Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/ipGUG_FnLVv5_qna9Q8OOQESFEo.roa
File:                     ipGUG_FnLVv5_qna9Q8OOQESFEo.roa (raw, json)
Hash identifier:          bBouB+XiilYfz2SXBgYGlCjeKLkIpw0oZUoVzWF6Um0=
Subject key identifier:   8A:91:94:1B:F1:67:2D:5B:F9:FE:A9:DA:F5:0F:0E:39:01:12:14:4A
Certificate issuer:       /CN=bbf3a257f99528c3a924d269d1af438185c2006d
Certificate serial:       019426D99E30A486DE4509149251EC1DA6B9
Authority key identifier: BB:F3:A2:57:F9:95:28:C3:A9:24:D2:69:D1:AF:43:81:85:C2:00:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_OiV_mVKMOpJNJp0a9DgYXCAG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/ipGUG_FnLVv5_qna9Q8OOQESFEo.roa
Signing time:             Thu 02 Jan 2025 11:49:43 +0000
ROA not before:           Thu 02 Jan 2025 11:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16178
IP address blocks:        80.87.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/u_OiV_mVKMOpJNJp0a9DgYXCAG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/u_OiV_mVKMOpJNJp0a9DgYXCAG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_OiV_mVKMOpJNJp0a9DgYXCAG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:9e:30:a4:86:de:45:09:14:92:51:ec:1d:a6:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf3a257f99528c3a924d269d1af438185c2006d
        Validity
            Not Before: Jan  2 11:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a91941bf1672d5bf9fea9daf50f0e390112144a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:99:7b:54:90:78:7a:ff:d7:40:5f:01:25:20:
                    fa:d0:59:67:dc:73:38:b2:89:0a:b0:0d:1f:1c:69:
                    6e:60:38:e4:fc:8b:1c:f4:73:3e:44:a6:b1:70:93:
                    31:01:b5:d8:0c:f8:2f:13:ee:4d:09:b4:0e:b1:44:
                    20:81:47:a3:70:88:28:8b:ef:cd:01:ea:db:cd:66:
                    0f:32:52:c6:2a:93:b7:6a:c3:b9:28:86:31:f5:8f:
                    6b:0a:18:48:01:15:47:63:f0:26:2f:39:19:f4:53:
                    bb:25:b0:f9:42:3e:65:dd:96:56:eb:73:cd:f8:70:
                    d6:81:47:af:ea:f4:ac:18:54:58:50:1d:92:78:bc:
                    ef:2e:31:39:68:f4:78:46:bf:2e:60:0f:02:8c:47:
                    5b:3c:82:d4:4c:43:9f:21:03:f4:65:c3:d9:45:72:
                    bd:cf:f8:18:11:94:48:c8:bc:fb:bf:21:e9:aa:cf:
                    38:34:1e:b8:a9:e9:d5:e3:11:2c:50:63:b2:0f:58:
                    ba:2b:bb:f7:0e:a2:5e:68:d3:a4:64:71:05:88:1c:
                    7e:19:56:ce:74:d8:74:a6:5f:73:ad:1e:64:c4:0b:
                    73:81:11:f1:a5:eb:ea:4e:f4:28:63:ee:70:12:a5:
                    91:7c:54:c9:42:1f:a1:d3:74:e0:3d:87:34:4e:36:
                    38:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:91:94:1B:F1:67:2D:5B:F9:FE:A9:DA:F5:0F:0E:39:01:12:14:4A
            X509v3 Authority Key Identifier:
