Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/68f637-3121-40f7-b78f-9c9f2090329a/1/hCBS3bB4vypgsBY62BpwZI7l0VI.roa
File:                     hCBS3bB4vypgsBY62BpwZI7l0VI.roa (raw, json)
Hash identifier:          MtTn6TAwi6MVU6oCBbL4Kh340YFkVlR2we19cypKQ4s=
Subject key identifier:   84:20:52:DD:B0:78:BF:2A:60:B0:16:3A:D8:1A:70:64:8E:E5:D1:52
Certificate issuer:       /CN=ea550e54e4766d5765d0f3d061df1d74da558973
Certificate serial:       018CC5DC0A792739D10904BFA646DC85FBCB
Authority key identifier: EA:55:0E:54:E4:76:6D:57:65:D0:F3:D0:61:DF:1D:74:DA:55:89:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6lUOVOR2bVdl0PPQYd8ddNpViXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/68f637-3121-40f7-b78f-9c9f2090329a/1/hCBS3bB4vypgsBY62BpwZI7l0VI.roa
Signing time:             Mon 01 Jan 2024 16:29:41 +0000
ROA not before:           Mon 01 Jan 2024 16:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210422
IP address blocks:        80.68.154.0/24 maxlen: 24
                          2a12:9f80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/68f637-3121-40f7-b78f-9c9f2090329a/1/6lUOVOR2bVdl0PPQYd8ddNpViXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/68f637-3121-40f7-b78f-9c9f2090329a/1/6lUOVOR2bVdl0PPQYd8ddNpViXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6lUOVOR2bVdl0PPQYd8ddNpViXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0a:79:27:39:d1:09:04:bf:a6:46:dc:85:fb:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea550e54e4766d5765d0f3d061df1d74da558973
        Validity
            Not Before: Jan  1 16:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=842052ddb078bf2a60b0163ad81a70648ee5d152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:51:d0:11:86:31:18:0e:48:77:d7:20:2e:b5:
                    3d:29:54:27:38:1a:0e:c9:19:17:52:8e:9b:8a:98:
                    2a:b7:5b:08:3d:48:46:d3:b2:74:6c:33:8a:8f:6b:
                    64:4b:09:de:ba:63:a3:da:7c:91:1c:d6:58:4c:75:
                    ce:10:4b:71:75:c6:25:43:13:df:0c:0b:43:51:a3:
                    b4:58:20:bd:94:c1:06:c3:67:62:9f:f6:7f:94:f6:
                    c5:93:35:b2:ff:c8:b2:dd:74:17:a1:ca:8c:52:75:
                    48:de:0e:c4:32:7d:f1:db:c5:57:9b:d0:db:1e:0f:
                    eb:14:db:cb:4b:98:d0:ad:9a:52:56:be:a9:8d:16:
                    e4:fb:d8:df:ca:8f:9e:6e:d0:38:72:47:3a:4f:1b:
                    05:35:6f:02:71:59:39:ce:43:60:3e:24:1f:a9:75:
                    dc:a7:9f:64:17:1b:ea:a5:56:af:aa:99:87:94:3f:
                    80:7a:9d:d3:c7:08:13:e3:f9:40:16:37:b7:4c:65:
                    42:2f:ee:7f:66:c9:6b:c3:14:2b:cf:65:44:1c:e5:
                    fc:87:fe:7a:5b:cd:b8:4e:4a:04:35:16:0a:c3:e5:
                    32:1a:9b:3e:f8:4a:5e:35:be:5f:ae:9b:53:69:1c:
                    cc:9c:cd:ac:c8:54:d9:f0:96:94:79:37:40:d9:e9:
                    fd:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:20:52:DD:B0:78:BF:2A:60:B0:16:3A:D8:1A:70:64:8E:E5:D1:52
            X509v3 Authority Key Identifier:
                keyid:EA:55:0E:54:E4:76:6D:57:65:D0:F3:D0:61:DF:1D:74:DA:55:89:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6lUOVOR2bVdl0PPQYd8ddNpViXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/68f637-3121-40f7-b78f-9c9f2090329a/1/hCBS3bB4vypgsBY62BpwZI7l0VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/68f637-3121-40f7-b78f-9c9f2090329a/1/6lUOVOR2bVdl0PPQYd8ddNpViXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.68.154.0/24
                IPv6:
                  2a12:9f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:98:f9:88:c2:9c:78:d7:51:8a:56:e3:4e:f4:56:58:3a:75:
         b3:61:9e:87:2b:8a:9f:22:bb:5f:9c:49:b2:9d:06:f6:e9:40:
         56:43:16:ce:dc:ea:6a:fd:25:7e:ba:a1:59:47:0f:bf:12:1a:
         01:43:32:e3:51:84:54:20:a4:94:69:05:e2:b9:4d:92:e8:25:
         85:3e:05:7f:04:72:8b:49:8f:24:0c:7c:24:22:f6:46:63:86:
         57:a2:51:ab:60:55:c8:0d:07:5d:0e:b0:91:0f:71:76:a5:52:
         e5:99:27:dd:c2:76:02:79:fc:d9:e3:97:09:24:f9:26:0e:14:
         2a:a7:9e:35:ea:d2:75:45:40:fd:a1:1b:db:93:e0:29:7b:13:
         8e:2d:29:ec:e9:0c:23:db:5e:85:6b:77:75:7b:8b:d6:4a:02:
         3a:0a:f9:e2:a3:e1:ac:53:95:c3:90:62:c9:29:e3:57:30:25:
         cb:71:7b:91:76:50:70:ea:3d:59:d4:73:4d:fe:d0:30:08:80:
         63:05:fa:53:5c:25:15:ec:2d:fa:4d:b3:02:28:82:bc:bb:11:
         43:c2:5d:4e:f2:ba:6b:f9:6c:89:9b:09:25:37:96:03:e1:c1:
         40:8b:39:77:3e:61:ed:7b:4f:ae:c8:da:81:7e:45:80:08:e2:
         9c:83:60:f1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3Ap5JznRCQS/pkbchfvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNTUwZTU0ZTQ3NjZkNTc2NWQwZjNkMDYxZGYxZDc0ZGE1
NTg5NzMwHhcNMjQwMTAxMTYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDIwNTJkZGIwNzhiZjJhNjBiMDE2M2FkODFhNzA2NDhlZTVkMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1HQEYYxGA5Id9cgLrU9KVQnOBoO
yRkXUo6bipgqt1sIPUhG07J0bDOKj2tkSwneumOj2nyRHNZYTHXOEEtxdcYlQxPf
DAtDUaO0WCC9lMEGw2din/Z/lPbFkzWy/8iy3XQXocqMUnVI3g7EMn3x28VXm9Db
Hg/rFNvLS5jQrZpSVr6pjRbk+9jfyo+ebtA4ckc6TxsFNW8CcVk5zkNgPiQfqXXc
p59kFxvqpVavqpmHlD+Aep3TxwgT4/lAFje3TGVCL+5/ZslrwxQrz2VEHOX8h/56
W824TkoENRYKw+UyGps++EpeNb5frptTaRzMnM2syFTZ8JaUeTdA2en9bQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIQgUt2weL8qYLAWOtgacGSO5dFSMB8GA1UdIwQY
MBaAFOpVDlTkdm1XZdDz0GHfHXTaVYlzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmxVT1ZPUjJiVmRsMFBQUVlkOGRkTnBWaVhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82OGY2MzctMzEyMS00MGY3LWI3OGYt
OWM5ZjIwOTAzMjlhLzEvaENCUzNiQjR2eXBnc0JZNjJCcHdaSTdsMFZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82OGY2MzctMzEyMS00MGY3LWI3OGYtOWM5ZjIwOTAzMjlh
LzEvNmxVT1ZPUjJiVmRsMFBQUVlkOGRkTnBWaVhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUESaMA0E
AgACMAcDBQMqEp+AMA0GCSqGSIb3DQEBCwUAA4IBAQBjmPmIwpx411GKVuNO9FZY
OnWzYZ6HK4qfIrtfnEmynQb26UBWQxbO3Opq/SV+uqFZRw+/EhoBQzLjUYRUIKSU
aQXiuU2S6CWFPgV/BHKLSY8kDHwkIvZGY4ZXolGrYFXIDQddDrCRD3F2pVLlmSfd
wnYCefzZ45cJJPkmDhQqp5416tJ1RUD9oRvbk+ApexOOLSns6Qwj216Fa3d1e4vW
SgI6Cvnio+GsU5XDkGLJKeNXMCXLcXuRdlBw6j1Z1HNN/tAwCIBjBfpTXCUV7C36
TbMCKIK8uxFDwl1O8rpr+WyJmwklN5YD4cFAizl3PmHte0+uyNqBfkWACOKcg2Dx
-----END CERTIFICATE-----