Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/bnPaCU2zVcRL4N0nJ1LvgwJyFtY.roa
File:                     bnPaCU2zVcRL4N0nJ1LvgwJyFtY.roa (raw, json)
Hash identifier:          9cMqXRTgbNPSf6I/G9ZXlS6ySO5CFvOcb1iQtY0rxs4=
Subject key identifier:   6E:73:DA:09:4D:B3:55:C4:4B:E0:DD:27:27:52:EF:83:02:72:16:D6
Certificate issuer:       /CN=deb180ddc7143103f02e69cb9cda19c2395e57a1
Certificate serial:       0193B51E532148A6231FBB47BDE5A1AB1D4C
Authority key identifier: DE:B1:80:DD:C7:14:31:03:F0:2E:69:CB:9C:DA:19:C2:39:5E:57:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3rGA3ccUMQPwLmnLnNoZwjleV6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/bnPaCU2zVcRL4N0nJ1LvgwJyFtY.roa
Signing time:             Wed 11 Dec 2024 09:48:03 +0000
ROA not before:           Wed 11 Dec 2024 09:48:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58243
IP address blocks:        80.246.112.0/20 maxlen: 20
                          80.246.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/3rGA3ccUMQPwLmnLnNoZwjleV6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/3rGA3ccUMQPwLmnLnNoZwjleV6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3rGA3ccUMQPwLmnLnNoZwjleV6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b5:1e:53:21:48:a6:23:1f:bb:47:bd:e5:a1:ab:1d:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=deb180ddc7143103f02e69cb9cda19c2395e57a1
        Validity
            Not Before: Dec 11 09:48:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e73da094db355c44be0dd272752ef83027216d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b3:50:7c:91:a7:7d:0a:89:45:d8:ef:99:68:
                    b6:26:b6:22:10:02:e0:c3:cf:72:83:f2:e5:68:31:
                    d1:fb:b1:04:6f:94:ae:62:63:9f:8b:b9:63:f1:8a:
                    f1:d8:e9:a2:cb:8b:21:d0:e7:5d:9b:f2:11:18:52:
                    c3:a3:57:bd:a4:dd:e5:27:94:f5:ba:0f:71:41:78:
                    02:6f:a3:12:bf:ad:96:85:72:18:bd:5a:11:93:00:
                    ae:f0:c6:9b:6e:96:f2:ec:c3:b4:5e:97:11:e9:eb:
                    aa:7c:e7:3d:fd:c4:81:41:25:0c:a9:24:6b:41:40:
                    9d:56:ff:4e:d4:bc:01:60:31:53:79:10:64:b8:52:
                    07:9c:31:ac:bc:76:3f:c2:f8:be:c6:4d:22:ce:a1:
                    a6:8b:d1:cc:f2:9e:b6:ba:30:cb:3d:63:e3:3d:bf:
                    b5:65:a5:43:f0:d6:a6:03:ed:0c:6f:bb:2f:fc:a6:
                    ff:8f:d3:c5:9a:e4:af:a7:3d:4c:9a:2d:29:34:da:
                    66:d7:54:99:30:93:b4:d1:a2:65:d3:42:ca:13:dd:
                    55:1e:97:47:04:17:7a:d6:b8:31:9c:61:8f:d0:78:
                    94:ae:4d:63:c9:67:5e:3f:ab:48:02:86:e9:43:e3:
                    55:3b:a7:3e:c9:35:45:55:ef:98:a0:5d:51:70:cc:
                    85:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:73:DA:09:4D:B3:55:C4:4B:E0:DD:27:27:52:EF:83:02:72:16:D6
            X509v3 Authority Key Identifier:
