Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/Gi9vxsbGv7TXvWaOEgekBanjuT0.roa
File:                     Gi9vxsbGv7TXvWaOEgekBanjuT0.roa (raw, json)
Hash identifier:          JOBhjIfBMZGvIblLBW8vH46rmW/4zCUevGoOsbzZB0A=
Subject key identifier:   1A:2F:6F:C6:C6:C6:BF:B4:D7:BD:66:8E:12:07:A4:05:A9:E3:B9:3D
Certificate issuer:       /CN=2fd971a27c6fc2c662f065dd8bfa8b8a132c1eae
Certificate serial:       018CC8DEE4345075BF25967AE6BB059EF983
Authority key identifier: 2F:D9:71:A2:7C:6F:C2:C6:62:F0:65:DD:8B:FA:8B:8A:13:2C:1E:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L9lxonxvwsZi8GXdi_qLihMsHq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/Gi9vxsbGv7TXvWaOEgekBanjuT0.roa
Signing time:             Tue 02 Jan 2024 06:31:39 +0000
ROA not before:           Tue 02 Jan 2024 06:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        80.91.223.0/24 maxlen: 24
                          2a12:b180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/L9lxonxvwsZi8GXdi_qLihMsHq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/L9lxonxvwsZi8GXdi_qLihMsHq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L9lxonxvwsZi8GXdi_qLihMsHq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e4:34:50:75:bf:25:96:7a:e6:bb:05:9e:f9:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fd971a27c6fc2c662f065dd8bfa8b8a132c1eae
        Validity
            Not Before: Jan  2 06:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a2f6fc6c6c6bfb4d7bd668e1207a405a9e3b93d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:0a:fb:f9:67:8a:04:ff:b7:e9:9c:a9:18:22:
                    4a:38:b5:90:d7:19:a9:05:66:49:c6:5f:98:e6:b6:
                    40:97:15:fd:96:b2:d3:a9:1b:d2:d1:b6:b5:cc:ce:
                    02:00:8b:e8:c3:46:6e:71:fd:f8:2d:eb:ce:15:b6:
                    ff:1e:fb:de:2f:c3:7b:aa:0e:b8:ea:f6:a3:76:96:
                    d1:5c:ac:69:9b:75:76:b2:c6:64:19:ba:52:bc:df:
                    89:73:7c:66:80:9b:55:3b:27:4f:69:c0:f1:97:42:
                    62:4f:64:2c:34:e8:62:19:18:8b:82:c8:1f:72:cd:
                    ae:45:25:ab:b5:35:05:b1:2b:86:4b:ca:89:4a:d9:
                    fa:94:3c:ff:ac:f6:28:b3:6e:30:01:ed:fb:56:d5:
                    69:05:2f:55:cf:ba:3d:6d:2d:19:e8:f9:47:83:38:
                    bd:74:5d:14:f9:3a:9a:ee:cf:d1:66:e7:b8:bb:3a:
                    ed:74:df:e2:ce:80:fe:0b:b9:52:ba:4b:1b:37:77:
                    d3:7b:34:b2:93:e3:81:49:63:27:04:19:a0:d4:8f:
                    37:80:17:32:b0:8e:49:a2:37:81:2b:c3:16:85:15:
                    d4:02:8f:f6:d4:ad:71:7d:bd:a0:4c:f9:cd:7d:4c:
                    de:99:c8:68:0e:c3:65:43:1c:a1:ea:cd:41:11:8a:
                    a4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:2F:6F:C6:C6:C6:BF:B4:D7:BD:66:8E:12:07:A4:05:A9:E3:B9:3D
            X509v3 Authority Key Identifier:
                keyid:2F:D9:71:A2:7C:6F:C2:C6:62:F0:65:DD:8B:FA:8B:8A:13:2C:1E:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L9lxonxvwsZi8GXdi_qLihMsHq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/Gi9vxsbGv7TXvWaOEgekBanjuT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/L9lxonxvwsZi8GXdi_qLihMsHq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.223.0/24
                IPv6:
                  2a12:b180::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:9d:66:66:55:b3:8f:e2:ab:38:5e:9d:40:35:a7:d5:c6:84:
         19:eb:fc:c8:44:b6:d6:75:1e:c0:87:07:ff:83:6d:4a:52:d7:
         15:e0:c3:c4:c9:48:fb:f6:e4:03:01:70:9a:30:ef:8b:15:88:
         7d:44:79:8d:0f:11:ea:eb:15:19:5e:66:9f:55:a2:f6:b5:8f:
         9c:a2:ed:d5:10:48:53:49:f4:b3:24:85:35:02:34:42:86:3a:
         9a:58:e7:36:48:10:0e:f0:3e:65:90:6d:42:4f:e5:82:4b:d0:
         ec:f5:32:87:4a:2e:af:c4:b4:3f:d1:37:bd:86:b0:55:87:17:
         32:97:e9:32:06:fa:ab:cd:41:f5:94:71:55:43:47:cd:df:59:
         2e:3b:57:8c:0e:32:96:58:92:de:85:3d:b3:76:e1:7b:c1:59:
         32:b4:a6:21:68:4a:f1:2f:59:9f:ed:09:54:04:f7:24:21:c9:
         7b:66:3c:e6:ad:a2:b4:21:9a:40:f6:83:13:5e:86:b7:16:88:
         82:e1:e5:dc:b5:3e:a6:ce:65:6b:84:aa:4f:8e:59:00:16:00:
         14:d7:53:87:f6:c7:f6:0f:68:ee:b3:cc:50:e1:3c:57:cb:29:
         1b:75:1c:a1:95:3b:86:1b:9f:ea:9a:ad:38:46:96:e0:04:15:
         05:14:29:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3uQ0UHW/JZZ65rsFnvmDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZDk3MWEyN2M2ZmMyYzY2MmYwNjVkZDhiZmE4YjhhMTMy
YzFlYWUwHhcNMjQwMTAyMDYzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTJmNmZjNmM2YzZiZmI0ZDdiZDY2OGUxMjA3YTQwNWE5ZTNiOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQr7+WeKBP+36ZypGCJKOLWQ1xmp
BWZJxl+Y5rZAlxX9lrLTqRvS0ba1zM4CAIvow0Zucf34LevOFbb/HvveL8N7qg64
6vajdpbRXKxpm3V2ssZkGbpSvN+Jc3xmgJtVOydPacDxl0JiT2QsNOhiGRiLgsgf
cs2uRSWrtTUFsSuGS8qJStn6lDz/rPYos24wAe37VtVpBS9Vz7o9bS0Z6PlHgzi9
dF0U+Tqa7s/RZue4uzrtdN/izoD+C7lSuksbN3fTezSyk+OBSWMnBBmg1I83gBcy
sI5JojeBK8MWhRXUAo/21K1xfb2gTPnNfUzemchoDsNlQxyh6s1BEYqkDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBovb8bGxr+0171mjhIHpAWp47k9MB8GA1UdIwQY
MBaAFC/ZcaJ8b8LGYvBl3Yv6i4oTLB6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDlseG9ueHZ3c1ppOEdYZGlfcUxpaE1zSHE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9jMmE0OGEtM2E4OS00NmI1LWFlNjIt
YWJlZWQ3MGZhYmQxLzEvR2k5dnhzYkd2N1RYdldhT0VnZWtCYW5qdVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9jMmE0OGEtM2E4OS00NmI1LWFlNjItYWJlZWQ3MGZhYmQx
LzEvTDlseG9ueHZ3c1ppOEdYZGlfcUxpaE1zSHE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUFvfMA0E
AgACMAcDBQMqErGAMA0GCSqGSIb3DQEBCwUAA4IBAQC1nWZmVbOP4qs4Xp1ANafV
xoQZ6/zIRLbWdR7Ahwf/g21KUtcV4MPEyUj79uQDAXCaMO+LFYh9RHmNDxHq6xUZ
XmafVaL2tY+cou3VEEhTSfSzJIU1AjRChjqaWOc2SBAO8D5lkG1CT+WCS9Ds9TKH
Si6vxLQ/0Te9hrBVhxcyl+kyBvqrzUH1lHFVQ0fN31kuO1eMDjKWWJLehT2zduF7
wVkytKYhaErxL1mf7QlUBPckIcl7ZjzmraK0IZpA9oMTXoa3FoiC4eXctT6mzmVr
hKpPjlkAFgAU11OH9sf2D2jus8xQ4TxXyykbdRyhlTuGG5/qmq04RpbgBBUFFCnN
-----END CERTIFICATE-----