Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/uF5pt7szj4mK_DtQq_FURvqrFLg.roa
File:                     uF5pt7szj4mK_DtQq_FURvqrFLg.roa (raw, json)
Hash identifier:          vwPYcoC5GE930Bxj1jr9nZ2HNxwNurBdnQOFbAjYcvc=
Subject key identifier:   B8:5E:69:B7:BB:33:8F:89:8A:FC:3B:50:AB:F1:54:46:FA:AB:14:B8
Certificate issuer:       /CN=ef7f31bd6d985e45299c31d052ca4a8ebef5578b
Certificate serial:       0192B42F621B44C3B3DFCB31835582F6311C
Authority key identifier: EF:7F:31:BD:6D:98:5E:45:29:9C:31:D0:52:CA:4A:8E:BE:F5:57:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/738xvW2YXkUpnDHQUspKjr71V4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/uF5pt7szj4mK_DtQq_FURvqrFLg.roa
Signing time:             Tue 22 Oct 2024 12:24:17 +0000
ROA not before:           Tue 22 Oct 2024 12:24:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        80.64.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/738xvW2YXkUpnDHQUspKjr71V4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/738xvW2YXkUpnDHQUspKjr71V4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/738xvW2YXkUpnDHQUspKjr71V4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:24:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b4:2f:62:1b:44:c3:b3:df:cb:31:83:55:82:f6:31:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7f31bd6d985e45299c31d052ca4a8ebef5578b
        Validity
            Not Before: Oct 22 12:24:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b85e69b7bb338f898afc3b50abf15446faab14b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e6:1e:39:85:75:87:18:96:d3:c5:62:c6:42:
                    41:0b:af:74:24:f9:15:f5:52:78:4b:f9:1d:73:0d:
                    97:2f:b5:f9:17:bb:0e:8f:3d:d5:52:fd:62:e2:14:
                    56:87:2b:96:d0:d5:f6:2d:82:f5:42:86:af:d1:1f:
                    db:d1:33:0f:ad:83:e2:d6:1b:0a:31:c2:64:3b:32:
                    0a:c5:86:99:f7:e4:06:b0:0c:fe:89:44:8d:cf:7e:
                    e0:e0:b4:ea:f2:51:d1:20:a7:f9:ee:a7:68:d3:fb:
                    d1:68:a0:9b:5d:60:6e:f7:35:01:25:ca:f6:cc:a3:
                    ed:9f:89:62:35:d1:29:d0:9e:20:0e:95:67:41:f7:
                    9b:27:1d:a9:c4:1e:ce:08:99:87:14:52:a2:fc:f1:
                    fb:9b:5c:fc:63:06:99:f9:30:5b:a6:c4:95:b7:8f:
                    f3:4b:9f:3c:2d:c1:99:7c:6b:f6:ca:df:65:7a:db:
                    42:9c:d2:35:2d:11:90:6e:71:9f:e7:2f:5d:2f:59:
                    ee:5b:17:3a:7d:42:f4:aa:43:28:80:2a:41:74:1f:
                    60:57:01:32:26:65:aa:4c:0e:07:69:38:1a:14:39:
                    9c:72:ce:a6:d2:a6:23:85:5d:48:52:e9:0f:ba:64:
                    86:dc:04:b1:8b:cc:7a:c4:ab:81:c7:fc:11:b6:82:
                    7c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:5E:69:B7:BB:33:8F:89:8A:FC:3B:50:AB:F1:54:46:FA:AB:14:B8
            X509v3 Authority Key Identifier:
