Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/q36EbkkqDy_91lS4zoRVoYUp4ZE.roa
File:                     q36EbkkqDy_91lS4zoRVoYUp4ZE.roa (raw, json)
Hash identifier:          E+2D/rGXtloh6mMT23bkCDG5ZgewSn6H0wy3TL2gfp0=
Subject key identifier:   AB:7E:84:6E:49:2A:0F:2F:FD:D6:54:B8:CE:84:55:A1:85:29:E1:91
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F208546E082C1706AF398790ED3AD
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/q36EbkkqDy_91lS4zoRVoYUp4ZE.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27173
IP address blocks:        80.231.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:20:85:46:e0:82:c1:70:6a:f3:98:79:0e:d3:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab7e846e492a0f2ffdd654b8ce8455a18529e191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:37:23:c4:99:36:19:6a:c2:e3:b4:70:41:b6:
                    b9:7f:d7:d3:9e:98:98:db:9d:a1:1f:1f:80:0a:ca:
                    c3:bd:65:f0:0a:ef:9f:32:21:7d:ab:fb:0d:52:5f:
                    09:9b:1e:af:e5:20:58:7d:21:0a:cd:f6:e7:ba:2e:
                    67:58:1c:2c:f1:a0:f3:89:36:0d:33:ba:3c:09:19:
                    42:a1:63:56:96:94:fc:7b:df:19:79:8b:e6:be:1c:
                    cf:c5:59:e4:7e:d2:d8:1e:aa:49:c6:76:03:b8:87:
                    71:7f:6e:25:5b:14:79:79:03:ff:8a:13:6c:06:67:
                    31:9b:f2:6f:71:9c:13:17:f5:df:49:89:54:6c:0c:
                    8f:a0:5c:93:ff:bd:b8:a7:47:1a:8a:e8:05:c2:0d:
                    ab:b1:7f:d3:12:02:4e:06:c2:fe:f5:74:21:e2:84:
                    86:e6:05:a6:5c:60:23:48:55:41:65:51:4e:96:5b:
                    62:a9:fe:70:18:c4:98:c3:e2:9f:71:71:e1:c3:ce:
                    f6:42:bb:6d:e6:53:9a:e4:cd:1e:51:84:7a:e1:22:
                    19:95:7e:09:3c:90:8b:b6:aa:7f:d3:a9:0a:29:f7:
                    95:50:8c:d6:2e:b3:48:5a:07:7e:d4:b3:77:20:fa:
                    f7:e5:2f:05:94:7f:7b:e5:a9:86:ff:e1:2a:ac:15:
                    10:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:7E:84:6E:49:2A:0F:2F:FD:D6:54:B8:CE:84:55:A1:85:29:E1:91
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/q36EbkkqDy_91lS4zoRVoYUp4ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.231.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:d4:4b:8c:d6:38:5e:ad:91:cb:ce:b4:be:03:73:b9:6c:53:
         9d:77:73:2e:a6:c4:8e:9b:79:c9:49:7d:9b:4a:0f:a3:bf:ee:
         e5:d4:67:aa:85:e8:39:1e:e3:60:01:39:b1:ae:99:c3:5b:12:
         30:56:f3:91:d1:15:24:1d:2a:43:7c:e3:4b:9a:be:6a:c6:2f:
         7c:6a:bf:ae:20:15:7c:23:18:4a:56:8c:f5:12:11:7d:98:28:
         e4:d2:81:74:a4:03:88:22:54:6c:e4:30:ce:67:01:a0:6f:df:
         cb:66:08:79:c2:fa:04:c1:8c:90:c1:8d:e4:83:62:22:5f:76:
         1b:a8:ea:d2:4b:32:d4:ee:6d:ca:7e:c9:4d:b6:cd:13:6c:b8:
         43:b8:f2:97:59:2e:f5:a6:34:ec:d8:72:e0:62:30:8d:e6:cf:
         ef:97:50:36:16:52:85:28:0f:37:94:94:dc:cb:b1:b7:d7:da:
         c3:d7:74:bd:4c:c9:aa:f3:88:e6:c5:92:19:f7:ab:6f:9b:0b:
         fa:33:d4:87:aa:b1:2a:ea:8b:f3:8f:62:f0:be:e9:81:f0:1c:
         f7:e9:5d:17:e6:d2:60:32:25:e5:0a:65:6d:f1:27:d9:08:c8:
         c5:ae:3c:c3:73:b3:7e:f4:33:13:e1:d3:fa:f6:d7:e9:74:7d:
         b9:90:1b:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyCFRuCCwXBq85h5DtOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjdlODQ2ZTQ5MmEwZjJmZmRkNjU0YjhjZTg0NTVhMTg1MjllMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTcjxJk2GWrC47RwQba5f9fTnpiY
252hHx+ACsrDvWXwCu+fMiF9q/sNUl8Jmx6v5SBYfSEKzfbnui5nWBws8aDziTYN
M7o8CRlCoWNWlpT8e98ZeYvmvhzPxVnkftLYHqpJxnYDuIdxf24lWxR5eQP/ihNs
Bmcxm/JvcZwTF/XfSYlUbAyPoFyT/724p0caiugFwg2rsX/TEgJOBsL+9XQh4oSG
5gWmXGAjSFVBZVFOlltiqf5wGMSYw+KfcXHhw872Qrtt5lOa5M0eUYR64SIZlX4J
PJCLtqp/06kKKfeVUIzWLrNIWgd+1LN3IPr35S8FlH975amG/+EqrBUQAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKt+hG5JKg8v/dZUuM6EVaGFKeGRMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvcTM2RWJra3FEeV85MWxTNHpvUlZvWVVwNFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOfhMA0G
CSqGSIb3DQEBCwUAA4IBAQCq1EuM1jherZHLzrS+A3O5bFOdd3MupsSOm3nJSX2b
Sg+jv+7l1Geqheg5HuNgATmxrpnDWxIwVvOR0RUkHSpDfONLmr5qxi98ar+uIBV8
IxhKVoz1EhF9mCjk0oF0pAOIIlRs5DDOZwGgb9/LZgh5wvoEwYyQwY3kg2IiX3Yb
qOrSSzLU7m3KfslNts0TbLhDuPKXWS71pjTs2HLgYjCN5s/vl1A2FlKFKA83lJTc
y7G319rD13S9TMmq84jmxZIZ96tvmwv6M9SHqrEq6ovzj2LwvumB8Bz36V0X5tJg
MiXlCmVt8SfZCMjFrjzDc7N+9DMT4dP69tfpdH25kBs4
-----END CERTIFICATE-----