Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/APoeNAnLXtCjFH7bq_-tyaTeiuU.roa
File:                     APoeNAnLXtCjFH7bq_-tyaTeiuU.roa (raw, json)
Hash identifier:          KVxtBdSNSw8K9iqTGrD5UDqmaLpfN2rF4OZWxWme//c=
Subject key identifier:   00:FA:1E:34:09:CB:5E:D0:A3:14:7E:DB:AB:FF:AD:C9:A4:DE:8A:E5
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       0192D2571C3DBBCA6F8B2BAE84F764C31955
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/APoeNAnLXtCjFH7bq_-tyaTeiuU.roa
Signing time:             Mon 28 Oct 2024 08:56:17 +0000
ROA not before:           Mon 28 Oct 2024 08:56:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29571
IP address blocks:        80.15.244.0/24 maxlen: 32
                          2a01:c9c0:c014::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:57:1c:3d:bb:ca:6f:8b:2b:ae:84:f7:64:c3:19:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Oct 28 08:56:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00fa1e3409cb5ed0a3147edbabffadc9a4de8ae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:86:0b:08:1d:ec:b3:98:11:f3:71:f1:a7:72:
                    f6:d4:ce:b0:48:a9:66:fd:5e:67:e4:2a:24:3f:43:
                    8f:fc:93:fa:f0:34:be:80:1e:5c:2e:e1:ef:09:1d:
                    59:d9:bf:2b:9a:a0:45:d7:a5:56:2b:48:e2:2c:c2:
                    c7:16:4f:88:c0:3e:6b:fd:33:f8:6e:13:ed:ec:30:
                    a6:e9:a0:4a:05:85:ff:c5:05:c7:8f:fd:89:3c:56:
                    a1:3b:ba:96:aa:3a:a8:45:e9:e6:48:4f:d4:c2:67:
                    02:02:77:e1:95:c4:3d:55:85:50:d2:77:be:c7:2a:
                    c6:61:3c:05:94:8b:18:93:67:3b:cb:67:c5:e9:e4:
                    0c:86:8b:aa:92:c5:36:4d:9f:f7:8d:74:cf:64:5f:
                    e7:34:d5:7f:de:03:bb:00:50:5a:5f:8a:03:0a:10:
                    58:6e:c8:fa:e9:f1:50:b4:d3:3f:a0:fd:58:8c:43:
                    8e:4c:b7:a5:1a:d5:fd:75:4e:99:81:a2:8b:21:95:
                    ba:93:a8:80:d5:3d:c2:ba:d1:7f:0e:96:70:4e:cb:
                    d5:9c:36:b2:96:0e:80:1a:1b:dc:3c:8d:19:19:98:
                    1c:b4:91:d3:2e:a1:4c:c2:b4:3d:48:fd:1f:b6:fe:
                    0a:30:67:6a:5c:79:02:7a:8a:b9:28:27:61:da:d3:
                    cb:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:FA:1E:34:09:CB:5E:D0:A3:14:7E:DB:AB:FF:AD:C9:A4:DE:8A:E5
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/APoeNAnLXtCjFH7bq_-tyaTeiuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.15.244.0/24
                IPv6:
                  2a01:c9c0:c014::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:97:68:76:66:05:4e:c8:4a:a2:c3:7c:23:74:a6:a0:43:3d:
         37:f9:71:5e:71:4b:7c:f3:3e:55:2c:6a:1c:10:cf:06:b8:ac:
         4a:3e:ee:a8:c0:7d:72:50:e8:b8:40:6a:82:d9:fe:4d:f1:d7:
         f7:94:89:08:9f:72:85:e5:fb:76:da:b0:46:3e:44:ac:9b:12:
         a0:32:80:f8:fc:6a:bb:ae:b2:9c:0e:02:e0:d5:ff:8f:70:c4:
         94:19:33:84:8c:cd:44:29:1d:20:2c:bd:a8:b8:4c:50:e4:8f:
         f0:02:58:c0:c6:cf:ad:eb:73:5e:b4:89:c1:d1:00:63:5c:2d:
         80:95:e2:b3:e4:a0:7a:ec:cb:2a:2d:21:62:7e:40:e3:21:1d:
         b2:2e:2c:a4:88:da:fa:f8:d4:88:46:a2:68:76:e0:3c:54:5e:
         32:4a:30:7a:5a:a8:7a:5b:48:ea:9e:b3:c4:16:c6:63:43:4b:
         5e:be:f0:a3:65:b1:11:09:2f:ac:b9:57:07:d4:82:49:68:a6:
         2a:aa:24:a5:82:84:55:37:22:18:3b:db:d4:3a:87:6a:92:8b:
         8b:db:65:f8:d8:77:09:9c:3e:2d:0e:3e:6d:63:89:be:e8:2e:
         8f:1c:8f:65:98:60:d2:17:64:11:2e:3c:b0:f4:e5:32:93:7f:
         8c:b9:31:f5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZLSVxw9u8pviyuuhPdkwxlVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQxMDI4MDg1NjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGZhMWUzNDA5Y2I1ZWQwYTMxNDdlZGJhYmZmYWRjOWE0ZGU4YWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoYLCB3ss5gR83Hxp3L21M6wSKlm
/V5n5CokP0OP/JP68DS+gB5cLuHvCR1Z2b8rmqBF16VWK0jiLMLHFk+IwD5r/TP4
bhPt7DCm6aBKBYX/xQXHj/2JPFahO7qWqjqoRenmSE/UwmcCAnfhlcQ9VYVQ0ne+
xyrGYTwFlIsYk2c7y2fF6eQMhouqksU2TZ/3jXTPZF/nNNV/3gO7AFBaX4oDChBY
bsj66fFQtNM/oP1YjEOOTLelGtX9dU6ZgaKLIZW6k6iA1T3CutF/DpZwTsvVnDay
lg6AGhvcPI0ZGZgctJHTLqFMwrQ9SP0ftv4KMGdqXHkCeoq5KCdh2tPL4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAD6HjQJy17QoxR+26v/rcmk3orlMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvQVBvZU5BbkxYdENqRkg3YnFfLXR5YVRlaXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUA/0MA8E
AgACMAkDBwAqAcnAwBQwDQYJKoZIhvcNAQELBQADggEBAAyXaHZmBU7ISqLDfCN0
pqBDPTf5cV5xS3zzPlUsahwQzwa4rEo+7qjAfXJQ6LhAaoLZ/k3x1/eUiQifcoXl
+3basEY+RKybEqAygPj8aruuspwOAuDV/49wxJQZM4SMzUQpHSAsvai4TFDkj/AC
WMDGz63rc160icHRAGNcLYCV4rPkoHrsyyotIWJ+QOMhHbIuLKSI2vr41IhGomh2
4DxUXjJKMHpaqHpbSOqes8QWxmNDS16+8KNlsREJL6y5VwfUgklopiqqJKWChFU3
Ihg729Q6h2qSi4vbZfjYdwmcPi0OPm1jib7oLo8cj2WYYNIXZBEuPLD05TKTf4y5
MfU=
-----END CERTIFICATE-----