Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/vu3gXxNtqWeVKe4P2LSMHjwmk90.roa
File:                     vu3gXxNtqWeVKe4P2LSMHjwmk90.roa (raw, json)
Hash identifier:          yPp4Qt4ICx9Z3QKMiO76AjMJPiTd6H2m5YPVIHkBo1g=
Subject key identifier:   BE:ED:E0:5F:13:6D:A9:67:95:29:EE:0F:D8:B4:8C:1E:3C:26:93:DD
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019423D6D60903E7B3287CE2C4FBC102497F
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/vu3gXxNtqWeVKe4P2LSMHjwmk90.roa
Signing time:             Wed 01 Jan 2025 21:47:49 +0000
ROA not before:           Wed 01 Jan 2025 21:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198883
IP address blocks:        80.71.237.0/24 maxlen: 24
                          80.71.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d6:09:03:e7:b3:28:7c:e2:c4:fb:c1:02:49:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  1 21:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=beede05f136da9679529ee0fd8b48c1e3c2693dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c3:df:9b:21:06:ae:53:95:95:a3:d1:cf:07:
                    5f:1d:81:14:72:39:c4:cf:41:c4:d6:ea:78:ac:6b:
                    c3:d8:24:29:8d:64:fb:19:fb:78:d2:b1:d3:aa:1c:
                    64:2e:10:9b:52:62:63:6b:9c:15:57:e4:24:39:ed:
                    41:6f:08:e4:88:ba:7f:70:9b:85:63:4f:71:57:23:
                    b7:c8:24:88:e0:92:27:96:e7:11:03:6d:7e:40:31:
                    06:f8:a7:35:df:9b:e1:96:28:42:f3:3a:87:a3:33:
                    f0:1e:8f:de:4a:09:18:03:65:cb:e8:1d:f9:2e:d3:
                    81:8d:69:e1:6d:4f:32:17:6d:05:d3:e7:e7:fd:9c:
                    cd:4a:ab:63:af:66:71:dc:e9:ec:ea:13:43:8d:67:
                    b9:a3:42:28:56:92:44:d4:14:4d:86:16:ef:c5:e2:
                    ed:0d:35:4d:f5:72:d8:15:af:b2:85:29:77:14:48:
                    b6:47:c7:c2:57:f4:d4:eb:57:64:98:41:14:3e:14:
                    fe:6f:46:f3:c2:d0:a7:a7:44:30:5c:ed:72:98:94:
                    82:6e:2c:80:9a:94:ad:1a:84:10:fe:f7:26:70:83:
                    1e:c1:af:e2:3c:bc:52:80:fa:39:af:97:1c:51:eb:
                    21:64:f1:c7:08:0d:5a:87:17:b1:d2:e7:af:e5:96:
                    97:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:ED:E0:5F:13:6D:A9:67:95:29:EE:0F:D8:B4:8C:1E:3C:26:93:DD
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/vu3gXxNtqWeVKe4P2LSMHjwmk90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.237.0/24
                  80.71.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:bd:25:9a:18:2f:ed:26:e5:3a:07:3b:c3:fa:da:66:32:f6:
         ee:f1:ba:54:d5:0a:c9:ef:3d:4a:75:59:61:ce:c0:82:a5:ee:
         0b:fc:e1:6c:d6:d1:3e:b8:be:c8:1e:3a:f5:73:48:e7:2c:31:
         72:34:45:39:42:e1:e2:c0:a1:af:c7:47:a1:58:fb:e9:35:c5:
         b0:f9:58:56:23:c4:ed:40:6e:15:d6:cf:27:93:21:a2:63:80:
         8e:37:79:3a:66:20:82:6b:9a:fd:31:b6:41:2d:f1:df:28:54:
         f9:d4:96:35:b0:03:6f:17:10:bb:37:f1:9f:df:17:6e:74:3b:
         be:75:ee:c6:42:3b:b9:ae:7c:24:ac:2a:43:78:4d:5e:72:51:
         2a:09:cc:30:45:fb:f6:ef:01:99:f7:67:dd:c9:63:dd:83:cc:
         a2:ef:e9:7e:f0:e8:81:f5:ee:91:1d:04:cd:1f:df:d7:39:68:
         25:0c:d3:d5:c9:c2:99:67:a5:1b:26:37:c4:3e:e1:29:09:a4:
         29:f6:74:53:8a:c0:c0:bf:c0:9f:f8:a4:3b:14:55:0d:ce:ad:
         48:64:0d:bc:f6:b7:8b:84:9f:ce:d0:2a:51:7b:1d:bb:1e:cf:
         4d:d8:0d:7d:b9:42:03:43:16:26:fa:33:35:0f:ac:c0:af:dd:
         18:7b:b0:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1tYJA+ezKHzixPvBAkl/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjUwMTAxMjE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWVkZTA1ZjEzNmRhOTY3OTUyOWVlMGZkOGI0OGMxZTNjMjY5M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMPfmyEGrlOVlaPRzwdfHYEUcjnE
z0HE1up4rGvD2CQpjWT7Gft40rHTqhxkLhCbUmJja5wVV+QkOe1BbwjkiLp/cJuF
Y09xVyO3yCSI4JInlucRA21+QDEG+Kc135vhlihC8zqHozPwHo/eSgkYA2XL6B35
LtOBjWnhbU8yF20F0+fn/ZzNSqtjr2Zx3Ons6hNDjWe5o0IoVpJE1BRNhhbvxeLt
DTVN9XLYFa+yhSl3FEi2R8fCV/TU61dkmEEUPhT+b0bzwtCnp0QwXO1ymJSCbiyA
mpStGoQQ/vcmcIMewa/iPLxSgPo5r5ccUeshZPHHCA1ahxex0uev5ZaXoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL7t4F8TbalnlSnuD9i0jB48JpPdMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvdnUzZ1h4TnRxV2VWS2U0UDJMU01IandtazkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEftAwQA
UEfvMA0GCSqGSIb3DQEBCwUAA4IBAQAWvSWaGC/tJuU6BzvD+tpmMvbu8bpU1QrJ
7z1KdVlhzsCCpe4L/OFs1tE+uL7IHjr1c0jnLDFyNEU5QuHiwKGvx0ehWPvpNcWw
+VhWI8TtQG4V1s8nkyGiY4CON3k6ZiCCa5r9MbZBLfHfKFT51JY1sANvFxC7N/Gf
3xdudDu+de7GQju5rnwkrCpDeE1eclEqCcwwRfv27wGZ92fdyWPdg8yi7+l+8OiB
9e6RHQTNH9/XOWglDNPVycKZZ6UbJjfEPuEpCaQp9nRTisDAv8Cf+KQ7FFUNzq1I
ZA289reLhJ/O0CpRex27Hs9N2A19uUIDQxYm+jM1D6zAr90Ye7A4
-----END CERTIFICATE-----