Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/nf8wv6xh5ICDlagRQQtQeDyX7AI.roa
File:                     nf8wv6xh5ICDlagRQQtQeDyX7AI.roa (raw, json)
Hash identifier:          IeriVdC3WPiFlh9qajSZSa5F78gurX6jx9EVck9sDTQ=
Subject key identifier:   9D:FF:30:BF:AC:61:E4:80:83:95:A8:11:41:0B:50:78:3C:97:EC:02
Certificate issuer:       /CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
Certificate serial:       019427B5E7F87C8DE54D5C2CD8892F5CD451
Authority key identifier: A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/nf8wv6xh5ICDlagRQQtQeDyX7AI.roa
Signing time:             Thu 02 Jan 2025 15:50:20 +0000
ROA not before:           Thu 02 Jan 2025 15:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44668
IP address blocks:        185.11.80.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:e7:f8:7c:8d:e5:4d:5c:2c:d8:89:2f:5c:d4:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
        Validity
            Not Before: Jan  2 15:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9dff30bfac61e4808395a811410b50783c97ec02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b2:ca:5d:4c:7d:bc:13:22:9e:16:b8:14:8f:
                    62:a0:1e:03:94:ec:3b:08:8b:58:ef:4c:cd:2b:a1:
                    4f:27:5f:5b:1c:8d:53:ca:af:44:b0:8c:80:2c:f7:
                    59:2b:f0:d7:66:61:43:50:3c:36:5f:96:87:bd:9e:
                    45:ed:91:ff:95:c8:d7:7c:fb:c0:5e:1d:c0:f0:5e:
                    83:03:f9:b0:be:ab:e9:32:8e:26:b6:5c:e8:03:b5:
                    8d:a1:ab:e8:29:d5:47:61:59:4f:0f:4f:b3:fd:57:
                    a6:28:5f:21:0a:aa:2c:97:4e:a0:2d:3f:b7:4c:46:
                    b7:e2:dd:3b:53:a4:70:61:32:f7:20:f8:9e:24:26:
                    37:24:b3:c3:fa:2d:4b:84:fc:60:95:d7:98:e9:64:
                    f9:1c:f0:a9:a9:1a:69:56:75:08:2d:be:96:de:3e:
                    40:77:0b:cd:2a:7e:16:63:2f:95:b0:29:9a:3f:63:
                    31:2c:46:7d:67:07:35:5b:40:1c:c1:51:c9:d4:02:
                    81:c6:65:cd:32:1f:e2:35:7e:93:65:ea:c3:b6:f0:
                    60:31:63:60:89:2b:48:30:1b:dd:b1:70:82:87:4d:
                    3b:ad:f0:4f:9f:e4:ca:bd:e5:b7:7d:48:9e:0a:0e:
                    4a:79:31:70:32:97:39:b9:f3:f7:b9:ef:ee:6d:68:
                    3e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FF:30:BF:AC:61:E4:80:83:95:A8:11:41:0B:50:78:3C:97:EC:02
            X509v3 Authority Key Identifier:
                keyid:A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/nf8wv6xh5ICDlagRQQtQeDyX7AI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:d4:a6:cf:40:8f:e5:f4:28:c3:38:e7:a9:9e:df:1f:d4:b1:
         b5:8e:da:04:95:de:3f:ad:de:fb:df:94:6b:20:82:f6:16:42:
         b1:e4:0b:13:8b:24:a5:30:3f:31:91:bc:0c:da:cc:25:d8:34:
         26:15:e9:d9:e3:27:dd:de:0a:d0:4f:17:9a:5a:c7:7c:d2:38:
         ff:b0:37:f1:d8:37:66:dc:94:c4:51:aa:10:a7:69:4f:3f:64:
         f4:96:bb:84:12:fe:f5:6c:39:30:53:41:b4:69:d1:f8:f3:b8:
         7e:73:ec:bf:15:f0:86:25:f8:0c:ed:31:00:0f:07:93:c0:ca:
         3c:5f:51:1c:7c:12:41:2b:c2:e4:17:be:41:8e:8c:a4:26:5b:
         d3:e7:ad:a8:ce:41:93:0d:df:97:fc:d3:e1:60:50:c8:73:02:
         b8:56:91:91:b4:12:7a:b6:ba:92:32:42:60:1c:75:84:70:ed:
         f5:df:fc:bd:90:ec:bd:c3:62:fd:79:96:dd:cf:51:cd:b2:58:
         ee:82:1e:71:da:a9:d2:54:61:96:bf:29:59:ea:8d:64:2e:d1:
         06:90:df:76:f6:77:08:4c:5c:85:db:8f:13:a2:fe:21:a0:f3:
         ac:30:96:e7:18:1f:81:95:dd:c8:49:45:16:f8:ce:82:36:42:
         ba:3c:b6:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntef4fI3lTVws2IkvXNRRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YmNjMTJhZmE0ZjA1NzM5ZjQ1ZjYwNWUyMjFjNjRjM2Mw
ZDJlZDYwHhcNMjUwMTAyMTU1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGZmMzBiZmFjNjFlNDgwODM5NWE4MTE0MTBiNTA3ODNjOTdlYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbLKXUx9vBMinha4FI9ioB4DlOw7
CItY70zNK6FPJ19bHI1Tyq9EsIyALPdZK/DXZmFDUDw2X5aHvZ5F7ZH/lcjXfPvA
Xh3A8F6DA/mwvqvpMo4mtlzoA7WNoavoKdVHYVlPD0+z/VemKF8hCqosl06gLT+3
TEa34t07U6RwYTL3IPieJCY3JLPD+i1LhPxgldeY6WT5HPCpqRppVnUILb6W3j5A
dwvNKn4WYy+VsCmaP2MxLEZ9Zwc1W0AcwVHJ1AKBxmXNMh/iNX6TZerDtvBgMWNg
iStIMBvdsXCCh007rfBPn+TKveW3fUieCg5KeTFwMpc5ufP3ue/ubWg+NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3/ML+sYeSAg5WoEUELUHg8l+wCMB8GA1UdIwQY
MBaAFKS8wSr6TwVzn0X2BeIhxkw8DS7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2Mt
ODhiMDE2YmJkNTgxLzEvbmY4d3Y2eGg1SUNEbGFnUlFRdFFlRHlYN0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2MtODhiMDE2YmJkNTgx
LzEvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQtQMA0G
CSqGSIb3DQEBCwUAA4IBAQAV1KbPQI/l9CjDOOepnt8f1LG1jtoEld4/rd7735Rr
IIL2FkKx5AsTiySlMD8xkbwM2swl2DQmFenZ4yfd3grQTxeaWsd80jj/sDfx2Ddm
3JTEUaoQp2lPP2T0lruEEv71bDkwU0G0adH487h+c+y/FfCGJfgM7TEADweTwMo8
X1EcfBJBK8LkF75BjoykJlvT562ozkGTDd+X/NPhYFDIcwK4VpGRtBJ6trqSMkJg
HHWEcO313/y9kOy9w2L9eZbdz1HNsljugh5x2qnSVGGWvylZ6o1kLtEGkN929ncI
TFyF248Tov4hoPOsMJbnGB+Bld3ISUUW+M6CNkK6PLa4
-----END CERTIFICATE-----