Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/tLaWKw3WmHb20kxwM4G1kQ4uW9w.roa
File:                     tLaWKw3WmHb20kxwM4G1kQ4uW9w.roa (raw, json)
Hash identifier:          obhetsuugpMrSbVSqt3NiPZQ+jRMpp3fx8OhfxyMvVc=
Subject key identifier:   B4:B6:96:2B:0D:D6:98:76:F6:D2:4C:70:33:81:B5:91:0E:2E:5B:DC
Certificate issuer:       /CN=8cfff21538e225618314615e4f0d0688b7b0dd5a
Certificate serial:       019425FD6F5E6EC7A7D3127FC15B9094D10E
Authority key identifier: 8C:FF:F2:15:38:E2:25:61:83:14:61:5E:4F:0D:06:88:B7:B0:DD:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/tLaWKw3WmHb20kxwM4G1kQ4uW9w.roa
Signing time:             Thu 02 Jan 2025 07:49:13 +0000
ROA not before:           Thu 02 Jan 2025 07:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39292
IP address blocks:        185.80.247.0/24 maxlen: 24
                          2a01:1b1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:6f:5e:6e:c7:a7:d3:12:7f:c1:5b:90:94:d1:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cfff21538e225618314615e4f0d0688b7b0dd5a
        Validity
            Not Before: Jan  2 07:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4b6962b0dd69876f6d24c703381b5910e2e5bdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fd:1a:d2:f6:70:96:c1:33:78:3f:2d:6c:56:
                    f5:cf:6f:8c:b9:ac:6d:70:58:d9:dc:94:75:cb:c3:
                    13:46:42:52:12:a3:a6:53:81:6f:5d:48:1e:3f:83:
                    6f:96:8d:1c:03:d9:dc:1c:3d:19:06:a0:35:9e:69:
                    82:5d:71:39:fe:a4:06:c6:52:0a:21:8c:55:93:bb:
                    8b:5c:22:3b:da:f4:65:9b:5f:dc:58:55:a8:60:f7:
                    58:38:ad:1d:99:ca:c7:8b:29:9b:b1:9f:5c:fa:95:
                    1c:f3:d0:3c:2f:24:7f:61:4b:29:76:b6:27:2e:43:
                    3b:4d:c4:03:5d:47:a5:6a:00:30:f9:c4:e5:b9:70:
                    38:26:63:d4:d7:8b:31:31:5c:80:3d:97:30:55:e5:
                    d3:d7:cf:52:d0:7d:c7:3a:6c:bf:8a:3b:a0:66:02:
                    65:a0:96:bc:a8:ff:d3:d3:17:76:02:36:99:ae:37:
                    92:1f:41:b6:c0:76:02:11:1e:2c:dd:46:a1:05:db:
                    01:1f:63:bb:6f:e6:cd:95:3d:ae:63:f6:68:1e:61:
                    94:d6:53:1e:50:73:ae:ff:15:61:76:f8:9b:8d:c0:
                    2b:f2:d6:e5:07:1c:b7:0a:59:64:bb:66:8c:ed:01:
                    7c:40:ae:db:cf:c3:80:a0:44:4d:e0:63:1d:4b:92:
                    c7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B6:96:2B:0D:D6:98:76:F6:D2:4C:70:33:81:B5:91:0E:2E:5B:DC
            X509v3 Authority Key Identifier:
                keyid:8C:FF:F2:15:38:E2:25:61:83:14:61:5E:4F:0D:06:88:B7:B0:DD:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/tLaWKw3WmHb20kxwM4G1kQ4uW9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.247.0/24