                keyid:BB:F3:A2:57:F9:95:28:C3:A9:24:D2:69:D1:AF:43:81:85:C2:00:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_OiV_mVKMOpJNJp0a9DgYXCAG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/ipGUG_FnLVv5_qna9Q8OOQESFEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4faaff-384f-402e-8b8c-45f77dfa2636/1/u_OiV_mVKMOpJNJp0a9DgYXCAG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.87.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ca:d2:4f:4f:8c:d0:7d:fa:4d:d4:13:d0:35:52:c6:69:9a:c2:
         10:e9:89:1f:80:c0:c2:23:1f:79:a1:2d:56:aa:e3:1d:3f:59:
         4c:97:ca:22:56:4c:b8:ae:44:16:53:e0:fc:e9:d1:f0:3f:0e:
         57:d6:73:6a:ba:70:c3:2f:9b:8f:3d:9f:a0:8e:c8:b9:08:76:
         f5:46:fc:e4:65:a7:c2:b2:8f:81:1f:6d:42:b1:11:27:66:66:
         4d:03:c4:02:4d:17:d8:4b:80:c0:cd:d1:03:26:68:a7:37:6c:
         5a:15:e9:43:0b:00:32:34:9c:1b:32:29:86:3b:13:7c:4d:d3:
         c9:f2:c3:50:7f:6b:dc:40:55:32:99:18:5a:1d:1d:b2:ce:6d:
         4d:85:33:0b:53:92:cf:61:92:02:1c:a7:48:f6:a7:80:6d:a9:
         4c:2b:fb:04:47:58:f4:10:64:54:3d:f7:44:12:79:64:c7:b2:
         80:3f:91:2f:1a:ef:ab:35:c7:65:48:29:11:dc:22:45:5c:be:
         32:6f:34:ad:41:0b:d4:15:63:00:2b:fb:ed:da:19:35:37:11:
         28:2d:b4:40:3e:08:3d:b5:56:49:cf:8d:cc:28:ab:10:73:74:
         93:a7:50:35:5e:8d:09:51:a0:68:e8:f2:f0:c9:d8:fc:6c:11:
         d8:9a:35:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Z4wpIbeRQkUklHsHaa5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjNhMjU3Zjk5NTI4YzNhOTI0ZDI2OWQxYWY0MzgxODVj
MjAwNmQwHhcNMjUwMTAyMTE0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTkxOTQxYmYxNjcyZDViZjlmZWE5ZGFmNTBmMGUzOTAxMTIxNDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Jl7VJB4ev/XQF8BJSD60Fln3HM4
sokKsA0fHGluYDjk/Isc9HM+RKaxcJMxAbXYDPgvE+5NCbQOsUQggUejcIgoi+/N
AerbzWYPMlLGKpO3asO5KIYx9Y9rChhIARVHY/AmLzkZ9FO7JbD5Qj5l3ZZW63PN
+HDWgUev6vSsGFRYUB2SeLzvLjE5aPR4Rr8uYA8CjEdbPILUTEOfIQP0ZcPZRXK9
z/gYEZRIyLz7vyHpqs84NB64qenV4xEsUGOyD1i6K7v3DqJeaNOkZHEFiBx+GVbO
dNh0pl9zrR5kxAtzgRHxpevqTvQoY+5wEqWRfFTJQh+h03TgPYc0TjY4cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqRlBvxZy1b+f6p2vUPDjkBEhRKMB8GA1UdIwQY
MBaAFLvzolf5lSjDqSTSadGvQ4GFwgBtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9PaVZfbVZLTU9wSk5KcDBhOURnWVhDQUcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80ZmFhZmYtMzg0Zi00MDJlLThiOGMt
NDVmNzdkZmEyNjM2LzEvaXBHVUdfRm5MVnY1X3FuYTlROE9PUUVTRkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80ZmFhZmYtMzg0Zi00MDJlLThiOGMtNDVmNzdkZmEyNjM2
LzEvdV9PaVZfbVZLTU9wSk5KcDBhOURnWVhDQUcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFf+MA0G
CSqGSIb3DQEBCwUAA4IBAQDK0k9PjNB9+k3UE9A1UsZpmsIQ6YkfgMDCIx95oS1W
quMdP1lMl8oiVky4rkQWU+D86dHwPw5X1nNqunDDL5uPPZ+gjsi5CHb1RvzkZafC
so+BH21CsREnZmZNA8QCTRfYS4DAzdEDJminN2xaFelDCwAyNJwbMimGOxN8TdPJ
8sNQf2vcQFUymRhaHR2yzm1NhTMLU5LPYZICHKdI9qeAbalMK/sER1j0EGRUPfdE
Enlkx7KAP5EvGu+rNcdlSCkR3CJFXL4ybzStQQvUFWMAK/vt2hk1NxEoLbRAPgg9
tVZJz43MKKsQc3STp1A1Xo0JUaBo6PLwydj8bBHYmjVy
-----END CERTIFICATE-----