                keyid:DE:B1:80:DD:C7:14:31:03:F0:2E:69:CB:9C:DA:19:C2:39:5E:57:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3rGA3ccUMQPwLmnLnNoZwjleV6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/bnPaCU2zVcRL4N0nJ1LvgwJyFtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/3rGA3ccUMQPwLmnLnNoZwjleV6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2d:cc:01:a8:f9:8d:2f:d2:84:4e:08:7e:25:86:26:4c:84:a5:
         db:46:58:15:7a:e0:9e:65:5f:85:bf:aa:9d:62:f7:e2:da:c3:
         fb:a2:26:64:eb:0e:79:bb:7f:2d:d1:76:6a:72:a4:82:68:43:
         f2:f2:b4:fe:44:05:99:77:a9:b9:c9:1a:c4:90:a6:27:0c:96:
         6b:87:7c:d2:7b:b8:ad:5c:36:2b:e1:26:69:ea:4d:9b:08:a8:
         ba:19:74:94:0c:3d:41:83:5c:c1:a7:2d:a0:fe:be:d4:fe:e2:
         8e:db:8c:fe:a1:c0:a8:38:44:ba:0b:4d:79:93:db:cd:d0:e5:
         15:21:3b:ae:30:cf:e4:11:43:2d:2d:25:5f:a1:45:8e:74:f3:
         97:fc:65:1f:68:f6:8c:22:8a:1f:54:81:fb:c1:46:63:d4:fe:
         98:73:74:2f:dd:ec:06:f4:73:4a:d2:03:61:1e:0d:87:e4:da:
         bf:a6:24:3e:9a:7b:5c:57:2a:43:cd:14:70:bd:1f:ea:e4:7c:
         0e:6c:d6:10:bd:ff:f9:0f:b8:28:fc:7a:1c:af:ea:e3:14:35:
         11:47:dd:2a:fb:73:63:8c:41:95:3b:4d:d2:17:22:52:5c:1a:
         a1:49:2b:7f:38:34:85:3c:2a:1e:ca:30:8a:aa:d2:ad:52:fd:
         97:25:81:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZO1HlMhSKYjH7tHveWhqx1MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYjE4MGRkYzcxNDMxMDNmMDJlNjljYjljZGExOWMyMzk1
ZTU3YTEwHhcNMjQxMjExMDk0ODAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTczZGEwOTRkYjM1NWM0NGJlMGRkMjcyNzUyZWY4MzAyNzIxNmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrNQfJGnfQqJRdjvmWi2JrYiEALg
w89yg/LlaDHR+7EEb5SuYmOfi7lj8Yrx2Omiy4sh0Oddm/IRGFLDo1e9pN3lJ5T1
ug9xQXgCb6MSv62WhXIYvVoRkwCu8Mabbpby7MO0XpcR6euqfOc9/cSBQSUMqSRr
QUCdVv9O1LwBYDFTeRBkuFIHnDGsvHY/wvi+xk0izqGmi9HM8p62ujDLPWPjPb+1
ZaVD8NamA+0Mb7sv/Kb/j9PFmuSvpz1Mmi0pNNpm11SZMJO00aJl00LKE91VHpdH
BBd61rgxnGGP0HiUrk1jyWdeP6tIAobpQ+NVO6c+yTVFVe+YoF1RcMyFvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5z2glNs1XES+DdJydS74MCchbWMB8GA1UdIwQY
MBaAFN6xgN3HFDED8C5py5zaGcI5XlehMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3JHQTNjY1VNUVB3TG1uTG5Ob1p3amxlVjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mOTA4ODMtZTQ4MC00Y2YxLWFiZDIt
OTA5MWNkNzNkMzhjLzEvYm5QYUNVMnpWY1JMNE4wbkoxTHZnd0p5RnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mOTA4ODMtZTQ4MC00Y2YxLWFiZDItOTA5MWNkNzNkMzhj
LzEvM3JHQTNjY1VNUVB3TG1uTG5Ob1p3amxlVjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPZwMA0G
CSqGSIb3DQEBCwUAA4IBAQAtzAGo+Y0v0oROCH4lhiZMhKXbRlgVeuCeZV+Fv6qd
Yvfi2sP7oiZk6w55u38t0XZqcqSCaEPy8rT+RAWZd6m5yRrEkKYnDJZrh3zSe7it
XDYr4SZp6k2bCKi6GXSUDD1Bg1zBpy2g/r7U/uKO24z+ocCoOES6C015k9vN0OUV
ITuuMM/kEUMtLSVfoUWOdPOX/GUfaPaMIoofVIH7wUZj1P6Yc3Qv3ewG9HNK0gNh
Hg2H5Nq/piQ+mntcVypDzRRwvR/q5HwObNYQvf/5D7go/Hocr+rjFDURR90q+3Nj
jEGVO03SFyJSXBqhSSt/ODSFPCoeyjCKqtKtUv2XJYGB
-----END CERTIFICATE-----