Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/0f0788-f1c4-4eae-b0c3-c5d4f0a00907/1/xBlZNvgMRnCf6UrKRvQ5pkUd7xU.roa
File:                     xBlZNvgMRnCf6UrKRvQ5pkUd7xU.roa (raw, json)
Hash identifier:          i1uwfhxsD9mnwkgjUW+Sjt1kQC/b/5iVv+3Mpx4LXks=
Subject key identifier:   C4:19:59:36:F8:0C:46:70:9F:E9:4A:CA:46:F4:39:A6:45:1D:EF:15
Certificate issuer:       /CN=a9fc5630d57b1971f3a256ed6d983afad6b28d75
Certificate serial:       01942747C164B1370140C8AE5813B8FEA533
Authority key identifier: A9:FC:56:30:D5:7B:19:71:F3:A2:56:ED:6D:98:3A:FA:D6:B2:8D:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qfxWMNV7GXHzolbtbZg6-tayjXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/0f0788-f1c4-4eae-b0c3-c5d4f0a00907/1/xBlZNvgMRnCf6UrKRvQ5pkUd7xU.roa
Signing time:             Thu 02 Jan 2025 13:50:01 +0000
ROA not before:           Thu 02 Jan 2025 13:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206583
IP address blocks:        185.80.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/0f0788-f1c4-4eae-b0c3-c5d4f0a00907/1/qfxWMNV7GXHzolbtbZg6-tayjXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/0f0788-f1c4-4eae-b0c3-c5d4f0a00907/1/qfxWMNV7GXHzolbtbZg6-tayjXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qfxWMNV7GXHzolbtbZg6-tayjXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:c1:64:b1:37:01:40:c8:ae:58:13:b8:fe:a5:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9fc5630d57b1971f3a256ed6d983afad6b28d75
        Validity
            Not Before: Jan  2 13:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4195936f80c46709fe94aca46f439a6451def15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:4c:42:14:b2:2c:b8:3a:5c:50:f7:28:b3:6d:
                    2c:57:67:e3:e4:ed:60:76:88:ea:98:1d:fe:d9:5a:
                    28:7a:65:f8:ca:76:af:0b:92:20:ef:0d:1b:c7:3b:
                    9e:c1:97:e1:35:e8:e6:52:fa:09:70:10:79:94:52:
                    0d:59:81:04:c7:61:0f:99:e9:08:d8:d1:35:7b:2e:
                    55:f2:11:f1:67:f3:b5:82:b8:02:4a:6a:e0:89:1e:
                    ca:43:0a:43:7b:c0:cb:e6:cd:43:d6:a2:d6:90:a3:
                    0b:71:08:e1:b2:6f:ee:c8:9c:8f:01:4d:05:43:6a:
                    b1:6c:e1:56:55:a7:f3:d3:77:98:ef:85:87:72:18:
                    d4:66:0a:8e:3a:5e:b3:d5:3b:72:a0:98:97:c5:6a:
                    8e:c1:f5:41:1c:b2:e3:35:5a:fb:9f:9a:fd:63:b5:
                    87:58:65:4d:f6:eb:26:d9:fb:2c:c0:6e:51:d9:30:
                    ff:47:3a:a1:5b:1a:b7:71:eb:41:89:33:9b:29:f7:
                    e2:eb:c6:0e:08:90:06:af:19:b1:f6:06:ab:ca:51:
                    4a:c1:f4:b7:1b:1d:bf:82:1e:e7:b2:0f:3f:9c:be:
                    1b:f8:b5:20:61:80:06:24:c0:94:e6:6f:88:9a:30:
                    87:3c:f2:a2:b8:bf:6c:af:56:2a:7f:7e:7b:49:21:
                    bc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:19:59:36:F8:0C:46:70:9F:E9:4A:CA:46:F4:39:A6:45:1D:EF:15
            X509v3 Authority Key Identifier:
