Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/gdMBKyecm3XWTyDQ1bfSPm-7wJk.roa
File:                     gdMBKyecm3XWTyDQ1bfSPm-7wJk.roa (raw, json)
Hash identifier:          I4g7RyEYdR9AIhFGQvMG3qfyY9H2Wau5KEfVYrNBIp4=
Subject key identifier:   81:D3:01:2B:27:9C:9B:75:D6:4F:20:D0:D5:B7:D2:3E:6F:BB:C0:99
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       018CC6B8914C09D286C68568C14B1636441C
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/gdMBKyecm3XWTyDQ1bfSPm-7wJk.roa
Signing time:             Mon 01 Jan 2024 20:30:33 +0000
ROA not before:           Mon 01 Jan 2024 20:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202082
IP address blocks:        80.79.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:91:4c:09:d2:86:c6:85:68:c1:4b:16:36:44:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  1 20:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81d3012b279c9b75d64f20d0d5b7d23e6fbbc099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b9:5d:83:01:86:51:1a:94:fd:fb:da:90:9c:
                    63:b0:da:7b:64:a2:23:85:b1:54:97:9e:7f:cb:2e:
                    f2:07:cf:aa:79:31:07:9b:63:6d:da:d6:3b:70:19:
                    1f:1f:e2:27:7f:c4:0d:54:37:54:f7:49:fa:03:2f:
                    da:af:68:69:8a:eb:d1:3e:0d:c1:6f:6a:8d:83:98:
                    91:d0:89:5e:3c:d4:8b:da:fb:5d:32:b4:a1:e7:26:
                    9a:03:ae:3b:72:9a:fb:4e:25:bc:91:e7:3d:86:74:
                    5a:fb:cc:bd:68:62:b1:c2:72:dc:d9:dd:cd:34:a1:
                    8a:65:83:a9:c6:47:38:6b:8f:62:29:5a:c5:98:e3:
                    76:31:ec:04:32:7c:41:a1:e6:9a:ee:d4:ff:f3:31:
                    01:87:73:ba:74:01:6c:82:7c:2f:9b:b3:78:cc:df:
                    7d:91:b0:12:a7:b7:87:36:74:49:d9:4b:44:cd:34:
                    bf:86:71:85:6b:1a:04:48:22:cf:51:89:e4:41:4c:
                    5c:f3:82:b4:d4:cc:03:c2:61:a1:d3:07:6a:cb:a7:
                    f1:d8:91:5e:37:6f:9d:f9:00:68:96:70:eb:15:b9:
                    97:45:15:96:1c:8f:c1:6b:06:fc:8b:5b:dc:67:77:
                    97:58:6d:95:ab:dc:44:6f:31:c9:7f:98:a1:79:02:
                    3b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D3:01:2B:27:9C:9B:75:D6:4F:20:D0:D5:B7:D2:3E:6F:BB:C0:99
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/gdMBKyecm3XWTyDQ1bfSPm-7wJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.79.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:67:d2:5b:4b:5b:d3:fc:5a:a8:3c:84:00:06:bc:0b:74:18:
         d0:0f:ae:4e:c2:b2:0e:6a:7a:57:cd:c7:1f:21:40:8c:b5:c7:
         9b:cf:f9:1b:e9:b0:3a:e7:f7:5e:15:ea:3a:45:24:95:2c:bd:
         36:a4:ba:36:3b:62:ec:ee:72:47:87:a4:82:22:d8:31:22:74:
         bf:b4:dd:a3:1a:2e:f6:78:25:b5:bf:ff:20:84:af:97:f3:6d:
         95:ef:d6:ef:fe:27:70:12:8a:72:67:f2:ed:bb:4d:54:7f:70:
         fa:fe:b8:ca:50:89:ca:9e:42:6d:89:51:92:49:1c:0c:19:de:
         62:61:78:f0:37:f2:05:18:48:c7:c1:8e:e7:ba:f5:79:5d:2f:
         fb:17:17:77:bd:24:88:93:f9:e3:e6:fc:dd:ac:58:b5:4c:1e:
         08:6f:02:72:7c:0f:86:e2:c8:82:a8:55:5b:12:28:7d:0b:da:
         dd:fb:bc:81:0a:93:27:30:52:91:f7:e4:8c:df:d9:b2:ca:36:
         0b:6a:c3:e2:4f:4c:67:cf:62:0b:12:d8:7e:1d:45:0c:0e:7d:
         1c:cc:fd:64:db:58:ef:01:3c:c7:18:1d:84:85:0b:28:a7:c3:
         c1:dc:12:7d:de:58:4f:31:f0:66:55:b8:8f:24:a2:5e:5a:cf:
         cf:49:24:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuJFMCdKGxoVowUsWNkQcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjQwMTAxMjAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQzMDEyYjI3OWM5Yjc1ZDY0ZjIwZDBkNWI3ZDIzZTZmYmJjMDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLldgwGGURqU/fvakJxjsNp7ZKIj
hbFUl55/yy7yB8+qeTEHm2Nt2tY7cBkfH+Inf8QNVDdU90n6Ay/ar2hpiuvRPg3B
b2qNg5iR0IlePNSL2vtdMrSh5yaaA647cpr7TiW8kec9hnRa+8y9aGKxwnLc2d3N
NKGKZYOpxkc4a49iKVrFmON2MewEMnxBoeaa7tT/8zEBh3O6dAFsgnwvm7N4zN99
kbASp7eHNnRJ2UtEzTS/hnGFaxoESCLPUYnkQUxc84K01MwDwmGh0wdqy6fx2JFe
N2+d+QBolnDrFbmXRRWWHI/Bawb8i1vcZ3eXWG2Vq9xEbzHJf5iheQI7yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHTASsnnJt11k8g0NW30j5vu8CZMB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvZ2RNQkt5ZWNtM1hXVHlEUTFiZlNQbS03d0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE/5MA0G
CSqGSIb3DQEBCwUAA4IBAQAoZ9JbS1vT/FqoPIQABrwLdBjQD65OwrIOanpXzccf
IUCMtcebz/kb6bA65/deFeo6RSSVLL02pLo2O2Ls7nJHh6SCItgxInS/tN2jGi72
eCW1v/8ghK+X822V79bv/idwEopyZ/Ltu01Uf3D6/rjKUInKnkJtiVGSSRwMGd5i
YXjwN/IFGEjHwY7nuvV5XS/7Fxd3vSSIk/nj5vzdrFi1TB4IbwJyfA+G4siCqFVb
Eih9C9rd+7yBCpMnMFKR9+SM39myyjYLasPiT0xnz2ILEth+HUUMDn0czP1k21jv
ATzHGB2EhQsop8PB3BJ93lhPMfBmVbiPJKJeWs/PSSTg
-----END CERTIFICATE-----