Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/zrfqR75OoH5LAkx5ywUrxPfIkl0.roa
File:                     zrfqR75OoH5LAkx5ywUrxPfIkl0.roa (raw, json)
Hash identifier:          qjeO7XM/I4bWvX832yFNGj8IE6vN1cd5m9loEAID2jI=
Subject key identifier:   CE:B7:EA:47:BE:4E:A0:7E:4B:02:4C:79:CB:05:2B:C4:F7:C8:92:5D
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E33D1C46A3E98E58E2F090A2EC0C
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/zrfqR75OoH5LAkx5ywUrxPfIkl0.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205492
IP address blocks:        194.209.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e3:3d:1c:46:a3:e9:8e:58:e2:f0:90:a2:ec:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ceb7ea47be4ea07e4b024c79cb052bc4f7c8925d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e1:17:30:09:8d:33:f5:4a:4e:71:49:92:fa:
                    d6:f0:74:97:14:9f:3a:c8:92:c5:99:6e:f4:26:88:
                    0f:fb:99:a6:46:66:15:31:1b:7d:1f:f9:6c:ec:45:
                    46:92:86:ee:e5:aa:2d:ba:58:c5:70:b7:ad:b7:a2:
                    6e:39:fa:18:50:fb:65:47:51:83:91:c3:c6:43:e3:
                    72:52:0a:88:cf:b9:b3:e4:7a:a0:07:d0:c2:23:0a:
                    b4:9f:6c:03:2c:29:e6:50:92:a6:9d:6c:66:36:43:
                    ed:bc:5f:9e:dd:0e:e6:06:f5:cb:0d:6a:26:9c:dc:
                    cf:dc:9b:af:3a:e3:e8:e4:bc:e1:13:55:02:5a:ac:
                    d5:9e:ee:2b:cf:da:4a:b9:fd:45:7e:a7:1f:a5:7a:
                    e1:94:cc:3f:fb:04:75:d9:dd:e8:68:b1:e6:ab:7f:
                    2b:de:09:3d:12:6a:1d:47:2f:83:7f:c5:77:7f:95:
                    0a:5c:1f:59:9c:eb:22:5c:64:55:21:f9:69:f1:ce:
                    ed:e8:6a:f7:37:f2:3e:f5:80:63:53:2a:ed:e5:54:
                    2e:09:a2:58:9f:03:0a:67:3b:4d:67:5b:57:42:fe:
                    94:6f:90:f6:67:43:ed:35:c4:f6:69:d4:75:30:88:
                    71:a0:a0:70:fc:6a:12:c1:b5:2f:b0:dd:89:3e:4c:
                    93:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B7:EA:47:BE:4E:A0:7E:4B:02:4C:79:CB:05:2B:C4:F7:C8:92:5D
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/zrfqR75OoH5LAkx5ywUrxPfIkl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:5a:bb:52:67:fa:ad:b4:8b:5b:2b:22:20:37:4c:fe:66:a1:
         ab:79:e3:8e:be:4c:a5:96:54:4e:a9:5a:79:f0:b3:0f:d9:c8:
         f5:c4:6f:56:a2:c2:84:0f:9d:01:db:82:8f:6b:85:b6:35:d9:
         26:99:af:7b:d4:55:f0:5c:d8:52:30:54:56:3f:70:48:75:4e:
         af:e1:d9:a5:cc:d3:5c:3c:dc:98:8b:e5:b0:94:b8:05:70:59:
         61:b3:1f:86:29:d0:48:28:09:5c:11:e0:7b:8d:e1:2a:d1:cc:
         75:2c:07:da:58:9d:45:08:ac:a7:a0:44:17:77:eb:bf:ed:91:
         7e:d8:6d:13:23:9a:be:81:5b:74:b8:08:91:71:73:f1:37:83:
         69:af:43:64:c7:a6:5f:fa:cb:94:15:58:a6:c4:e7:4d:cb:78:
         95:20:5a:bb:de:1b:81:37:6a:2b:02:b1:66:d7:b7:41:b5:11:
         ad:ba:d6:8d:15:4c:1d:1e:fb:11:82:51:01:c6:a7:ba:bc:93:
         cc:bc:32:fe:88:51:07:ac:69:5b:69:75:fc:63:cc:e8:ab:99:
         9e:45:b0:b9:c5:30:b8:2d:ab:a0:90:9f:a5:d6:69:36:24:07:
         af:1b:e3:56:0a:59:e3:3a:5a:5d:b0:93:0d:b8:2e:17:90:08:
         41:8d:d9:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOM9HEaj6Y5Y4vCQouwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWI3ZWE0N2JlNGVhMDdlNGIwMjRjNzljYjA1MmJjNGY3Yzg5MjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+EXMAmNM/VKTnFJkvrW8HSXFJ86
yJLFmW70JogP+5mmRmYVMRt9H/ls7EVGkobu5aotuljFcLett6JuOfoYUPtlR1GD
kcPGQ+NyUgqIz7mz5HqgB9DCIwq0n2wDLCnmUJKmnWxmNkPtvF+e3Q7mBvXLDWom
nNzP3JuvOuPo5LzhE1UCWqzVnu4rz9pKuf1FfqcfpXrhlMw/+wR12d3oaLHmq38r
3gk9EmodRy+Df8V3f5UKXB9ZnOsiXGRVIflp8c7t6Gr3N/I+9YBjUyrt5VQuCaJY
nwMKZztNZ1tXQv6Ub5D2Z0PtNcT2adR1MIhxoKBw/GoSwbUvsN2JPkyTnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM636ke+TqB+SwJMecsFK8T3yJJdMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvenJmcVI3NU9vSDVMQWt4NXl3VXJ4UGZJa2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtFQMA0G
CSqGSIb3DQEBCwUAA4IBAQC9WrtSZ/qttItbKyIgN0z+ZqGreeOOvkylllROqVp5
8LMP2cj1xG9WosKED50B24KPa4W2Ndkmma971FXwXNhSMFRWP3BIdU6v4dmlzNNc
PNyYi+WwlLgFcFlhsx+GKdBIKAlcEeB7jeEq0cx1LAfaWJ1FCKynoEQXd+u/7ZF+
2G0TI5q+gVt0uAiRcXPxN4Npr0Nkx6Zf+suUFVimxOdNy3iVIFq73huBN2orArFm
17dBtRGtutaNFUwdHvsRglEBxqe6vJPMvDL+iFEHrGlbaXX8Y8zoq5meRbC5xTC4
LaugkJ+l1mk2JAevG+NWClnjOlpdsJMNuC4XkAhBjdlx
-----END CERTIFICATE-----