Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/BaN2SHSRmigZmqGETkS5UrgAXSc.roa
File:                     BaN2SHSRmigZmqGETkS5UrgAXSc.roa (raw, json)
Hash identifier:          3yRX5O5QrF9IQzLzpoXj+0AApPO0j2FXSTxiu9CkVlE=
Subject key identifier:   05:A3:76:48:74:91:9A:28:19:9A:A1:84:4E:44:B9:52:B8:00:5D:27
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018D44F6DE9F3FBAD35D4CAD74F8C025CD0C
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/BaN2SHSRmigZmqGETkS5UrgAXSc.roa
Signing time:             Fri 26 Jan 2024 08:50:45 +0000
ROA not before:           Fri 26 Jan 2024 08:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55154
IP address blocks:        80.71.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:44:f6:de:9f:3f:ba:d3:5d:4c:ad:74:f8:c0:25:cd:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan 26 08:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05a3764874919a28199aa1844e44b952b8005d27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:13:68:36:e0:b4:a3:4e:61:3f:bb:5e:18:43:
                    8d:e1:75:37:a2:03:47:02:f9:a3:c5:0d:2f:1e:2b:
                    cc:b0:bd:7d:5b:c6:02:d2:99:34:aa:83:70:62:48:
                    d9:37:b3:1c:24:ba:cd:9b:84:b1:58:91:0d:55:a7:
                    be:50:49:c7:07:21:3a:d9:66:1c:fd:e2:a3:89:b6:
                    9b:07:06:d8:4e:0f:f6:7d:8c:0e:eb:91:7d:90:64:
                    8e:03:4a:f8:4b:68:08:cd:9a:08:80:6e:dc:19:fc:
                    5f:5d:fd:54:31:62:b6:1d:0b:ca:fb:d0:d3:d8:ce:
                    23:df:01:05:5b:ae:ba:09:51:cb:2f:46:c5:9f:39:
                    46:5c:29:25:12:aa:cf:f4:c8:f9:ad:4c:fd:24:d1:
                    cd:31:a8:60:91:64:d2:8e:37:ce:61:96:1d:62:fe:
                    15:27:ec:9c:fc:d0:7f:01:82:e8:ef:93:4e:31:1f:
                    91:81:9c:fb:d5:6c:e8:b4:1c:08:00:b5:1c:84:e5:
                    f5:e3:68:8b:8c:b7:79:b9:c7:5b:66:d0:67:35:67:
                    c8:ae:84:78:b6:2c:88:5d:e1:ab:e5:8b:bd:81:cf:
                    b9:7a:bd:9d:56:f3:8c:36:96:9b:16:56:40:54:71:
                    1f:e1:8c:a0:49:f5:e8:1b:ed:bc:fb:04:7c:1d:12:
                    c4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A3:76:48:74:91:9A:28:19:9A:A1:84:4E:44:B9:52:B8:00:5D:27
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/BaN2SHSRmigZmqGETkS5UrgAXSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:b4:63:23:76:82:a6:db:3f:f4:94:84:7e:2f:31:ab:50:42:
         a4:dd:ac:13:11:72:98:21:2d:4b:93:d5:2e:1f:6e:f0:4f:92:
         df:5f:76:2f:63:8a:dc:a5:a2:fe:dc:57:40:3e:90:09:a5:4d:
         8a:b4:50:ce:52:64:6d:51:c0:08:04:34:61:99:e9:f9:4b:d1:
         a8:c4:7c:94:8f:b7:8c:04:ef:c2:26:1a:a2:10:1b:a3:0d:4e:
         2a:99:83:7d:9f:5c:78:77:61:83:83:f0:e3:74:2d:ce:08:6b:
         fc:2b:84:b0:ba:3f:6a:b0:31:f7:2d:81:91:bd:92:ae:2f:3a:
         6d:5c:1e:8f:08:ff:fb:9a:87:f4:45:38:96:e7:b6:f2:20:6e:
         20:ab:be:58:18:d2:3e:eb:78:6a:35:6f:b0:a4:07:e4:b4:20:
         b0:88:da:6a:70:68:10:f0:32:09:70:45:e0:fa:56:22:c5:97:
         89:52:83:e3:f7:31:5c:40:f8:7a:fc:b4:07:b5:e5:68:70:2c:
         56:9a:98:59:b1:37:74:8f:f0:fd:ac:51:ab:d2:44:a1:95:a9:
         47:e8:75:20:ca:dd:72:27:32:d4:6e:0d:9e:ce:41:d1:7a:d9:
         8f:44:3b:83:83:92:64:37:e8:2d:82:a4:82:8e:de:01:3e:c2:
         a1:59:f9:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1E9t6fP7rTXUytdPjAJc0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMTI2MDg1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWEzNzY0ODc0OTE5YTI4MTk5YWExODQ0ZTQ0Yjk1MmI4MDA1ZDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhNoNuC0o05hP7teGEON4XU3ogNH
AvmjxQ0vHivMsL19W8YC0pk0qoNwYkjZN7McJLrNm4SxWJENVae+UEnHByE62WYc
/eKjibabBwbYTg/2fYwO65F9kGSOA0r4S2gIzZoIgG7cGfxfXf1UMWK2HQvK+9DT
2M4j3wEFW666CVHLL0bFnzlGXCklEqrP9Mj5rUz9JNHNMahgkWTSjjfOYZYdYv4V
J+yc/NB/AYLo75NOMR+RgZz71WzotBwIALUchOX142iLjLd5ucdbZtBnNWfIroR4
tiyIXeGr5Yu9gc+5er2dVvOMNpabFlZAVHEf4YygSfXoG+28+wR8HRLEowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWjdkh0kZooGZqhhE5EuVK4AF0nMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvQmFOMlNIU1JtaWdabXFHRVRrUzVVcmdBWFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEfgMA0G
CSqGSIb3DQEBCwUAA4IBAQBjtGMjdoKm2z/0lIR+LzGrUEKk3awTEXKYIS1Lk9Uu
H27wT5LfX3YvY4rcpaL+3FdAPpAJpU2KtFDOUmRtUcAIBDRhmen5S9GoxHyUj7eM
BO/CJhqiEBujDU4qmYN9n1x4d2GDg/DjdC3OCGv8K4Swuj9qsDH3LYGRvZKuLzpt
XB6PCP/7mof0RTiW57byIG4gq75YGNI+63hqNW+wpAfktCCwiNpqcGgQ8DIJcEXg
+lYixZeJUoPj9zFcQPh6/LQHteVocCxWmphZsTd0j/D9rFGr0kShlalH6HUgyt1y
JzLUbg2ezkHRetmPRDuDg5JkN+gtgqSCjt4BPsKhWfkg
-----END CERTIFICATE-----