Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/crHez21ajs4tpxPy7D0FO2U5bxU.roa
File:                     crHez21ajs4tpxPy7D0FO2U5bxU.roa (raw, json)
Hash identifier:          gCTLggUH/wf+1HoWxwo5Fpy8idWpj7d4gVSkhA0S2qM=
Subject key identifier:   72:B1:DE:CF:6D:5A:8E:CE:2D:A7:13:F2:EC:3D:05:3B:65:39:6F:15
Certificate issuer:       /CN=ae93cc8cca81fa00dc53e7b8078e91b5c11ba2ef
Certificate serial:       019423D744600A5A80FF5A176D60B6DDFFFD
Authority key identifier: AE:93:CC:8C:CA:81:FA:00:DC:53:E7:B8:07:8E:91:B5:C1:1B:A2:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rpPMjMqB-gDcU-e4B46RtcEbou8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/crHez21ajs4tpxPy7D0FO2U5bxU.roa
Signing time:             Wed 01 Jan 2025 21:48:17 +0000
ROA not before:           Wed 01 Jan 2025 21:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207645
IP address blocks:        80.249.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/rpPMjMqB-gDcU-e4B46RtcEbou8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/rpPMjMqB-gDcU-e4B46RtcEbou8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rpPMjMqB-gDcU-e4B46RtcEbou8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:44:60:0a:5a:80:ff:5a:17:6d:60:b6:dd:ff:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae93cc8cca81fa00dc53e7b8078e91b5c11ba2ef
        Validity
            Not Before: Jan  1 21:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72b1decf6d5a8ece2da713f2ec3d053b65396f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4c:07:c3:63:b5:1d:31:10:1d:76:71:94:2b:
                    ff:68:b6:d0:23:91:54:93:01:0b:0a:32:66:a6:f0:
                    fe:7b:d7:a3:02:38:b7:c0:40:0c:3a:6c:0f:04:bc:
                    3a:10:ee:37:64:64:85:ee:35:26:f5:29:9e:ce:e8:
                    37:65:c9:25:00:c8:62:ba:20:46:c6:d5:44:66:0e:
                    16:b7:79:4f:84:bc:f1:0f:b0:00:46:e9:cd:91:10:
                    ec:41:e5:44:f7:40:50:dd:35:d3:a3:f2:2e:ca:fc:
                    f1:cc:9d:f0:06:47:b7:8d:7d:58:ec:3d:9f:e5:79:
                    d5:ef:72:df:f7:21:6f:ac:d6:e6:d4:e2:a2:3b:a2:
                    c3:c6:cf:58:49:4b:b5:01:6e:e0:38:84:b2:81:60:
                    d4:13:fb:81:3a:63:59:7e:a4:e6:66:10:3d:56:b6:
                    ff:44:a1:ca:e4:78:1f:61:1a:62:82:23:a1:ee:19:
                    3b:49:5c:cc:49:68:fe:f7:7b:1a:7b:c1:1c:33:c6:
                    e4:58:be:41:3c:42:38:f1:92:98:23:f9:c7:b6:85:
                    7e:09:45:e0:35:8d:83:f6:5f:ad:4b:14:ce:32:29:
                    37:44:af:b5:97:4e:51:16:07:a5:49:b5:58:f0:5e:
                    be:05:24:82:ca:88:81:bd:2e:75:8f:eb:32:30:63:
                    d0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B1:DE:CF:6D:5A:8E:CE:2D:A7:13:F2:EC:3D:05:3B:65:39:6F:15
            X509v3 Authority Key Identifier:
                keyid:AE:93:CC:8C:CA:81:FA:00:DC:53:E7:B8:07:8E:91:B5:C1:1B:A2:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rpPMjMqB-gDcU-e4B46RtcEbou8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/crHez21ajs4tpxPy7D0FO2U5bxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/rpPMjMqB-gDcU-e4B46RtcEbou8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.249.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:89:9c:5f:f0:04:bf:b4:c2:57:a1:26:48:92:ac:93:ab:02:
         bf:cb:8f:5a:ef:9b:d8:a1:98:30:7c:df:96:52:6f:a6:69:38:
         15:68:63:f4:ae:2d:a3:df:e3:72:db:d5:d4:8e:4c:7f:13:c6:
         d2:72:59:d8:05:0f:a2:44:a1:f4:03:e5:3a:d5:68:e9:48:4a:
         39:34:5e:35:14:79:5a:c8:c7:03:4b:c3:28:67:f9:3e:56:40:
         16:34:e0:fe:ba:3a:fe:8c:60:be:ea:cd:de:4c:8e:2b:94:28:
         fd:1d:72:6d:5b:01:23:4a:9a:31:8e:5b:21:a9:31:b6:12:4a:
         c2:b2:fd:9f:fe:8c:93:eb:9b:a2:23:48:cf:2d:d1:b2:34:d3:
         de:9c:e6:5e:81:6e:95:47:1c:4c:fa:7a:c9:b2:d5:6a:c6:d5:
         e5:c6:4a:42:82:f1:91:cb:a9:67:18:4e:f2:cc:e3:3a:02:90:
         46:7e:42:95:6a:f3:ea:85:19:eb:7e:25:8a:e5:54:d6:09:3a:
         bb:c8:6c:15:8e:25:fe:6d:52:af:a9:bd:64:2d:92:a7:8c:2c:
         3c:96:06:d0:7c:1b:58:85:81:2a:e5:6d:a0:77:b6:d8:bf:ac:
         16:52:6c:c1:cb:73:0e:7a:94:b7:5f:e5:b0:7f:1c:13:a2:c5:
         66:fd:8f:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj10RgClqA/1oXbWC23f/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlOTNjYzhjY2E4MWZhMDBkYzUzZTdiODA3OGU5MWI1YzEx
YmEyZWYwHhcNMjUwMTAxMjE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmIxZGVjZjZkNWE4ZWNlMmRhNzEzZjJlYzNkMDUzYjY1Mzk2ZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0wHw2O1HTEQHXZxlCv/aLbQI5FU
kwELCjJmpvD+e9ejAji3wEAMOmwPBLw6EO43ZGSF7jUm9Smezug3ZcklAMhiuiBG
xtVEZg4Wt3lPhLzxD7AARunNkRDsQeVE90BQ3TXTo/IuyvzxzJ3wBke3jX1Y7D2f
5XnV73Lf9yFvrNbm1OKiO6LDxs9YSUu1AW7gOISygWDUE/uBOmNZfqTmZhA9Vrb/
RKHK5HgfYRpigiOh7hk7SVzMSWj+93sae8EcM8bkWL5BPEI48ZKYI/nHtoV+CUXg
NY2D9l+tSxTOMik3RK+1l05RFgelSbVY8F6+BSSCyoiBvS51j+syMGPQFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKx3s9tWo7OLacT8uw9BTtlOW8VMB8GA1UdIwQY
MBaAFK6TzIzKgfoA3FPnuAeOkbXBG6LvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnBQTWpNcUItZ0RjVS1lNEI0NlJ0Y0Vib3U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8xNzk4OTEtNDFjYy00YWEwLWFiNjgt
ZjQwNmM4M2IzZmJhLzEvY3JIZXoyMWFqczR0cHhQeTdEMEZPMlU1YnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8xNzk4OTEtNDFjYy00YWEwLWFiNjgtZjQwNmM4M2IzZmJh
LzEvcnBQTWpNcUItZ0RjVS1lNEI0NlJ0Y0Vib3U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPmAMA0G
CSqGSIb3DQEBCwUAA4IBAQCfiZxf8AS/tMJXoSZIkqyTqwK/y49a75vYoZgwfN+W
Um+maTgVaGP0ri2j3+Ny29XUjkx/E8bSclnYBQ+iRKH0A+U61WjpSEo5NF41FHla
yMcDS8MoZ/k+VkAWNOD+ujr+jGC+6s3eTI4rlCj9HXJtWwEjSpoxjlshqTG2EkrC
sv2f/oyT65uiI0jPLdGyNNPenOZegW6VRxxM+nrJstVqxtXlxkpCgvGRy6lnGE7y
zOM6ApBGfkKVavPqhRnrfiWK5VTWCTq7yGwVjiX+bVKvqb1kLZKnjCw8lgbQfBtY
hYEq5W2gd7bYv6wWUmzBy3MOepS3X+WwfxwTosVm/Y8U
-----END CERTIFICATE-----