Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/1fef82-0ae8-48c6-9868-4a16ff9c795b/1/G-iZEjdoir1-LBaeaKNIkXaoMHc.roa
File:                     G-iZEjdoir1-LBaeaKNIkXaoMHc.roa (raw, json)
Hash identifier:          Fmj2luS6w4oJEIQFa3pKFPFSmCPOJ2EenjisQKOEVyI=
Subject key identifier:   1B:E8:99:12:37:68:8A:BD:7E:2C:16:9E:68:A3:48:91:76:A8:30:77
Certificate issuer:       /CN=d18c49c6d7132224583eaf348ae41c50e61d9f45
Certificate serial:       018E0A23C8DB55B1CB6B69B991AF11F5C5DD
Authority key identifier: D1:8C:49:C6:D7:13:22:24:58:3E:AF:34:8A:E4:1C:50:E6:1D:9F:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0YxJxtcTIiRYPq80iuQcUOYdn0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/1fef82-0ae8-48c6-9868-4a16ff9c795b/1/G-iZEjdoir1-LBaeaKNIkXaoMHc.roa
Signing time:             Mon 04 Mar 2024 15:45:01 +0000
ROA not before:           Mon 04 Mar 2024 15:45:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215604
IP address blocks:        80.91.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/1fef82-0ae8-48c6-9868-4a16ff9c795b/1/0YxJxtcTIiRYPq80iuQcUOYdn0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/1fef82-0ae8-48c6-9868-4a16ff9c795b/1/0YxJxtcTIiRYPq80iuQcUOYdn0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0YxJxtcTIiRYPq80iuQcUOYdn0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0a:23:c8:db:55:b1:cb:6b:69:b9:91:af:11:f5:c5:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d18c49c6d7132224583eaf348ae41c50e61d9f45
        Validity
            Not Before: Mar  4 15:45:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1be8991237688abd7e2c169e68a3489176a83077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:15:45:d6:cf:94:4b:8f:be:31:9b:8e:10:01:
                    46:a4:6d:7c:73:02:c2:22:3a:f7:23:93:89:db:2a:
                    69:e5:49:68:c2:91:ec:b6:4b:f6:94:6a:f8:f5:aa:
                    8e:34:05:73:9d:89:02:f8:07:7c:8f:f5:26:01:e2:
                    b1:05:1a:a5:d1:c3:16:e3:58:f9:c6:e8:46:df:57:
                    88:00:1d:fa:4c:53:d6:c5:0b:4c:77:25:5e:cd:18:
                    5d:dc:b0:93:a1:0e:19:1d:c5:b1:4d:8e:dc:18:7b:
                    fc:f3:72:2f:ad:9d:44:8b:be:44:f7:b9:40:90:36:
                    29:89:47:11:77:4c:53:fc:03:7c:12:db:fb:12:56:
                    9a:7e:13:02:18:d5:24:91:cb:c4:1d:7a:ab:eb:22:
                    69:8c:0f:97:8a:fa:b0:9a:b7:fd:0a:9d:f7:14:25:
                    a5:29:b6:62:c6:35:08:50:23:b3:c4:1b:2c:fe:01:
                    ad:b7:92:c1:4d:14:e9:c0:67:83:f1:76:d5:d3:5a:
                    93:c1:4d:25:83:0a:aa:a5:f7:8a:58:ed:29:3b:4b:
                    a3:11:ce:4e:cd:6b:fe:03:06:93:c9:cb:3d:1a:b1:
                    68:aa:08:f1:ef:8b:e7:ab:cd:f6:4d:b1:f2:ff:00:
                    ae:23:2f:8d:08:6f:36:7d:ed:50:da:82:ef:b1:76:
                    c4:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:E8:99:12:37:68:8A:BD:7E:2C:16:9E:68:A3:48:91:76:A8:30:77
            X509v3 Authority Key Identifier:
