Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/nB_zoF-5vRmGl3d9TG824Zcc-nw.roa
File:                     nB_zoF-5vRmGl3d9TG824Zcc-nw.roa (raw, json)
Hash identifier:          m3z2itiLoAbrDtSbjfB2c49btcR+jFaVv3ZdkaLWcmg=
Subject key identifier:   9C:1F:F3:A0:5F:B9:BD:19:86:97:77:7D:4C:6F:36:E1:97:1C:FA:7C
Certificate issuer:       /CN=deb180ddc7143103f02e69cb9cda19c2395e57a1
Certificate serial:       0194282342B6980429DDEE4EE90C97317850
Authority key identifier: DE:B1:80:DD:C7:14:31:03:F0:2E:69:CB:9C:DA:19:C2:39:5E:57:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3rGA3ccUMQPwLmnLnNoZwjleV6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/nB_zoF-5vRmGl3d9TG824Zcc-nw.roa
Signing time:             Thu 02 Jan 2025 17:49:46 +0000
ROA not before:           Thu 02 Jan 2025 17:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58243
IP address blocks:        80.246.112.0/20 maxlen: 20
                          80.246.112.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/3rGA3ccUMQPwLmnLnNoZwjleV6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/3rGA3ccUMQPwLmnLnNoZwjleV6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3rGA3ccUMQPwLmnLnNoZwjleV6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 14:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:42:b6:98:04:29:dd:ee:4e:e9:0c:97:31:78:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=deb180ddc7143103f02e69cb9cda19c2395e57a1
        Validity
            Not Before: Jan  2 17:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c1ff3a05fb9bd198697777d4c6f36e1971cfa7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fb:71:c7:47:62:ff:65:5f:14:7d:78:c9:05:
                    72:aa:10:b6:db:1c:7e:be:fe:dc:9a:d9:07:6e:17:
                    ea:04:11:68:6f:da:8f:eb:e9:76:36:63:b0:f8:3c:
                    21:01:98:89:54:e1:88:e7:1b:22:37:57:c9:da:77:
                    e9:78:6c:b5:3b:fd:76:5f:23:e9:f9:ab:9e:48:11:
                    c4:ae:53:b8:36:8c:d6:88:e5:0e:84:f6:7f:c9:4a:
                    16:1d:3a:72:52:79:bb:53:83:9b:6b:28:8c:22:1c:
                    15:7a:7f:0a:4d:fb:f2:4a:76:d1:7f:1e:28:78:2d:
                    82:19:c6:bd:b2:22:bb:40:bf:8d:b9:6e:6e:48:a3:
                    41:2d:5c:3c:80:02:8e:f1:43:41:a4:97:52:53:3e:
                    86:10:c4:e4:5f:50:54:7c:2d:d8:ff:75:9e:7e:78:
                    41:66:ec:75:2c:4d:bb:e2:d4:5b:44:77:10:91:5e:
                    fa:37:a0:cd:cc:46:6b:e4:e9:ff:1e:79:cd:34:0e:
                    dd:4c:f8:14:21:4f:be:c7:9d:30:56:5a:06:96:94:
                    40:29:aa:51:68:34:99:43:05:29:3e:90:a9:46:24:
                    0b:4e:06:10:5e:17:cd:83:d4:70:df:22:44:64:25:
                    c1:3d:ed:23:0d:fc:5f:37:57:0a:2d:64:3f:43:cb:
                    8e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:1F:F3:A0:5F:B9:BD:19:86:97:77:7D:4C:6F:36:E1:97:1C:FA:7C
            X509v3 Authority Key Identifier:
