Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/U35k_6mHZDW7ja-KdEmuh0b9HC8.roa
File:                     U35k_6mHZDW7ja-KdEmuh0b9HC8.roa (raw, json)
Hash identifier:          /YyzICWvOSy7AUnfxntu8KYaBOI2O+xiSNMqk4LtmgY=
Subject key identifier:   53:7E:64:FF:A9:87:64:35:BB:8D:AF:8A:74:49:AE:87:46:FD:1C:2F
Certificate issuer:       /CN=bbf3a257f99528c3a924d269d1af438185c2006d
Certificate serial:       019426D99DBA6617856DD2D807EDE4E4C8D8
Authority key identifier: BB:F3:A2:57:F9:95:28:C3:A9:24:D2:69:D1:AF:43:81:85:C2:00:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_OiV_mVKMOpJNJp0a9DgYXCAG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/U35k_6mHZDW7ja-KdEmuh0b9HC8.roa
Signing time:             Thu 02 Jan 2025 11:49:43 +0000
ROA not before:           Thu 02 Jan 2025 11:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9146
IP address blocks:        80.87.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/u_OiV_mVKMOpJNJp0a9DgYXCAG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/u_OiV_mVKMOpJNJp0a9DgYXCAG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_OiV_mVKMOpJNJp0a9DgYXCAG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:9d:ba:66:17:85:6d:d2:d8:07:ed:e4:e4:c8:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf3a257f99528c3a924d269d1af438185c2006d
        Validity
            Not Before: Jan  2 11:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=537e64ffa9876435bb8daf8a7449ae8746fd1c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e3:49:df:7d:e1:0e:ad:26:eb:81:e7:49:0b:
                    6d:44:52:10:17:9e:c0:14:31:4b:b5:3a:1e:bb:5e:
                    a3:73:b5:db:3e:9f:5a:9e:a6:ea:18:2a:3a:b9:be:
                    7b:6a:51:0f:71:f8:e5:0f:d4:56:b6:53:a3:bd:4d:
                    b5:2e:c3:e6:84:85:d6:3d:3a:76:9e:62:ed:2e:ba:
                    0d:3e:ee:ec:cd:6e:9b:51:77:c4:9f:44:30:cb:fe:
                    52:8c:2a:3f:54:af:b3:74:13:a4:b6:37:b3:45:e8:
                    e0:ef:2f:ed:c7:56:a7:22:7f:e4:48:eb:f4:ff:38:
                    d2:de:4f:fd:39:74:02:79:5b:63:47:d1:87:94:5a:
                    61:96:0a:29:e1:c5:6f:2a:c8:2a:53:7e:9b:b1:d2:
                    30:e3:bf:7a:81:48:0f:66:69:4f:f3:af:9c:7a:68:
                    85:1d:fc:c6:a2:03:df:d8:81:79:60:e9:d9:c3:7b:
                    4a:8a:50:70:01:1c:15:37:bf:fa:1d:a9:f5:02:0c:
                    40:85:44:8d:c2:c9:19:74:69:04:d1:9d:41:1c:e3:
                    8f:bc:48:04:10:c4:5a:65:01:cf:3f:50:fc:31:34:
                    eb:22:84:1a:76:ea:10:d1:92:f9:1f:f1:bd:50:34:
                    6c:1a:68:f2:e4:9f:8a:cd:3b:ae:f0:2f:14:52:ed:
                    17:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:7E:64:FF:A9:87:64:35:BB:8D:AF:8A:74:49:AE:87:46:FD:1C:2F
            X509v3 Authority Key Identifier:
