Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/84jYv05HnlXjbNLOmoRHkF8n8LQ.roa
File:                     84jYv05HnlXjbNLOmoRHkF8n8LQ.roa (raw, json)
Hash identifier:          /X9ewNFlsp/9ZFMAjrGm5l3SwfH8c42hlaaVDkUgEww=
Subject key identifier:   F3:88:D8:BF:4E:47:9E:55:E3:6C:D2:CE:9A:84:47:90:5F:27:F0:B4
Certificate issuer:       /CN=5a232ae38a9233ab7fc1b429a5029220afa7b288
Certificate serial:       019425FDEC1659610B626111A15655F9A450
Authority key identifier: 5A:23:2A:E3:8A:92:33:AB:7F:C1:B4:29:A5:02:92:20:AF:A7:B2:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WiMq44qSM6t_wbQppQKSIK-nsog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/84jYv05HnlXjbNLOmoRHkF8n8LQ.roa
Signing time:             Thu 02 Jan 2025 07:49:45 +0000
ROA not before:           Thu 02 Jan 2025 07:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200525
IP address blocks:        80.89.240.0/20 maxlen: 20
                          87.56.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/WiMq44qSM6t_wbQppQKSIK-nsog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/WiMq44qSM6t_wbQppQKSIK-nsog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WiMq44qSM6t_wbQppQKSIK-nsog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 01:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ec:16:59:61:0b:62:61:11:a1:56:55:f9:a4:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a232ae38a9233ab7fc1b429a5029220afa7b288
        Validity
            Not Before: Jan  2 07:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f388d8bf4e479e55e36cd2ce9a8447905f27f0b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0e:a3:d2:d2:2b:1d:28:d5:e7:06:ea:70:3d:
                    27:0e:96:41:10:c5:38:1a:9a:14:1c:1c:6d:07:18:
                    2e:f3:93:a3:d1:2a:28:39:0a:c5:b6:2f:df:52:38:
                    f6:e8:e8:8a:d5:4e:fc:64:6f:bf:96:a4:24:c8:41:
                    98:ef:90:5b:fa:a2:98:a4:2b:5e:fa:43:ae:5d:02:
                    d0:4e:ec:f4:70:e6:95:80:e2:26:9e:bb:a8:68:86:
                    92:3e:41:ef:64:3b:e8:c2:11:45:4c:45:fd:27:5d:
                    c7:fd:1e:bd:87:eb:31:92:9a:65:cd:fe:f8:2f:00:
                    8b:4a:51:94:ef:97:bf:bb:04:cb:c3:01:5b:52:c3:
                    79:d7:1d:77:f2:9f:f0:9b:d5:85:9e:ff:ad:c8:25:
                    fa:da:23:35:6b:cc:ce:8e:0d:b0:3b:b5:86:62:67:
                    89:88:0d:b9:eb:6b:56:9b:fc:3c:e9:6d:86:4c:5c:
                    04:fc:85:ca:fb:6f:dd:de:d7:57:be:a9:0b:41:c5:
                    e3:0e:56:a6:50:9c:99:bb:db:36:e3:a0:5b:e7:83:
                    b4:a5:4a:48:04:7f:c9:35:bf:9a:59:f7:20:68:d8:
                    f8:b9:00:be:f8:bd:4d:9e:2b:66:39:f9:6c:8a:d6:
                    a2:da:13:f4:cb:d6:34:3f:fd:72:aa:d1:01:0e:66:
                    bb:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:88:D8:BF:4E:47:9E:55:E3:6C:D2:CE:9A:84:47:90:5F:27:F0:B4
            X509v3 Authority Key Identifier:
                keyid:5A:23:2A:E3:8A:92:33:AB:7F:C1:B4:29:A5:02:92:20:AF:A7:B2:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WiMq44qSM6t_wbQppQKSIK-nsog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/84jYv05HnlXjbNLOmoRHkF8n8LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6aef9e-fe4d-43e7-a1cb-10a485c0b0f2/1/WiMq44qSM6t_wbQppQKSIK-nsog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.240.0/20
                  87.56.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         26:7e:26:84:64:db:0e:b6:0f:cc:91:f7:6e:99:c1:1f:95:49:
         bd:1e:c9:b6:2a:08:90:42:5b:08:97:36:e2:61:63:8a:09:0d:
         d5:72:96:a4:54:5b:eb:a3:78:29:71:09:c0:35:21:2c:70:75:
         f7:1a:7b:d8:e0:98:b9:2f:1f:f2:19:a3:b7:2c:0e:25:c6:35:
         50:57:d4:84:9b:e8:49:93:7c:78:b9:c9:9a:47:9c:33:41:e1:
         67:f3:f3:42:04:d0:43:94:33:f4:a1:d4:dd:0f:d2:f1:e9:95:
         31:e7:78:fe:6b:71:9b:f4:e6:35:76:2f:43:8e:40:d4:67:e4:
         4d:5f:45:65:18:bd:0d:a2:67:4d:68:cd:73:06:3a:57:a5:c6:
         30:70:e4:f6:19:09:85:e4:0d:19:93:4c:af:95:e0:7d:69:23:
         ce:87:c8:bd:89:5d:9d:6a:e2:57:2f:ea:0b:df:e8:b0:57:aa:
         e1:67:94:d6:74:67:da:4a:b1:ae:78:5e:ee:a0:a9:f9:7e:c6:
         23:dd:3d:f7:ad:7d:d8:a5:2c:f8:63:2b:11:9b:03:4d:74:33:
         4f:d9:18:c5:57:aa:51:92:0c:50:14:ca:72:0b:6f:d9:71:63:
         a0:53:c6:c0:c9:e8:40:c4:f2:4a:5e:6d:2e:86:44:5a:9d:b0:
         8e:2c:be:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/ewWWWELYmERoVZV+aRQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMjMyYWUzOGE5MjMzYWI3ZmMxYjQyOWE1MDI5MjIwYWZh
N2IyODgwHhcNMjUwMTAyMDc0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzg4ZDhiZjRlNDc5ZTU1ZTM2Y2QyY2U5YTg0NDc5MDVmMjdmMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjA6j0tIrHSjV5wbqcD0nDpZBEMU4
GpoUHBxtBxgu85Oj0SooOQrFti/fUjj26OiK1U78ZG+/lqQkyEGY75Bb+qKYpCte
+kOuXQLQTuz0cOaVgOImnruoaIaSPkHvZDvowhFFTEX9J13H/R69h+sxkpplzf74
LwCLSlGU75e/uwTLwwFbUsN51x138p/wm9WFnv+tyCX62iM1a8zOjg2wO7WGYmeJ
iA2562tWm/w86W2GTFwE/IXK+2/d3tdXvqkLQcXjDlamUJyZu9s246Bb54O0pUpI
BH/JNb+aWfcgaNj4uQC++L1NnitmOflsitai2hP0y9Y0P/1yqtEBDma7bQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPOI2L9OR55V42zSzpqER5BfJ/C0MB8GA1UdIwQY
MBaAFFojKuOKkjOrf8G0KaUCkiCvp7KIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2lNcTQ0cVNNNnRfd2JRcHBRS1NJSy1uc29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS82YWVmOWUtZmU0ZC00M2U3LWExY2It
MTBhNDg1YzBiMGYyLzEvODRqWXYwNUhubFhqYk5MT21vUkhrRjhuOExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS82YWVmOWUtZmU0ZC00M2U3LWExY2ItMTBhNDg1YzBiMGYy
LzEvV2lNcTQ0cVNNNnRfd2JRcHBRS1NJSy1uc29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUFnwAwQG
VzhAMA0GCSqGSIb3DQEBCwUAA4IBAQAmfiaEZNsOtg/MkfdumcEflUm9Hsm2KgiQ
QlsIlzbiYWOKCQ3VcpakVFvro3gpcQnANSEscHX3GnvY4Ji5Lx/yGaO3LA4lxjVQ
V9SEm+hJk3x4ucmaR5wzQeFn8/NCBNBDlDP0odTdD9Lx6ZUx53j+a3Gb9OY1di9D
jkDUZ+RNX0VlGL0NomdNaM1zBjpXpcYwcOT2GQmF5A0Zk0yvleB9aSPOh8i9iV2d
auJXL+oL3+iwV6rhZ5TWdGfaSrGueF7uoKn5fsYj3T33rX3YpSz4YysRmwNNdDNP
2RjFV6pRkgxQFMpyC2/ZcWOgU8bAyehAxPJKXm0uhkRanbCOLL6h
-----END CERTIFICATE-----