Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/3Wyu8LKaJIymBfME05UwUZ7jfWg.roa
File:                     3Wyu8LKaJIymBfME05UwUZ7jfWg.roa (raw, json)
Hash identifier:          lS1sn2D9+05c7WlW7Lrth8L3s9BErm1N0Hqhyoo/MK4=
Subject key identifier:   DD:6C:AE:F0:B2:9A:24:8C:A6:05:F3:04:D3:95:30:51:9E:E3:7D:68
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019169805217DBDBB7D8DBCE2D98705187FC
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/3Wyu8LKaJIymBfME05UwUZ7jfWg.roa
Signing time:             Mon 19 Aug 2024 07:18:22 +0000
ROA not before:           Mon 19 Aug 2024 07:18:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198883
IP address blocks:        80.71.237.0/24 maxlen: 24
                          80.71.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:69:80:52:17:db:db:b7:d8:db:ce:2d:98:70:51:87:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Aug 19 07:18:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd6caef0b29a248ca605f304d39530519ee37d68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e2:a9:ad:1e:12:89:3e:92:3d:83:cb:86:fd:
                    a9:29:a6:8e:c0:00:c6:78:9b:1d:16:36:c1:4e:39:
                    c6:a0:b9:ad:6e:45:e5:2b:58:76:27:d4:01:0a:88:
                    b2:7d:36:5b:bd:f6:01:ce:0d:83:ab:a4:0b:67:19:
                    52:38:1b:ab:0e:56:a8:db:4b:e9:95:e4:9f:33:c4:
                    e8:ed:c7:36:9b:e7:49:39:dd:70:4c:b5:8e:e5:56:
                    4e:b4:f6:23:5c:72:e0:fb:ca:4a:52:a6:52:60:c9:
                    15:d8:ee:96:a6:4c:12:93:d1:39:97:47:42:0f:c8:
                    17:9a:cf:7a:ef:d6:52:e1:9e:a3:f0:3d:5a:45:3e:
                    34:2f:71:21:94:4d:33:06:90:e2:6e:cf:a5:81:53:
                    cf:b1:1e:e8:aa:9d:d7:c4:74:b2:56:6c:14:c6:cb:
                    8e:e4:6f:8b:c8:dd:34:62:2e:b3:96:b0:b1:74:1c:
                    f5:cd:28:7f:25:d6:a6:00:35:ac:75:8b:63:d4:83:
                    7f:04:5a:30:7f:00:f4:c5:98:48:87:99:35:ef:96:
                    e0:23:3a:64:23:90:a8:2f:1d:ef:6b:93:54:93:bc:
                    2a:f2:15:63:15:60:48:97:0d:da:cf:85:83:b7:51:
                    31:7b:6c:18:fc:bb:46:64:5a:88:43:c4:51:a0:db:
                    41:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:6C:AE:F0:B2:9A:24:8C:A6:05:F3:04:D3:95:30:51:9E:E3:7D:68
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/3Wyu8LKaJIymBfME05UwUZ7jfWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.237.0/24
                  80.71.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:2c:81:a8:cf:81:13:8a:34:29:86:54:64:e1:89:3e:9a:85:
         73:c7:6c:b1:32:19:46:96:33:c1:69:d8:2d:e3:81:bf:3e:f5:
         4f:db:fd:36:82:e2:fb:8d:82:58:8a:36:29:c6:4e:ae:8e:b5:
         f5:2d:a5:23:c5:f4:4f:27:85:10:76:2f:c0:f3:e2:4e:ad:97:
         c7:ba:84:11:ee:64:31:c1:b7:24:de:72:ed:a7:9d:9f:8e:99:
         6b:28:74:7e:6b:95:45:ee:52:25:fd:58:56:56:44:d1:62:65:
         da:54:9e:07:cf:b5:09:af:b1:dd:ef:f0:86:d0:95:92:5f:93:
         f9:b2:ac:ca:0d:b8:fd:09:89:cd:d1:9b:55:a9:4c:8f:bf:10:
         bc:a1:9e:ee:c4:91:c8:df:1f:42:7b:06:bb:81:30:e6:e4:d3:
         cf:8b:be:e0:b2:6c:09:2f:6e:c5:bf:6e:4c:23:c5:9f:a8:80:
         e4:13:1a:b7:4a:da:c8:df:d5:9b:8b:39:e4:d4:0e:b6:0f:a6:
         81:ee:7d:32:71:91:63:c7:80:e1:8d:54:b3:49:79:fb:08:e9:
         66:81:d6:30:58:d2:77:44:ec:1e:d1:26:32:d1:f4:9a:10:4d:
         e7:a7:fa:83:d8:5a:e8:21:dd:64:e6:d0:c5:b1:3c:25:98:73:
         34:f1:71:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFpgFIX29u32NvOLZhwUYf8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwODE5MDcxODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDZjYWVmMGIyOWEyNDhjYTYwNWYzMDRkMzk1MzA1MTllZTM3ZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+KprR4SiT6SPYPLhv2pKaaOwADG
eJsdFjbBTjnGoLmtbkXlK1h2J9QBCoiyfTZbvfYBzg2Dq6QLZxlSOBurDlao20vp
leSfM8To7cc2m+dJOd1wTLWO5VZOtPYjXHLg+8pKUqZSYMkV2O6WpkwSk9E5l0dC
D8gXms9679ZS4Z6j8D1aRT40L3EhlE0zBpDibs+lgVPPsR7oqp3XxHSyVmwUxsuO
5G+LyN00Yi6zlrCxdBz1zSh/JdamADWsdYtj1IN/BFowfwD0xZhIh5k175bgIzpk
I5CoLx3va5NUk7wq8hVjFWBIlw3az4WDt1Exe2wY/LtGZFqIQ8RRoNtB0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN1srvCymiSMpgXzBNOVMFGe431oMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvM1d5dThMS2FKSXltQmZNRTA1VXdVWjdqZldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEftAwQA
UEfvMA0GCSqGSIb3DQEBCwUAA4IBAQCOLIGoz4ETijQphlRk4Yk+moVzx2yxMhlG
ljPBadgt44G/PvVP2/02guL7jYJYijYpxk6ujrX1LaUjxfRPJ4UQdi/A8+JOrZfH
uoQR7mQxwbck3nLtp52fjplrKHR+a5VF7lIl/VhWVkTRYmXaVJ4Hz7UJr7Hd7/CG
0JWSX5P5sqzKDbj9CYnN0ZtVqUyPvxC8oZ7uxJHI3x9Cewa7gTDm5NPPi77gsmwJ
L27Fv25MI8WfqIDkExq3StrI39Wbiznk1A62D6aB7n0ycZFjx4DhjVSzSXn7COlm
gdYwWNJ3ROwe0SYy0fSaEE3np/qD2FroId1k5tDFsTwlmHM08XF9
-----END CERTIFICATE-----