Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/lRLrr8PrmpyLA1Ah6iT6M53B97s.roa
File:                     lRLrr8PrmpyLA1Ah6iT6M53B97s.roa (raw, json)
Hash identifier:          KztLb5hpOs++pyJMXHsFQs+/mWS279OT4VXn2Nei8oY=
Subject key identifier:   95:12:EB:AF:C3:EB:9A:9C:8B:03:50:21:EA:24:FA:33:9D:C1:F7:BB
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       01942220373F21DFBF245BE90D90C11DEE60
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/lRLrr8PrmpyLA1Ah6iT6M53B97s.roa
Signing time:             Wed 01 Jan 2025 13:48:44 +0000
ROA not before:           Wed 01 Jan 2025 13:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        80.208.221.0/24 maxlen: 24
                          185.174.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 02:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:37:3f:21:df:bf:24:5b:e9:0d:90:c1:1d:ee:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Jan  1 13:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9512ebafc3eb9a9c8b035021ea24fa339dc1f7bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:93:3a:85:ba:ce:24:14:a6:5c:0e:7a:07:63:
                    29:b0:6a:f3:34:3d:5f:c7:bc:91:c9:e6:c1:c1:af:
                    3d:98:e1:8c:53:10:da:4b:c3:37:06:27:f9:b1:08:
                    a7:a9:3e:95:19:20:1f:52:13:ad:2e:97:54:69:4e:
                    fc:42:d9:15:a7:c8:7d:d2:b8:0c:63:bb:27:e4:e4:
                    6c:8c:ce:18:66:fe:ea:d4:11:09:38:0a:08:9b:4a:
                    0d:2f:d3:e9:89:5f:dc:7a:14:8a:95:66:4a:93:a3:
                    3c:df:3b:69:f7:67:c2:32:4c:fe:6d:5c:64:3e:20:
                    de:28:d0:58:e1:d1:0c:70:43:99:97:64:5e:65:6a:
                    f4:d4:ed:6b:60:a1:c6:03:69:e0:52:f6:05:d4:de:
                    8d:65:74:3e:b5:16:7e:75:2b:33:14:19:a1:40:43:
                    4a:53:e3:08:7b:9b:b8:66:4d:ca:9b:7f:fc:cb:22:
                    a5:d5:36:66:8f:7a:52:9e:dd:24:db:f6:98:03:80:
                    5d:47:01:9f:a3:b1:93:48:b6:9b:77:6d:36:8d:ab:
                    fb:71:b1:93:e4:c7:73:70:94:e1:35:cf:31:b4:07:
                    2b:31:93:8e:a1:81:2a:29:1f:64:55:75:d4:a2:09:
                    d9:48:e5:40:9c:66:56:fa:26:57:e0:b1:60:c8:1f:
                    a0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:12:EB:AF:C3:EB:9A:9C:8B:03:50:21:EA:24:FA:33:9D:C1:F7:BB
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/lRLrr8PrmpyLA1Ah6iT6M53B97s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.208.221.0/24
                  185.174.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:6d:8d:39:4c:4c:06:c4:86:79:d0:1c:67:f7:f9:fc:92:4d:
         0e:04:86:bc:06:bf:fe:b3:70:5c:d3:c4:e2:54:71:de:6b:42:
         e1:56:f5:ee:51:d5:16:cd:0f:29:1f:d5:c9:b5:1f:28:72:20:
         3b:11:21:98:d7:5e:5f:9f:64:51:95:82:b2:50:a0:31:a8:0a:
         7c:08:a5:42:a9:47:7a:b0:79:88:98:93:bb:a6:35:51:b7:9d:
         f1:18:db:e1:71:4d:eb:50:eb:69:b8:fd:32:fb:22:f8:f6:3b:
         89:22:85:ac:e0:be:f3:7c:b5:a7:bb:16:e5:46:0b:b1:ba:b1:
         08:85:6f:15:77:58:64:7f:68:7e:eb:44:c8:ce:5c:5d:91:4a:
         a4:01:60:0b:a3:d1:31:1a:7a:bd:4a:02:2a:8e:4b:6e:21:f1:
         50:ad:39:02:0d:ef:4b:f7:a3:5f:ab:89:97:a5:e1:f2:7c:74:
         ab:77:2c:db:dd:40:ad:df:22:c0:62:f5:36:99:2e:84:11:cf:
         d0:01:99:82:d7:41:ab:c8:f2:d3:60:b9:5d:e5:0a:26:15:24:
         9c:b4:ef:a9:28:d5:0f:c8:60:e2:c3:bc:c2:e6:c3:7c:88:23:
         56:29:41:69:e4:55:1a:6c:d2:05:db:59:64:d4:4a:b2:a4:99:
         c7:7c:a8:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIDc/Id+/JFvpDZDBHe5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjUwMTAxMTM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTEyZWJhZmMzZWI5YTljOGIwMzUwMjFlYTI0ZmEzMzlkYzFmN2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpM6hbrOJBSmXA56B2MpsGrzND1f
x7yRyebBwa89mOGMUxDaS8M3Bif5sQinqT6VGSAfUhOtLpdUaU78QtkVp8h90rgM
Y7sn5ORsjM4YZv7q1BEJOAoIm0oNL9PpiV/cehSKlWZKk6M83ztp92fCMkz+bVxk
PiDeKNBY4dEMcEOZl2ReZWr01O1rYKHGA2ngUvYF1N6NZXQ+tRZ+dSszFBmhQENK
U+MIe5u4Zk3Km3/8yyKl1TZmj3pSnt0k2/aYA4BdRwGfo7GTSLabd202jav7cbGT
5MdzcJThNc8xtAcrMZOOoYEqKR9kVXXUognZSOVAnGZW+iZX4LFgyB+gywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJUS66/D65qciwNQIeok+jOdwfe7MB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvbFJMcnI4UHJtcHlMQTFBaDZpVDZNNTNCOTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUNDdAwQA
ua5GMA0GCSqGSIb3DQEBCwUAA4IBAQBNbY05TEwGxIZ50Bxn9/n8kk0OBIa8Br/+
s3Bc08TiVHHea0LhVvXuUdUWzQ8pH9XJtR8ociA7ESGY115fn2RRlYKyUKAxqAp8
CKVCqUd6sHmImJO7pjVRt53xGNvhcU3rUOtpuP0y+yL49juJIoWs4L7zfLWnuxbl
RguxurEIhW8Vd1hkf2h+60TIzlxdkUqkAWALo9ExGnq9SgIqjktuIfFQrTkCDe9L
96Nfq4mXpeHyfHSrdyzb3UCt3yLAYvU2mS6EEc/QAZmC10GryPLTYLld5QomFSSc
tO+pKNUPyGDiw7zC5sN8iCNWKUFp5FUabNIF21lk1EqypJnHfKie
-----END CERTIFICATE-----