Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/iZdALZgWTcZE0rmj6oYqygFYrko.roa
File:                     iZdALZgWTcZE0rmj6oYqygFYrko.roa (raw, json)
Hash identifier:          7mFxFgkTd6jM+S66gZcpfFjY8tzvlzxOjAqjRTKPbWw=
Subject key identifier:   89:97:40:2D:98:16:4D:C6:44:D2:B9:A3:EA:86:2A:CA:01:58:AE:4A
Certificate issuer:       /CN=083332d2f60784f12bb2d210aec80ab41bbf1159
Certificate serial:       018CCA286050AFCA8C6BA16C8642B36C90D9
Authority key identifier: 08:33:32:D2:F6:07:84:F1:2B:B2:D2:10:AE:C8:0A:B4:1B:BF:11:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDMy0vYHhPErstIQrsgKtBu_EVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/iZdALZgWTcZE0rmj6oYqygFYrko.roa
Signing time:             Tue 02 Jan 2024 12:31:32 +0000
ROA not before:           Tue 02 Jan 2024 12:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59441
IP address blocks:        80.91.208.0/24 maxlen: 24
                          2a09:5880::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/CDMy0vYHhPErstIQrsgKtBu_EVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/CDMy0vYHhPErstIQrsgKtBu_EVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDMy0vYHhPErstIQrsgKtBu_EVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:60:50:af:ca:8c:6b:a1:6c:86:42:b3:6c:90:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=083332d2f60784f12bb2d210aec80ab41bbf1159
        Validity
            Not Before: Jan  2 12:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8997402d98164dc644d2b9a3ea862aca0158ae4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a2:63:8b:ab:6c:6e:8a:ac:e3:b2:0d:cb:a4:
                    69:08:a3:50:59:67:3a:da:37:67:23:13:d5:7a:f6:
                    42:f5:b9:91:d3:86:0f:5b:31:ca:07:86:61:77:90:
                    6c:a7:05:39:92:c5:49:8b:96:08:ed:f3:63:d6:7d:
                    de:02:de:0e:1d:04:f5:da:90:9f:a6:ef:ab:52:8f:
                    9f:8d:62:51:07:1f:4c:4f:0f:91:fb:0e:ff:d6:9d:
                    1a:8b:96:01:7b:8b:c2:a2:6f:b4:2f:40:20:65:7f:
                    22:d3:54:1a:2b:de:69:d6:c0:97:75:f1:39:de:99:
                    17:d8:22:9f:97:70:af:bd:8a:ca:fc:29:cb:96:e0:
                    7c:a8:f9:a0:73:d6:2d:03:9c:1e:51:f6:b0:0d:12:
                    2f:62:a4:a5:4c:c1:69:34:c0:ca:b3:e5:fc:e6:32:
                    ba:1a:df:f7:b9:ed:a9:b3:a3:35:7b:73:6d:f8:56:
                    9c:73:a2:3d:29:a4:2a:70:44:a8:17:8b:24:30:db:
                    fc:a2:76:91:17:15:94:ed:bf:c7:ac:fa:fd:0c:15:
                    86:46:35:fd:e7:28:ed:9a:6e:6f:fd:d8:16:e5:60:
                    5b:24:d2:14:9a:83:86:2a:e0:fd:45:69:99:15:56:
                    3f:c8:5f:62:95:0a:05:8f:b7:0c:9b:ed:73:3b:90:
                    b2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:97:40:2D:98:16:4D:C6:44:D2:B9:A3:EA:86:2A:CA:01:58:AE:4A
            X509v3 Authority Key Identifier:
                keyid:08:33:32:D2:F6:07:84:F1:2B:B2:D2:10:AE:C8:0A:B4:1B:BF:11:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDMy0vYHhPErstIQrsgKtBu_EVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/iZdALZgWTcZE0rmj6oYqygFYrko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/3ea1ae-1f87-4cfb-9412-df542cdc3976/1/CDMy0vYHhPErstIQrsgKtBu_EVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.208.0/24
                IPv6:
                  2a09:5880::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:0f:39:f3:fa:73:af:92:40:d1:88:ba:23:bf:99:79:2e:af:
         85:49:42:a2:44:03:ee:8a:69:3e:7c:cb:10:09:50:a6:ba:b8:
         55:6b:43:c2:fc:25:5b:fd:e2:8a:58:b4:46:6e:4c:b6:9c:03:
         93:83:cc:e0:e6:c6:43:0a:fd:71:7f:30:13:eb:1a:67:d4:bb:
         40:2d:e1:d6:f2:b1:7f:b1:b5:33:28:73:99:3f:ce:80:5d:e5:
         61:6a:9f:67:28:44:a3:a7:59:ca:8f:52:8d:50:7a:14:14:15:
         95:80:73:59:e5:a6:fa:8d:a1:f9:d5:c0:35:75:21:75:5b:58:
         ae:29:7a:d3:9f:59:5e:ed:3f:3c:33:e4:52:27:af:9b:de:8f:
         bf:26:90:c9:5e:5f:b1:17:0b:5a:91:eb:e4:5f:f8:54:ee:45:
         3b:91:4c:c6:b0:58:ab:33:8b:bc:53:56:cb:04:45:a8:14:0a:
         81:55:26:d1:01:54:44:87:e7:fd:13:af:0f:50:28:38:59:f6:
         67:38:68:90:4a:a7:f2:a1:53:c5:66:06:7f:c8:1e:97:a6:a8:
         92:f5:12:69:dc:18:4d:da:7b:47:8e:6c:3f:4e:84:b2:00:79:
         f5:81:50:5f:b5:b4:ce:72:5f:d1:90:6a:b5:e9:2e:95:d6:c2:
         f2:bb:64:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKGBQr8qMa6FshkKzbJDZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzMzMmQyZjYwNzg0ZjEyYmIyZDIxMGFlYzgwYWI0MWJi
ZjExNTkwHhcNMjQwMTAyMTIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTk3NDAyZDk4MTY0ZGM2NDRkMmI5YTNlYTg2MmFjYTAxNThhZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKJji6tsboqs47INy6RpCKNQWWc6
2jdnIxPVevZC9bmR04YPWzHKB4Zhd5BspwU5ksVJi5YI7fNj1n3eAt4OHQT12pCf
pu+rUo+fjWJRBx9MTw+R+w7/1p0ai5YBe4vCom+0L0AgZX8i01QaK95p1sCXdfE5
3pkX2CKfl3CvvYrK/CnLluB8qPmgc9YtA5weUfawDRIvYqSlTMFpNMDKs+X85jK6
Gt/3ue2ps6M1e3Nt+Facc6I9KaQqcESoF4skMNv8onaRFxWU7b/HrPr9DBWGRjX9
5yjtmm5v/dgW5WBbJNIUmoOGKuD9RWmZFVY/yF9ilQoFj7cMm+1zO5CytQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFImXQC2YFk3GRNK5o+qGKsoBWK5KMB8GA1UdIwQY
MBaAFAgzMtL2B4TxK7LSEK7ICrQbvxFZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RNeTB2WUhoUEVyc3RJUXJzZ0t0QnVfRVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8zZWExYWUtMWY4Ny00Y2ZiLTk0MTIt
ZGY1NDJjZGMzOTc2LzEvaVpkQUxaZ1dUY1pFMHJtajZvWXF5Z0ZZcmtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8zZWExYWUtMWY4Ny00Y2ZiLTk0MTItZGY1NDJjZGMzOTc2
LzEvQ0RNeTB2WUhoUEVyc3RJUXJzZ0t0QnVfRVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUFvQMA0E
AgACMAcDBQMqCViAMA0GCSqGSIb3DQEBCwUAA4IBAQAqDznz+nOvkkDRiLojv5l5
Lq+FSUKiRAPuimk+fMsQCVCmurhVa0PC/CVb/eKKWLRGbky2nAOTg8zg5sZDCv1x
fzAT6xpn1LtALeHW8rF/sbUzKHOZP86AXeVhap9nKESjp1nKj1KNUHoUFBWVgHNZ
5ab6jaH51cA1dSF1W1iuKXrTn1le7T88M+RSJ6+b3o+/JpDJXl+xFwtakevkX/hU
7kU7kUzGsFirM4u8U1bLBEWoFAqBVSbRAVREh+f9E68PUCg4WfZnOGiQSqfyoVPF
ZgZ/yB6XpqiS9RJp3BhN2ntHjmw/ToSyAHn1gVBftbTOcl/RkGq16S6V1sLyu2RC
-----END CERTIFICATE-----