Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/yxdmuN0Ax2hqqXj37g9qa3ZZnAo.roa
File:                     yxdmuN0Ax2hqqXj37g9qa3ZZnAo.roa (raw, json)
Hash identifier:          QOKP1g+ey1Y3HcYF5aXodB8/GII8EEy//Zkwdc8bGkc=
Subject key identifier:   CB:17:66:B8:DD:00:C7:68:6A:A9:78:F7:EE:0F:6A:6B:76:59:9C:0A
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018E0643287900F9AD465048CA65DD804566
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/yxdmuN0Ax2hqqXj37g9qa3ZZnAo.roa
Signing time:             Sun 03 Mar 2024 21:40:48 +0000
ROA not before:           Sun 03 Mar 2024 21:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211895
IP address blocks:        80.71.227.0/24 maxlen: 24
                          80.71.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:06:43:28:79:00:f9:ad:46:50:48:ca:65:dd:80:45:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Mar  3 21:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb1766b8dd00c7686aa978f7ee0f6a6b76599c0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c6:d0:aa:f9:24:f7:fe:40:21:fb:d7:24:9f:
                    5a:36:d0:56:0f:ad:b0:8d:0d:a9:86:ac:5a:f6:ff:
                    5a:b3:16:0d:a2:74:f7:c7:8d:8b:ab:ba:24:1c:b7:
                    b1:34:d4:ce:9e:be:c4:4e:f7:fe:3f:49:c3:fd:ef:
                    2a:f7:24:19:53:b7:de:60:ea:ef:6d:46:92:98:94:
                    4a:b3:4e:b8:5d:73:95:60:ea:41:0e:9a:8e:9d:d8:
                    2c:75:2c:12:0b:1d:cd:f9:32:e2:bd:1c:f7:c4:d8:
                    15:8a:1b:02:3c:5e:c8:91:6c:e5:30:d0:4a:ab:b7:
                    3c:a5:f4:41:de:ae:63:2d:8c:6a:63:f5:04:b8:03:
                    83:17:17:04:fb:ec:a3:41:23:02:e2:25:5d:94:51:
                    1c:6b:cd:1d:93:29:6d:15:30:10:a8:de:1a:af:84:
                    7c:f4:14:ba:e7:35:c4:a7:de:b0:1c:97:0d:9c:18:
                    63:37:30:59:f5:3e:45:de:aa:91:4e:96:70:45:b5:
                    44:19:d1:bd:e4:ac:c0:b0:aa:7b:33:e2:ac:c7:a4:
                    d0:54:5e:ea:8e:dc:12:b7:70:54:ac:b6:0a:91:22:
                    f5:ec:56:f5:84:82:92:be:65:34:9e:01:8f:0e:75:
                    13:b3:1a:2d:26:11:23:0e:5d:64:52:dd:20:7a:da:
                    67:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:17:66:B8:DD:00:C7:68:6A:A9:78:F7:EE:0F:6A:6B:76:59:9C:0A
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/yxdmuN0Ax2hqqXj37g9qa3ZZnAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.227.0/24
                  80.71.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:51:fd:46:61:56:78:e9:cf:cc:a8:90:ef:7a:b5:0f:d4:b8:
         cf:69:38:47:3c:c4:ff:e3:65:53:21:71:99:08:08:01:ac:a1:
         3d:68:e6:ae:14:d2:c3:b4:41:87:f0:21:bf:a3:ac:f3:2e:62:
         12:05:b7:ee:d2:72:86:0e:c2:37:8f:62:4f:ea:60:a8:ef:39:
         8a:45:49:1d:55:56:14:80:4a:81:7e:dd:87:98:d9:84:cb:39:
         b6:e9:07:a7:03:5d:00:1e:86:0d:cd:c0:a1:c0:ee:3c:e5:cd:
         1c:29:0d:a7:72:06:4a:f7:68:45:48:e1:92:3d:0e:f0:ad:6b:
         a5:33:e1:7c:ec:52:6b:dd:0a:35:9c:e9:e9:7d:81:72:b9:94:
         7b:c0:50:61:1d:d8:58:dd:1a:42:cc:79:65:c8:63:c7:2e:41:
         6c:aa:0a:a1:2a:05:20:5b:96:b7:ba:d8:6a:e0:dd:ab:ef:92:
         8b:bd:14:28:04:b6:ec:ed:0c:a9:11:8e:77:a8:93:bc:11:f8:
         9f:ef:b4:8e:a1:43:1d:e6:99:4c:71:47:d2:bf:b6:cd:82:9d:
         4f:44:60:e7:41:6c:42:32:a1:a6:fe:f4:cf:e7:be:ca:22:68:
         00:8f:fd:f1:66:f9:cc:ec:0f:9d:19:4d:e6:d2:5c:24:a8:65:
         bd:89:b2:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4GQyh5APmtRlBIymXdgEVmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMzAzMjE0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjE3NjZiOGRkMDBjNzY4NmFhOTc4ZjdlZTBmNmE2Yjc2NTk5YzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsbQqvkk9/5AIfvXJJ9aNtBWD62w
jQ2phqxa9v9asxYNonT3x42Lq7okHLexNNTOnr7ETvf+P0nD/e8q9yQZU7feYOrv
bUaSmJRKs064XXOVYOpBDpqOndgsdSwSCx3N+TLivRz3xNgVihsCPF7IkWzlMNBK
q7c8pfRB3q5jLYxqY/UEuAODFxcE++yjQSMC4iVdlFEca80dkyltFTAQqN4ar4R8
9BS65zXEp96wHJcNnBhjNzBZ9T5F3qqRTpZwRbVEGdG95KzAsKp7M+Ksx6TQVF7q
jtwSt3BUrLYKkSL17Fb1hIKSvmU0ngGPDnUTsxotJhEjDl1kUt0getpn0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMsXZrjdAMdoaql49+4Pamt2WZwKMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEveXhkbXVOMEF4MmhxcVhqMzdnOXFhM1pabkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEfjAwQA
UEfoMA0GCSqGSIb3DQEBCwUAA4IBAQBZUf1GYVZ46c/MqJDverUP1LjPaThHPMT/
42VTIXGZCAgBrKE9aOauFNLDtEGH8CG/o6zzLmISBbfu0nKGDsI3j2JP6mCo7zmK
RUkdVVYUgEqBft2HmNmEyzm26QenA10AHoYNzcChwO485c0cKQ2ncgZK92hFSOGS
PQ7wrWulM+F87FJr3Qo1nOnpfYFyuZR7wFBhHdhY3RpCzHllyGPHLkFsqgqhKgUg
W5a3uthq4N2r75KLvRQoBLbs7QypEY53qJO8Efif77SOoUMd5plMcUfSv7bNgp1P
RGDnQWxCMqGm/vTP577KImgAj/3xZvnM7A+dGU3m0lwkqGW9ibIm
-----END CERTIFICATE-----