                IPv6:
                  2a01:1b1::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:60:e5:1a:39:52:46:69:35:a4:f6:11:9b:db:1b:db:4f:33:
         30:f6:bc:c8:95:c8:d0:1d:8a:46:b1:1d:ca:89:8f:bf:30:bb:
         e9:84:5f:22:f3:bf:c3:e2:3f:35:9d:bf:dd:fa:ee:3f:9d:38:
         c8:dc:de:3d:7b:85:77:ef:d1:77:2c:74:b7:cc:e0:38:e0:a5:
         02:02:4a:84:b8:51:16:32:97:2e:73:ff:ef:65:e6:55:bf:d0:
         98:ae:c7:d5:a1:79:f9:ce:7d:1c:ae:af:a4:b4:10:65:6a:7f:
         3c:5d:03:65:14:f3:d1:59:a1:8e:68:ef:8e:b7:dd:fd:49:9c:
         49:a9:a5:e5:38:b3:ce:98:60:73:2c:72:07:97:9f:8f:26:49:
         3d:14:37:18:8c:97:7a:56:68:d6:eb:a2:b4:ce:c6:5e:49:1e:
         41:ab:8a:4d:b3:e1:fa:c7:42:e0:bc:43:de:c2:a1:61:de:56:
         e5:10:ec:e0:d3:60:dd:45:1e:c9:ce:23:48:ad:1f:9f:f6:be:
         a9:0a:9b:f0:08:14:20:cc:41:11:c6:aa:5f:00:f2:ab:ef:f7:
         c3:9f:d7:7c:72:5a:50:af:2b:d6:6c:fa:a6:bc:8a:f4:23:ad:
         d6:a0:e3:29:3e:d0:b4:37:d6:7f:9e:2f:ea:65:2d:14:0e:e1:
         a7:87:32:4d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/W9ebsen0xJ/wVuQlNEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZmZmMjE1MzhlMjI1NjE4MzE0NjE1ZTRmMGQwNjg4Yjdi
MGRkNWEwHhcNMjUwMTAyMDc0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGI2OTYyYjBkZDY5ODc2ZjZkMjRjNzAzMzgxYjU5MTBlMmU1YmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqv0a0vZwlsEzeD8tbFb1z2+Muaxt
cFjZ3JR1y8MTRkJSEqOmU4FvXUgeP4Nvlo0cA9ncHD0ZBqA1nmmCXXE5/qQGxlIK
IYxVk7uLXCI72vRlm1/cWFWoYPdYOK0dmcrHiymbsZ9c+pUc89A8LyR/YUspdrYn
LkM7TcQDXUelagAw+cTluXA4JmPU14sxMVyAPZcwVeXT189S0H3HOmy/ijugZgJl
oJa8qP/T0xd2AjaZrjeSH0G2wHYCER4s3UahBdsBH2O7b+bNlT2uY/ZoHmGU1lMe
UHOu/xVhdvibjcAr8tblBxy3Cllku2aM7QF8QK7bz8OAoERN4GMdS5LHvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLS2lisN1ph29tJMcDOBtZEOLlvcMB8GA1UdIwQY
MBaAFIz/8hU44iVhgxRhXk8NBoi3sN1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalBfeUZUamlKV0dERkdGZVR3MEdpTGV3M1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82NzUwMWEtNzhkYi00YzM4LThhOTUt
MjYxNjY2YzNhNTg5LzEvdExhV0t3M1dtSGIyMGt4d000RzFrUTR1Vzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi82NzUwMWEtNzhkYi00YzM4LThhOTUtMjYxNjY2YzNhNTg5
LzEvalBfeUZUamlKV0dERkdGZVR3MEdpTGV3M1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuVD3MA0E
AgACMAcDBQAqAQGxMA0GCSqGSIb3DQEBCwUAA4IBAQB9YOUaOVJGaTWk9hGb2xvb
TzMw9rzIlcjQHYpGsR3KiY+/MLvphF8i87/D4j81nb/d+u4/nTjI3N49e4V379F3
LHS3zOA44KUCAkqEuFEWMpcuc//vZeZVv9CYrsfVoXn5zn0crq+ktBBlan88XQNl
FPPRWaGOaO+Ot939SZxJqaXlOLPOmGBzLHIHl5+PJkk9FDcYjJd6VmjW66K0zsZe
SR5Bq4pNs+H6x0LgvEPewqFh3lblEOzg02DdRR7JziNIrR+f9r6pCpvwCBQgzEER
xqpfAPKr7/fDn9d8clpQryvWbPqmvIr0I63WoOMpPtC0N9Z/ni/qZS0UDuGnhzJN
-----END CERTIFICATE-----