw.roa (raw, json)
Hash identifier:          yf2XPRPwWxX/ZThZQPeokwlcAMmQ9xDenC0H+51jOtM=
Subject key identifier:   7A:92:E7:5D:08:18:E1:28:3F:1F:10:CF:2D:5C:F6:E9:17:C3:74:2C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0195850EAFB702BCD60E8AAE03F005036524
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/epLnXQgY4Sg_HxDPLVz26RfDdCw.roa
Signing time:             Tue 11 Mar 2025 11:54:46 +0000
ROA not before:           Tue 11 Mar 2025 11:54:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60117
IP address blocks:        80.240.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:85:0e:af:b7:02:bc:d6:0e:8a:ae:03:f0:05:03:65:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 11 11:54:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a92e75d0818e1283f1f10cf2d5cf6e917c3742c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:06:65:99:bb:15:2b:fb:73:26:ff:cf:c1:88:
                    c5:01:a9:c6:b1:6a:70:ee:9f:c7:f7:b2:72:dd:ed:
                    c8:5c:3c:1d:11:ca:79:97:04:19:a0:6b:85:fa:f9:
                    60:6e:0c:5f:cd:3d:db:54:a8:7c:6a:5d:d5:d7:4d:
                    d2:68:2f:bf:d8:cb:8c:79:8a:e9:c9:2a:08:d4:47:
                    75:fd:b5:2e:c6:1f:5f:41:22:05:54:14:f3:a0:d2:
                    08:12:e5:9d:c4:d4:a4:b1:22:dd:3c:0f:57:bd:2a:
                    b8:de:a8:1b:54:26:11:58:47:2f:d8:90:f0:c1:2f:
                    56:0e:a1:ef:e4:12:88:7b:44:46:3d:98:0b:c0:c7:
                    81:a4:93:2c:0c:2d:40:80:6f:0e:e8:61:33:89:8e:
                    a0:6c:88:94:27:3a:5d:9b:64:21:3d:4c:1e:b5:3d:
                    0f:80:25:f7:b1:cf:49:96:4c:6e:86:c4:fa:9a:9a:
                    13:17:d0:2e:0c:04:52:25:33:97:ff:95:12:87:fd:
                    d3:7a:09:be:ae:a8:71:bf:46:b5:1c:24:a9:01:2e:
                    74:c7:6a:31:36:40:a5:2d:18:08:31:21:91:d4:13:
                    47:66:9d:63:cc:66:ac:02:11:da:e3:dc:e7:60:32:
                    28:ca:88:8c:3c:26:58:f8:97:c6:03:29:9a:0d:93:
                    91:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:92:E7:5D:08:18:E1:28:3F:1F:10:CF:2D:5C:F6:E9:17:C3:74:2C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/epLnXQgY4Sg_HxDPLVz26RfDdCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:5c:77:f8:39:3b:e2:e3:05:3a:d3:95:b5:a2:86:91:d7:92:
         d0:76:af:48:ec:6d:9e:fa:1b:fc:97:c9:42:58:32:9e:70:e4:
         b7:eb:78:05:79:f2:8a:6a:66:bb:10:60:c2:f0:4a:28:f9:70:
         2e:1d:76:17:d4:9b:26:57:f5:02:af:17:56:8d:d2:63:83:f4:
         27:2e:93:fc:fa:83:62:5d:68:14:75:94:4e:71:9d:de:e0:47:
         be:c3:a3:be:71:66:c9:d4:47:17:d3:78:ce:32:02:5e:cd:df:
         06:56:cd:7e:43:9e:e9:27:7b:0d:aa:31:bd:ec:11:05:30:fe:
         2b:71:29:5e:e1:cc:3d:b3:51:22:1d:24:3b:34:13:95:2e:50:
         1c:0e:06:44:32:3c:d2:6b:83:48:d0:37:d8:46:bf:8f:34:ca:
         41:5c:d9:72:af:78:4c:00:fd:7e:4e:fe:05:c0:3b:1d:69:cb:
         76:09:0f:9a:fe:c7:35:13:c0:09:b8:81:95:af:28:f0:82:84:
         02:c6:82:55:cc:8c:de:a3:48:55:48:ec:8c:a8:e0:4d:f9:55:
         84:d6:fc:b7:75:3e:22:41:0f:a3:ff:b9:38:a0:e9:ff:94:8c:
         6a:46:bf:92:af:24:61:9b:cb:ea:4c:71:52:73:44:dd:9e:ed:
         d8:0c:b9:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWFDq+3ArzWDoquA/AFA2UkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMzExMTE1NDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTkyZTc1ZDA4MThlMTI4M2YxZjEwY2YyZDVjZjZlOTE3YzM3NDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQZlmbsVK/tzJv/PwYjFAanGsWpw
7p/H97Jy3e3IXDwdEcp5lwQZoGuF+vlgbgxfzT3bVKh8al3V103SaC+/2MuMeYrp
ySoI1Ed1/bUuxh9fQSIFVBTzoNIIEuWdxNSksSLdPA9XvSq43qgbVCYRWEcv2JDw
wS9WDqHv5BKIe0RGPZgLwMeBpJMsDC1AgG8O6GEziY6gbIiUJzpdm2QhPUwetT0P
gCX3sc9JlkxuhsT6mpoTF9AuDARSJTOX/5USh/3Tegm+rqhxv0a1HCSpAS50x2ox
NkClLRgIMSGR1BNHZp1jzGasAhHa49znYDIoyoiMPCZY+JfGAymaDZORWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqS510IGOEoPx8Qzy1c9ukXw3QsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZXBMblhRZ1k0U2dfSHhEUExWejI2UmZEZEN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPBWMA0G
CSqGSIb3DQEBCwUAA4IBAQBSXHf4OTvi4wU605W1ooaR15LQdq9I7G2e+hv8l8lC
WDKecOS363gFefKKama7EGDC8Eoo+XAuHXYX1JsmV/UCrxdWjdJjg/QnLpP8+oNi
XWgUdZROcZ3e4Ee+w6O+cWbJ1EcX03jOMgJezd8GVs1+Q57pJ3sNqjG97BEFMP4r
cSle4cw9s1EiHSQ7NBOVLlAcDgZEMjzSa4NI0DfYRr+PNMpBXNlyr3hMAP1+Tv4F
wDsdact2CQ+a/sc1E8AJuIGVryjwgoQCxoJVzIzeo0hVSOyMqOBN+VWE1vy3dT4i
QQ+j/7k4oOn/lIxqRr+SryRhm8vqTHFSc0Tdnu3YDLn5
-----END CERTIFICATE-----