                keyid:DE:B1:80:DD:C7:14:31:03:F0:2E:69:CB:9C:DA:19:C2:39:5E:57:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3rGA3ccUMQPwLmnLnNoZwjleV6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/nB_zoF-5vRmGl3d9TG824Zcc-nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/f90883-e480-4cf1-abd2-9091cd73d38c/1/3rGA3ccUMQPwLmnLnNoZwjleV6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         50:86:3b:2a:19:ad:bc:55:03:08:8b:29:c9:28:8b:52:dc:ba:
         88:f5:f1:3e:09:5c:4e:b5:95:20:e9:59:41:f5:83:92:75:01:
         46:1f:20:93:d5:5a:2d:8d:15:14:64:d0:44:14:5a:e3:c1:c1:
         ed:c9:d1:58:e7:7b:2f:26:a7:d2:00:b6:ef:ea:94:28:b4:9e:
         4c:98:c5:8f:b4:cf:16:21:8f:bc:1b:30:c3:46:23:f3:b0:b7:
         49:04:af:3a:53:a1:bb:6b:3c:7b:2a:68:d8:2e:78:61:25:72:
         18:cd:44:00:50:8c:63:84:4f:27:c0:f5:d3:44:4a:96:71:e4:
         b1:93:f9:c9:df:87:c8:74:3e:c7:3e:a8:74:8d:24:83:52:73:
         90:36:b7:51:cd:c3:c1:d3:e2:dd:fb:57:86:e9:d2:7f:e9:0a:
         12:8b:e9:69:63:fe:34:ad:2a:42:7a:84:24:b5:ae:78:9b:75:
         34:c1:69:78:17:22:e8:74:06:ff:d6:26:4a:bc:39:9a:2e:0a:
         b6:fb:a1:05:a0:c5:4a:d4:6a:d0:b9:74:70:a8:67:5c:ac:c8:
         94:37:00:62:4b:97:31:10:7c:ad:35:e0:cc:31:8b:1a:dd:34:
         5f:df:e2:bd:27:55:cf:18:c1:88:b1:5f:d1:9c:75:db:a9:e8:
         8f:1d:85:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0K2mAQp3e5O6QyXMXhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYjE4MGRkYzcxNDMxMDNmMDJlNjljYjljZGExOWMyMzk1
ZTU3YTEwHhcNMjUwMTAyMTc0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzFmZjNhMDVmYjliZDE5ODY5Nzc3N2Q0YzZmMzZlMTk3MWNmYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/txx0di/2VfFH14yQVyqhC22xx+
vv7cmtkHbhfqBBFob9qP6+l2NmOw+DwhAZiJVOGI5xsiN1fJ2nfpeGy1O/12XyPp
+aueSBHErlO4NozWiOUOhPZ/yUoWHTpyUnm7U4ObayiMIhwVen8KTfvySnbRfx4o
eC2CGca9siK7QL+NuW5uSKNBLVw8gAKO8UNBpJdSUz6GEMTkX1BUfC3Y/3WefnhB
Zux1LE274tRbRHcQkV76N6DNzEZr5On/HnnNNA7dTPgUIU++x50wVloGlpRAKapR
aDSZQwUpPpCpRiQLTgYQXhfNg9Rw3yJEZCXBPe0jDfxfN1cKLWQ/Q8uOqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwf86Bfub0Zhpd3fUxvNuGXHPp8MB8GA1UdIwQY
MBaAFN6xgN3HFDED8C5py5zaGcI5XlehMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3JHQTNjY1VNUVB3TG1uTG5Ob1p3amxlVjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mOTA4ODMtZTQ4MC00Y2YxLWFiZDIt
OTA5MWNkNzNkMzhjLzEvbkJfem9GLTV2Um1HbDNkOVRHODI0WmNjLW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mOTA4ODMtZTQ4MC00Y2YxLWFiZDItOTA5MWNkNzNkMzhj
LzEvM3JHQTNjY1VNUVB3TG1uTG5Ob1p3amxlVjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPZwMA0G
CSqGSIb3DQEBCwUAA4IBAQBQhjsqGa28VQMIiynJKItS3LqI9fE+CVxOtZUg6VlB
9YOSdQFGHyCT1VotjRUUZNBEFFrjwcHtydFY53svJqfSALbv6pQotJ5MmMWPtM8W
IY+8GzDDRiPzsLdJBK86U6G7azx7KmjYLnhhJXIYzUQAUIxjhE8nwPXTREqWceSx
k/nJ34fIdD7HPqh0jSSDUnOQNrdRzcPB0+Ld+1eG6dJ/6QoSi+lpY/40rSpCeoQk
ta54m3U0wWl4FyLodAb/1iZKvDmaLgq2+6EFoMVK1GrQuXRwqGdcrMiUNwBiS5cx
EHytNeDMMYsa3TRf3+K9J1XPGMGIsV/RnHXbqeiPHYXW
-----END CERTIFICATE-----