Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/NYD7kEkEPf-ABChHg559KWDxZM8.roa
File:                     NYD7kEkEPf-ABChHg559KWDxZM8.roa (raw, json)
Hash identifier:          wEdTjLyasP6V7i4QrzN1J6SR98/Z10g1DKcaBU2r67I=
Subject key identifier:   35:80:FB:90:49:04:3D:FF:80:04:28:47:83:9E:7D:29:60:F1:64:CF
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       01942825AC1D605FDEC8DAA36D16399A460B
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/NYD7kEkEPf-ABChHg559KWDxZM8.roa
Signing time:             Thu 02 Jan 2025 17:52:24 +0000
ROA not before:           Thu 02 Jan 2025 17:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152179
IP address blocks:        80.83.88.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:ac:1d:60:5f:de:c8:da:a3:6d:16:39:9a:46:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 17:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3580fb9049043dff80042847839e7d2960f164cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:96:70:44:a7:64:d1:23:9d:6b:ce:01:4e:0a:
                    c5:62:ba:d9:1d:93:fe:45:1a:67:76:a3:16:00:ea:
                    08:8d:54:e6:67:3a:65:1e:01:c9:fc:10:f4:87:4a:
                    a2:c3:06:5e:64:76:3b:5e:1c:55:1f:6a:81:dd:ff:
                    27:89:e5:2b:57:61:c7:0b:2e:95:78:61:66:77:c2:
                    c1:d0:38:62:5d:96:4c:69:a2:d5:60:19:89:8e:23:
                    6b:ad:62:3f:32:8e:b8:ee:75:8d:63:07:16:bf:45:
                    16:af:26:6f:43:b4:a1:dd:8d:2b:79:eb:99:7b:79:
                    c7:0c:49:0c:72:ce:c6:3a:66:9a:a0:d0:79:34:ea:
                    33:3a:3f:b4:52:2e:b0:0a:a1:7e:01:13:ac:86:09:
                    bb:43:75:51:7d:19:61:97:ef:be:23:b5:c1:ae:84:
                    88:bf:09:77:86:1d:96:c0:88:69:bd:82:d4:5c:08:
                    46:d1:fc:b3:0d:ac:28:fb:33:e8:db:c3:d5:79:c9:
                    7a:a8:07:41:7a:c0:8d:d4:f6:64:49:f4:77:26:62:
                    65:55:7c:2f:fe:30:aa:60:5c:74:58:84:cb:c8:f0:
                    c2:c7:b2:2e:f5:c1:31:a3:cc:df:d7:2d:66:d4:cd:
                    50:bb:17:b4:c2:26:37:64:fe:ff:c8:f1:85:c9:b0:
                    7b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:80:FB:90:49:04:3D:FF:80:04:28:47:83:9E:7D:29:60:F1:64:CF
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/NYD7kEkEPf-ABChHg559KWDxZM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:cf:f7:c4:ff:2b:34:5d:52:a0:fe:c6:15:f0:c8:91:82:7a:
         7f:02:fd:72:79:2c:f3:3e:bd:14:bd:a5:dd:ab:e2:3d:30:a3:
         3d:f0:11:13:d8:13:bf:77:c0:44:b7:cc:2f:be:55:f6:66:82:
         c8:7a:19:e9:bb:5a:4b:55:69:de:cd:9d:bb:42:28:3d:e1:da:
         2f:e6:a2:ba:5d:25:af:d9:d0:7e:6b:42:72:dd:ca:7b:bc:e7:
         49:7e:b9:b3:bf:17:7b:b2:55:fb:29:7e:02:a9:8c:73:d8:eb:
         24:31:b8:be:22:1b:7e:8e:eb:7b:a2:9d:ea:e5:51:09:c8:8a:
         c2:a1:65:39:9b:91:7c:77:57:b9:f9:5f:6d:69:9b:66:87:8f:
         e7:44:8c:7d:4b:57:52:b7:37:b3:f9:3e:f4:ef:c6:a7:2c:96:
         25:b7:7f:ac:f5:e5:f1:e5:14:10:de:db:a4:5f:4a:c8:dd:c6:
         fb:21:99:ec:0e:7b:a8:7c:6c:f4:c8:28:1e:52:f2:0a:3c:d4:
         48:75:c1:c2:d5:57:82:73:ed:5b:b1:76:33:7a:92:1d:0e:83:
         e4:9f:b0:c7:0b:9e:5f:63:f7:2c:b6:41:74:bc:e9:15:28:53:
         6f:73:2f:9e:4a:0a:46:54:34:a2:3a:8c:4c:93:0d:8e:0a:1d:
         33:25:47:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJawdYF/eyNqjbRY5mkYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwMTAyMTc1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTgwZmI5MDQ5MDQzZGZmODAwNDI4NDc4MzllN2QyOTYwZjE2NGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZZwRKdk0SOda84BTgrFYrrZHZP+
RRpndqMWAOoIjVTmZzplHgHJ/BD0h0qiwwZeZHY7XhxVH2qB3f8nieUrV2HHCy6V
eGFmd8LB0DhiXZZMaaLVYBmJjiNrrWI/Mo647nWNYwcWv0UWryZvQ7Sh3Y0reeuZ
e3nHDEkMcs7GOmaaoNB5NOozOj+0Ui6wCqF+AROshgm7Q3VRfRlhl+++I7XBroSI
vwl3hh2WwIhpvYLUXAhG0fyzDawo+zPo28PVecl6qAdBesCN1PZkSfR3JmJlVXwv
/jCqYFx0WITLyPDCx7Iu9cExo8zf1y1m1M1Quxe0wiY3ZP7/yPGFybB7TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWA+5BJBD3/gAQoR4OefSlg8WTPMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvTllEN2tFa0VQZi1BQkNoSGc1NTlLV0R4Wk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFNYMA0G
CSqGSIb3DQEBCwUAA4IBAQBQz/fE/ys0XVKg/sYV8MiRgnp/Av1yeSzzPr0UvaXd
q+I9MKM98BET2BO/d8BEt8wvvlX2ZoLIehnpu1pLVWnezZ27Qig94dov5qK6XSWv
2dB+a0Jy3cp7vOdJfrmzvxd7slX7KX4CqYxz2OskMbi+Iht+jut7op3q5VEJyIrC
oWU5m5F8d1e5+V9taZtmh4/nRIx9S1dStzez+T7078anLJYlt3+s9eXx5RQQ3tuk
X0rI3cb7IZnsDnuofGz0yCgeUvIKPNRIdcHC1VeCc+1bsXYzepIdDoPkn7DHC55f
Y/cstkF0vOkVKFNvcy+eSgpGVDSiOoxMkw2OCh0zJUds
-----END CERTIFICATE-----