Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/snKK9GOQSHFim5mBO2Ciu_9DK3E.roa
File:                     snKK9GOQSHFim5mBO2Ciu_9DK3E.roa (raw, json)
Hash identifier:          R4PA+1wIy9SBYHNac3IHKhvJvmPa5zvDhBUSVeoVv7g=
Subject key identifier:   B2:72:8A:F4:63:90:48:71:62:9B:99:81:3B:60:A2:BB:FF:43:2B:71
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018CCA2A4634B14BB25E7DF52365581A96F1
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/snKK9GOQSHFim5mBO2Ciu_9DK3E.roa
Signing time:             Tue 02 Jan 2024 12:33:37 +0000
ROA not before:           Tue 02 Jan 2024 12:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198883
IP address blocks:        80.71.239.0/24 maxlen: 24
                          80.71.237.0/24 maxlen: 24
                          80.71.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:46:34:b1:4b:b2:5e:7d:f5:23:65:58:1a:96:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2728af463904871629b99813b60a2bbff432b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:cb:50:af:b5:c2:f0:68:ca:e7:5c:39:f6:97:
                    9f:f2:a4:2e:48:fb:8c:82:85:de:bd:a6:0d:1b:56:
                    b2:42:40:b5:52:38:8b:23:fc:9c:3a:1c:b1:0f:be:
                    67:65:56:a7:13:b6:6f:29:e2:13:19:db:1c:bc:d9:
                    fd:fc:26:c2:8f:a7:11:bd:d8:72:df:90:e3:58:fe:
                    7e:5b:6c:8c:ec:3e:84:2a:ab:ce:3b:9a:bc:a9:7f:
                    0c:12:d4:4a:0c:04:54:f6:83:20:05:d4:3b:87:2f:
                    17:27:68:21:08:93:8b:e9:bc:82:00:0f:5f:00:02:
                    ea:5f:54:9a:de:0a:25:2d:16:17:ee:c5:3b:5b:ef:
                    38:9d:07:05:d7:de:c8:09:64:75:7b:45:6f:a8:17:
                    f6:f0:61:d0:8f:eb:65:67:19:99:90:44:af:59:45:
                    93:67:e4:22:64:63:f4:39:4d:b6:bd:49:d0:9f:73:
                    a1:7e:73:23:16:46:c4:34:f2:ed:dd:26:da:d2:e3:
                    f9:ab:d4:3d:69:b1:2f:ff:2f:d4:6c:a0:33:8d:be:
                    48:db:09:c5:e5:4c:72:c0:e1:74:6f:62:25:0d:e2:
                    5c:44:f1:bf:5c:5b:04:c1:a5:7f:c0:60:ae:4e:f9:
                    ef:9a:b6:0f:86:12:16:db:42:b9:9d:2a:8f:8e:22:
                    fe:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:72:8A:F4:63:90:48:71:62:9B:99:81:3B:60:A2:BB:FF:43:2B:71
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/snKK9GOQSHFim5mBO2Ciu_9DK3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.234.0/24
                  80.71.237.0/24
                  80.71.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:8d:67:db:8b:e6:df:a0:c5:e6:76:2b:a1:ab:8d:c7:1d:c6:
         8b:91:b6:01:47:de:cb:f4:94:98:29:8b:78:2d:17:8d:95:bf:
         70:aa:2c:21:66:6c:99:65:a6:48:48:64:cb:cd:9e:c1:4b:62:
         e0:b4:a7:26:b3:0c:2a:91:83:43:f1:f7:32:c5:f4:ea:1f:82:
         4d:0d:fe:2a:4d:32:9f:32:fe:f9:74:29:87:45:a1:83:20:5a:
         55:39:2a:84:da:e0:3f:10:25:a8:0e:08:59:6a:42:3a:fb:76:
         1c:3c:9a:a6:b1:a3:7b:24:d8:b2:ce:0c:44:a7:ce:b7:28:4b:
         3c:54:34:39:e6:49:2c:f4:a7:68:45:85:99:68:d8:08:b1:5f:
         d6:6d:96:40:3e:9b:11:dd:84:ee:b9:fa:8d:c9:3a:bc:c2:dd:
         c4:f0:6d:81:a0:88:54:37:ef:ee:9f:f7:a4:8c:25:6e:6f:d3:
         d1:cd:c9:eb:12:22:90:17:ca:c4:9a:3b:b0:af:d2:5a:51:3b:
         cb:b8:fe:96:ef:12:c8:d6:10:94:a6:42:40:a5:8b:8a:85:6a:
         2e:16:4e:57:f7:0b:04:11:1d:fc:23:ce:5e:3b:84:e1:70:1d:
         46:ab:62:e4:65:f0:7c:80:b5:d0:b8:79:64:54:2b:8d:ed:f7:
         88:c5:ad:ce
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKkY0sUuyXn31I2VYGpbxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjcyOGFmNDYzOTA0ODcxNjI5Yjk5ODEzYjYwYTJiYmZmNDMyYjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgstQr7XC8GjK51w59pef8qQuSPuM
goXevaYNG1ayQkC1UjiLI/ycOhyxD75nZVanE7ZvKeITGdscvNn9/CbCj6cRvdhy
35DjWP5+W2yM7D6EKqvOO5q8qX8MEtRKDARU9oMgBdQ7hy8XJ2ghCJOL6byCAA9f
AALqX1Sa3golLRYX7sU7W+84nQcF197ICWR1e0VvqBf28GHQj+tlZxmZkESvWUWT
Z+QiZGP0OU22vUnQn3OhfnMjFkbENPLt3Sba0uP5q9Q9abEv/y/UbKAzjb5I2wnF
5UxywOF0b2IlDeJcRPG/XFsEwaV/wGCuTvnvmrYPhhIW20K5nSqPjiL+tQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLJyivRjkEhxYpuZgTtgorv/QytxMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvc25LSzlHT1FTSEZpbTVtQk8yQ2l1XzlESzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUEfqAwQA
UEftAwQAUEfvMA0GCSqGSIb3DQEBCwUAA4IBAQCdjWfbi+bfoMXmdiuhq43HHcaL
kbYBR97L9JSYKYt4LReNlb9wqiwhZmyZZaZISGTLzZ7BS2LgtKcmswwqkYND8fcy
xfTqH4JNDf4qTTKfMv75dCmHRaGDIFpVOSqE2uA/ECWoDghZakI6+3YcPJqmsaN7
JNiyzgxEp863KEs8VDQ55kks9KdoRYWZaNgIsV/WbZZAPpsR3YTuufqNyTq8wt3E
8G2BoIhUN+/un/ekjCVub9PRzcnrEiKQF8rEmjuwr9JaUTvLuP6W7xLI1hCUpkJA
pYuKhWouFk5X9wsEER38I85eO4ThcB1Gq2LkZfB8gLXQuHlkVCuN7feIxa3O
-----END CERTIFICATE-----