Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/p_itI6vifT_MfHfMTMDypqnNE9Y.roa
File:                     p_itI6vifT_MfHfMTMDypqnNE9Y.roa (raw, json)
Hash identifier:          taBWAcznx6Rz2Jsyi/lUq4i9UgLw7C7s7eybYu+aKGA=
Subject key identifier:   A7:F8:AD:23:AB:E2:7D:3F:CC:7C:77:CC:4C:C0:F2:A6:A9:CD:13:D6
Certificate issuer:       /CN=4e78b6d00614f5565d9d8af8247cc72ea9b8833d
Certificate serial:       0195D739E4BDF247EDB078FDD8EAC5028995
Authority key identifier: 4E:78:B6:D0:06:14:F5:56:5D:9D:8A:F8:24:7C:C7:2E:A9:B8:83:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tni20AYU9VZdnYr4JHzHLqm4gz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/p_itI6vifT_MfHfMTMDypqnNE9Y.roa
Signing time:             Thu 27 Mar 2025 10:50:50 +0000
ROA not before:           Thu 27 Mar 2025 10:50:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212734
IP address blocks:        80.92.200.0/24 maxlen: 24
                          80.92.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/Tni20AYU9VZdnYr4JHzHLqm4gz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/Tni20AYU9VZdnYr4JHzHLqm4gz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tni20AYU9VZdnYr4JHzHLqm4gz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d7:39:e4:bd:f2:47:ed:b0:78:fd:d8:ea:c5:02:89:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e78b6d00614f5565d9d8af8247cc72ea9b8833d
        Validity
            Not Before: Mar 27 10:50:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7f8ad23abe27d3fcc7c77cc4cc0f2a6a9cd13d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b7:99:f1:a8:2e:8d:7b:e1:e2:e2:2a:cf:f8:
                    b7:b6:39:87:e0:df:38:3c:bf:20:25:a4:48:8f:4d:
                    93:18:a4:21:0b:1d:a2:e2:fb:ea:cb:98:cc:d4:7a:
                    a4:b9:e8:07:bd:bf:ff:84:57:89:2f:f2:9a:98:89:
                    a2:1e:83:83:1b:5e:0c:03:51:fc:0c:d6:76:57:d6:
                    9f:b5:38:c2:0c:b2:ec:9b:4c:13:ed:0b:86:5a:6d:
                    b7:fb:ef:9e:a0:53:b9:8c:a0:34:8d:b1:55:ae:3f:
                    70:d3:e4:20:87:3c:9e:1c:81:ef:c7:f7:3f:e6:e5:
                    0e:ce:6c:b1:ae:1b:1d:98:13:c8:85:0a:1b:2e:11:
                    ce:23:68:fa:a1:71:b0:24:e2:37:03:7d:ec:d8:68:
                    78:ca:d1:70:0c:85:ed:90:33:4a:8b:b4:47:51:db:
                    1f:06:ce:f0:4e:9d:2e:54:1b:d1:55:e3:5b:11:f1:
                    5f:14:89:1a:cb:9b:6b:22:ec:68:3b:6a:2c:aa:00:
                    13:d0:51:56:3d:e7:a9:2a:73:ac:9e:78:92:16:a7:
                    b7:20:18:a8:b1:ad:0f:81:53:c4:96:98:0f:af:d4:
                    db:09:11:a4:bf:a9:07:0c:6b:5f:d9:3f:a6:61:49:
                    0b:f6:f4:fe:7d:51:b0:fb:d9:dd:40:e7:a1:a9:d2:
                    71:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F8:AD:23:AB:E2:7D:3F:CC:7C:77:CC:4C:C0:F2:A6:A9:CD:13:D6
            X509v3 Authority Key Identifier:
