Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Bxg7FLth5x6lkfZm8SdN-5wO5mo.roa
File:                     Bxg7FLth5x6lkfZm8SdN-5wO5mo.roa (raw, json)
Hash identifier:          3uzJPFHmR6FTaMf7jCDFEXbKcpx1tEtjVLJGMZsjOM4=
Subject key identifier:   07:18:3B:14:BB:61:E7:1E:A5:91:F6:66:F1:27:4D:FB:9C:0E:E6:6A
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01942748428DD004E719A546B0D205183F72
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Bxg7FLth5x6lkfZm8SdN-5wO5mo.roa
Signing time:             Thu 02 Jan 2025 13:50:34 +0000
ROA not before:           Thu 02 Jan 2025 13:50:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202349
IP address blocks:        80.66.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:42:8d:d0:04:e7:19:a5:46:b0:d2:05:18:3f:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07183b14bb61e71ea591f666f1274dfb9c0ee66a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ad:82:99:0e:7f:65:db:ed:4f:49:17:2e:10:
                    26:52:db:23:5c:de:20:86:69:7c:39:7c:dd:39:07:
                    a9:e0:7c:80:3b:fb:b8:e1:5f:ce:49:ce:16:1e:6d:
                    d2:0d:b1:db:fc:e5:a2:16:b5:92:1d:b4:e0:a8:d4:
                    06:c4:b1:05:5a:fb:86:4e:b7:f8:df:d5:fb:51:91:
                    de:7a:5b:cf:ef:f2:a5:f9:63:c1:35:29:c0:61:f4:
                    98:6b:24:ab:0f:88:dd:f5:df:02:64:1f:d2:30:81:
                    ae:1b:bf:c5:cb:38:06:3e:e2:1a:06:6b:1c:ed:6f:
                    62:da:5e:39:44:a2:f1:ec:22:ef:b1:c0:2f:01:e7:
                    8a:9a:71:1d:5e:7c:39:60:7b:c9:c5:10:ec:29:bd:
                    22:a9:c5:7d:32:89:13:d7:fe:f4:7c:0f:30:0b:45:
                    20:7d:19:bd:e7:20:62:08:89:79:3d:03:c7:5e:3c:
                    f9:72:97:79:d6:58:55:ed:df:af:5a:80:fc:d1:8f:
                    a4:87:f5:e8:7b:35:da:c4:19:0c:ba:cd:ad:89:87:
                    02:20:32:e4:08:ed:a5:3b:79:b2:6b:5d:8d:61:da:
                    c3:2a:5c:2d:1e:7c:1b:5c:01:d0:3b:f0:55:1a:80:
                    94:b8:08:fa:6a:ca:51:e2:ad:7c:76:67:3a:b3:f4:
                    18:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:18:3B:14:BB:61:E7:1E:A5:91:F6:66:F1:27:4D:FB:9C:0E:E6:6A
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Bxg7FLth5x6lkfZm8SdN-5wO5mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:a7:a0:82:a0:2d:f2:1d:e0:85:58:e5:0a:0a:3a:fa:fc:64:
         ac:ba:be:24:cb:e2:d1:fc:73:ee:11:a5:eb:e5:44:5d:47:a5:
         ff:4c:e6:50:c9:a0:e5:8f:a8:4b:88:a5:77:b6:48:9c:05:c7:
         c7:78:f4:55:78:e9:1c:18:fe:25:73:21:19:ac:47:d9:25:7f:
         cd:6f:f6:2e:38:a5:4e:d3:a6:83:78:5a:7d:b5:78:c4:f2:16:
         c7:bd:29:e8:8c:75:cc:32:87:5c:38:d0:20:2c:79:9e:bc:2e:
         9b:09:b4:ff:5a:40:91:7a:2a:50:d5:35:75:d6:7b:3a:6d:d0:
         5c:ac:c7:fa:b5:0d:d6:af:57:95:2e:90:0e:ee:2d:6f:95:ba:
         8d:14:d4:fd:4d:3e:9b:06:f9:13:37:45:40:6d:02:a8:91:69:
         61:04:ad:15:99:20:5b:00:d9:8c:e7:ad:2c:ab:b1:b6:5a:89:
         82:d9:1c:0f:9c:f1:32:44:a7:1e:cf:cc:1d:3f:56:4f:21:e2:
         b1:09:a2:ce:fe:bb:01:e8:90:f0:e7:a5:14:dc:cc:2f:ab:06:
         7e:2d:2f:34:d0:44:b9:e6:3c:3b:d7:ae:76:49:1c:e5:fb:fb:
         e2:11:d9:8d:b6:61:f3:93:fb:68:74:6b:09:2d:46:4d:2e:e7:
         c3:7b:08:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEKN0ATnGaVGsNIFGD9yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzE4M2IxNGJiNjFlNzFlYTU5MWY2NjZmMTI3NGRmYjljMGVlNjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv62CmQ5/ZdvtT0kXLhAmUtsjXN4g
hml8OXzdOQep4HyAO/u44V/OSc4WHm3SDbHb/OWiFrWSHbTgqNQGxLEFWvuGTrf4
39X7UZHeelvP7/Kl+WPBNSnAYfSYaySrD4jd9d8CZB/SMIGuG7/FyzgGPuIaBmsc
7W9i2l45RKLx7CLvscAvAeeKmnEdXnw5YHvJxRDsKb0iqcV9MokT1/70fA8wC0Ug
fRm95yBiCIl5PQPHXjz5cpd51lhV7d+vWoD80Y+kh/XoezXaxBkMus2tiYcCIDLk
CO2lO3mya12NYdrDKlwtHnwbXAHQO/BVGoCUuAj6aspR4q18dmc6s/QY+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcYOxS7YecepZH2ZvEnTfucDuZqMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvQnhnN0ZMdGg1eDZsa2ZabThTZE4tNXdPNW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJ/MA0G
CSqGSIb3DQEBCwUAA4IBAQBYp6CCoC3yHeCFWOUKCjr6/GSsur4ky+LR/HPuEaXr
5URdR6X/TOZQyaDlj6hLiKV3tkicBcfHePRVeOkcGP4lcyEZrEfZJX/Nb/YuOKVO
06aDeFp9tXjE8hbHvSnojHXMModcONAgLHmevC6bCbT/WkCReipQ1TV11ns6bdBc
rMf6tQ3Wr1eVLpAO7i1vlbqNFNT9TT6bBvkTN0VAbQKokWlhBK0VmSBbANmM560s
q7G2WomC2RwPnPEyRKcez8wdP1ZPIeKxCaLO/rsB6JDw56UU3MwvqwZ+LS800ES5
5jw71652SRzl+/viEdmNtmHzk/todGsJLUZNLufDewhI
-----END CERTIFICATE-----