Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/EzNoZyplwjEg93h2IsYNwN26rnE.roa
File:                     EzNoZyplwjEg93h2IsYNwN26rnE.roa (raw, json)
Hash identifier:          GJfX4zGq/dLxpFV1pOUpJlfVlyjGz6zcRw/UQt0642s=
Subject key identifier:   13:33:68:67:2A:65:C2:31:20:F7:78:76:22:C6:0D:C0:DD:BA:AE:71
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CF2450DC940044D49A7AFE9DA19848DAB
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/EzNoZyplwjEg93h2IsYNwN26rnE.roa
Signing time:             Wed 10 Jan 2024 07:27:40 +0000
ROA not before:           Wed 10 Jan 2024 07:27:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36925
IP address blocks:        80.15.243.0/24 maxlen: 32
                          2a01:c9c0:c012::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:45:0d:c9:40:04:4d:49:a7:af:e9:da:19:84:8d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan 10 07:27:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=133368672a65c23120f7787622c60dc0ddbaae71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:08:9f:b7:65:ba:49:40:81:47:9a:09:73:80:
                    96:73:c9:77:36:33:55:e1:69:4e:55:27:9e:29:6b:
                    5c:1c:2c:b1:db:c3:ac:a6:93:20:f6:4d:35:26:56:
                    f2:11:eb:76:61:65:b8:32:9d:1d:50:39:a6:12:41:
                    62:39:11:f0:a2:e5:9f:d0:3a:e2:c0:5c:84:d2:c8:
                    21:cd:32:95:bb:c4:ae:4d:4e:45:88:83:34:c4:c6:
                    1f:9a:af:91:e9:e4:9a:a7:be:b1:f2:01:5b:d4:08:
                    8a:e1:ba:90:03:4f:5f:bd:4f:85:7e:26:0f:8d:a1:
                    86:82:37:47:e5:94:60:67:7f:02:5b:3c:da:87:0d:
                    4a:09:2d:c9:db:b2:c8:ff:3a:13:0f:6e:5d:40:80:
                    da:42:6f:08:be:f1:86:73:fd:92:ba:9e:8e:9d:74:
                    4b:8f:07:24:6a:5f:f6:c7:22:ac:66:17:f7:25:34:
                    b0:9d:7f:ff:4e:d1:28:db:ae:e1:fc:74:61:7a:1f:
                    48:15:8b:44:1a:e8:49:05:57:f7:d8:e1:d5:39:4a:
                    1e:6f:87:6c:af:db:f4:1c:01:8e:f7:ec:e0:8c:49:
                    76:ee:83:11:6a:00:12:64:82:c1:90:ba:c2:7b:9d:
                    66:04:b3:97:ce:79:2e:1d:3e:ec:50:ff:48:39:c1:
                    bf:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:33:68:67:2A:65:C2:31:20:F7:78:76:22:C6:0D:C0:DD:BA:AE:71
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/EzNoZyplwjEg93h2IsYNwN26rnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.15.243.0/24
                IPv6:
                  2a01:c9c0:c012::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:25:71:8a:f6:31:01:4f:b9:48:dc:02:84:22:5d:95:7e:4e:
         6c:ae:5e:9b:41:9d:ec:5d:6c:d6:5b:2d:d2:26:fc:36:bd:f6:
         8e:37:e7:a0:a3:93:5c:9c:26:c4:d6:b7:c6:20:57:f4:d3:66:
         aa:6c:cc:3a:93:c6:1c:f6:6e:b1:04:d9:d4:39:48:60:35:97:
         8f:b0:9f:9b:a8:be:b0:a1:5c:f3:3b:c2:b7:a7:35:c1:f7:15:
         d4:9d:79:cc:06:33:41:bd:8d:cf:8d:b2:75:1a:37:11:6c:7e:
         b1:8d:fe:4d:1e:0e:91:cb:e6:3d:50:08:26:aa:27:2a:2a:6f:
         6f:d0:a9:6c:7a:c7:87:d5:e4:30:35:aa:4c:e9:df:ea:d4:b3:
         78:92:13:8b:90:24:fb:95:04:94:5b:2b:d6:5a:48:84:2e:d8:
         5f:e4:c3:a4:c4:3a:62:9d:e1:ed:42:ff:95:45:d1:4a:a5:90:
         34:09:6f:8b:d1:d2:9a:78:97:e5:33:22:6e:00:81:1e:84:40:
         47:27:3f:6c:64:75:2c:d0:22:7a:8e:37:9c:90:1f:64:78:87:
         dc:77:9a:b3:ea:bc:b3:8d:46:80:c6:7e:52:8d:78:28:4e:1e:
         3a:04:77:3b:5a:54:3c:32:b3:19:e1:15:fa:f1:71:59:c3:be:
         79:c0:86:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzyRQ3JQARNSaev6doZhI2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTEwMDcyNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzMzNjg2NzJhNjVjMjMxMjBmNzc4NzYyMmM2MGRjMGRkYmFhZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQift2W6SUCBR5oJc4CWc8l3NjNV
4WlOVSeeKWtcHCyx28OsppMg9k01JlbyEet2YWW4Mp0dUDmmEkFiORHwouWf0Dri
wFyE0sghzTKVu8SuTU5FiIM0xMYfmq+R6eSap76x8gFb1AiK4bqQA09fvU+FfiYP
jaGGgjdH5ZRgZ38CWzzahw1KCS3J27LI/zoTD25dQIDaQm8IvvGGc/2Sup6OnXRL
jwckal/2xyKsZhf3JTSwnX//TtEo267h/HRheh9IFYtEGuhJBVf32OHVOUoeb4ds
r9v0HAGO9+zgjEl27oMRagASZILBkLrCe51mBLOXznkuHT7sUP9IOcG/iwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBMzaGcqZcIxIPd4diLGDcDduq5xMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvRXpOb1p5cGx3akVnOTNoMklzWU53TjI2cm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUA/zMA8E
AgACMAkDBwAqAcnAwBIwDQYJKoZIhvcNAQELBQADggEBAKclcYr2MQFPuUjcAoQi
XZV+TmyuXptBnexdbNZbLdIm/Da99o4356Cjk1ycJsTWt8YgV/TTZqpszDqTxhz2
brEE2dQ5SGA1l4+wn5uovrChXPM7wrenNcH3FdSdecwGM0G9jc+NsnUaNxFsfrGN
/k0eDpHL5j1QCCaqJyoqb2/QqWx6x4fV5DA1qkzp3+rUs3iSE4uQJPuVBJRbK9Za
SIQu2F/kw6TEOmKd4e1C/5VF0UqlkDQJb4vR0pp4l+UzIm4AgR6EQEcnP2xkdSzQ
InqON5yQH2R4h9x3mrPqvLONRoDGflKNeChOHjoEdztaVDwysxnhFfrxcVnDvnnA
hvo=
-----END CERTIFICATE-----