                keyid:D1:8C:49:C6:D7:13:22:24:58:3E:AF:34:8A:E4:1C:50:E6:1D:9F:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0YxJxtcTIiRYPq80iuQcUOYdn0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/1fef82-0ae8-48c6-9868-4a16ff9c795b/1/G-iZEjdoir1-LBaeaKNIkXaoMHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/1fef82-0ae8-48c6-9868-4a16ff9c795b/1/0YxJxtcTIiRYPq80iuQcUOYdn0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:25:1c:db:e9:71:fd:ce:54:4e:e2:10:dc:14:2a:8f:9b:4f:
         5b:66:78:4c:4b:4c:e0:78:f4:72:e9:f4:f6:cd:75:fb:62:af:
         20:a7:d3:0c:71:4e:e0:05:e9:72:dd:5f:ff:b2:c9:41:f8:30:
         49:1f:94:e5:f4:39:ed:b3:e4:4b:0b:ae:5f:8c:ea:d8:53:3a:
         86:39:fa:bd:24:18:eb:6c:05:5f:a1:d6:3f:98:69:8a:be:f3:
         b6:ee:d1:58:75:fb:17:57:18:26:6c:93:82:37:39:9a:da:f5:
         fb:c3:5e:16:52:0c:38:84:5d:87:a6:c6:6d:c3:6c:ab:dd:c8:
         01:98:29:b8:63:d0:72:2b:16:42:ff:de:df:e3:d5:16:b0:79:
         45:3a:17:65:56:20:68:03:70:ed:04:41:77:7c:b8:13:a4:f4:
         38:18:41:9c:29:48:d6:b2:09:fd:92:10:5e:c8:45:80:b4:c8:
         5c:ea:a5:f1:df:25:17:c2:8f:44:9f:07:a5:bd:ef:e0:f3:ca:
         b5:9c:93:07:d9:9d:e0:85:a4:2f:64:65:71:bb:12:37:be:e5:
         55:10:71:91:4f:7b:28:1b:c4:ea:e7:28:36:0d:47:56:2c:29:
         63:e0:3a:f8:bf:06:6c:cc:d0:8d:e0:c9:ea:50:e4:09:28:e8:
         f6:32:8f:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4KI8jbVbHLa2m5ka8R9cXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxOGM0OWM2ZDcxMzIyMjQ1ODNlYWYzNDhhZTQxYzUwZTYx
ZDlmNDUwHhcNMjQwMzA0MTU0NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmU4OTkxMjM3Njg4YWJkN2UyYzE2OWU2OGEzNDg5MTc2YTgzMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihVF1s+US4++MZuOEAFGpG18cwLC
Ijr3I5OJ2ypp5UlowpHstkv2lGr49aqONAVznYkC+Ad8j/UmAeKxBRql0cMW41j5
xuhG31eIAB36TFPWxQtMdyVezRhd3LCToQ4ZHcWxTY7cGHv883IvrZ1Ei75E97lA
kDYpiUcRd0xT/AN8Etv7ElaafhMCGNUkkcvEHXqr6yJpjA+Xivqwmrf9Cp33FCWl
KbZixjUIUCOzxBss/gGtt5LBTRTpwGeD8XbV01qTwU0lgwqqpfeKWO0pO0ujEc5O
zWv+AwaTycs9GrFoqgjx74vnq832TbHy/wCuIy+NCG82fe1Q2oLvsXbENQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvomRI3aIq9fiwWnmijSJF2qDB3MB8GA1UdIwQY
MBaAFNGMScbXEyIkWD6vNIrkHFDmHZ9FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFl4Snh0Y1RJaVJZUHE4MGl1UWNVT1lkbjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8xZmVmODItMGFlOC00OGM2LTk4Njgt
NGExNmZmOWM3OTViLzEvRy1pWkVqZG9pcjEtTEJhZWFLTklrWGFvTUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8xZmVmODItMGFlOC00OGM2LTk4NjgtNGExNmZmOWM3OTVi
LzEvMFl4Snh0Y1RJaVJZUHE4MGl1UWNVT1lkbjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFvcMA0G
CSqGSIb3DQEBCwUAA4IBAQBKJRzb6XH9zlRO4hDcFCqPm09bZnhMS0zgePRy6fT2
zXX7Yq8gp9MMcU7gBely3V//sslB+DBJH5Tl9Dnts+RLC65fjOrYUzqGOfq9JBjr
bAVfodY/mGmKvvO27tFYdfsXVxgmbJOCNzma2vX7w14WUgw4hF2HpsZtw2yr3cgB
mCm4Y9ByKxZC/97f49UWsHlFOhdlViBoA3DtBEF3fLgTpPQ4GEGcKUjWsgn9khBe
yEWAtMhc6qXx3yUXwo9Enwelve/g88q1nJMH2Z3ghaQvZGVxuxI3vuVVEHGRT3so
G8Tq5yg2DUdWLClj4Dr4vwZszNCN4MnqUOQJKOj2Mo8d
-----END CERTIFICATE-----