Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/OAN6Jw81_7aj5c_92rtjdeLgY1Y.roa
File:                     OAN6Jw81_7aj5c_92rtjdeLgY1Y.roa (raw, json)
Hash identifier:          hkwtPLALbUBGnS4b6NiLXRM3FlHZ26ZqTepo0GwwE+E=
Subject key identifier:   38:03:7A:27:0F:35:FF:B6:A3:E5:CF:FD:DA:BB:63:75:E2:E0:63:56
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019319FC8CF0C74B11407B0784C51E975F41
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/OAN6Jw81_7aj5c_92rtjdeLgY1Y.roa
Signing time:             Mon 11 Nov 2024 06:50:01 +0000
ROA not before:           Mon 11 Nov 2024 06:50:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215171
IP address blocks:        80.71.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:19:fc:8c:f0:c7:4b:11:40:7b:07:84:c5:1e:97:5f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Nov 11 06:50:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38037a270f35ffb6a3e5cffddabb6375e2e06356
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:25:ea:71:03:c7:34:f3:0f:a5:50:19:cb:92:
                    8c:3e:f9:3d:2b:6e:c3:12:2b:d1:3d:8c:0b:d9:37:
                    35:7d:1a:28:3f:fc:07:89:c0:e6:0b:09:b6:fe:d2:
                    32:3c:fb:d5:02:f3:e4:f8:83:16:38:44:14:7b:4c:
                    53:e7:e8:09:3e:da:78:ee:a6:7b:e9:09:08:03:b3:
                    25:42:d3:07:a3:49:df:ff:c9:38:68:b1:23:0a:76:
                    19:1b:ee:1d:14:4b:49:16:33:c2:30:01:6d:9e:1d:
                    ea:3c:85:86:00:a2:f5:bd:be:a9:f4:d6:56:49:21:
                    61:5e:0b:d3:15:57:99:8a:e7:c9:6b:ce:57:7f:df:
                    a1:6b:c9:2c:7b:81:03:28:9f:b1:cb:7a:1a:53:48:
                    c4:23:ff:86:b5:b9:08:51:96:ec:1e:0e:bb:0c:8b:
                    f4:81:84:0a:90:b1:54:ec:79:6f:99:d5:1f:0b:f4:
                    37:85:56:a0:9b:10:93:ec:09:45:d6:20:a6:d2:de:
                    bf:de:62:fd:aa:f3:fe:66:2d:0b:08:23:c5:55:4c:
                    8d:2a:15:68:b0:0e:53:5a:02:9e:93:56:08:ea:76:
                    d7:77:d8:2a:ff:7e:5a:a0:03:6e:5e:df:49:f3:89:
                    f8:a2:14:80:6d:87:5f:60:1b:bc:bc:ed:71:7a:cf:
                    6c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:03:7A:27:0F:35:FF:B6:A3:E5:CF:FD:DA:BB:63:75:E2:E0:63:56
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/OAN6Jw81_7aj5c_92rtjdeLgY1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:c1:45:5f:06:17:33:62:79:3d:11:6a:ad:f9:7a:61:04:9e:
         7c:0e:09:5d:c0:21:0c:b3:80:3d:20:fc:eb:36:75:ce:ab:93:
         1c:87:52:49:1b:8f:dd:a6:1c:9d:03:9d:2e:cd:9f:03:c0:33:
         91:ca:06:aa:a4:7d:9b:9a:7c:fa:86:7a:61:87:63:78:a4:13:
         24:af:34:55:61:fb:f3:2a:f0:f2:54:a9:66:d6:3d:ff:9e:5d:
         0c:b3:37:02:f8:4a:7a:70:fa:95:86:43:bb:e3:08:db:7f:4c:
         1e:77:3e:ad:b0:bf:94:1a:39:09:08:f4:22:7c:51:6f:27:8a:
         d9:90:2f:94:e1:dd:c0:87:ae:5d:61:f0:44:63:e9:de:ab:ea:
         84:17:c7:1a:7b:ae:aa:85:f8:77:eb:69:ec:00:6a:85:ff:a6:
         e7:15:27:34:ec:bb:25:33:08:fd:f7:a5:cb:78:5e:ed:69:0b:
         58:a1:66:c2:ba:45:93:04:32:59:2d:22:7f:91:23:37:6e:86:
         7b:6e:2a:1a:42:d4:e9:cd:77:76:03:06:48:79:91:4d:ee:4a:
         64:23:a5:c8:1f:01:31:c5:5b:69:b3:7f:43:a7:2b:cb:bf:e8:
         74:7e:66:0e:fc:b6:19:43:9d:e1:3e:a6:43:0b:f0:7c:96:52:
         61:37:b6:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMZ/Izwx0sRQHsHhMUel19BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQxMTExMDY1MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODAzN2EyNzBmMzVmZmI2YTNlNWNmZmRkYWJiNjM3NWUyZTA2MzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiXqcQPHNPMPpVAZy5KMPvk9K27D
EivRPYwL2Tc1fRooP/wHicDmCwm2/tIyPPvVAvPk+IMWOEQUe0xT5+gJPtp47qZ7
6QkIA7MlQtMHo0nf/8k4aLEjCnYZG+4dFEtJFjPCMAFtnh3qPIWGAKL1vb6p9NZW
SSFhXgvTFVeZiufJa85Xf9+ha8kse4EDKJ+xy3oaU0jEI/+GtbkIUZbsHg67DIv0
gYQKkLFU7HlvmdUfC/Q3hVagmxCT7AlF1iCm0t6/3mL9qvP+Zi0LCCPFVUyNKhVo
sA5TWgKek1YI6nbXd9gq/35aoANuXt9J84n4ohSAbYdfYBu8vO1xes9szQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgDeicPNf+2o+XP/dq7Y3Xi4GNWMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvT0FONkp3ODFfN2FqNWNfOTJydGpkZUxnWTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEflMA0G
CSqGSIb3DQEBCwUAA4IBAQCYwUVfBhczYnk9EWqt+XphBJ58DgldwCEMs4A9IPzr
NnXOq5Mch1JJG4/dphydA50uzZ8DwDORygaqpH2bmnz6hnphh2N4pBMkrzRVYfvz
KvDyVKlm1j3/nl0MszcC+Ep6cPqVhkO74wjbf0wedz6tsL+UGjkJCPQifFFvJ4rZ
kC+U4d3Ah65dYfBEY+neq+qEF8cae66qhfh362nsAGqF/6bnFSc07LslMwj996XL
eF7taQtYoWbCukWTBDJZLSJ/kSM3boZ7bioaQtTpzXd2AwZIeZFN7kpkI6XIHwEx
xVtps39DpyvLv+h0fmYO/LYZQ53hPqZDC/B8llJhN7ZK
-----END CERTIFICATE-----