Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/p0iloktOu4HrQp8Fbazd0VMW18A.roa
File:                     p0iloktOu4HrQp8Fbazd0VMW18A.roa (raw, json)
Hash identifier:          WuG4K1BU3enI1jODi4UBhPWn6TyCLQBuQYRFhQ0mg6s=
Subject key identifier:   A7:48:A5:A2:4B:4E:BB:81:EB:42:9F:05:6D:AC:DD:D1:53:16:D7:C0
Certificate issuer:       /CN=e123860e20cdb2cfdf2cefb3753a15b822829266
Certificate serial:       019428238A4502E4DF04499CFFAB6E8ABB51
Authority key identifier: E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/p0iloktOu4HrQp8Fbazd0VMW18A.roa
Signing time:             Thu 02 Jan 2025 17:50:05 +0000
ROA not before:           Thu 02 Jan 2025 17:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205368
IP address blocks:        80.86.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:8a:45:02:e4:df:04:49:9c:ff:ab:6e:8a:bb:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e123860e20cdb2cfdf2cefb3753a15b822829266
        Validity
            Not Before: Jan  2 17:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a748a5a24b4ebb81eb429f056dacddd15316d7c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:aa:e3:54:ae:29:fe:cc:ab:06:7c:ad:5a:0b:
                    1a:2a:58:38:3c:30:9e:5b:e9:71:a4:54:b8:df:32:
                    6e:6d:c0:4c:39:9c:62:37:39:e8:5c:1a:7c:58:2e:
                    ca:47:9b:d7:78:af:45:5e:35:ca:c6:b4:47:ac:a3:
                    2b:b0:ff:c1:a4:64:c5:49:a7:1a:a1:e5:0f:2f:4d:
                    05:0f:19:79:43:a8:1b:4d:d1:a3:48:58:1d:6b:93:
                    1d:cf:45:5f:b2:f0:ce:8e:f8:90:14:f9:bc:95:cf:
                    51:99:7a:42:e0:0e:d0:49:9e:15:46:a5:fd:e8:f5:
                    20:79:fc:93:4c:2f:05:56:7b:37:c1:29:70:00:ca:
                    73:31:b2:78:19:03:3c:b1:e5:36:6c:9d:b1:22:36:
                    4d:c2:30:7a:23:c4:99:47:f2:1c:5a:4e:a0:53:1a:
                    22:d5:57:41:2d:7f:71:50:ba:78:ba:db:44:6c:43:
                    e5:0d:10:1d:d2:43:30:22:de:da:e1:5c:94:be:91:
                    2d:04:34:1c:e6:c9:4c:22:c8:b5:b0:47:87:d1:bc:
                    1f:ad:f7:3c:cb:04:b4:a5:d4:86:bd:2c:a2:41:95:
                    15:1d:4f:95:b4:21:d1:e7:bf:23:7b:76:0d:b7:d1:
                    81:15:68:f9:bd:1f:fe:6a:62:31:a6:b9:9c:75:a2:
                    d4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:48:A5:A2:4B:4E:BB:81:EB:42:9F:05:6D:AC:DD:D1:53:16:D7:C0
            X509v3 Authority Key Identifier:
                keyid:E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/p0iloktOu4HrQp8Fbazd0VMW18A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.86.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:32:28:1e:b1:5c:73:73:73:92:37:17:d5:29:28:ce:76:01:
         50:66:b0:b1:9c:83:d7:ab:ce:30:f2:b7:8f:59:8d:4b:3b:c7:
         48:8e:27:b7:a9:08:b0:9b:be:fc:60:79:94:86:cc:ef:09:7d:
         01:e0:74:bf:3c:7f:95:ed:ce:5f:1e:e9:1e:50:10:73:99:47:
         3e:3a:57:67:7e:0f:cc:20:2e:3e:93:76:5a:a1:85:0c:33:df:
         e8:13:68:4d:30:3e:c7:10:8d:3a:09:4c:37:aa:c8:75:ad:ee:
         40:ea:03:d0:23:67:4c:10:86:f7:b4:2b:63:5e:9e:8f:e5:2c:
         ec:76:a4:19:cf:46:28:b6:7a:73:a4:1c:67:40:44:33:e7:6c:
         b3:f7:f1:a6:14:74:ec:66:39:c0:70:5d:0e:21:fc:2e:b3:47:
         09:55:4d:f6:3f:d9:86:71:0c:c9:f6:2f:94:a7:b3:af:dc:d8:
         e3:50:5c:59:d0:b0:9b:86:47:91:85:8d:39:7a:9a:e9:33:8b:
         75:4d:6a:2b:16:f2:87:2a:74:a0:97:40:22:06:9e:ca:8a:7e:
         f8:91:06:1c:ed:14:22:e2:c1:6a:d4:ef:ac:ba:2e:a0:41:59:
         ef:77:8a:03:1d:85:55:5a:4c:2f:8a:21:6b:72:cd:46:35:ef:
         18:17:3b:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4pFAuTfBEmc/6tuirtRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMjM4NjBlMjBjZGIyY2ZkZjJjZWZiMzc1M2ExNWI4MjI4
MjkyNjYwHhcNMjUwMTAyMTc1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzQ4YTVhMjRiNGViYjgxZWI0MjlmMDU2ZGFjZGRkMTUzMTZkN2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6rjVK4p/syrBnytWgsaKlg4PDCe
W+lxpFS43zJubcBMOZxiNznoXBp8WC7KR5vXeK9FXjXKxrRHrKMrsP/BpGTFSaca
oeUPL00FDxl5Q6gbTdGjSFgda5Mdz0VfsvDOjviQFPm8lc9RmXpC4A7QSZ4VRqX9
6PUgefyTTC8FVns3wSlwAMpzMbJ4GQM8seU2bJ2xIjZNwjB6I8SZR/IcWk6gUxoi
1VdBLX9xULp4uttEbEPlDRAd0kMwIt7a4VyUvpEtBDQc5slMIsi1sEeH0bwfrfc8
ywS0pdSGvSyiQZUVHU+VtCHR578je3YNt9GBFWj5vR/+amIxprmcdaLUUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdIpaJLTruB60KfBW2s3dFTFtfAMB8GA1UdIwQY
MBaAFOEjhg4gzbLP3yzvs3U6FbgigpJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFNPR0RpRE5zc19mTE8temRUb1Z1Q0tDa21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC84MTA1OTktNzMxYS00ODZhLWIyM2Yt
NDc1MzdlYjY0NGY1LzEvcDBpbG9rdE91NEhyUXA4RmJhemQwVk1XMThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC84MTA1OTktNzMxYS00ODZhLWIyM2YtNDc1MzdlYjY0NGY1
LzEvNFNPR0RpRE5zc19mTE8temRUb1Z1Q0tDa21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFblMA0G
CSqGSIb3DQEBCwUAA4IBAQA2MigesVxzc3OSNxfVKSjOdgFQZrCxnIPXq84w8reP
WY1LO8dIjie3qQiwm778YHmUhszvCX0B4HS/PH+V7c5fHukeUBBzmUc+Oldnfg/M
IC4+k3ZaoYUMM9/oE2hNMD7HEI06CUw3qsh1re5A6gPQI2dMEIb3tCtjXp6P5Szs
dqQZz0YotnpzpBxnQEQz52yz9/GmFHTsZjnAcF0OIfwus0cJVU32P9mGcQzJ9i+U
p7Ov3NjjUFxZ0LCbhkeRhY05eprpM4t1TWorFvKHKnSgl0AiBp7Kin74kQYc7RQi
4sFq1O+sui6gQVnvd4oDHYVVWkwviiFrcs1GNe8YFzs4
-----END CERTIFICATE-----