Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/O4ZJsF1ZttF0eNnj_84xdHD914g.roa
File:                     O4ZJsF1ZttF0eNnj_84xdHD914g.roa (raw, json)
Hash identifier:          mG+q/FoM3PPe1S1SUuipUmlglhgxjyEUwS7R+O4NKFE=
Subject key identifier:   3B:86:49:B0:5D:59:B6:D1:74:78:D9:E3:FF:CE:31:74:70:FD:D7:88
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D8480E3666CBC726A4753C8AE846
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/O4ZJsF1ZttF0eNnj_84xdHD914g.roa
Signing time:             Mon 01 Jan 2024 06:29:49 +0000
ROA not before:           Mon 01 Jan 2024 06:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394265
IP address blocks:        80.169.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 00:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d8:48:0e:36:66:cb:c7:26:a4:75:3c:8a:e8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b8649b05d59b6d17478d9e3ffce317470fdd788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7a:08:f9:3f:b5:0e:a5:e0:68:d5:ea:0f:4d:
                    3b:58:bf:cf:f0:03:7b:a8:86:93:1d:a4:14:94:f5:
                    9a:20:94:d4:90:77:dd:b6:39:9b:d0:33:eb:92:dd:
                    3a:c0:61:52:08:25:c2:e8:11:2f:3c:f8:f4:ab:2a:
                    ac:87:c9:cb:02:1d:1c:1b:65:61:10:33:c2:58:6f:
                    80:3f:d5:8b:2e:75:8e:ed:6e:88:b3:52:1e:90:c7:
                    a2:a9:0a:1a:56:e7:19:c0:1f:e9:1d:86:a7:7e:c1:
                    e5:52:e9:fe:f6:b6:58:bb:d3:3c:7a:21:4b:a5:73:
                    58:a5:e5:3f:4a:c2:a1:0b:e5:6e:4f:21:2e:c6:e9:
                    10:17:72:c6:af:9e:07:2e:ac:b1:9c:fb:8f:a2:62:
                    39:b4:98:1f:27:3f:02:3b:ec:a0:08:dc:17:31:e6:
                    17:a5:b1:16:cf:3d:4f:7a:a5:35:be:21:02:46:8e:
                    90:4a:9e:d7:01:1c:6e:ef:ce:82:78:f8:cd:f9:49:
                    0e:ee:62:1b:17:06:ff:b0:dc:5a:52:60:45:82:58:
                    27:07:16:59:f0:52:c6:06:aa:c2:45:6d:b7:98:f5:
                    b6:7f:c5:1a:df:1b:90:8d:6c:cc:97:db:d4:06:dd:
                    46:c7:0c:c5:d4:2d:28:ff:a7:c3:eb:c5:d4:22:6d:
                    01:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:86:49:B0:5D:59:B6:D1:74:78:D9:E3:FF:CE:31:74:70:FD:D7:88
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/O4ZJsF1ZttF0eNnj_84xdHD914g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.169.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:6a:51:97:73:a6:e6:55:fb:63:32:8a:23:a0:8d:b7:c0:97:
         46:61:29:30:09:d1:41:5f:d6:28:61:f0:17:3c:27:68:b6:54:
         f2:22:48:aa:22:99:c4:14:e9:bf:1e:83:54:c7:b1:d9:de:6d:
         7c:cf:9c:a2:9a:13:04:f4:98:c9:39:78:2c:e3:46:26:ed:17:
         b2:1d:71:2a:61:22:9c:34:38:07:74:0b:ac:a0:0d:bc:44:34:
         cc:90:2f:c7:90:2c:c8:0b:89:b0:bb:8e:0c:b3:65:0e:33:2d:
         05:b2:fe:c4:74:8a:b9:c2:39:3a:0a:fd:8b:a7:27:a2:d3:5c:
         d0:ca:59:73:db:d9:6a:ae:a9:84:8b:50:99:44:66:33:10:34:
         40:e2:47:19:3b:2b:e0:62:02:70:2c:eb:73:bf:bb:94:b5:d9:
         9a:3e:0b:55:ca:ff:d7:cc:47:b2:a4:a9:80:34:f7:04:a6:8a:
         0a:32:31:26:cd:0c:4c:a5:00:3f:3c:b9:74:64:19:3d:bc:e7:
         99:a1:1e:37:49:16:b5:2b:cb:89:37:59:89:d5:9f:13:0b:f5:
         29:c6:06:5f:47:e7:fa:b1:a5:ce:c7:53:e8:a2:38:ff:d1:f2:
         8a:8d:11:bd:8c:f1:0c:9b:ff:46:4c:9d:b4:12:1b:4a:68:a5:
         04:82:33:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtthIDjZmy8cmpHU8iuhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg2NDliMDVkNTliNmQxNzQ3OGQ5ZTNmZmNlMzE3NDcwZmRkNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnoI+T+1DqXgaNXqD007WL/P8AN7
qIaTHaQUlPWaIJTUkHfdtjmb0DPrkt06wGFSCCXC6BEvPPj0qyqsh8nLAh0cG2Vh
EDPCWG+AP9WLLnWO7W6Is1IekMeiqQoaVucZwB/pHYanfsHlUun+9rZYu9M8eiFL
pXNYpeU/SsKhC+VuTyEuxukQF3LGr54HLqyxnPuPomI5tJgfJz8CO+ygCNwXMeYX
pbEWzz1PeqU1viECRo6QSp7XARxu786CePjN+UkO7mIbFwb/sNxaUmBFglgnBxZZ
8FLGBqrCRW23mPW2f8Ua3xuQjWzMl9vUBt1GxwzF1C0o/6fD68XUIm0B/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuGSbBdWbbRdHjZ4//OMXRw/deIMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvTzRaSnNGMVp0dEYwZU5ual84NHhkSEQ5MTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUKkTMA0G
CSqGSIb3DQEBCwUAA4IBAQCbalGXc6bmVftjMoojoI23wJdGYSkwCdFBX9YoYfAX
PCdotlTyIkiqIpnEFOm/HoNUx7HZ3m18z5yimhME9JjJOXgs40Ym7ReyHXEqYSKc
NDgHdAusoA28RDTMkC/HkCzIC4mwu44Ms2UOMy0Fsv7EdIq5wjk6Cv2Lpyei01zQ
yllz29lqrqmEi1CZRGYzEDRA4kcZOyvgYgJwLOtzv7uUtdmaPgtVyv/XzEeypKmA
NPcEpooKMjEmzQxMpQA/PLl0ZBk9vOeZoR43SRa1K8uJN1mJ1Z8TC/UpxgZfR+f6
saXOx1Poojj/0fKKjRG9jPEMm/9GTJ20EhtKaKUEgjOH
-----END CERTIFICATE-----