                keyid:4E:78:B6:D0:06:14:F5:56:5D:9D:8A:F8:24:7C:C7:2E:A9:B8:83:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tni20AYU9VZdnYr4JHzHLqm4gz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/p_itI6vifT_MfHfMTMDypqnNE9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cb8265-c632-4813-b858-def386743f32/1/Tni20AYU9VZdnYr4JHzHLqm4gz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.92.200.0/24
                  80.92.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:19:c4:eb:3a:b7:55:1b:1d:6b:6f:26:8a:22:b9:2b:35:76:
         4d:88:5f:f8:9a:57:cd:dc:13:b1:b4:de:a2:d6:85:fa:e8:ac:
         37:5e:32:52:80:d0:5b:16:a2:b4:4d:49:4a:d9:c0:bd:86:09:
         7d:db:09:fa:0d:6c:9d:96:27:e5:3e:46:93:a6:0b:af:0e:40:
         3b:03:75:4e:85:86:8b:f3:14:8e:5c:bc:36:5b:8b:95:7b:2a:
         ca:3f:0b:9c:70:37:3e:94:45:0d:5d:00:71:4c:10:2f:71:fd:
         bf:70:ff:40:1d:4c:03:8b:33:50:f0:1c:52:31:bf:29:2d:a0:
         17:be:5f:d7:bb:8e:70:80:6b:1d:4f:ce:49:c6:c8:a2:a7:66:
         01:d9:65:ff:c2:fb:e3:9a:86:a5:9a:0e:03:b1:74:fd:1f:a6:
         1e:c3:37:d3:89:58:a2:55:1b:21:17:d8:52:9b:ad:ab:e4:38:
         92:03:9e:f5:78:ac:fa:f7:bb:d0:5f:e7:b6:9d:5c:64:df:9e:
         ed:73:3d:ca:0c:38:97:ab:ee:29:e1:d4:35:62:ef:a2:f7:d8:
         03:12:ef:76:b4:4f:9d:de:74:df:7d:d3:bd:5d:90:57:c6:bc:
         1c:b5:84:f2:1b:6a:61:8e:ac:e4:c6:3b:c1:45:7f:7d:b9:2e:
         50:ee:56:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXXOeS98kftsHj92OrFAomVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNzhiNmQwMDYxNGY1NTY1ZDlkOGFmODI0N2NjNzJlYTli
ODgzM2QwHhcNMjUwMzI3MTA1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2Y4YWQyM2FiZTI3ZDNmY2M3Yzc3Y2M0Y2MwZjJhNmE5Y2QxM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbeZ8agujXvh4uIqz/i3tjmH4N84
PL8gJaRIj02TGKQhCx2i4vvqy5jM1HqkuegHvb//hFeJL/KamImiHoODG14MA1H8
DNZ2V9aftTjCDLLsm0wT7QuGWm23+++eoFO5jKA0jbFVrj9w0+QghzyeHIHvx/c/
5uUOzmyxrhsdmBPIhQobLhHOI2j6oXGwJOI3A33s2Gh4ytFwDIXtkDNKi7RHUdsf
Bs7wTp0uVBvRVeNbEfFfFIkay5trIuxoO2osqgAT0FFWPeepKnOsnniSFqe3IBio
sa0PgVPElpgPr9TbCRGkv6kHDGtf2T+mYUkL9vT+fVGw+9ndQOehqdJxjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKf4rSOr4n0/zHx3zEzA8qapzRPWMB8GA1UdIwQY
MBaAFE54ttAGFPVWXZ2K+CR8xy6puIM9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG5pMjBBWVU5VlpkbllyNEpIekhMcW00Z3owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9jYjgyNjUtYzYzMi00ODEzLWI4NTgt
ZGVmMzg2NzQzZjMyLzEvcF9pdEk2dmlmVF9NZkhmTVRNRHlwcW5ORTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9jYjgyNjUtYzYzMi00ODEzLWI4NTgtZGVmMzg2NzQzZjMy
LzEvVG5pMjBBWVU5VlpkbllyNEpIekhMcW00Z3owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUFzIAwQA
UFzLMA0GCSqGSIb3DQEBCwUAA4IBAQAYGcTrOrdVGx1rbyaKIrkrNXZNiF/4mlfN
3BOxtN6i1oX66Kw3XjJSgNBbFqK0TUlK2cC9hgl92wn6DWydliflPkaTpguvDkA7
A3VOhYaL8xSOXLw2W4uVeyrKPwuccDc+lEUNXQBxTBAvcf2/cP9AHUwDizNQ8BxS
Mb8pLaAXvl/Xu45wgGsdT85Jxsiip2YB2WX/wvvjmoalmg4DsXT9H6YewzfTiVii
VRshF9hSm62r5DiSA571eKz697vQX+e2nVxk357tcz3KDDiXq+4p4dQ1Yu+i99gD
Eu92tE+d3nTffdO9XZBXxrwctYTyG2phjqzkxjvBRX99uS5Q7lba
-----END CERTIFICATE-----