Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/zFoJFUnlPbl4jZ_b8xY0tJqEvEA.roa
File:                     zFoJFUnlPbl4jZ_b8xY0tJqEvEA.roa (raw, json)
Hash identifier:          LdaJGwGlR/sqxaI5NlWcBg7c+O1FzJXWT3jVGiryGW8=
Subject key identifier:   CC:5A:09:15:49:E5:3D:B9:78:8D:9F:DB:F3:16:34:B4:9A:84:BC:40
Certificate issuer:       /CN=4aefb99d2a06ee99dea9566f16bf226db3e56c92
Certificate serial:       0194258EF8F3F3A1C05AF836B73AE3366F12
Authority key identifier: 4A:EF:B9:9D:2A:06:EE:99:DE:A9:56:6F:16:BF:22:6D:B3:E5:6C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Su-5nSoG7pneqVZvFr8ibbPlbJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/zFoJFUnlPbl4jZ_b8xY0tJqEvEA.roa
Signing time:             Thu 02 Jan 2025 05:48:34 +0000
ROA not before:           Thu 02 Jan 2025 05:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20953
IP address blocks:        80.79.192.0/20 maxlen: 20
                          195.246.219.0/24 maxlen: 24
                          2a02:1d8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/Su-5nSoG7pneqVZvFr8ibbPlbJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/Su-5nSoG7pneqVZvFr8ibbPlbJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Su-5nSoG7pneqVZvFr8ibbPlbJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:f8:f3:f3:a1:c0:5a:f8:36:b7:3a:e3:36:6f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aefb99d2a06ee99dea9566f16bf226db3e56c92
        Validity
            Not Before: Jan  2 05:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc5a091549e53db9788d9fdbf31634b49a84bc40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9a:f2:c1:06:85:bd:3e:62:8d:21:3e:3c:b3:
                    bc:3d:47:34:c5:6f:12:67:45:33:41:c0:aa:8a:4e:
                    65:5e:32:15:c3:5a:3b:cd:84:2b:ac:94:72:1a:3c:
                    e8:b9:ae:e6:28:cc:9e:f5:02:c1:7b:4d:94:22:c7:
                    79:93:a5:11:18:09:9e:42:4d:11:7e:b9:94:b5:a6:
                    a5:3c:75:97:32:92:67:ee:3d:73:55:1b:b4:03:d2:
                    e0:86:d6:fb:4b:4c:ad:0b:53:63:92:23:11:aa:00:
                    e2:9a:38:e8:17:2d:ce:5b:2f:97:c1:ba:65:a3:c4:
                    1c:72:74:d5:a4:57:0c:b3:5b:dd:19:de:2a:4e:76:
                    20:7c:b0:0e:c4:a5:be:bb:5e:53:74:f8:10:86:48:
                    62:bd:a5:af:1d:59:55:03:f8:bd:f5:07:e7:2a:08:
                    ee:ac:ea:4d:64:73:34:b9:32:5f:ba:c8:49:02:5f:
                    b9:1c:6f:97:94:ba:ba:43:79:35:0c:9e:2b:b3:a6:
                    2d:e6:83:07:40:c4:60:e3:b7:f9:fa:f1:35:4a:7e:
                    c6:41:d8:45:f6:1c:96:e7:35:e6:62:3d:2f:dd:d4:
                    ec:43:2b:07:70:94:9c:04:e7:a8:66:a5:91:c7:5e:
                    c1:0f:20:24:02:be:35:b3:41:6b:13:70:55:98:12:
                    32:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:5A:09:15:49:E5:3D:B9:78:8D:9F:DB:F3:16:34:B4:9A:84:BC:40
            X509v3 Authority Key Identifier:
