Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/jjt9HI1NN3XupeLRtsqDq6eclfU.roa
File:                     jjt9HI1NN3XupeLRtsqDq6eclfU.roa (raw, json)
Hash identifier:          6LBWyMoFnrlnaY8dAxvg8w98D1RRaAabb2BYYMk19Zw=
Subject key identifier:   8E:3B:7D:1C:8D:4D:37:75:EE:A5:E2:D1:B6:CA:83:AB:A7:9C:95:F5
Certificate issuer:       /CN=ef7f31bd6d985e45299c31d052ca4a8ebef5578b
Certificate serial:       019425FBF551B7B2BE860C40BCDA1E38CB63
Authority key identifier: EF:7F:31:BD:6D:98:5E:45:29:9C:31:D0:52:CA:4A:8E:BE:F5:57:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/738xvW2YXkUpnDHQUspKjr71V4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/jjt9HI1NN3XupeLRtsqDq6eclfU.roa
Signing time:             Thu 02 Jan 2025 07:47:36 +0000
ROA not before:           Thu 02 Jan 2025 07:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        80.64.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/738xvW2YXkUpnDHQUspKjr71V4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/738xvW2YXkUpnDHQUspKjr71V4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/738xvW2YXkUpnDHQUspKjr71V4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:f5:51:b7:b2:be:86:0c:40:bc:da:1e:38:cb:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7f31bd6d985e45299c31d052ca4a8ebef5578b
        Validity
            Not Before: Jan  2 07:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e3b7d1c8d4d3775eea5e2d1b6ca83aba79c95f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:dd:bc:71:56:1e:41:68:45:a0:e6:84:04:bf:
                    58:2f:80:38:d4:d0:af:1e:c9:ce:3e:16:0b:09:c7:
                    a5:08:45:34:c6:cd:60:f9:cb:b9:21:40:0a:9f:bd:
                    8f:07:0d:65:5f:5e:34:8d:28:e2:e4:b6:0c:ba:21:
                    72:73:4e:80:c3:d3:47:d4:f0:06:bc:a5:5f:28:db:
                    69:bc:40:46:a7:03:fb:d7:6d:ce:17:03:2f:e9:fd:
                    66:2f:b6:d6:5a:8c:85:6f:ba:e7:a0:cc:92:d7:2c:
                    6b:84:4d:32:7b:e4:cd:1b:ca:33:62:b7:ac:69:c8:
                    f7:6f:1c:ae:99:61:87:2f:6c:f9:c4:38:bc:85:7f:
                    11:45:a4:1a:6c:01:2a:88:96:e5:cc:6a:c4:0b:65:
                    28:a9:bc:38:e7:84:63:b5:d8:d4:81:d1:24:60:5f:
                    83:08:dc:a7:a7:05:e8:ac:4d:5e:8a:e6:9e:e6:ac:
                    a5:ce:cd:12:90:b8:29:8b:d3:fc:1d:39:33:f1:73:
                    8e:df:ac:b9:7f:6c:ad:3e:a5:e7:4d:9d:fb:8c:39:
                    b2:09:8f:50:1e:42:29:45:dc:c5:89:03:6d:2f:fc:
                    8a:89:59:d0:ab:6b:cc:c5:34:81:c7:8c:3b:70:57:
                    4b:05:91:ed:6e:45:16:aa:99:a3:51:b6:d5:f8:01:
                    98:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:3B:7D:1C:8D:4D:37:75:EE:A5:E2:D1:B6:CA:83:AB:A7:9C:95:F5
            X509v3 Authority Key Identifier:
                keyid:EF:7F:31:BD:6D:98:5E:45:29:9C:31:D0:52:CA:4A:8E:BE:F5:57:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/738xvW2YXkUpnDHQUspKjr71V4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/jjt9HI1NN3XupeLRtsqDq6eclfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/738xvW2YXkUpnDHQUspKjr71V4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:4f:be:b1:a6:6e:9f:9b:35:ab:2a:9c:7a:43:3f:09:8a:ec:
         a0:19:d7:07:cb:ce:4a:39:8d:31:ba:14:6f:4c:21:e3:41:ef:
         b4:03:f6:95:9f:8d:af:ef:b3:11:1f:44:55:da:9c:cc:3d:67:
         ff:4c:82:54:50:fa:7f:a4:9e:f4:3d:54:08:24:87:bb:dd:28:
         bf:b3:f6:52:6a:e6:ab:d3:63:b5:34:da:f7:c1:95:92:bb:3b:
         97:b3:65:26:a8:01:b9:2e:74:92:c2:87:e2:75:43:5a:18:53:
         18:5e:9f:99:3f:0d:7e:2f:18:26:fb:59:b3:89:b0:d0:23:c1:
         b5:65:71:6e:f0:5e:7b:ab:ac:6c:ed:91:a1:fc:2e:9f:64:8a:
         84:ff:4e:ea:ef:55:47:26:0f:96:d1:0c:b5:07:2e:cf:b1:d9:
         82:8f:d9:fe:67:52:52:02:a3:44:c6:af:ee:47:b7:63:09:06:
         33:b0:18:aa:7b:c7:4a:79:48:9d:01:f6:e7:81:24:2b:dc:88:
         a5:8f:ab:51:bc:6f:a7:9e:25:2c:91:9c:78:e9:5c:0f:b1:5c:
         fb:df:8d:a6:e6:d1:1a:47:16:b0:8c:07:15:24:89:c7:c9:6c:
         c2:5e:20:67:3e:bb:b6:6a:5d:4f:b8:9d:5d:83:2f:64:29:3b:
         ae:4a:9e:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl+/VRt7K+hgxAvNoeOMtjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2YzMWJkNmQ5ODVlNDUyOTljMzFkMDUyY2E0YThlYmVm
NTU3OGIwHhcNMjUwMTAyMDc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTNiN2QxYzhkNGQzNzc1ZWVhNWUyZDFiNmNhODNhYmE3OWM5NWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN28cVYeQWhFoOaEBL9YL4A41NCv
HsnOPhYLCcelCEU0xs1g+cu5IUAKn72PBw1lX140jSji5LYMuiFyc06Aw9NH1PAG
vKVfKNtpvEBGpwP7123OFwMv6f1mL7bWWoyFb7rnoMyS1yxrhE0ye+TNG8ozYres
acj3bxyumWGHL2z5xDi8hX8RRaQabAEqiJblzGrEC2Uoqbw454RjtdjUgdEkYF+D
CNynpwXorE1eiuae5qylzs0SkLgpi9P8HTkz8XOO36y5f2ytPqXnTZ37jDmyCY9Q
HkIpRdzFiQNtL/yKiVnQq2vMxTSBx4w7cFdLBZHtbkUWqpmjUbbV+AGYYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI47fRyNTTd17qXi0bbKg6unnJX1MB8GA1UdIwQY
MBaAFO9/Mb1tmF5FKZwx0FLKSo6+9VeLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzM4eHZXMllYa1VwbkRIUVVzcEtqcjcxVjRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lYmVhNjAtZDIzMS00ODBiLTg0ZmQt
YTc2M2RmM2FlZTZkLzEvamp0OUhJMU5OM1h1cGVMUnRzcURxNmVjbGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lYmVhNjAtZDIzMS00ODBiLTg0ZmQtYTc2M2RmM2FlZTZk
LzEvNzM4eHZXMllYa1VwbkRIUVVzcEtqcjcxVjRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEDfMA0G
CSqGSIb3DQEBCwUAA4IBAQA7T76xpm6fmzWrKpx6Qz8JiuygGdcHy85KOY0xuhRv
TCHjQe+0A/aVn42v77MRH0RV2pzMPWf/TIJUUPp/pJ70PVQIJIe73Si/s/ZSauar
02O1NNr3wZWSuzuXs2UmqAG5LnSSwofidUNaGFMYXp+ZPw1+Lxgm+1mzibDQI8G1
ZXFu8F57q6xs7ZGh/C6fZIqE/07q71VHJg+W0Qy1By7PsdmCj9n+Z1JSAqNExq/u
R7djCQYzsBiqe8dKeUidAfbngSQr3Iilj6tRvG+nniUskZx46VwPsVz7342m5tEa
RxawjAcVJInHyWzCXiBnPru2al1PuJ1dgy9kKTuuSp7X
-----END CERTIFICATE-----