Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/u2GA00tYlekN_W2MV5i9NjvbVBw.roa
File:                     u2GA00tYlekN_W2MV5i9NjvbVBw.roa (raw, json)
Hash identifier:          QwqOZ+ET5neK+1pOD6bEjwU8sIJm3vmb4XEwLK2F27Q=
Subject key identifier:   BB:61:80:D3:4B:58:95:E9:0D:FD:6D:8C:57:98:BD:36:3B:DB:54:1C
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       018E233D1941365DE24462F514F9C13B5744
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/u2GA00tYlekN_W2MV5i9NjvbVBw.roa
Signing time:             Sat 09 Mar 2024 12:43:10 +0000
ROA not before:           Sat 09 Mar 2024 12:43:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        80.87.206.0/24 maxlen: 24
                          185.162.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:23:3d:19:41:36:5d:e2:44:62:f5:14:f9:c1:3b:57:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Mar  9 12:43:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb6180d34b5895e90dfd6d8c5798bd363bdb541c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:cc:37:7e:10:46:66:b5:f4:ed:b1:c7:dd:2f:
                    d1:5c:70:a6:cc:68:e7:c1:34:8b:38:80:b9:41:e8:
                    0c:08:77:82:73:24:e2:a9:e0:e1:4a:42:e0:ae:fd:
                    5f:c7:69:ec:e5:8c:b5:23:86:45:0b:b6:04:72:e2:
                    a0:52:60:05:00:bc:3f:95:e5:3e:d5:17:fe:4d:8b:
                    f2:df:9f:d0:72:a2:98:e0:79:0e:c9:f6:d6:a9:a7:
                    e7:a1:e9:0b:45:21:04:53:85:eb:9c:dd:60:6d:ba:
                    25:f4:a5:39:16:34:10:b2:7d:25:1b:ac:46:22:b0:
                    ad:ae:83:07:2f:25:b4:1c:74:f0:7f:3c:a4:ac:3d:
                    e0:bb:e2:0a:cc:b7:79:88:ec:d8:32:a8:13:2a:19:
                    7c:9e:b5:84:64:c9:8d:86:29:54:3d:eb:a0:ae:4e:
                    cd:a1:0f:50:1d:83:72:b4:0e:cc:75:1c:dd:eb:df:
                    d4:1d:23:bb:3e:b5:08:33:c8:eb:e4:f5:70:cb:48:
                    37:ff:ed:a9:8f:fe:62:61:88:f6:a9:8a:41:ff:9d:
                    a0:ed:37:50:c6:5f:98:73:b3:bc:78:8f:87:fb:d2:
                    cd:87:fb:c9:e1:d6:6d:12:69:95:e1:03:da:48:3b:
                    99:38:e5:ab:7f:a8:b7:63:f1:77:a6:9a:1f:56:27:
                    86:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:61:80:D3:4B:58:95:E9:0D:FD:6D:8C:57:98:BD:36:3B:DB:54:1C
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/u2GA00tYlekN_W2MV5i9NjvbVBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.87.206.0/24
                  185.162.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:d1:29:53:96:5d:25:e8:c1:18:ee:c0:0c:a1:da:a3:3d:ef:
         d2:f5:22:f5:3f:f8:40:da:2b:0b:ae:55:31:cb:dc:3e:da:5e:
         2b:76:98:44:8c:67:17:86:33:37:12:05:ae:ef:d3:52:8c:04:
         28:51:da:ed:d1:9e:3a:8d:23:9e:bf:b6:4d:be:7e:7e:d8:80:
         f6:70:e5:20:dc:17:77:b6:f8:91:56:3f:be:10:fa:c2:04:5b:
         93:02:31:69:77:a4:39:37:f7:c6:22:82:69:16:a6:c9:aa:f3:
         cc:d1:8d:e4:50:7a:15:33:a6:07:f0:8a:6a:de:c6:78:3c:eb:
         6f:b7:60:5e:e2:6f:08:84:4b:91:0a:a7:3b:2c:cd:d5:b0:44:
         9f:97:7f:60:19:f9:2f:49:a3:05:4f:70:62:a6:89:45:2e:8b:
         84:ba:43:bb:0a:10:00:d2:14:f9:ba:64:d0:ca:99:af:a1:c6:
         ad:89:e4:19:48:b8:14:e7:17:21:91:fb:29:c9:0d:49:35:87:
         fd:5f:ba:4b:a0:47:bc:a0:52:84:c4:03:85:4a:fe:1c:97:47:
         9e:18:19:01:bc:58:bc:49:8e:cc:53:52:0c:5f:50:90:8d:fb:
         be:d2:32:75:ec:8d:bc:4c:75:7b:fd:33:e5:e2:60:80:87:46:
         17:15:d4:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4jPRlBNl3iRGL1FPnBO1dEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQwMzA5MTI0MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjYxODBkMzRiNTg5NWU5MGRmZDZkOGM1Nzk4YmQzNjNiZGI1NDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsw3fhBGZrX07bHH3S/RXHCmzGjn
wTSLOIC5QegMCHeCcyTiqeDhSkLgrv1fx2ns5Yy1I4ZFC7YEcuKgUmAFALw/leU+
1Rf+TYvy35/QcqKY4HkOyfbWqafnoekLRSEEU4XrnN1gbbol9KU5FjQQsn0lG6xG
IrCtroMHLyW0HHTwfzykrD3gu+IKzLd5iOzYMqgTKhl8nrWEZMmNhilUPeugrk7N
oQ9QHYNytA7MdRzd69/UHSO7PrUIM8jr5PVwy0g3/+2pj/5iYYj2qYpB/52g7TdQ
xl+Yc7O8eI+H+9LNh/vJ4dZtEmmV4QPaSDuZOOWrf6i3Y/F3ppofVieGkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLthgNNLWJXpDf1tjFeYvTY721QcMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvdTJHQTAwdFlsZWtOX1cyTVY1aTlOanZiVkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUFfOAwQA
uaLrMA0GCSqGSIb3DQEBCwUAA4IBAQA30SlTll0l6MEY7sAModqjPe/S9SL1P/hA
2isLrlUxy9w+2l4rdphEjGcXhjM3EgWu79NSjAQoUdrt0Z46jSOev7ZNvn5+2ID2
cOUg3Bd3tviRVj++EPrCBFuTAjFpd6Q5N/fGIoJpFqbJqvPM0Y3kUHoVM6YH8Ipq
3sZ4POtvt2Be4m8IhEuRCqc7LM3VsESfl39gGfkvSaMFT3BipolFLouEukO7ChAA
0hT5umTQypmvocatieQZSLgU5xchkfspyQ1JNYf9X7pLoEe8oFKExAOFSv4cl0ee
GBkBvFi8SY7MU1IMX1CQjfu+0jJ17I28THV7/TPl4mCAh0YXFdS9
-----END CERTIFICATE-----