Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/c55cbc-e43d-40cb-844f-31c5137ec38a/1/JLsWf4ypDqy3C3Vznf4c_jhkWzQ.roa
File:                     JLsWf4ypDqy3C3Vznf4c_jhkWzQ.roa (raw, json)
Hash identifier:          W+Y7OMJT6eANPHdTBze3RK40F6OnPRrXmssah9nRki0=
Subject key identifier:   24:BB:16:7F:8C:A9:0E:AC:B7:0B:75:73:9D:FE:1C:FE:38:64:5B:34
Certificate issuer:       /CN=ab64c9ae5be2640a5fd694586a704ca34c2087bf
Certificate serial:       01941F8C157E281BDD59EF43DEADBA2E32C5
Authority key identifier: AB:64:C9:AE:5B:E2:64:0A:5F:D6:94:58:6A:70:4C:A3:4C:20:87:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q2TJrlviZApf1pRYanBMo0wgh78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/c55cbc-e43d-40cb-844f-31c5137ec38a/1/JLsWf4ypDqy3C3Vznf4c_jhkWzQ.roa
Signing time:             Wed 01 Jan 2025 01:47:41 +0000
ROA not before:           Wed 01 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20815
IP address blocks:        80.64.32.0/20 maxlen: 24
                          2a00:5c00::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/c55cbc-e43d-40cb-844f-31c5137ec38a/1/q2TJrlviZApf1pRYanBMo0wgh78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/c55cbc-e43d-40cb-844f-31c5137ec38a/1/q2TJrlviZApf1pRYanBMo0wgh78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q2TJrlviZApf1pRYanBMo0wgh78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:15:7e:28:1b:dd:59:ef:43:de:ad:ba:2e:32:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab64c9ae5be2640a5fd694586a704ca34c2087bf
        Validity
            Not Before: Jan  1 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24bb167f8ca90eacb70b75739dfe1cfe38645b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:1f:83:10:48:7c:29:2b:6b:7d:65:fd:65:40:
                    d8:cb:d5:19:b4:5b:1b:b7:e5:4c:c8:08:b5:f7:ec:
                    43:f0:34:98:3e:75:57:bd:4a:37:93:f3:25:0a:c7:
                    be:a5:ab:00:7b:02:36:83:a2:2b:fb:57:c7:f1:5b:
                    c3:23:bc:d5:ce:96:50:3e:80:42:aa:8d:7d:9f:a1:
                    83:84:77:77:91:6e:c3:9a:29:79:c2:19:ff:28:ff:
                    6c:76:af:66:fb:7e:50:cc:d1:50:37:74:7c:6b:c0:
                    b9:62:b7:d4:5a:96:f0:18:31:5f:86:d0:b5:87:5d:
                    5b:1a:a7:12:5b:06:6a:be:50:0d:e9:66:58:97:ba:
                    79:4d:6d:71:1c:a5:d3:75:a6:25:43:e2:d5:4a:0f:
                    b1:a2:05:21:a2:9b:ff:66:f0:88:0e:3d:d2:56:22:
                    b6:72:69:15:3b:8c:f5:8d:99:b8:cd:0d:fd:01:fb:
                    92:5f:70:cb:be:25:f3:87:98:ec:e4:14:13:08:cd:
                    10:69:08:38:c7:bc:c4:0b:a1:90:b4:7a:a6:98:7f:
                    8b:a4:cd:bf:50:52:64:15:81:df:75:ba:0f:01:83:
                    f5:68:29:12:46:27:82:4f:67:42:09:e1:76:f9:b7:
                    80:03:3d:fb:9d:88:48:5a:ff:77:38:7f:d3:a5:c5:
                    6b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:BB:16:7F:8C:A9:0E:AC:B7:0B:75:73:9D:FE:1C:FE:38:64:5B:34
            X509v3 Authority Key Identifier:
