Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/1BrWLjMvPfJ2AAXv763ygqbgkNQ.roa
File:                     1BrWLjMvPfJ2AAXv763ygqbgkNQ.roa (raw, json)
Hash identifier:          RBpqMimqIz4ZBKTkjLflHVRdiRdhH3HJalJW30rdclU=
Subject key identifier:   D4:1A:D6:2E:33:2F:3D:F2:76:00:05:EF:EF:AD:F2:82:A6:E0:90:D4
Certificate issuer:       /CN=e123860e20cdb2cfdf2cefb3753a15b822829266
Certificate serial:       018CC5DC47FE17BC8E14DD8609204609A090
Authority key identifier: E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/1BrWLjMvPfJ2AAXv763ygqbgkNQ.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199620
IP address blocks:        80.86.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:47:fe:17:bc:8e:14:dd:86:09:20:46:09:a0:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e123860e20cdb2cfdf2cefb3753a15b822829266
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d41ad62e332f3df2760005efefadf282a6e090d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ee:88:34:97:2a:da:e5:5f:9a:a3:16:b8:1a:
                    73:d9:31:fe:c0:a0:e2:af:f0:4e:44:c2:4e:6b:9d:
                    35:1e:9f:d1:7c:9d:ea:ef:ff:2d:4f:44:44:8b:81:
                    0c:76:48:69:e8:56:52:01:5a:4a:3a:76:58:5b:da:
                    56:7f:f6:8c:76:df:9c:6d:c5:ec:16:4b:cf:20:be:
                    d5:f8:67:20:97:9f:ea:81:a3:44:08:67:4a:1e:c8:
                    2c:1e:cc:c6:8a:2c:a5:6f:9c:73:0d:bd:f2:97:43:
                    42:c1:d2:fb:00:98:24:f4:fb:bf:55:3d:6f:df:74:
                    f0:98:25:3e:d6:2a:fb:87:3d:cc:9e:e2:34:b6:8d:
                    aa:41:06:f5:1f:2c:aa:31:71:05:30:8d:a0:55:88:
                    a5:2e:b7:67:18:07:b6:3e:3e:08:31:fb:0f:ae:7a:
                    25:c1:46:d0:aa:e0:b5:ee:76:19:80:38:e3:a6:8d:
                    9f:27:36:42:6a:31:02:7a:17:0b:92:de:17:1d:25:
                    9e:03:7b:b7:f5:e9:09:bf:b3:21:cc:aa:0b:66:9e:
                    e7:f7:a0:99:fe:22:23:8b:87:cd:28:57:4c:b0:cc:
                    01:e2:95:99:84:16:d3:84:3e:9b:c8:28:e5:9e:4e:
                    13:9e:12:db:3c:e2:7f:ea:a9:0e:be:fc:d4:c7:65:
                    05:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:1A:D6:2E:33:2F:3D:F2:76:00:05:EF:EF:AD:F2:82:A6:E0:90:D4
            X509v3 Authority Key Identifier:
                keyid:E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/1BrWLjMvPfJ2AAXv763ygqbgkNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.86.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:21:0d:de:1f:e6:c5:29:27:36:98:3b:23:db:67:ab:09:bc:
         4a:8e:9e:ba:b7:7e:2f:2e:67:f3:f2:95:a7:a0:1d:ec:98:d3:
         48:e0:4d:7f:55:79:7f:57:29:0b:06:e1:49:bd:3f:25:1b:75:
         e9:4b:2a:fd:84:66:9c:9b:a8:ab:00:f4:7a:0f:09:8d:89:85:
         89:8d:ef:9a:88:80:89:cc:99:39:6e:55:37:74:5b:cc:33:1e:
         df:7b:8f:1b:3f:a7:d6:23:39:b0:f3:4b:82:49:c6:a4:18:38:
         6e:a4:79:f9:1a:9c:d7:d4:af:b0:8b:16:a8:4b:aa:62:c6:d0:
         d4:36:da:45:0f:d5:e8:24:b9:35:44:c4:b9:77:93:96:43:48:
         be:b9:40:a8:7c:fe:5b:09:b2:37:17:20:41:22:b2:28:a3:3a:
         7d:d7:60:03:97:8f:63:40:99:7a:b1:07:4a:25:0c:0b:6c:88:
         3c:04:1f:ef:d6:08:8f:a6:45:b9:aa:d9:0a:85:cc:05:27:66:
         3f:19:53:52:cf:17:06:2c:0c:91:06:10:bc:29:a6:7a:73:ba:
         dd:9a:72:d4:f0:85:b1:85:aa:ca:9c:f7:78:27:b9:6f:5b:e9:
         34:a6:d3:cc:29:f2:f9:bc:de:eb:b4:23:a8:f9:1a:3c:9a:9f:
         c6:84:32:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Ef+F7yOFN2GCSBGCaCQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMjM4NjBlMjBjZGIyY2ZkZjJjZWZiMzc1M2ExNWI4MjI4
MjkyNjYwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDFhZDYyZTMzMmYzZGYyNzYwMDA1ZWZlZmFkZjI4MmE2ZTA5MGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+6INJcq2uVfmqMWuBpz2TH+wKDi
r/BORMJOa501Hp/RfJ3q7/8tT0REi4EMdkhp6FZSAVpKOnZYW9pWf/aMdt+cbcXs
FkvPIL7V+Gcgl5/qgaNECGdKHsgsHszGiiylb5xzDb3yl0NCwdL7AJgk9Pu/VT1v
33TwmCU+1ir7hz3MnuI0to2qQQb1HyyqMXEFMI2gVYilLrdnGAe2Pj4IMfsPrnol
wUbQquC17nYZgDjjpo2fJzZCajECehcLkt4XHSWeA3u39ekJv7MhzKoLZp7n96CZ
/iIji4fNKFdMsMwB4pWZhBbThD6byCjlnk4TnhLbPOJ/6qkOvvzUx2UFKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQa1i4zLz3ydgAF7++t8oKm4JDUMB8GA1UdIwQY
MBaAFOEjhg4gzbLP3yzvs3U6FbgigpJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFNPR0RpRE5zc19mTE8temRUb1Z1Q0tDa21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC84MTA1OTktNzMxYS00ODZhLWIyM2Yt
NDc1MzdlYjY0NGY1LzEvMUJyV0xqTXZQZkoyQUFYdjc2M3lncWJna05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC84MTA1OTktNzMxYS00ODZhLWIyM2YtNDc1MzdlYjY0NGY1
LzEvNFNPR0RpRE5zc19mTE8temRUb1Z1Q0tDa21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFbuMA0G
CSqGSIb3DQEBCwUAA4IBAQBoIQ3eH+bFKSc2mDsj22erCbxKjp66t34vLmfz8pWn
oB3smNNI4E1/VXl/VykLBuFJvT8lG3XpSyr9hGacm6irAPR6DwmNiYWJje+aiICJ
zJk5blU3dFvMMx7fe48bP6fWIzmw80uCScakGDhupHn5GpzX1K+wixaoS6pixtDU
NtpFD9XoJLk1RMS5d5OWQ0i+uUCofP5bCbI3FyBBIrIoozp912ADl49jQJl6sQdK
JQwLbIg8BB/v1giPpkW5qtkKhcwFJ2Y/GVNSzxcGLAyRBhC8KaZ6c7rdmnLU8IWx
harKnPd4J7lvW+k0ptPMKfL5vN7rtCOo+Ro8mp/GhDK3
-----END CERTIFICATE-----