Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/CBPtnesEfNUTLO83M40v2FLsUKE.roa
File:                     CBPtnesEfNUTLO83M40v2FLsUKE.roa (raw, json)
Hash identifier:          gEmKmqEe1iVBq2VtUbZ6sUTHDVd6gLuvblbf8hO0DF0=
Subject key identifier:   08:13:ED:9D:EB:04:7C:D5:13:2C:EF:37:33:8D:2F:D8:52:EC:50:A1
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       0196C314B175B25A58EE71CF881D1A6EC711
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/CBPtnesEfNUTLO83M40v2FLsUKE.roa
Signing time:             Mon 12 May 2025 06:00:35 +0000
ROA not before:           Mon 12 May 2025 06:00:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198769
IP address blocks:        80.85.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:14:b1:75:b2:5a:58:ee:71:cf:88:1d:1a:6e:c7:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: May 12 06:00:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0813ed9deb047cd5132cef37338d2fd852ec50a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6e:8a:b1:df:a9:06:db:36:0e:09:c1:b4:c3:
                    df:2c:fc:d9:b8:1e:b2:3d:6e:b7:79:65:b8:64:9c:
                    cf:00:ba:3d:6c:4c:ed:69:a8:52:c1:74:89:ed:34:
                    a8:28:5a:fc:2a:dd:c4:44:53:c3:67:a3:fa:75:ca:
                    7d:c0:67:e3:f7:fa:76:0d:2b:4c:a8:04:cd:6c:8e:
                    5a:e6:64:90:cc:47:ad:43:06:cb:93:49:ad:d2:3a:
                    42:98:62:65:31:0b:6e:fd:15:74:a1:e1:0f:a3:87:
                    17:83:8a:3a:3c:aa:d9:fb:a4:2f:f8:21:19:aa:90:
                    98:08:ec:78:3d:90:20:48:f4:0c:8c:0c:31:94:5e:
                    24:b2:ed:95:ec:f1:5d:18:c3:8a:fb:6e:53:45:69:
                    49:d4:8b:bd:e6:94:ee:26:b6:ec:d2:c5:81:8e:03:
                    93:cb:47:a8:a1:08:c2:4d:de:39:30:15:45:45:b9:
                    9a:0c:ee:16:5d:82:85:8a:59:c6:31:be:c0:94:78:
                    e9:d1:49:76:62:29:c5:c4:49:39:92:d2:b6:bb:7d:
                    bb:1c:f6:e9:fa:02:34:cf:ee:5a:ae:c2:36:02:61:
                    94:69:7c:fe:a9:60:9f:1c:32:d2:a3:ae:03:70:2d:
                    23:bf:26:81:d2:1a:18:4f:73:d3:4d:7d:ec:13:a6:
                    44:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:13:ED:9D:EB:04:7C:D5:13:2C:EF:37:33:8D:2F:D8:52:EC:50:A1
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/CBPtnesEfNUTLO83M40v2FLsUKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:06:57:6b:99:ee:cd:83:c6:3d:a5:2e:f4:50:d4:41:40:f4:
         89:28:40:78:96:64:8d:b8:1a:76:fa:46:4d:fd:87:fb:fb:6f:
         6c:58:c2:e3:43:03:0b:e6:aa:8d:63:f3:3b:93:3e:1d:6f:92:
         d2:9d:11:aa:e6:fb:ae:1d:5e:8a:5d:7a:fc:ed:2b:c7:4f:d5:
         5c:be:34:5b:b2:ca:7b:81:6c:8f:21:7f:f5:24:ec:69:18:9a:
         60:a3:63:9c:87:71:76:36:a2:c6:63:88:25:ab:6f:dc:29:f6:
         5b:b5:8b:78:18:d7:79:d3:7e:0d:f0:ed:97:1b:25:10:8f:3d:
         99:48:5d:d2:0c:94:a7:b8:95:51:a5:ad:34:61:ab:4d:87:f7:
         8c:4e:a8:34:6d:12:13:58:97:fe:e6:58:a3:1d:4f:fb:06:4e:
         90:b9:5d:53:b3:76:e8:dd:72:4d:7c:4c:8e:b4:5f:83:90:66:
         13:a6:db:51:99:64:b9:b9:ef:64:20:41:0b:90:bf:d9:87:6c:
         88:04:31:72:90:41:42:64:0d:b0:ba:5c:88:57:6a:bd:d6:67:
         1e:e8:66:b0:0f:49:9d:29:70:5f:3d:c2:bb:74:44:c5:f8:d1:
         6c:53:cf:5d:11:48:bf:f5:ba:a8:4d:8b:da:31:9f:20:9f:74:
         97:de:b2:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbDFLF1slpY7nHPiB0abscRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwNTEyMDYwMDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODEzZWQ5ZGViMDQ3Y2Q1MTMyY2VmMzczMzhkMmZkODUyZWM1MGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG6Ksd+pBts2DgnBtMPfLPzZuB6y
PW63eWW4ZJzPALo9bEztaahSwXSJ7TSoKFr8Kt3ERFPDZ6P6dcp9wGfj9/p2DStM
qATNbI5a5mSQzEetQwbLk0mt0jpCmGJlMQtu/RV0oeEPo4cXg4o6PKrZ+6Qv+CEZ
qpCYCOx4PZAgSPQMjAwxlF4ksu2V7PFdGMOK+25TRWlJ1Iu95pTuJrbs0sWBjgOT
y0eooQjCTd45MBVFRbmaDO4WXYKFilnGMb7AlHjp0Ul2YinFxEk5ktK2u327HPbp
+gI0z+5arsI2AmGUaXz+qWCfHDLSo64DcC0jvyaB0hoYT3PTTX3sE6ZEwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgT7Z3rBHzVEyzvNzONL9hS7FChMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvQ0JQdG5lc0VmTlVUTE84M000MHYyRkxzVUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFXwMA0G
CSqGSIb3DQEBCwUAA4IBAQAWBldrme7Ng8Y9pS70UNRBQPSJKEB4lmSNuBp2+kZN
/Yf7+29sWMLjQwML5qqNY/M7kz4db5LSnRGq5vuuHV6KXXr87SvHT9VcvjRbssp7
gWyPIX/1JOxpGJpgo2Och3F2NqLGY4glq2/cKfZbtYt4GNd5034N8O2XGyUQjz2Z
SF3SDJSnuJVRpa00YatNh/eMTqg0bRITWJf+5lijHU/7Bk6QuV1Ts3bo3XJNfEyO
tF+DkGYTpttRmWS5ue9kIEELkL/Zh2yIBDFykEFCZA2wulyIV2q91mce6GawD0md
KXBfPcK7dETF+NFsU89dEUi/9bqoTYvaMZ8gn3SX3rK9
-----END CERTIFICATE-----