                keyid:A9:FC:56:30:D5:7B:19:71:F3:A2:56:ED:6D:98:3A:FA:D6:B2:8D:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qfxWMNV7GXHzolbtbZg6-tayjXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/0f0788-f1c4-4eae-b0c3-c5d4f0a00907/1/xBlZNvgMRnCf6UrKRvQ5pkUd7xU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/0f0788-f1c4-4eae-b0c3-c5d4f0a00907/1/qfxWMNV7GXHzolbtbZg6-tayjXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e0:2f:34:98:4c:ba:09:e2:20:33:0b:be:2d:87:77:0f:4a:fe:
         3e:d1:98:c6:44:0d:72:02:a3:c4:9d:36:83:15:5a:0c:43:59:
         a4:41:e2:3e:e7:ca:1c:ca:78:9f:a3:7a:b8:7a:fd:b7:6c:63:
         7d:bd:d0:fb:6c:9c:a5:b2:0b:4c:8d:d6:8b:5a:89:a9:38:cb:
         6b:1d:61:3c:91:6b:3d:91:f4:8a:e9:35:b6:b9:18:ee:a6:8d:
         f1:ee:6f:16:d7:ef:e2:bf:d3:cc:d4:42:d8:d0:b2:67:fe:29:
         67:8c:ec:64:58:a3:35:7e:1b:c5:39:d5:bb:1e:6e:7e:b6:58:
         7b:e0:65:22:b4:0d:c1:4d:ac:66:84:6e:5d:69:98:55:a0:f1:
         12:00:df:fd:d4:7a:47:ad:9e:16:4f:9a:4a:00:ce:2f:e7:ce:
         32:fe:54:2a:99:34:2c:75:d9:9f:34:b7:09:75:a7:38:6b:5b:
         37:ac:46:1c:a6:cf:6a:5d:7a:d9:71:3b:71:81:8d:b6:f3:da:
         9b:f4:94:6e:7e:92:45:2c:75:4a:06:68:1c:3a:1a:51:d0:44:
         58:34:8e:4c:86:4e:10:71:53:54:a1:91:10:40:45:bc:f0:58:
         19:f7:da:43:f0:fe:78:45:82:ad:10:b3:e7:31:a4:66:d8:6a:
         05:8e:2d:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR8FksTcBQMiuWBO4/qUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZmM1NjMwZDU3YjE5NzFmM2EyNTZlZDZkOTgzYWZhZDZi
MjhkNzUwHhcNMjUwMTAyMTM1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDE5NTkzNmY4MGM0NjcwOWZlOTRhY2E0NmY0MzlhNjQ1MWRlZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60xCFLIsuDpcUPcos20sV2fj5O1g
dojqmB3+2VooemX4ynavC5Ig7w0bxzuewZfhNejmUvoJcBB5lFINWYEEx2EPmekI
2NE1ey5V8hHxZ/O1grgCSmrgiR7KQwpDe8DL5s1D1qLWkKMLcQjhsm/uyJyPAU0F
Q2qxbOFWVafz03eY74WHchjUZgqOOl6z1TtyoJiXxWqOwfVBHLLjNVr7n5r9Y7WH
WGVN9usm2fsswG5R2TD/RzqhWxq3cetBiTObKffi68YOCJAGrxmx9garylFKwfS3
Gx2/gh7nsg8/nL4b+LUgYYAGJMCU5m+ImjCHPPKiuL9sr1Yqf357SSG8tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQZWTb4DEZwn+lKykb0OaZFHe8VMB8GA1UdIwQY
MBaAFKn8VjDVexlx86JW7W2YOvrWso11MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWZ4V01OVjdHWEh6b2xidGJaZzYtdGF5alhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8wZjA3ODgtZjFjNC00ZWFlLWIwYzMt
YzVkNGYwYTAwOTA3LzEveEJsWk52Z01SbkNmNlVyS1J2UTVwa1VkN3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8wZjA3ODgtZjFjNC00ZWFlLWIwYzMtYzVkNGYwYTAwOTA3
LzEvcWZ4V01OVjdHWEh6b2xidGJaZzYtdGF5alhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVCTMA0G
CSqGSIb3DQEBCwUAA4IBAQDgLzSYTLoJ4iAzC74th3cPSv4+0ZjGRA1yAqPEnTaD
FVoMQ1mkQeI+58ocynifo3q4ev23bGN9vdD7bJylsgtMjdaLWompOMtrHWE8kWs9
kfSK6TW2uRjupo3x7m8W1+/iv9PM1ELY0LJn/ilnjOxkWKM1fhvFOdW7Hm5+tlh7
4GUitA3BTaxmhG5daZhVoPESAN/91HpHrZ4WT5pKAM4v584y/lQqmTQsddmfNLcJ
dac4a1s3rEYcps9qXXrZcTtxgY2289qb9JRufpJFLHVKBmgcOhpR0ERYNI5Mhk4Q
cVNUoZEQQEW88FgZ99pD8P54RYKtELPnMaRm2GoFji1H
-----END CERTIFICATE-----