                keyid:4A:EF:B9:9D:2A:06:EE:99:DE:A9:56:6F:16:BF:22:6D:B3:E5:6C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Su-5nSoG7pneqVZvFr8ibbPlbJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/zFoJFUnlPbl4jZ_b8xY0tJqEvEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/Su-5nSoG7pneqVZvFr8ibbPlbJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.79.192.0/20
                  195.246.219.0/24
                IPv6:
                  2a02:1d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:37:2b:d1:15:a4:71:0c:a1:8a:57:8d:4a:ca:2b:14:2e:d4:
         a5:32:08:8e:8a:cd:b7:68:a8:ab:c0:9c:cd:ad:2a:fc:9a:ad:
         46:9a:b0:01:55:c3:a8:19:26:52:e6:fc:b5:08:bf:c1:8b:97:
         42:dd:cf:66:57:c9:7f:5f:59:31:02:f1:d3:cc:38:b6:66:bf:
         2a:20:51:97:ed:32:35:cb:46:a1:28:37:3d:ae:29:c6:7d:8a:
         b9:5e:5f:c6:59:e5:ae:ef:ed:8a:de:cb:af:72:87:44:ee:35:
         8b:bf:57:9a:b8:8c:e5:e9:eb:29:9e:92:58:8e:75:21:bb:08:
         ae:3f:a4:f1:75:39:4d:a6:9c:f9:7e:4b:71:58:9c:32:75:05:
         12:5c:7f:d7:9b:43:3f:7d:d0:89:51:af:c6:2d:d0:e2:07:bc:
         38:f1:db:f7:40:93:f6:93:3a:2e:ec:0b:79:08:31:c1:86:1b:
         6e:e2:a7:76:ea:65:5d:15:3d:fb:93:d8:9c:ab:20:1f:98:78:
         71:2e:dd:03:d1:70:48:96:1c:4c:fd:f6:4e:ec:bb:c6:3a:30:
         52:05:a3:bb:27:14:3a:78:0e:dd:29:9c:e2:a8:7e:82:cd:6f:
         dc:d6:d3:0f:d8:29:71:a1:78:15:80:da:79:95:f9:bb:80:93:
         47:20:26:5b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQljvjz86HAWvg2tzrjNm8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZWZiOTlkMmEwNmVlOTlkZWE5NTY2ZjE2YmYyMjZkYjNl
NTZjOTIwHhcNMjUwMTAyMDU0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzVhMDkxNTQ5ZTUzZGI5Nzg4ZDlmZGJmMzE2MzRiNDlhODRiYzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZrywQaFvT5ijSE+PLO8PUc0xW8S
Z0UzQcCqik5lXjIVw1o7zYQrrJRyGjzoua7mKMye9QLBe02UIsd5k6URGAmeQk0R
frmUtaalPHWXMpJn7j1zVRu0A9Lghtb7S0ytC1NjkiMRqgDimjjoFy3OWy+Xwbpl
o8QccnTVpFcMs1vdGd4qTnYgfLAOxKW+u15TdPgQhkhivaWvHVlVA/i99QfnKgju
rOpNZHM0uTJfushJAl+5HG+XlLq6Q3k1DJ4rs6Yt5oMHQMRg47f5+vE1Sn7GQdhF
9hyW5zXmYj0v3dTsQysHcJScBOeoZqWRx17BDyAkAr41s0FrE3BVmBIy3wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMxaCRVJ5T25eI2f2/MWNLSahLxAMB8GA1UdIwQY
MBaAFErvuZ0qBu6Z3qlWbxa/Im2z5WySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3UtNW5Tb0c3cG5lcVZadkZyOGliYlBsYkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8xNjlhM2ItNmE3My00OWVjLWFmZmEt
ZWQwYTdhYmE4Y2IyLzEvekZvSkZVbmxQYmw0alpfYjh4WTB0SnFFdkVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8xNjlhM2ItNmE3My00OWVjLWFmZmEtZWQwYTdhYmE4Y2Iy
LzEvU3UtNW5Tb0c3cG5lcVZadkZyOGliYlBsYkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUE/AAwQA
w/bbMA0EAgACMAcDBQAqAgHYMA0GCSqGSIb3DQEBCwUAA4IBAQCLNyvRFaRxDKGK
V41KyisULtSlMgiOis23aKirwJzNrSr8mq1GmrABVcOoGSZS5vy1CL/Bi5dC3c9m
V8l/X1kxAvHTzDi2Zr8qIFGX7TI1y0ahKDc9rinGfYq5Xl/GWeWu7+2K3suvcodE
7jWLv1eauIzl6espnpJYjnUhuwiuP6TxdTlNppz5fktxWJwydQUSXH/Xm0M/fdCJ
Ua/GLdDiB7w48dv3QJP2kzou7At5CDHBhhtu4qd26mVdFT37k9icqyAfmHhxLt0D
0XBIlhxM/fZO7LvGOjBSBaO7JxQ6eA7dKZziqH6CzW/c1tMP2ClxoXgVgNp5lfm7
gJNHICZb
-----END CERTIFICATE-----