Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/0UtAAwuWtglJuf67yxMctPzPq7I.roa
File:                     0UtAAwuWtglJuf67yxMctPzPq7I.roa (raw, json)
Hash identifier:          noP3LEoxbmhVQLjGw4L6WYe7t8jyaSHbnOdoEAZKAiw=
Subject key identifier:   D1:4B:40:03:0B:96:B6:09:49:B9:FE:BB:CB:13:1C:B4:FC:CF:AB:B2
Certificate issuer:       /CN=241ed58e426975e299875897caff9552640d9c09
Certificate serial:       019420D5C00F21B97BA56AA84B72D7FC9863
Authority key identifier: 24:1E:D5:8E:42:69:75:E2:99:87:58:97:CA:FF:95:52:64:0D:9C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JB7VjkJpdeKZh1iXyv-VUmQNnAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/0UtAAwuWtglJuf67yxMctPzPq7I.roa
Signing time:             Wed 01 Jan 2025 07:47:46 +0000
ROA not before:           Wed 01 Jan 2025 07:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15826
IP address blocks:        80.247.224.0/20 maxlen: 20
                          185.20.84.0/22 maxlen: 22
                          2a00:1a60::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/JB7VjkJpdeKZh1iXyv-VUmQNnAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/JB7VjkJpdeKZh1iXyv-VUmQNnAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JB7VjkJpdeKZh1iXyv-VUmQNnAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c0:0f:21:b9:7b:a5:6a:a8:4b:72:d7:fc:98:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=241ed58e426975e299875897caff9552640d9c09
        Validity
            Not Before: Jan  1 07:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d14b40030b96b60949b9febbcb131cb4fccfabb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c2:8d:ee:3e:a5:9a:bc:c9:1f:1e:07:a5:9a:
                    ae:84:ef:e4:e2:4b:f3:34:e1:2e:00:9d:7d:b0:50:
                    92:9e:0e:7c:0e:c7:0f:4d:51:81:d9:ae:43:d9:78:
                    1e:67:71:59:a5:ae:c9:33:fa:f3:eb:b3:04:93:9b:
                    62:39:5d:dc:cd:c7:71:e6:54:ee:7a:7a:83:7c:dd:
                    69:da:57:e0:9a:0e:49:45:2a:6b:f5:c1:11:49:56:
                    13:12:7f:1c:75:54:b5:2e:92:fb:3e:6d:5d:ab:1f:
                    bf:3e:88:78:70:0f:10:9f:19:90:d2:20:bb:29:94:
                    e5:c3:15:90:35:db:cd:c0:8c:aa:f9:92:e8:51:de:
                    27:21:11:eb:9d:c5:dc:b6:5e:38:f7:48:bc:83:b2:
                    da:f4:fd:77:59:7d:fa:c7:03:6d:56:c1:db:8d:e5:
                    e7:ab:ef:67:af:2a:ba:17:b6:a6:00:b7:c4:55:43:
                    36:52:31:30:fe:2e:1a:3b:ae:dc:61:ca:b7:ac:5e:
                    b1:19:46:6a:14:72:d7:76:cb:c9:3b:05:53:e3:81:
                    f7:07:5e:b3:f5:2e:56:09:88:78:6e:0d:a0:f3:bd:
                    12:bd:a2:1c:3e:f8:64:ec:e8:e2:5e:fa:6a:43:5e:
                    a6:cd:55:d2:96:68:2c:d0:e8:c8:18:d2:06:96:00:
                    b6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:4B:40:03:0B:96:B6:09:49:B9:FE:BB:CB:13:1C:B4:FC:CF:AB:B2
            X509v3 Authority Key Identifier:
                keyid:24:1E:D5:8E:42:69:75:E2:99:87:58:97:CA:FF:95:52:64:0D:9C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JB7VjkJpdeKZh1iXyv-VUmQNnAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/0UtAAwuWtglJuf67yxMctPzPq7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/JB7VjkJpdeKZh1iXyv-VUmQNnAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.247.224.0/20
                  185.20.84.0/22
                IPv6:
                  2a00:1a60::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:ac:0b:55:85:71:e9:90:ff:f3:3f:0d:34:41:77:9e:35:7c:
         ea:e5:50:d5:61:bb:3e:ed:81:3d:e1:9c:2c:9f:a7:58:ac:ff:
         cd:8d:38:1f:28:01:41:4c:9d:66:0a:ed:72:7b:fb:2e:75:74:
         42:53:c3:23:ad:42:26:63:d3:61:76:f1:ee:b7:99:fc:80:af:
         cd:ed:07:a1:c8:d6:b6:ed:95:03:cd:b3:53:4d:93:8e:46:e4:
         1f:d2:4e:83:d4:73:30:f3:96:2b:c2:2f:ae:3d:b7:07:50:3b:
         5d:b4:2c:8b:2d:97:8c:b1:17:05:93:2b:bb:a3:fa:51:bd:68:
         20:a8:88:3d:ac:05:1b:d9:9e:8c:7f:11:3d:90:f0:18:3d:a6:
         dd:b3:52:51:8f:76:a5:ab:d5:ed:37:23:76:99:27:86:d3:fb:
         79:4d:7e:31:ff:ca:c2:a1:6c:f4:52:85:3f:bf:30:b8:5c:e5:
         6b:31:5e:50:cd:5d:57:02:cb:cd:b3:55:83:bb:31:70:45:81:
         91:39:39:0f:3b:a3:33:6d:4a:29:c7:c7:53:66:ee:ca:06:2e:
         0d:dc:20:a0:ed:0a:09:a0:72:20:da:59:b2:89:06:70:ba:33:
         f6:bd:08:7c:b4:2f:9e:b7:1b:cb:c9:21:13:97:cc:d4:d7:ef:
         ba:f6:fc:f2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1cAPIbl7pWqoS3LX/JhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MWVkNThlNDI2OTc1ZTI5OTg3NTg5N2NhZmY5NTUyNjQw
ZDljMDkwHhcNMjUwMTAxMDc0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTRiNDAwMzBiOTZiNjA5NDliOWZlYmJjYjEzMWNiNGZjY2ZhYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMKN7j6lmrzJHx4HpZquhO/k4kvz
NOEuAJ19sFCSng58DscPTVGB2a5D2XgeZ3FZpa7JM/rz67MEk5tiOV3czcdx5lTu
enqDfN1p2lfgmg5JRSpr9cERSVYTEn8cdVS1LpL7Pm1dqx+/Poh4cA8QnxmQ0iC7
KZTlwxWQNdvNwIyq+ZLoUd4nIRHrncXctl4490i8g7La9P13WX36xwNtVsHbjeXn
q+9nryq6F7amALfEVUM2UjEw/i4aO67cYcq3rF6xGUZqFHLXdsvJOwVT44H3B16z
9S5WCYh4bg2g870SvaIcPvhk7OjiXvpqQ16mzVXSlmgs0OjIGNIGlgC2JQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNFLQAMLlrYJSbn+u8sTHLT8z6uyMB8GA1UdIwQY
MBaAFCQe1Y5CaXXimYdYl8r/lVJkDZwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkI3VmprSnBkZUtaaDFpWHl2LVZVbVFObkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9mNWRjNjItYmU2OC00NjYzLTg0ZGUt
NTU0NWI4OTAxNDM4LzEvMFV0QUF3dVd0Z2xKdWY2N3l4TWN0UHpQcTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9mNWRjNjItYmU2OC00NjYzLTg0ZGUtNTU0NWI4OTAxNDM4
LzEvSkI3VmprSnBkZUtaaDFpWHl2LVZVbVFObkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUPfgAwQC
uRRUMA0EAgACMAcDBQAqABpgMA0GCSqGSIb3DQEBCwUAA4IBAQCOrAtVhXHpkP/z
Pw00QXeeNXzq5VDVYbs+7YE94Zwsn6dYrP/NjTgfKAFBTJ1mCu1ye/sudXRCU8Mj
rUImY9NhdvHut5n8gK/N7QehyNa27ZUDzbNTTZOORuQf0k6D1HMw85Yrwi+uPbcH
UDtdtCyLLZeMsRcFkyu7o/pRvWggqIg9rAUb2Z6MfxE9kPAYPabds1JRj3alq9Xt
NyN2mSeG0/t5TX4x/8rCoWz0UoU/vzC4XOVrMV5QzV1XAsvNs1WDuzFwRYGROTkP
O6MzbUopx8dTZu7KBi4N3CCg7QoJoHIg2lmyiQZwujP2vQh8tC+etxvLySETl8zU
1++69vzy
-----END CERTIFICATE-----