Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/RfZ_xgpiPwoC-7_N7zjAQOBbPsk.roa
File:                     RfZ_xgpiPwoC-7_N7zjAQOBbPsk.roa (raw, json)
Hash identifier:          0UAAGJeT9sjU0631qxokCQsH68CKPFHfI52KZRHGJtk=
Subject key identifier:   45:F6:7F:C6:0A:62:3F:0A:02:FB:BF:CD:EF:38:C0:40:E0:5B:3E:C9
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       019007CDEDDCEB1FC1826809557E8A487EA6
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/RfZ_xgpiPwoC-7_N7zjAQOBbPsk.roa
Signing time:             Tue 11 Jun 2024 14:57:34 +0000
ROA not before:           Tue 11 Jun 2024 14:57:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6747
IP address blocks:        80.233.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:07:cd:ed:dc:eb:1f:c1:82:68:09:55:7e:8a:48:7e:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jun 11 14:57:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45f67fc60a623f0a02fbbfcdef38c040e05b3ec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:84:cc:bc:2c:c7:4c:ad:1d:5b:77:d4:72:45:
                    19:7b:d8:93:f1:14:61:44:3a:6b:23:4a:b2:21:95:
                    99:b9:78:15:f9:8d:7a:82:54:cc:76:20:c3:77:70:
                    f2:94:fd:84:89:3d:3f:89:98:00:ef:59:6e:5e:c5:
                    63:b6:ef:67:16:58:08:6a:d1:d9:73:89:ca:9d:92:
                    6e:b6:84:28:9c:1a:6d:a9:6d:b2:ad:a5:ff:fb:bd:
                    fd:c8:d3:94:ed:20:a8:c7:ad:71:e5:51:45:3b:e9:
                    38:a0:e8:a8:c6:5b:da:26:64:cc:26:9a:8f:55:00:
                    f3:89:b4:36:59:29:c4:5c:6f:ce:5c:64:a0:ee:94:
                    8d:20:af:35:76:07:74:b8:a8:57:fa:4d:39:fb:03:
                    61:a2:6d:db:ea:0c:4a:95:c8:51:4c:5f:cd:32:be:
                    90:1e:c4:a8:0d:da:7c:66:db:b8:48:9f:05:40:2a:
                    93:25:f6:b1:76:24:4e:8a:ed:df:00:64:4b:70:58:
                    0f:0b:f9:d4:9a:4a:3a:81:2d:89:da:ae:83:bb:65:
                    79:f3:18:bd:35:66:ee:84:4b:93:8c:ee:1a:04:02:
                    e5:04:dc:22:67:c0:0b:e7:f8:10:9e:1a:67:72:5e:
                    9b:af:ed:73:20:0a:8a:09:b6:c8:21:d5:05:1c:2e:
                    41:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:F6:7F:C6:0A:62:3F:0A:02:FB:BF:CD:EF:38:C0:40:E0:5B:3E:C9
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/RfZ_xgpiPwoC-7_N7zjAQOBbPsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.233.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:84:4b:0f:54:43:0e:74:a3:28:df:05:6b:ae:8b:2d:83:91:
         3e:20:55:28:b1:9a:bf:9a:c8:7e:a2:ee:99:3b:6e:fe:c4:50:
         88:48:d2:2a:6c:c6:98:5b:75:ef:48:d3:df:a5:94:15:86:0a:
         39:71:58:39:6a:d5:96:c6:e6:2d:13:bc:be:cf:0e:c7:35:a3:
         8f:bb:1d:99:e7:9d:9b:8f:45:5b:7e:bf:ee:7e:57:5d:70:7f:
         63:00:41:c3:30:44:db:3a:2f:d3:04:4b:b9:f7:21:5d:85:b1:
         bb:2f:37:15:02:92:f7:2e:f2:64:63:d3:3b:05:5d:b8:04:2c:
         df:21:54:87:81:52:ad:5f:81:24:26:60:3e:0a:33:67:5f:78:
         64:e1:97:d5:b0:61:4d:2c:e2:9a:59:b8:7b:69:f6:5b:ce:3f:
         24:82:c3:ee:84:16:df:af:26:69:29:6b:01:c2:b0:d0:1e:f3:
         d1:13:20:07:13:b9:f5:d6:d8:cb:f3:6b:a1:7f:af:04:38:d0:
         51:50:ee:67:8a:08:c3:2f:8c:de:da:ee:23:a2:e0:19:19:53:
         ff:70:0e:d6:88:ad:f1:fd:a2:4e:03:55:ba:7e:bf:2d:0d:cd:
         29:df:c9:25:23:3b:76:1e:2d:57:65:00:6b:08:f5:4c:b0:c5:
         7c:e6:cd:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAHze3c6x/BgmgJVX6KSH6mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwNjExMTQ1NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWY2N2ZjNjBhNjIzZjBhMDJmYmJmY2RlZjM4YzA0MGUwNWIzZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnITMvCzHTK0dW3fUckUZe9iT8RRh
RDprI0qyIZWZuXgV+Y16glTMdiDDd3DylP2EiT0/iZgA71luXsVjtu9nFlgIatHZ
c4nKnZJutoQonBptqW2yraX/+739yNOU7SCox61x5VFFO+k4oOioxlvaJmTMJpqP
VQDzibQ2WSnEXG/OXGSg7pSNIK81dgd0uKhX+k05+wNhom3b6gxKlchRTF/NMr6Q
HsSoDdp8Ztu4SJ8FQCqTJfaxdiROiu3fAGRLcFgPC/nUmko6gS2J2q6Du2V58xi9
NWbuhEuTjO4aBALlBNwiZ8AL5/gQnhpncl6br+1zIAqKCbbIIdUFHC5BgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEX2f8YKYj8KAvu/ze84wEDgWz7JMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvUmZaX3hncGlQd29DLTdfTjd6akFRT0JiUHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOmIMA0G
CSqGSIb3DQEBCwUAA4IBAQBLhEsPVEMOdKMo3wVrrostg5E+IFUosZq/msh+ou6Z
O27+xFCISNIqbMaYW3XvSNPfpZQVhgo5cVg5atWWxuYtE7y+zw7HNaOPux2Z552b
j0Vbfr/uflddcH9jAEHDMETbOi/TBEu59yFdhbG7LzcVApL3LvJkY9M7BV24BCzf
IVSHgVKtX4EkJmA+CjNnX3hk4ZfVsGFNLOKaWbh7afZbzj8kgsPuhBbfryZpKWsB
wrDQHvPREyAHE7n11tjL82uhf68EONBRUO5nigjDL4ze2u4jouAZGVP/cA7WiK3x
/aJOA1W6fr8tDc0p38klIzt2Hi1XZQBrCPVMsMV85s2T
-----END CERTIFICATE-----