                keyid:EF:7F:31:BD:6D:98:5E:45:29:9C:31:D0:52:CA:4A:8E:BE:F5:57:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/738xvW2YXkUpnDHQUspKjr71V4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/uF5pt7szj4mK_DtQq_FURvqrFLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ebea60-d231-480b-84fd-a763df3aee6d/1/738xvW2YXkUpnDHQUspKjr71V4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:09:a4:27:51:ec:2e:3a:23:1d:8b:37:12:69:95:c0:56:c1:
         f8:9a:33:1d:6e:97:26:b9:b4:0b:10:22:d9:3d:f4:6b:a5:d3:
         87:b1:c2:07:f9:7d:47:d9:de:87:a3:72:96:bf:95:92:08:c3:
         8c:c6:77:ae:0b:bb:5d:b9:b9:1b:e7:32:be:c4:ef:76:f1:92:
         27:d3:90:7e:57:63:a7:72:bb:2c:72:7c:ed:e9:c9:74:c2:9f:
         2d:7d:fc:12:29:12:bf:07:83:95:df:42:40:87:9f:6e:9e:91:
         20:f1:b2:b9:b7:d9:e4:0c:ed:22:04:d8:fa:7f:c3:01:73:bd:
         25:5a:b9:91:a8:6a:46:84:6b:e9:6e:c1:99:e4:4d:8c:11:ba:
         39:fd:56:ff:9c:35:84:c9:88:18:2d:d0:ce:82:59:18:54:7a:
         8c:aa:56:ea:13:b9:04:c9:1e:5b:7b:c6:aa:12:a5:7d:21:fc:
         44:6f:f0:50:d4:6f:20:bb:17:31:d1:20:35:12:f4:cd:03:c6:
         df:f9:6f:cc:c9:14:80:dd:9d:1a:8a:7e:6a:45:cc:f1:b4:63:
         d2:c2:8c:db:0c:85:83:47:b0:0d:fb:f3:c7:fe:31:ce:7d:0c:
         92:1f:10:94:33:1e:4c:60:9a:88:b1:c2:0a:05:a0:86:06:04:
         e4:37:b5:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK0L2IbRMOz38sxg1WC9jEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2YzMWJkNmQ5ODVlNDUyOTljMzFkMDUyY2E0YThlYmVm
NTU3OGIwHhcNMjQxMDIyMTIyNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODVlNjliN2JiMzM4Zjg5OGFmYzNiNTBhYmYxNTQ0NmZhYWIxNGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+YeOYV1hxiW08VixkJBC690JPkV
9VJ4S/kdcw2XL7X5F7sOjz3VUv1i4hRWhyuW0NX2LYL1Qoav0R/b0TMPrYPi1hsK
McJkOzIKxYaZ9+QGsAz+iUSNz37g4LTq8lHRIKf57qdo0/vRaKCbXWBu9zUBJcr2
zKPtn4liNdEp0J4gDpVnQfebJx2pxB7OCJmHFFKi/PH7m1z8YwaZ+TBbpsSVt4/z
S588LcGZfGv2yt9lettCnNI1LRGQbnGf5y9dL1nuWxc6fUL0qkMogCpBdB9gVwEy
JmWqTA4HaTgaFDmccs6m0qYjhV1IUukPumSG3ASxi8x6xKuBx/wRtoJ85QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLheabe7M4+Jivw7UKvxVEb6qxS4MB8GA1UdIwQY
MBaAFO9/Mb1tmF5FKZwx0FLKSo6+9VeLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzM4eHZXMllYa1VwbkRIUVVzcEtqcjcxVjRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lYmVhNjAtZDIzMS00ODBiLTg0ZmQt
YTc2M2RmM2FlZTZkLzEvdUY1cHQ3c3pqNG1LX0R0UXFfRlVSdnFyRkxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lYmVhNjAtZDIzMS00ODBiLTg0ZmQtYTc2M2RmM2FlZTZk
LzEvNzM4eHZXMllYa1VwbkRIUVVzcEtqcjcxVjRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEDfMA0G
CSqGSIb3DQEBCwUAA4IBAQCfCaQnUewuOiMdizcSaZXAVsH4mjMdbpcmubQLECLZ
PfRrpdOHscIH+X1H2d6Ho3KWv5WSCMOMxneuC7tdubkb5zK+xO928ZIn05B+V2On
crsscnzt6cl0wp8tffwSKRK/B4OV30JAh59unpEg8bK5t9nkDO0iBNj6f8MBc70l
WrmRqGpGhGvpbsGZ5E2MEbo5/Vb/nDWEyYgYLdDOglkYVHqMqlbqE7kEyR5be8aq
EqV9IfxEb/BQ1G8guxcx0SA1EvTNA8bf+W/MyRSA3Z0ain5qRczxtGPSwozbDIWD
R7AN+/PH/jHOfQySHxCUMx5MYJqIscIKBaCGBgTkN7VK
-----END CERTIFICATE-----