Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/3cd961-2dcd-4518-bfb8-a16cf7ac7dd8/1/S8FepsEj5yTfhoJEKIV6MM1Ae2g.roa
File:                     S8FepsEj5yTfhoJEKIV6MM1Ae2g.roa (raw, json)
Hash identifier:          akrj8wyt2+2beT5os1QACCsWDw3JzGKZbUx/i8JS4K0=
Subject key identifier:   4B:C1:5E:A6:C1:23:E7:24:DF:86:82:44:28:85:7A:30:CD:40:7B:68
Certificate issuer:       /CN=e0c2866398142a574ba47b197d71791b5e23af7c
Certificate serial:       019469252CABE576DF265EE99DE55A4C7E90
Authority key identifier: E0:C2:86:63:98:14:2A:57:4B:A4:7B:19:7D:71:79:1B:5E:23:AF:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4MKGY5gUKldLpHsZfXF5G14jr3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/3cd961-2dcd-4518-bfb8-a16cf7ac7dd8/1/S8FepsEj5yTfhoJEKIV6MM1Ae2g.roa
Signing time:             Wed 15 Jan 2025 08:47:11 +0000
ROA not before:           Wed 15 Jan 2025 08:47:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21336
IP address blocks:        80.243.192.0/20 maxlen: 20
                          212.27.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/3cd961-2dcd-4518-bfb8-a16cf7ac7dd8/1/4MKGY5gUKldLpHsZfXF5G14jr3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/3cd961-2dcd-4518-bfb8-a16cf7ac7dd8/1/4MKGY5gUKldLpHsZfXF5G14jr3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4MKGY5gUKldLpHsZfXF5G14jr3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:69:25:2c:ab:e5:76:df:26:5e:e9:9d:e5:5a:4c:7e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0c2866398142a574ba47b197d71791b5e23af7c
        Validity
            Not Before: Jan 15 08:47:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bc15ea6c123e724df86824428857a30cd407b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:a1:b6:23:27:93:c1:64:1c:be:b1:69:c2:07:
                    91:13:d8:66:4f:43:13:cd:01:bb:15:d1:b9:36:44:
                    8e:3f:43:58:7a:56:a6:a4:10:52:5c:3c:a3:05:f1:
                    f4:30:92:9c:b0:83:64:78:57:47:fe:e9:fd:70:dd:
                    fd:f5:40:e7:7d:c5:8f:da:b2:55:73:b3:71:db:53:
                    53:1c:4e:22:94:bc:26:15:48:a3:2c:d1:cc:0b:f6:
                    94:8c:c4:22:03:e8:e4:25:64:fa:80:1e:7a:40:71:
                    8b:24:4d:e5:4b:43:a5:3b:56:01:72:41:ce:59:50:
                    17:27:2d:05:ec:96:43:1f:40:74:73:a2:a0:5a:cf:
                    f2:e0:8f:8d:7f:f5:63:d2:2f:21:13:15:c4:40:2f:
                    9d:f6:2c:5f:56:12:87:a8:c0:66:bf:70:ab:21:cc:
                    be:c2:54:5e:6c:ef:8d:40:ec:8c:1c:ad:36:51:26:
                    1d:e1:d6:17:2d:b0:6f:e3:e9:fb:c2:66:0b:d7:78:
                    50:39:63:84:37:e5:2b:36:be:6f:b7:a6:21:72:a1:
                    4b:e0:fb:e4:51:9c:25:d2:90:91:96:7e:cb:07:9a:
                    99:c5:43:54:8a:e8:45:6b:2e:ec:47:00:df:a2:87:
                    97:c9:5a:44:9f:c4:6d:81:12:74:61:90:46:65:2b:
                    f3:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C1:5E:A6:C1:23:E7:24:DF:86:82:44:28:85:7A:30:CD:40:7B:68
            X509v3 Authority Key Identifier:
                keyid:E0:C2:86:63:98:14:2A:57:4B:A4:7B:19:7D:71:79:1B:5E:23:AF:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4MKGY5gUKldLpHsZfXF5G14jr3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/3cd961-2dcd-4518-bfb8-a16cf7ac7dd8/1/S8FepsEj5yTfhoJEKIV6MM1Ae2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/3cd961-2dcd-4518-bfb8-a16cf7ac7dd8/1/4MKGY5gUKldLpHsZfXF5G14jr3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.243.192.0/20
                  212.27.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         75:f5:d1:54:09:4d:9c:d7:15:b4:9e:29:2e:7e:ec:3d:b3:4e:
         fb:09:8c:4b:62:35:ca:1e:86:1e:c7:f4:78:71:28:81:95:fd:
         55:d5:d9:9b:6b:ce:96:15:14:41:c7:e1:02:a1:e1:4e:f1:f4:
         2a:42:5c:54:aa:6b:16:50:ac:94:3d:cd:63:33:d6:77:01:2c:
         5a:e7:d2:9d:fe:b9:0a:b5:7f:4c:4c:85:ff:ef:e2:3e:f4:be:
         49:57:23:bf:f9:1d:f3:34:e5:76:be:31:ad:07:b6:bc:e6:42:
         9c:20:25:99:47:9c:5f:c1:d4:1f:77:1a:47:9a:92:aa:62:92:
         cd:88:29:ab:cc:76:41:a7:0d:44:83:3d:09:b6:38:88:0b:f3:
         72:53:b4:2d:8a:1a:d8:08:c4:f9:5b:56:5e:91:b8:fc:eb:e7:
         31:ae:81:18:45:c8:84:c0:1f:aa:8c:8b:5f:c3:29:a8:f5:78:
         5d:6c:f4:ef:89:48:a5:42:83:7a:c3:d8:db:b0:b1:00:cd:75:
         b7:f7:bf:7a:5a:6e:1d:04:f8:56:e3:ea:ce:cc:07:47:0f:45:
         71:a4:6c:b1:52:c7:ad:82:9b:3f:35:7e:f1:1c:8b:46:29:e8:
         60:6f:0c:1c:31:52:c9:13:69:d9:df:f8:08:91:c8:fc:95:d7:
         2e:32:9f:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRpJSyr5XbfJl7pneVaTH6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYzI4NjYzOTgxNDJhNTc0YmE0N2IxOTdkNzE3OTFiNWUy
M2FmN2MwHhcNMjUwMTE1MDg0NzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmMxNWVhNmMxMjNlNzI0ZGY4NjgyNDQyODg1N2EzMGNkNDA3YjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46G2IyeTwWQcvrFpwgeRE9hmT0MT
zQG7FdG5NkSOP0NYelampBBSXDyjBfH0MJKcsINkeFdH/un9cN399UDnfcWP2rJV
c7Nx21NTHE4ilLwmFUijLNHMC/aUjMQiA+jkJWT6gB56QHGLJE3lS0OlO1YBckHO
WVAXJy0F7JZDH0B0c6KgWs/y4I+Nf/Vj0i8hExXEQC+d9ixfVhKHqMBmv3CrIcy+
wlRebO+NQOyMHK02USYd4dYXLbBv4+n7wmYL13hQOWOEN+UrNr5vt6YhcqFL4Pvk
UZwl0pCRln7LB5qZxUNUiuhFay7sRwDfooeXyVpEn8RtgRJ0YZBGZSvzGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEvBXqbBI+ck34aCRCiFejDNQHtoMB8GA1UdIwQY
MBaAFODChmOYFCpXS6R7GX1xeRteI698MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE1LR1k1Z1VLbGRMcEhzWmZYRjVHMTRqcjN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8zY2Q5NjEtMmRjZC00NTE4LWJmYjgt
YTE2Y2Y3YWM3ZGQ4LzEvUzhGZXBzRWo1eVRmaG9KRUtJVjZNTTFBZTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8zY2Q5NjEtMmRjZC00NTE4LWJmYjgtYTE2Y2Y3YWM3ZGQ4
LzEvNE1LR1k1Z1VLbGRMcEhzWmZYRjVHMTRqcjN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUPPAAwQF
1BuAMA0GCSqGSIb3DQEBCwUAA4IBAQB19dFUCU2c1xW0nikufuw9s077CYxLYjXK
HoYex/R4cSiBlf1V1dmba86WFRRBx+ECoeFO8fQqQlxUqmsWUKyUPc1jM9Z3ASxa
59Kd/rkKtX9MTIX/7+I+9L5JVyO/+R3zNOV2vjGtB7a85kKcICWZR5xfwdQfdxpH
mpKqYpLNiCmrzHZBpw1Egz0JtjiIC/NyU7QtihrYCMT5W1Zekbj86+cxroEYRciE
wB+qjItfwymo9XhdbPTviUilQoN6w9jbsLEAzXW39796Wm4dBPhW4+rOzAdHD0Vx
pGyxUsetgps/NX7xHItGKehgbwwcMVLJE2nZ3/gIkcj8ldcuMp/2
-----END CERTIFICATE-----