Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/AZCIbV1AjNVpLGvcP33omOVz8Gc.roa
File:                     AZCIbV1AjNVpLGvcP33omOVz8Gc.roa (raw, json)
Hash identifier:          vw/NrSezF90xzZMYh5Kpw4JIpfWEYSz25E42iMGblC0=
Subject key identifier:   01:90:88:6D:5D:40:8C:D5:69:2C:6B:DC:3F:7D:E8:98:E5:73:F0:67
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018CCA2A4911D7FFA489435850D0DC6B74C1
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/AZCIbV1AjNVpLGvcP33omOVz8Gc.roa
Signing time:             Tue 02 Jan 2024 12:33:37 +0000
ROA not before:           Tue 02 Jan 2024 12:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        80.71.239.0/24 maxlen: 24
                          80.71.237.0/24 maxlen: 24
                          80.71.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 11:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:49:11:d7:ff:a4:89:43:58:50:d0:dc:6b:74:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0190886d5d408cd5692c6bdc3f7de898e573f067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:74:68:4e:b9:86:36:1f:a0:19:83:f0:d7:7b:
                    f1:fc:4d:a6:87:5c:4b:79:8a:8b:a5:9c:ce:45:ee:
                    01:ed:61:06:94:df:65:56:54:20:7a:61:af:25:b1:
                    65:58:45:41:ad:71:fa:62:bd:c1:a9:7e:ef:87:6e:
                    31:0d:03:76:af:a1:c7:c8:60:74:2c:46:a4:a8:19:
                    23:fd:94:3c:bc:a9:e1:84:8e:a2:61:0b:b0:3e:75:
                    06:1c:94:55:c8:12:18:d3:15:d9:6b:6f:60:51:88:
                    b3:7f:80:1f:0e:86:d7:47:e9:01:24:f9:d3:78:5c:
                    34:d6:7a:d8:9f:0e:59:4d:7f:a8:40:ec:e9:1a:9f:
                    23:21:b2:4b:0e:2e:68:99:9a:d3:62:bb:85:8e:62:
                    c9:ef:ad:68:66:31:0c:0e:83:3e:77:1b:6d:2d:8c:
                    f6:f3:7d:21:df:e6:82:37:96:6c:69:76:19:b0:d7:
                    f9:b2:20:56:01:2d:6d:92:a7:f6:95:31:38:08:c6:
                    15:96:ab:b7:5b:4e:c6:72:1c:2e:8c:c0:9f:b0:48:
                    00:8b:52:5a:a5:42:37:cd:83:df:ec:4c:f1:a7:f4:
                    72:57:3a:72:14:47:cb:d3:1b:5e:d8:63:00:6a:55:
                    04:2a:b1:e8:64:73:cc:f1:0e:6b:71:69:d3:24:5b:
                    b2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:90:88:6D:5D:40:8C:D5:69:2C:6B:DC:3F:7D:E8:98:E5:73:F0:67
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/AZCIbV1AjNVpLGvcP33omOVz8Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.234.0/24
                  80.71.237.0/24
                  80.71.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:45:94:9c:a6:80:65:c0:2a:df:c3:03:1f:0c:5c:93:1b:19:
         86:5a:56:0f:a2:c6:3f:37:d5:81:2f:48:ab:22:8b:f5:df:70:
         3e:d7:43:39:37:f7:d8:83:fc:fb:69:67:9d:2c:77:ff:73:0e:
         68:94:04:f2:eb:6b:b2:65:45:88:b0:13:ab:a1:c7:e0:80:9d:
         73:9f:68:bd:e2:f7:d5:2c:c6:a6:06:88:ab:a1:01:3f:68:50:
         d7:8c:a8:d5:90:fd:06:03:cb:3e:28:0e:ae:c1:09:19:af:51:
         06:ea:b3:56:4d:14:4b:12:6a:9f:cc:6a:cb:f2:79:bd:8d:fd:
         1f:82:00:27:d0:07:9a:b6:6b:58:80:65:40:df:ca:83:23:d0:
         d6:45:79:5f:ad:a0:84:a5:ed:ba:8f:a9:cc:98:89:a1:70:85:
         1c:4d:ca:12:be:ae:68:ec:f3:ef:ea:e3:20:40:7c:1c:df:1e:
         67:eb:d5:93:f5:71:89:82:94:53:12:2d:c7:4f:cc:49:80:47:
         a8:11:95:45:77:91:23:d2:20:ac:7b:6a:c9:e6:76:1e:75:94:
         e3:10:e4:80:d7:02:c3:21:ae:1c:89:ef:63:ac:9d:c0:53:4a:
         5c:36:64:60:ec:6b:fd:fe:92:36:99:7c:82:b9:66:ed:9d:9f:
         eb:ce:bf:c7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKkkR1/+kiUNYUNDca3TBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTkwODg2ZDVkNDA4Y2Q1NjkyYzZiZGMzZjdkZTg5OGU1NzNmMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3RoTrmGNh+gGYPw13vx/E2mh1xL
eYqLpZzORe4B7WEGlN9lVlQgemGvJbFlWEVBrXH6Yr3BqX7vh24xDQN2r6HHyGB0
LEakqBkj/ZQ8vKnhhI6iYQuwPnUGHJRVyBIY0xXZa29gUYizf4AfDobXR+kBJPnT
eFw01nrYnw5ZTX+oQOzpGp8jIbJLDi5omZrTYruFjmLJ761oZjEMDoM+dxttLYz2
830h3+aCN5ZsaXYZsNf5siBWAS1tkqf2lTE4CMYVlqu3W07GchwujMCfsEgAi1Ja
pUI3zYPf7Ezxp/RyVzpyFEfL0xte2GMAalUEKrHoZHPM8Q5rcWnTJFuypQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAGQiG1dQIzVaSxr3D996Jjlc/BnMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvQVpDSWJWMUFqTlZwTEd2Y1AzM29tT1Z6OEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUEfqAwQA
UEftAwQAUEfvMA0GCSqGSIb3DQEBCwUAA4IBAQCHRZScpoBlwCrfwwMfDFyTGxmG
WlYPosY/N9WBL0irIov133A+10M5N/fYg/z7aWedLHf/cw5olATy62uyZUWIsBOr
ocfggJ1zn2i94vfVLMamBoiroQE/aFDXjKjVkP0GA8s+KA6uwQkZr1EG6rNWTRRL
EmqfzGrL8nm9jf0fggAn0AeatmtYgGVA38qDI9DWRXlfraCEpe26j6nMmImhcIUc
TcoSvq5o7PPv6uMgQHwc3x5n69WT9XGJgpRTEi3HT8xJgEeoEZVFd5Ej0iCse2rJ
5nYedZTjEOSA1wLDIa4cie9jrJ3AU0pcNmRg7Gv9/pI2mXyCuWbtnZ/rzr/H
-----END CERTIFICATE-----