                keyid:BB:F3:A2:57:F9:95:28:C3:A9:24:D2:69:D1:AF:43:81:85:C2:00:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_OiV_mVKMOpJNJp0a9DgYXCAG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/U35k_6mHZDW7ja-KdEmuh0b9HC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/u_OiV_mVKMOpJNJp0a9DgYXCAG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.87.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:b4:89:37:af:f0:60:4a:1e:52:cc:c3:1b:67:c3:56:7a:3a:
         76:5e:d7:66:d1:03:8d:ad:82:4e:4c:34:a1:39:07:f5:c3:a0:
         d0:d6:8a:93:47:66:32:e0:92:d8:e2:da:0f:97:37:6b:6b:6e:
         76:15:0f:3c:c4:2c:ae:75:54:4a:b1:5e:24:f2:68:3e:b1:00:
         64:07:52:eb:68:90:a2:58:8c:83:4a:88:98:89:35:8e:cf:a6:
         a7:2f:5c:37:c6:7b:c8:05:24:df:c2:91:08:62:fb:a5:bc:06:
         fe:48:c2:ca:a0:29:45:4e:1c:4b:18:46:35:46:6c:61:04:c5:
         1d:76:43:05:15:1b:2f:df:bf:aa:59:a9:9c:1a:75:de:60:30:
         d1:f9:08:b8:10:a9:15:d2:02:75:f6:a0:7c:ad:14:eb:65:c0:
         e9:8a:dc:75:e3:8e:45:06:f8:01:e6:5c:99:f2:a4:9f:48:3a:
         cd:f2:a3:53:d5:6c:d6:23:a2:85:3f:c3:35:e1:72:2b:8d:63:
         78:f8:5a:84:bf:a0:a9:e2:e2:af:a5:fa:d8:5d:0b:d4:1f:a6:
         ba:c5:56:6a:2b:1c:68:19:86:74:2d:10:b7:57:6d:f2:00:dd:
         a5:2e:17:68:dd:e0:29:83:97:39:a6:30:1d:8c:41:89:14:c1:
         3e:e3:f2:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Z26ZheFbdLYB+3k5MjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjNhMjU3Zjk5NTI4YzNhOTI0ZDI2OWQxYWY0MzgxODVj
MjAwNmQwHhcNMjUwMTAyMTE0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzdlNjRmZmE5ODc2NDM1YmI4ZGFmOGE3NDQ5YWU4NzQ2ZmQxYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+NJ333hDq0m64HnSQttRFIQF57A
FDFLtToeu16jc7XbPp9anqbqGCo6ub57alEPcfjlD9RWtlOjvU21LsPmhIXWPTp2
nmLtLroNPu7szW6bUXfEn0Qwy/5SjCo/VK+zdBOktjezRejg7y/tx1anIn/kSOv0
/zjS3k/9OXQCeVtjR9GHlFphlgop4cVvKsgqU36bsdIw4796gUgPZmlP86+cemiF
HfzGogPf2IF5YOnZw3tKilBwARwVN7/6Han1AgxAhUSNwskZdGkE0Z1BHOOPvEgE
EMRaZQHPP1D8MTTrIoQaduoQ0ZL5H/G9UDRsGmjy5J+KzTuu8C8UUu0XfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFN+ZP+ph2Q1u42vinRJrodG/RwvMB8GA1UdIwQY
MBaAFLvzolf5lSjDqSTSadGvQ4GFwgBtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9PaVZfbVZLTU9wSk5KcDBhOURnWVhDQUcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80ZmFhZmYtMzg0Zi00MDJlLThiOGMt
NDVmNzdkZmEyNjM2LzEvVTM1a182bUhaRFc3amEtS2RFbXVoMGI5SEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80ZmFhZmYtMzg0Zi00MDJlLThiOGMtNDVmNzdkZmEyNjM2
LzEvdV9PaVZfbVZLTU9wSk5KcDBhOURnWVhDQUcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFf+MA0G
CSqGSIb3DQEBCwUAA4IBAQBstIk3r/BgSh5SzMMbZ8NWejp2Xtdm0QONrYJOTDSh
OQf1w6DQ1oqTR2Yy4JLY4toPlzdra252FQ88xCyudVRKsV4k8mg+sQBkB1LraJCi
WIyDSoiYiTWOz6anL1w3xnvIBSTfwpEIYvulvAb+SMLKoClFThxLGEY1RmxhBMUd
dkMFFRsv37+qWamcGnXeYDDR+Qi4EKkV0gJ19qB8rRTrZcDpitx1445FBvgB5lyZ
8qSfSDrN8qNT1WzWI6KFP8M14XIrjWN4+FqEv6Cp4uKvpfrYXQvUH6a6xVZqKxxo
GYZ0LRC3V23yAN2lLhdo3eApg5c5pjAdjEGJFME+4/L7
-----END CERTIFICATE-----