                keyid:AB:64:C9:AE:5B:E2:64:0A:5F:D6:94:58:6A:70:4C:A3:4C:20:87:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q2TJrlviZApf1pRYanBMo0wgh78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c55cbc-e43d-40cb-844f-31c5137ec38a/1/JLsWf4ypDqy3C3Vznf4c_jhkWzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c55cbc-e43d-40cb-844f-31c5137ec38a/1/q2TJrlviZApf1pRYanBMo0wgh78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.32.0/20
                IPv6:
                  2a00:5c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:10:2a:2e:17:41:b7:5e:92:d2:69:c2:f3:5e:09:c3:d2:5a:
         36:3e:b8:57:75:96:cc:be:b8:91:f6:46:68:f6:1a:9f:b7:d4:
         4e:68:33:8a:69:24:7d:0d:16:e9:4e:86:a7:08:cc:1d:73:99:
         2b:f3:f5:c8:7c:a2:99:9c:b1:de:2a:a0:af:2b:ef:af:e8:c2:
         24:54:63:63:44:9f:2b:3d:0b:ff:9f:93:0b:2a:c7:f2:5d:42:
         0b:e4:e7:38:44:ae:c1:cd:1c:0a:75:79:df:47:ea:63:18:7c:
         c3:69:96:9f:5d:43:cd:73:a2:25:ad:3f:fa:c0:96:3c:12:e3:
         65:cc:d1:ae:fd:90:18:b7:0b:89:cb:d4:cc:ec:a1:3a:15:8e:
         06:f6:b9:26:00:35:43:df:2d:7f:25:ab:4f:3c:c4:51:21:5f:
         be:4c:7d:b7:4b:db:b2:34:ad:ec:5a:2f:9d:4d:79:1d:f9:e4:
         fa:c9:1d:39:af:d7:42:69:49:04:fc:7a:db:02:1e:d9:59:cf:
         43:05:20:36:ec:2b:d3:8c:5a:08:d1:f2:0a:99:29:ff:11:50:
         7c:bb:85:b5:93:ad:cf:01:5d:ce:bf:19:6b:0b:c7:bf:48:b4:
         8e:44:ff:45:23:59:94:82:28:a4:3c:62:5c:bd:bc:36:a0:e6:
         54:18:81:e9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjBV+KBvdWe9D3q26LjLFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNjRjOWFlNWJlMjY0MGE1ZmQ2OTQ1ODZhNzA0Y2EzNGMy
MDg3YmYwHhcNMjUwMTAxMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGJiMTY3ZjhjYTkwZWFjYjcwYjc1NzM5ZGZlMWNmZTM4NjQ1YjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiR+DEEh8KStrfWX9ZUDYy9UZtFsb
t+VMyAi19+xD8DSYPnVXvUo3k/MlCse+pasAewI2g6Ir+1fH8VvDI7zVzpZQPoBC
qo19n6GDhHd3kW7Dmil5whn/KP9sdq9m+35QzNFQN3R8a8C5YrfUWpbwGDFfhtC1
h11bGqcSWwZqvlAN6WZYl7p5TW1xHKXTdaYlQ+LVSg+xogUhopv/ZvCIDj3SViK2
cmkVO4z1jZm4zQ39AfuSX3DLviXzh5js5BQTCM0QaQg4x7zEC6GQtHqmmH+LpM2/
UFJkFYHfdboPAYP1aCkSRieCT2dCCeF2+beAAz37nYhIWv93OH/TpcVryQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCS7Fn+MqQ6stwt1c53+HP44ZFs0MB8GA1UdIwQY
MBaAFKtkya5b4mQKX9aUWGpwTKNMIIe/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTJUSnJsdmlaQXBmMXBSWWFuQk1vMHdnaDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9jNTVjYmMtZTQzZC00MGNiLTg0NGYt
MzFjNTEzN2VjMzhhLzEvSkxzV2Y0eXBEcXkzQzNWem5mNGNfamhrV3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9jNTVjYmMtZTQzZC00MGNiLTg0NGYtMzFjNTEzN2VjMzhh
LzEvcTJUSnJsdmlaQXBmMXBSWWFuQk1vMHdnaDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUEAgMA0E
AgACMAcDBQAqAFwAMA0GCSqGSIb3DQEBCwUAA4IBAQCnECouF0G3XpLSacLzXgnD
0lo2PrhXdZbMvriR9kZo9hqft9ROaDOKaSR9DRbpToanCMwdc5kr8/XIfKKZnLHe
KqCvK++v6MIkVGNjRJ8rPQv/n5MLKsfyXUIL5Oc4RK7BzRwKdXnfR+pjGHzDaZaf
XUPNc6IlrT/6wJY8EuNlzNGu/ZAYtwuJy9TM7KE6FY4G9rkmADVD3y1/JatPPMRR
IV++TH23S9uyNK3sWi+dTXkd+eT6yR05r9dCaUkE/HrbAh7ZWc9DBSA27CvTjFoI
0fIKmSn/EVB8u4W1k63PAV3OvxlrC8e/SLSORP9FI1mUgiikPGJcvbw2oOZUGIHp
-----END CERTIFICATE-----