Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/plZMeP7-IQ51M-BIRBDktRU2QTc.roa
File:                     plZMeP7-IQ51M-BIRBDktRU2QTc.roa (raw, json)
Hash identifier:          WczX/clmmxQoVl5fbvHwQ10oVYo2nndWMTPSDhRLtsI=
Subject key identifier:   A6:56:4C:78:FE:FE:21:0E:75:33:E0:48:44:10:E4:B5:15:36:41:37
Certificate issuer:       /CN=297c508d23b38315bbf45b726d22050a46127b8c
Certificate serial:       018CC8713070DD2ACC1289A8A3F78258FAE0
Authority key identifier: 29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/plZMeP7-IQ51M-BIRBDktRU2QTc.roa
Signing time:             Tue 02 Jan 2024 04:31:50 +0000
ROA not before:           Tue 02 Jan 2024 04:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44494
IP address blocks:        185.81.52.0/22 maxlen: 22
                          80.245.16.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:30:70:dd:2a:cc:12:89:a8:a3:f7:82:58:fa:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297c508d23b38315bbf45b726d22050a46127b8c
        Validity
            Not Before: Jan  2 04:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6564c78fefe210e7533e0484410e4b515364137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:db:57:c7:13:84:15:30:7a:b5:d2:62:38:db:
                    b2:67:71:b7:1c:d7:6a:cd:26:06:f0:46:b7:80:f1:
                    cf:30:49:5d:7a:12:51:10:da:05:28:87:d7:ca:b7:
                    77:14:7a:8d:0c:ee:90:33:d8:e8:46:34:d1:e2:58:
                    a0:5d:7b:0c:df:6d:eb:27:57:95:14:ff:e0:68:9c:
                    54:2a:92:ae:b6:67:fa:87:8b:ff:3c:44:70:a4:8f:
                    1a:eb:87:7c:b1:2a:46:b4:4f:9e:f5:88:06:7d:0e:
                    21:56:65:ad:ea:25:f2:c5:7f:a3:7e:34:3b:94:0d:
                    91:80:85:3d:ca:01:db:b8:f3:d0:2f:9a:1d:0b:a2:
                    ca:d5:4c:83:5c:a0:51:28:b7:dd:d9:94:e4:38:aa:
                    86:39:c5:ca:00:bb:6a:49:ec:7b:52:93:5b:ba:48:
                    7c:cf:7c:4a:d2:49:93:f2:e4:42:e8:93:5b:9a:ed:
                    a0:cb:6a:80:c2:f9:1c:99:3b:bb:04:8b:74:b1:c4:
                    cc:06:f8:6b:ec:bd:6a:39:ae:f2:e4:37:5d:13:91:
                    af:0d:02:78:30:10:8f:0c:72:cc:73:d3:23:7e:99:
                    4c:3f:de:90:23:0c:f2:0d:36:b8:a4:f6:19:e7:31:
                    7e:34:17:e1:09:4e:f3:91:2a:f7:5f:dc:5c:01:29:
                    eb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:56:4C:78:FE:FE:21:0E:75:33:E0:48:44:10:E4:B5:15:36:41:37
            X509v3 Authority Key Identifier:
                keyid:29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/plZMeP7-IQ51M-BIRBDktRU2QTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.16.0/20
                  185.81.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:31:ae:91:90:75:ad:bf:8a:8f:b9:32:da:6f:96:80:69:9d:
         50:4a:40:70:e6:34:de:80:1c:ba:90:6e:d7:d1:68:6c:31:6a:
         f0:cb:74:02:49:52:c4:27:01:36:94:77:fd:6e:12:11:48:3e:
         eb:c0:6c:bb:a8:f7:78:7c:9b:9c:86:d5:36:8d:8e:98:fa:fa:
         10:eb:5c:02:f1:90:73:45:dd:24:79:d2:6c:e9:61:1d:92:7b:
         7c:43:4f:5f:46:fd:e8:76:a6:bb:c3:78:f8:a6:33:d0:0b:33:
         90:53:83:12:75:f9:08:36:d8:25:73:32:98:c3:ea:48:76:c8:
         57:28:a9:12:9c:32:34:13:cb:f0:fa:25:88:fc:1b:3b:b9:57:
         00:c7:6c:14:7d:eb:00:0d:3b:0f:20:28:77:38:c2:a1:ac:8f:
         93:16:ef:8b:cc:27:60:32:87:ef:de:f1:b4:4b:9a:86:2e:f7:
         9a:ea:e0:ba:45:5a:94:c5:fe:8b:ef:0a:5d:32:8b:8a:4a:d1:
         b0:3d:5d:00:65:61:7a:a3:67:78:d8:54:a6:ed:37:00:d4:17:
         47:54:f5:cf:a7:42:a8:98:e6:5e:cf:ff:2c:34:3a:16:30:95:
         d6:66:20:6f:16:ae:f9:3f:a3:36:fd:f6:4e:fb:f7:19:02:4e:
         45:3c:1c:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcTBw3SrMEomoo/eCWPrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2M1MDhkMjNiMzgzMTViYmY0NWI3MjZkMjIwNTBhNDYx
MjdiOGMwHhcNMjQwMTAyMDQzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjU2NGM3OGZlZmUyMTBlNzUzM2UwNDg0NDEwZTRiNTE1MzY0MTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNtXxxOEFTB6tdJiONuyZ3G3HNdq
zSYG8Ea3gPHPMEldehJRENoFKIfXyrd3FHqNDO6QM9joRjTR4ligXXsM323rJ1eV
FP/gaJxUKpKutmf6h4v/PERwpI8a64d8sSpGtE+e9YgGfQ4hVmWt6iXyxX+jfjQ7
lA2RgIU9ygHbuPPQL5odC6LK1UyDXKBRKLfd2ZTkOKqGOcXKALtqSex7UpNbukh8
z3xK0kmT8uRC6JNbmu2gy2qAwvkcmTu7BIt0scTMBvhr7L1qOa7y5DddE5GvDQJ4
MBCPDHLMc9MjfplMP96QIwzyDTa4pPYZ5zF+NBfhCU7zkSr3X9xcASnrBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKZWTHj+/iEOdTPgSEQQ5LUVNkE3MB8GA1UdIwQY
MBaAFCl8UI0js4MVu/Rbcm0iBQpGEnuMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTIt
MzZlOWE3OWJkOTUwLzEvcGxaTWVQNy1JUTUxTS1CSVJCRGt0UlUyUVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTItMzZlOWE3OWJkOTUw
LzEvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUPUQAwQC
uVE0MA0GCSqGSIb3DQEBCwUAA4IBAQCDMa6RkHWtv4qPuTLab5aAaZ1QSkBw5jTe
gBy6kG7X0WhsMWrwy3QCSVLEJwE2lHf9bhIRSD7rwGy7qPd4fJuchtU2jY6Y+voQ
61wC8ZBzRd0kedJs6WEdknt8Q09fRv3odqa7w3j4pjPQCzOQU4MSdfkINtglczKY
w+pIdshXKKkSnDI0E8vw+iWI/Bs7uVcAx2wUfesADTsPICh3OMKhrI+TFu+LzCdg
Mofv3vG0S5qGLvea6uC6RVqUxf6L7wpdMouKStGwPV0AZWF6o2d42FSm7TcA1BdH
VPXPp0KomOZez/8sNDoWMJXWZiBvFq75P6M2/fZO+/cZAk5FPBw3
-----END CERTIFICATE-----