Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/Y7IbauxCyjXhQWtKe7lN--DELUQ.roa
File:                     Y7IbauxCyjXhQWtKe7lN--DELUQ.roa (raw, json)
Hash identifier:          xpVAIlB1lIR+HxUKNGLbe9I7sTREw4VsAHO/LKoUNXs=
Subject key identifier:   63:B2:1B:6A:EC:42:CA:35:E1:41:6B:4A:7B:B9:4D:FB:E0:C4:2D:44
Certificate issuer:       /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial:       018CC26D1F9E0B032B50DCBBFB3A4CFAF889
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/Y7IbauxCyjXhQWtKe7lN--DELUQ.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35429
IP address blocks:        80.251.96.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1f:9e:0b:03:2b:50:dc:bb:fb:3a:4c:fa:f8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63b21b6aec42ca35e1416b4a7bb94dfbe0c42d44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:39:70:c6:59:5d:c7:ee:09:ab:b5:af:8b:1b:
                    02:f3:ba:f2:6b:f8:04:3a:9c:81:64:65:87:c8:93:
                    da:f1:df:f6:4c:8b:95:0a:5c:25:29:3f:ca:68:ba:
                    c4:09:8e:12:49:3a:fd:4c:49:0b:99:b8:13:4f:6c:
                    8e:57:07:d4:0d:30:23:6c:6f:69:67:39:3f:3f:bd:
                    24:8a:e7:ed:62:70:2a:9a:ca:89:e8:48:1f:cc:ea:
                    33:c8:05:cc:0e:a2:02:f1:2e:83:2f:28:eb:0b:62:
                    6f:28:0a:ca:2b:bc:09:c3:34:6e:cf:6a:f7:89:12:
                    27:c0:5d:39:df:2a:2e:bf:5d:76:14:16:22:58:0b:
                    07:38:dd:56:8c:19:4e:6e:ea:3d:b4:a4:2f:11:7e:
                    af:1f:9c:54:68:97:1a:16:0a:04:23:e4:84:f2:b9:
                    88:79:5a:a9:0b:0c:a2:c1:bc:89:be:78:18:02:2d:
                    6e:0a:ad:af:db:3d:a1:f5:84:b8:32:52:a7:f5:e4:
                    d7:4a:56:5c:12:b3:e3:f6:88:ce:03:a9:1a:de:37:
                    5f:f3:2a:01:a5:b9:20:b9:ff:3c:2f:74:27:ed:2c:
                    f0:a2:12:58:54:87:af:a6:ac:6f:86:74:51:ce:02:
                    24:44:9a:7d:15:c6:5a:6c:c0:0a:98:89:91:77:0a:
                    bc:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B2:1B:6A:EC:42:CA:35:E1:41:6B:4A:7B:B9:4D:FB:E0:C4:2D:44
            X509v3 Authority Key Identifier:
                keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/Y7IbauxCyjXhQWtKe7lN--DELUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.251.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         13:ff:ee:e7:d9:a6:e7:5e:18:97:bc:db:b3:96:fb:aa:db:0f:
         01:61:ca:09:59:56:1b:cb:54:01:93:76:99:d9:1e:e3:16:e5:
         5b:7b:6f:f5:05:fc:8d:e2:b1:7a:9b:18:e2:9a:0c:db:ae:0b:
         47:84:53:b4:f6:14:c0:ea:d0:19:da:eb:e0:5e:e0:1e:5c:5c:
         c2:b6:7a:67:27:17:db:ad:6e:a6:2d:1a:a5:e4:54:65:b7:62:
         b0:b1:8d:56:36:8d:33:79:83:20:01:09:42:c8:01:c9:b3:d1:
         40:22:be:fa:9d:70:5c:7d:d7:96:0e:0b:aa:79:14:8c:8f:bf:
         02:72:7f:26:76:da:27:75:f0:a1:90:d2:5c:8e:c4:27:c3:a7:
         88:10:51:0a:12:1c:49:8f:a9:78:95:48:c0:6f:ea:7e:6b:90:
         e4:d2:b2:2a:9b:46:99:e9:64:9d:61:43:55:56:a7:ba:41:4a:
         86:e0:0b:5b:31:f4:7d:cf:ae:fc:a1:b3:37:d2:35:1b:a7:b5:
         f1:93:08:84:8a:12:81:ca:f4:7c:b3:0c:36:1e:df:3f:62:09:
         af:93:4e:e7:23:ed:35:4a:f4:52:f8:ec:61:03:93:60:c5:ed:
         f2:e1:de:de:8f:ff:75:ef:a9:38:dc:8e:40:aa:2d:9e:b4:33:
         b7:64:b8:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbR+eCwMrUNy7+zpM+viJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2IyMWI2YWVjNDJjYTM1ZTE0MTZiNGE3YmI5NGRmYmUwYzQyZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzlwxlldx+4Jq7WvixsC87rya/gE
OpyBZGWHyJPa8d/2TIuVClwlKT/KaLrECY4SSTr9TEkLmbgTT2yOVwfUDTAjbG9p
Zzk/P70kiuftYnAqmsqJ6EgfzOozyAXMDqIC8S6DLyjrC2JvKArKK7wJwzRuz2r3
iRInwF053youv112FBYiWAsHON1WjBlObuo9tKQvEX6vH5xUaJcaFgoEI+SE8rmI
eVqpCwyiwbyJvngYAi1uCq2v2z2h9YS4MlKn9eTXSlZcErPj9ojOA6ka3jdf8yoB
pbkguf88L3Qn7SzwohJYVIevpqxvhnRRzgIkRJp9FcZabMAKmImRdwq8CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOyG2rsQso14UFrSnu5TfvgxC1EMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvWTdJYmF1eEN5alhoUVd0S2U3bE4tLURFTFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPtgMA0G
CSqGSIb3DQEBCwUAA4IBAQAT/+7n2abnXhiXvNuzlvuq2w8BYcoJWVYby1QBk3aZ
2R7jFuVbe2/1BfyN4rF6mxjimgzbrgtHhFO09hTA6tAZ2uvgXuAeXFzCtnpnJxfb
rW6mLRql5FRlt2KwsY1WNo0zeYMgAQlCyAHJs9FAIr76nXBcfdeWDguqeRSMj78C
cn8mdtondfChkNJcjsQnw6eIEFEKEhxJj6l4lUjAb+p+a5Dk0rIqm0aZ6WSdYUNV
Vqe6QUqG4AtbMfR9z678obM30jUbp7XxkwiEihKByvR8sww2Ht8/Ygmvk07nI+01
SvRS+OxhA5Ngxe3y4d7ej/9176k43I5Aqi2etDO3ZLgY
-----END CERTIFICATE-----