Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/L0GDatD08WFJFsqxic31gGydqlo.roa
File:                     L0GDatD08WFJFsqxic31gGydqlo.roa (raw, json)
Hash identifier:          kwHKbcS2w+/sr0jHsvjvrp84z0KRAbu8ILoylARgI5k=
Subject key identifier:   2F:41:83:6A:D0:F4:F1:61:49:16:CA:B1:89:CD:F5:80:6C:9D:AA:5A
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019A224BC7F8C819ABFCEED784659DB5A255
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/L0GDatD08WFJFsqxic31gGydqlo.roa
Signing time:             Sun 26 Oct 2025 20:53:03 +0000
ROA not before:           Sun 26 Oct 2025 20:53:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        80.83.88.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:22:4b:c7:f8:c8:19:ab:fc:ee:d7:84:65:9d:b5:a2:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Oct 26 20:53:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f41836ad0f4f1614916cab189cdf5806c9daa5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:cc:fc:00:28:72:ad:d3:98:61:25:10:51:27:
                    a0:b2:98:02:b6:be:d7:d5:23:9b:24:8e:30:f9:eb:
                    48:4d:7f:d5:1c:37:4a:f5:84:c5:7f:30:02:ef:92:
                    14:85:78:b7:91:50:b0:7b:36:b3:52:df:43:8b:ec:
                    f8:37:16:c6:ed:0a:12:96:1d:a0:b8:44:c6:46:02:
                    33:92:0e:33:22:40:db:f4:38:00:1c:39:11:0e:78:
                    56:cd:1f:e0:d4:74:a1:25:d4:34:22:88:0b:7c:99:
                    41:e8:63:5a:0c:d0:ba:b1:d6:55:21:c2:17:c8:3f:
                    aa:a2:58:fe:3d:85:52:93:51:1e:29:17:a7:e0:69:
                    4e:ba:7e:fe:f5:b9:7c:b0:7f:b5:c5:3f:7e:b3:97:
                    0e:94:fa:8f:05:1e:dd:89:c3:fb:ed:7c:26:30:f3:
                    bc:7e:75:b1:7b:1f:b5:07:52:9f:ab:97:5f:ab:18:
                    a7:d6:76:30:7c:d6:88:8f:9d:ce:c8:c8:d5:a1:a4:
                    8d:44:bb:29:73:43:b1:94:40:9d:ae:1b:60:b6:33:
                    16:e1:f0:ce:e7:48:b0:c1:00:c2:77:55:89:0f:2b:
                    78:e9:3e:6f:c2:ff:3b:de:9f:48:39:d9:95:a8:36:
                    31:ad:36:d1:a9:d0:35:88:b9:93:6a:e0:da:21:29:
                    84:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:41:83:6A:D0:F4:F1:61:49:16:CA:B1:89:CD:F5:80:6C:9D:AA:5A
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/L0GDatD08WFJFsqxic31gGydqlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:bd:67:23:61:01:60:f9:f4:32:5d:84:aa:4d:91:61:fe:97:
         b5:dc:97:f6:76:fc:a4:56:cd:dc:58:09:c4:37:82:d3:b3:35:
         33:fa:1c:56:2d:a0:d3:44:71:32:28:da:57:ca:8b:81:b2:82:
         43:4d:87:76:29:22:6d:f2:42:2e:12:0d:3c:21:43:b3:e0:a7:
         2e:03:1f:3e:88:a5:cd:a4:76:76:53:d8:bf:bc:ce:16:ac:28:
         ef:e7:3d:fb:5a:2b:1e:86:3e:d3:aa:2d:fe:60:40:de:69:b0:
         5f:39:96:4f:be:24:c5:52:c3:6b:c6:72:44:64:f1:68:81:76:
         97:3a:95:96:35:0d:c6:62:41:12:0f:a4:72:ed:7e:08:34:b3:
         f5:09:30:0e:f6:37:a6:13:a2:36:fc:01:14:f3:6d:de:61:3d:
         eb:b8:1b:fc:b5:6d:31:9c:3c:68:bb:9b:a3:47:39:19:66:e1:
         5f:a9:46:5d:ac:bc:ca:85:dc:e2:5b:82:d7:c0:a7:8b:ff:7a:
         05:89:7a:dd:ef:38:05:b8:4c:cf:01:41:d9:ac:07:4a:7f:33:
         1f:53:f0:85:77:ca:cc:4d:b5:fc:13:4d:22:00:e5:c9:7b:d2:
         c1:5d:3e:8c:70:5f:cb:54:dd:e1:71:1f:1f:f4:b6:97:27:15:
         3d:f1:ff:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoiS8f4yBmr/O7XhGWdtaJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUxMDI2MjA1MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjQxODM2YWQwZjRmMTYxNDkxNmNhYjE4OWNkZjU4MDZjOWRhYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Mz8AChyrdOYYSUQUSegspgCtr7X
1SObJI4w+etITX/VHDdK9YTFfzAC75IUhXi3kVCwezazUt9Di+z4NxbG7QoSlh2g
uETGRgIzkg4zIkDb9DgAHDkRDnhWzR/g1HShJdQ0IogLfJlB6GNaDNC6sdZVIcIX
yD+qolj+PYVSk1EeKRen4GlOun7+9bl8sH+1xT9+s5cOlPqPBR7dicP77XwmMPO8
fnWxex+1B1Kfq5dfqxin1nYwfNaIj53OyMjVoaSNRLspc0OxlECdrhtgtjMW4fDO
50iwwQDCd1WJDyt46T5vwv873p9IOdmVqDYxrTbRqdA1iLmTauDaISmEcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9Bg2rQ9PFhSRbKsYnN9YBsnapaMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvTDBHRGF0RDA4V0ZKRnNxeGljMzFnR3lkcWxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFNYMA0G
CSqGSIb3DQEBCwUAA4IBAQASvWcjYQFg+fQyXYSqTZFh/pe13Jf2dvykVs3cWAnE
N4LTszUz+hxWLaDTRHEyKNpXyouBsoJDTYd2KSJt8kIuEg08IUOz4KcuAx8+iKXN
pHZ2U9i/vM4WrCjv5z37Wisehj7Tqi3+YEDeabBfOZZPviTFUsNrxnJEZPFogXaX
OpWWNQ3GYkESD6Ry7X4INLP1CTAO9jemE6I2/AEU823eYT3ruBv8tW0xnDxou5uj
RzkZZuFfqUZdrLzKhdziW4LXwKeL/3oFiXrd7zgFuEzPAUHZrAdKfzMfU/CFd8rM
TbX8E00iAOXJe9LBXT6McF/LVN3hcR8f9LaXJxU98f/p
-----END CERTIFICATE-----