Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/7qkOSuFRUcyYKEw9eeQoyGsSKdM.roa
File:                     7qkOSuFRUcyYKEw9eeQoyGsSKdM.roa (raw, json)
Hash identifier:          GifETILrK9NkOBL6RKHtfkhY3OcuMcPjgbMzkC/+3Dw=
Subject key identifier:   EE:A9:0E:4A:E1:51:51:CC:98:28:4C:3D:79:E4:28:C8:6B:12:29:D3
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       018CC348EEE4D1D9001ABB59EED74FF28D43
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/7qkOSuFRUcyYKEw9eeQoyGsSKdM.roa
Signing time:             Mon 01 Jan 2024 04:29:45 +0000
ROA not before:           Mon 01 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201073
IP address blocks:        82.80.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ee:e4:d1:d9:00:1a:bb:59:ee:d7:4f:f2:8d:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: Jan  1 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eea90e4ae15151cc98284c3d79e428c86b1229d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:41:2f:3b:6f:84:3d:6f:6d:2c:48:78:d7:52:
                    42:ab:e6:1d:9e:ea:90:e8:28:1c:f9:04:e9:5f:7c:
                    9a:6a:cc:5e:c5:0f:f1:09:8d:57:81:e7:f1:4c:1a:
                    d3:a7:5d:d5:cf:3b:a9:30:89:cf:87:01:4c:c7:fa:
                    a8:a9:74:10:9c:25:82:4a:02:2f:09:d1:fc:92:09:
                    a9:fa:8e:26:a8:71:e2:93:12:06:3c:5f:6b:da:52:
                    61:63:40:f9:fa:2d:8a:c9:54:6f:ee:13:b6:d3:9b:
                    b8:2a:02:ea:2c:1f:e2:50:75:af:15:0f:a7:f5:f1:
                    db:07:ea:12:3d:59:b8:91:f0:ae:b6:eb:ea:8f:62:
                    fd:61:61:d3:60:e0:34:4a:ae:e4:67:3d:c6:a6:98:
                    87:d8:8a:cd:3a:e5:6b:65:42:c8:72:3d:a6:8b:ca:
                    b3:b4:16:3e:5c:11:35:34:18:f7:2e:c8:c0:ab:0b:
                    c5:c8:4d:dc:6f:0d:9e:bd:62:ec:db:6c:bf:2a:59:
                    4c:f8:81:aa:c1:c3:62:0a:39:4e:56:7e:dc:74:22:
                    3b:37:39:a8:47:df:c4:54:62:01:ac:ad:fb:7d:9e:
                    26:1f:61:b7:3b:43:34:0a:7d:84:32:14:70:bc:4a:
                    22:92:f9:bf:74:48:b5:3b:da:88:9b:f4:09:dc:84:
                    bd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A9:0E:4A:E1:51:51:CC:98:28:4C:3D:79:E4:28:C8:6B:12:29:D3
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/7qkOSuFRUcyYKEw9eeQoyGsSKdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.80.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:cc:c7:99:c3:7f:65:8a:f5:82:17:81:92:c1:98:a1:bc:4b:
         a9:f7:c9:5d:91:6a:35:f2:e3:97:dc:49:58:f7:ca:98:2c:ed:
         bc:e9:f6:3d:d2:51:c4:42:2d:97:24:44:53:ef:74:ff:d6:17:
         d8:20:ab:ee:fb:6a:48:9b:28:ba:00:7d:7b:99:2b:5b:91:cb:
         59:e3:22:48:fd:e4:7f:e1:7a:02:5d:b4:08:bd:9d:5a:14:61:
         99:b5:eb:49:64:04:d7:0a:dc:b3:49:06:52:90:c5:97:45:d2:
         a8:62:69:d1:7f:88:a7:9b:ab:bf:d8:79:68:f0:67:8f:ca:64:
         9a:d4:44:7b:7c:ea:34:1c:6a:58:bf:9e:44:ea:d3:b3:8b:8b:
         19:b3:08:d5:83:46:3d:e4:35:f5:38:e4:03:63:9d:5d:f9:62:
         f4:0e:f9:d9:00:d2:3e:76:6b:81:b4:3d:e2:0a:08:e9:57:80:
         d3:71:54:9b:f9:8c:5c:16:50:6b:e4:75:c4:45:7f:c6:66:e7:
         8e:89:a6:41:7f:4c:94:ee:40:d8:51:99:9b:a5:7d:bf:39:a1:
         b8:ad:3f:8d:d9:3d:4b:49:41:30:44:cf:c1:58:d8:5e:94:84:
         6e:ad:33:ea:d6:77:c6:0f:ca:49:43:ae:0b:9f:71:59:41:9d:
         22:35:a0:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSO7k0dkAGrtZ7tdP8o1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjQwMTAxMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWE5MGU0YWUxNTE1MWNjOTgyODRjM2Q3OWU0MjhjODZiMTIyOWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0EvO2+EPW9tLEh411JCq+YdnuqQ
6Cgc+QTpX3yaasxexQ/xCY1XgefxTBrTp13VzzupMInPhwFMx/qoqXQQnCWCSgIv
CdH8kgmp+o4mqHHikxIGPF9r2lJhY0D5+i2KyVRv7hO205u4KgLqLB/iUHWvFQ+n
9fHbB+oSPVm4kfCutuvqj2L9YWHTYOA0Sq7kZz3GppiH2IrNOuVrZULIcj2mi8qz
tBY+XBE1NBj3LsjAqwvFyE3cbw2evWLs22y/KllM+IGqwcNiCjlOVn7cdCI7Nzmo
R9/EVGIBrK37fZ4mH2G3O0M0Cn2EMhRwvEoikvm/dEi1O9qIm/QJ3IS9/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6pDkrhUVHMmChMPXnkKMhrEinTMB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvN3FrT1N1RlJVY3lZS0V3OWVlUW95R3NTS2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUlANMA0G
CSqGSIb3DQEBCwUAA4IBAQClzMeZw39livWCF4GSwZihvEup98ldkWo18uOX3ElY
98qYLO286fY90lHEQi2XJERT73T/1hfYIKvu+2pImyi6AH17mStbkctZ4yJI/eR/
4XoCXbQIvZ1aFGGZtetJZATXCtyzSQZSkMWXRdKoYmnRf4inm6u/2Hlo8GePymSa
1ER7fOo0HGpYv55E6tOzi4sZswjVg0Y95DX1OOQDY51d+WL0DvnZANI+dmuBtD3i
CgjpV4DTcVSb+YxcFlBr5HXERX/GZueOiaZBf0yU7kDYUZmbpX2/OaG4rT+N2T1L
SUEwRM/BWNhelIRurTPq1nfGD8pJQ64Ln3FZQZ0iNaCD
-----END CERTIFICATE-----