Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/kNJTv0u8R3n31XhM175qS3qSPYc.roa
File:                     kNJTv0u8R3n31XhM175qS3qSPYc.roa (raw, json)
Hash identifier:          yEcxvFp6oLKPqomZkL6wGasrZzjv/ubXMRsnyY1hRmM=
Subject key identifier:   90:D2:53:BF:4B:BC:47:79:F7:D5:78:4C:D7:BE:6A:4B:7A:92:3D:87
Certificate issuer:       /CN=65a665b90069bd71850602e7400c529793269e39
Certificate serial:       01942827D811E219D1E6C80E9B06C670F56B
Authority key identifier: 65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/kNJTv0u8R3n31XhM175qS3qSPYc.roa
Signing time:             Thu 02 Jan 2025 17:54:47 +0000
ROA not before:           Thu 02 Jan 2025 17:54:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215708
IP address blocks:        80.75.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:d8:11:e2:19:d1:e6:c8:0e:9b:06:c6:70:f5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65a665b90069bd71850602e7400c529793269e39
        Validity
            Not Before: Jan  2 17:54:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90d253bf4bbc4779f7d5784cd7be6a4b7a923d87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ef:36:38:8c:1e:2c:d5:50:6e:61:79:00:05:
                    74:b2:8f:33:92:7d:76:41:61:5a:3e:eb:90:25:55:
                    f8:eb:eb:12:83:47:18:db:35:1d:de:84:3b:9b:2c:
                    32:0d:2b:f4:64:f3:55:ca:9c:4a:2b:c3:61:86:9b:
                    ce:9d:08:12:39:22:3d:aa:2d:88:53:e3:68:9e:da:
                    62:9a:95:bb:e1:3e:e4:88:63:3f:15:12:8b:f9:01:
                    ea:66:f6:72:9a:c9:3a:20:11:cc:72:f2:62:d9:f1:
                    91:2b:9a:9d:8f:39:dd:94:20:48:7a:3b:1a:6a:97:
                    d8:71:d6:b4:20:7b:8e:0e:5d:a9:f1:3d:bc:62:ea:
                    02:f3:86:2f:6a:2c:b4:1e:64:e9:8d:9c:c8:69:3b:
                    6f:e9:82:9a:92:30:e4:ef:27:0b:a8:69:d4:ad:fd:
                    28:b0:57:39:3a:35:4c:c0:8f:c9:08:aa:68:6e:bd:
                    f5:40:6d:3b:ad:1b:b4:5a:06:66:68:b2:87:44:64:
                    2f:f1:a6:78:93:2f:9b:c1:09:2a:a8:3b:9f:19:65:
                    51:b1:6b:15:62:74:90:55:cf:ef:e5:68:55:ec:5b:
                    0a:60:2c:1f:b3:2b:51:32:bb:01:37:85:01:4f:64:
                    42:b6:3e:a4:c2:17:7f:5f:ca:be:e0:03:2a:ce:f8:
                    c6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D2:53:BF:4B:BC:47:79:F7:D5:78:4C:D7:BE:6A:4B:7A:92:3D:87
            X509v3 Authority Key Identifier:
                keyid:65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/kNJTv0u8R3n31XhM175qS3qSPYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:75:68:3a:5d:73:e3:74:11:dc:64:ab:95:79:56:79:a3:42:
         70:34:56:7a:54:9a:1f:23:14:c5:b7:6d:f4:6e:3c:f4:71:cb:
         a5:33:46:38:5f:87:c2:d6:c7:3d:60:c0:94:f5:05:d7:83:3e:
         ad:29:2f:e2:ad:35:be:bd:73:ff:fe:c4:52:6f:c2:52:75:dc:
         34:c2:21:ec:24:40:63:a5:90:9b:8c:48:1b:d2:2b:41:bc:29:
         fa:1b:4a:49:dc:c7:f5:76:70:73:45:46:90:b7:fe:78:ad:f6:
         c9:fc:05:22:96:d1:10:88:d6:79:b8:37:cc:b0:a7:6c:24:2f:
         f4:b9:1c:89:62:97:53:cc:8a:2a:ba:d1:bc:e0:ec:6b:e8:cb:
         eb:fd:6f:27:cb:ad:66:1d:9d:4f:34:5b:3a:e1:f5:6a:c3:81:
         7e:a5:28:d0:00:50:07:3c:59:75:a5:d1:98:42:55:24:e3:9c:
         26:9a:30:0d:29:d6:1c:f0:17:1e:b2:7c:55:21:01:62:f1:4c:
         2a:98:59:ac:5d:af:a9:22:7a:ee:3e:03:6a:f5:bb:d8:73:5f:
         24:10:09:9a:cd:ee:d7:3c:68:94:df:f3:e9:3c:62:3b:9f:7e:
         e3:fc:34:0f:15:d5:13:0e:ae:cd:ac:5d:45:c0:a0:80:f1:ef:
         8f:c0:88:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ9gR4hnR5sgOmwbGcPVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YTY2NWI5MDA2OWJkNzE4NTA2MDJlNzQwMGM1Mjk3OTMy
NjllMzkwHhcNMjUwMTAyMTc1NDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQyNTNiZjRiYmM0Nzc5ZjdkNTc4NGNkN2JlNmE0YjdhOTIzZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6O82OIweLNVQbmF5AAV0so8zkn12
QWFaPuuQJVX46+sSg0cY2zUd3oQ7mywyDSv0ZPNVypxKK8NhhpvOnQgSOSI9qi2I
U+NontpimpW74T7kiGM/FRKL+QHqZvZymsk6IBHMcvJi2fGRK5qdjzndlCBIejsa
apfYcda0IHuODl2p8T28YuoC84Yvaiy0HmTpjZzIaTtv6YKakjDk7ycLqGnUrf0o
sFc5OjVMwI/JCKpobr31QG07rRu0WgZmaLKHRGQv8aZ4ky+bwQkqqDufGWVRsWsV
YnSQVc/v5WhV7FsKYCwfsytRMrsBN4UBT2RCtj6kwhd/X8q+4AMqzvjGAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDSU79LvEd599V4TNe+akt6kj2HMB8GA1UdIwQY
MBaAFGWmZbkAab1xhQYC50AMUpeTJp45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjct
Yzk0NTdlYzgxMTUxLzEva05KVHYwdThSM24zMVhoTTE3NXFTM3FTUFljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjctYzk0NTdlYzgxMTUx
LzEvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEvVMA0G
CSqGSIb3DQEBCwUAA4IBAQAQdWg6XXPjdBHcZKuVeVZ5o0JwNFZ6VJofIxTFt230
bjz0cculM0Y4X4fC1sc9YMCU9QXXgz6tKS/irTW+vXP//sRSb8JSddw0wiHsJEBj
pZCbjEgb0itBvCn6G0pJ3Mf1dnBzRUaQt/54rfbJ/AUiltEQiNZ5uDfMsKdsJC/0
uRyJYpdTzIoqutG84Oxr6Mvr/W8ny61mHZ1PNFs64fVqw4F+pSjQAFAHPFl1pdGY
QlUk45wmmjANKdYc8BcesnxVIQFi8UwqmFmsXa+pInruPgNq9bvYc18kEAmaze7X
PGiU3/PpPGI7n37j/DQPFdUTDq7NrF1FwKCA8e+PwIgY
-----END CERTIFICATE-----