Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/Fu6U86lHSXot6auCvOJjkcO_3lU.roa
File:                     Fu6U86lHSXot6auCvOJjkcO_3lU.roa (raw, json)
Hash identifier:          81J22UZIBjq2zoACe1x9LIbFai428I4/vjRJ8Aat6TI=
Subject key identifier:   16:EE:94:F3:A9:47:49:7A:2D:E9:AB:82:BC:E2:63:91:C3:BF:DE:55
Certificate issuer:       /CN=522399c2789b1a5504f81671cff220c04eaf59f1
Certificate serial:       019423D6B8510050CC14C228201A8B8CFF4F
Authority key identifier: 52:23:99:C2:78:9B:1A:55:04:F8:16:71:CF:F2:20:C0:4E:AF:59:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UiOZwnibGlUE-BZxz_IgwE6vWfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/Fu6U86lHSXot6auCvOJjkcO_3lU.roa
Signing time:             Wed 01 Jan 2025 21:47:41 +0000
ROA not before:           Wed 01 Jan 2025 21:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201378
IP address blocks:        80.184.196.0/24 maxlen: 24
                          80.184.197.0/24 maxlen: 24
                          80.184.198.0/24 maxlen: 24
                          80.184.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/UiOZwnibGlUE-BZxz_IgwE6vWfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/UiOZwnibGlUE-BZxz_IgwE6vWfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UiOZwnibGlUE-BZxz_IgwE6vWfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b8:51:00:50:cc:14:c2:28:20:1a:8b:8c:ff:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=522399c2789b1a5504f81671cff220c04eaf59f1
        Validity
            Not Before: Jan  1 21:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16ee94f3a947497a2de9ab82bce26391c3bfde55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:50:c4:71:c7:7c:27:84:ba:0d:12:53:88:e5:
                    ed:4b:a6:54:bc:64:09:3e:3f:65:78:5b:64:b8:fa:
                    91:6a:3f:ee:cf:6c:48:44:5c:20:d2:82:98:c8:a0:
                    7f:69:5f:95:66:c6:40:3e:9c:2b:75:da:0e:5f:2b:
                    f7:98:64:4f:30:2a:1a:76:e1:27:33:43:de:48:4c:
                    21:49:c0:6c:5d:0b:32:12:0d:73:8b:8d:69:d4:31:
                    aa:fa:c5:1e:37:83:03:11:c3:09:fa:68:d7:ed:e4:
                    da:8d:4b:4e:8c:c7:43:6b:12:be:b7:e5:ae:a3:72:
                    10:84:5f:11:5b:22:52:17:17:f1:2d:bc:72:2b:6b:
                    7e:04:79:d0:e5:19:8a:5c:8b:7a:ac:ad:56:22:a8:
                    31:83:7e:03:e6:8a:a3:ea:ec:d6:e2:cf:67:fa:1b:
                    51:c1:34:5c:54:46:09:f4:06:1b:22:a4:44:f2:38:
                    b3:33:b7:10:2b:a0:cf:0e:06:5a:12:ce:7a:e7:37:
                    f3:87:c2:21:67:97:54:58:b8:aa:3e:fe:7d:3b:ef:
                    0c:37:6b:b8:a7:9c:96:df:a9:70:f7:68:08:8e:4f:
                    c8:85:6d:10:3f:13:1f:ea:bc:9c:2b:d6:67:76:bd:
                    f5:64:c2:5d:ab:0f:08:22:82:47:a7:39:62:12:e2:
                    75:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:EE:94:F3:A9:47:49:7A:2D:E9:AB:82:BC:E2:63:91:C3:BF:DE:55
            X509v3 Authority Key Identifier:
                keyid:52:23:99:C2:78:9B:1A:55:04:F8:16:71:CF:F2:20:C0:4E:AF:59:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UiOZwnibGlUE-BZxz_IgwE6vWfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/Fu6U86lHSXot6auCvOJjkcO_3lU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/UiOZwnibGlUE-BZxz_IgwE6vWfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.184.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:35:e1:ba:90:bd:c6:9f:7e:27:fa:76:b2:e2:89:88:91:0d:
         61:74:38:cd:ca:e8:24:aa:a6:b8:d1:ac:34:4f:a3:ff:0f:1e:
         3d:ba:46:12:86:4f:2c:53:66:ac:7c:70:e4:c4:ad:4e:71:b5:
         af:83:34:33:80:5e:4f:d2:ca:04:04:5b:34:92:f3:58:c4:34:
         48:fc:db:f5:0e:55:76:8f:6e:12:21:55:11:bf:10:c4:28:b6:
         b6:23:0b:2e:e0:15:db:5e:fd:80:52:78:bc:32:c6:bc:87:75:
         b8:20:be:a1:a2:b0:f6:06:28:42:99:4a:d9:06:d4:d2:b5:75:
         a0:38:a2:66:ce:a8:c0:b8:1c:be:2d:d4:60:d2:fd:8d:49:f8:
         cc:0f:7c:d0:e1:40:8f:2a:4b:1e:5d:fa:51:47:7c:c2:6d:dc:
         4d:37:57:7a:85:7a:0b:d4:b9:cc:79:5c:78:ba:7f:b7:aa:79:
         6e:4e:3c:09:99:22:34:fe:be:12:98:9d:84:eb:97:0a:4f:e3:
         98:2c:7f:6f:78:d4:c4:30:85:4b:05:55:4e:f1:fb:e3:8b:b1:
         75:e2:88:9f:5c:50:53:1a:73:94:54:92:48:ae:68:ed:97:4b:
         60:ab:9f:64:48:97:59:79:e0:c4:3b:31:9d:0d:0b:50:03:b4:
         6b:5f:01:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rhRAFDMFMIoIBqLjP9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMjM5OWMyNzg5YjFhNTUwNGY4MTY3MWNmZjIyMGMwNGVh
ZjU5ZjEwHhcNMjUwMTAxMjE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmVlOTRmM2E5NDc0OTdhMmRlOWFiODJiY2UyNjM5MWMzYmZkZTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVDEccd8J4S6DRJTiOXtS6ZUvGQJ
Pj9leFtkuPqRaj/uz2xIRFwg0oKYyKB/aV+VZsZAPpwrddoOXyv3mGRPMCoaduEn
M0PeSEwhScBsXQsyEg1zi41p1DGq+sUeN4MDEcMJ+mjX7eTajUtOjMdDaxK+t+Wu
o3IQhF8RWyJSFxfxLbxyK2t+BHnQ5RmKXIt6rK1WIqgxg34D5oqj6uzW4s9n+htR
wTRcVEYJ9AYbIqRE8jizM7cQK6DPDgZaEs565zfzh8IhZ5dUWLiqPv59O+8MN2u4
p5yW36lw92gIjk/IhW0QPxMf6rycK9Zndr31ZMJdqw8IIoJHpzliEuJ1KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbulPOpR0l6LemrgrziY5HDv95VMB8GA1UdIwQY
MBaAFFIjmcJ4mxpVBPgWcc/yIMBOr1nxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWlPWnduaWJHbFVFLUJaeHpfSWd3RTZ2V2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8yMmQwMTEtZWQ0Mi00ZDE0LWE2NzAt
ZDVkNTFkMzc5NDlkLzEvRnU2VTg2bEhTWG90NmF1Q3ZPSmprY09fM2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8yMmQwMTEtZWQ0Mi00ZDE0LWE2NzAtZDVkNTFkMzc5NDlk
LzEvVWlPWnduaWJHbFVFLUJaeHpfSWd3RTZ2V2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCULjEMA0G
CSqGSIb3DQEBCwUAA4IBAQB6NeG6kL3Gn34n+nay4omIkQ1hdDjNyugkqqa40aw0
T6P/Dx49ukYShk8sU2asfHDkxK1OcbWvgzQzgF5P0soEBFs0kvNYxDRI/Nv1DlV2
j24SIVURvxDEKLa2Iwsu4BXbXv2AUni8Msa8h3W4IL6horD2BihCmUrZBtTStXWg
OKJmzqjAuBy+LdRg0v2NSfjMD3zQ4UCPKkseXfpRR3zCbdxNN1d6hXoL1LnMeVx4
un+3qnluTjwJmSI0/r4SmJ2E65cKT+OYLH9veNTEMIVLBVVO8fvji7F14oifXFBT
GnOUVJJIrmjtl0tgq59kSJdZeeDEOzGdDQtQA7RrXwGJ
-----END CERTIFICATE-----