Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/P4NQULtv0LY_Upt-0B9ksNrboAc.roa
File:                     P4NQULtv0LY_Upt-0B9ksNrboAc.roa (raw, json)
Hash identifier:          p3n3uyKcjJWAqAoIifbbqL4VeYEeUKI2pXMA0yID2vE=
Subject key identifier:   3F:83:50:50:BB:6F:D0:B6:3F:52:9B:7E:D0:1F:64:B0:DA:DB:A0:07
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       018CC7947D65A47B7C60B7B45AF2F70F517A
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/P4NQULtv0LY_Upt-0B9ksNrboAc.roa
Signing time:             Tue 02 Jan 2024 00:30:46 +0000
ROA not before:           Tue 02 Jan 2024 00:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211826
IP address blocks:        80.83.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 22:26:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:7d:65:a4:7b:7c:60:b7:b4:5a:f2:f7:0f:51:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 00:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f835050bb6fd0b63f529b7ed01f64b0dadba007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bd:2f:08:e9:d3:4b:48:f8:1e:e5:9e:1d:bf:
                    ff:b4:5e:b2:ba:8f:ef:d7:dd:67:eb:c8:0c:a4:94:
                    12:22:3b:32:d4:36:02:93:02:32:9f:ce:8c:f0:4b:
                    39:a7:b4:70:31:56:48:83:e2:f2:30:1d:4c:f5:50:
                    ee:0e:be:f5:6b:64:17:40:aa:40:e5:d6:fb:58:cf:
                    8b:82:25:f7:15:87:25:37:a3:1f:c1:23:22:e2:98:
                    b4:d7:32:db:48:b2:1b:55:1b:73:10:b2:58:87:e4:
                    ef:e2:79:31:93:d5:58:e4:ec:a0:24:69:99:e2:b2:
                    bf:96:2f:f3:7f:84:0c:81:97:70:5b:12:af:81:fe:
                    07:84:38:c6:79:e6:01:5a:c3:f1:82:a3:a1:f2:b4:
                    1c:54:f0:35:c1:65:9d:af:50:11:8f:4c:2c:84:7f:
                    21:16:52:09:32:67:39:b8:de:93:e8:c9:1a:f2:4b:
                    c5:ab:5b:6a:bc:89:56:45:79:f2:1a:dc:d4:a6:b0:
                    15:47:ec:30:11:d8:db:6f:f1:49:03:d2:32:f1:4c:
                    40:ef:ec:4a:40:92:31:f5:56:68:8c:49:b0:d6:71:
                    f5:ed:a7:51:52:46:17:10:91:5c:59:38:12:53:39:
                    cf:5f:b8:8d:d2:cc:de:b9:8c:b7:31:a2:b7:00:b0:
                    11:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:83:50:50:BB:6F:D0:B6:3F:52:9B:7E:D0:1F:64:B0:DA:DB:A0:07
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/P4NQULtv0LY_Upt-0B9ksNrboAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:28:99:7a:88:f3:05:6d:b6:34:d9:3d:25:bf:0f:07:b0:1c:
         35:8b:42:46:0a:f0:5a:f0:43:72:7d:51:1e:46:5e:52:8f:fc:
         8b:47:fa:0a:75:bc:a1:d7:ab:5e:ab:93:7e:35:29:20:61:9f:
         c0:7a:6e:d4:36:4e:01:3e:12:97:2b:53:f2:1d:a2:ed:71:db:
         27:22:ec:0e:5e:bd:e6:2a:43:b4:45:fe:1e:68:f5:98:36:27:
         47:d6:0c:01:7b:f6:0b:af:b1:c2:34:d3:f0:01:01:55:2f:1a:
         99:b8:1d:e8:9a:d7:94:31:43:81:87:9f:19:34:66:ad:0d:b1:
         53:d4:2e:68:bd:c4:08:1d:4c:1d:3e:c5:05:e5:fb:2c:b6:0c:
         ee:23:5b:d3:61:c1:57:3a:ca:73:02:fd:70:b1:23:3c:01:59:
         48:fc:3b:cb:30:bc:8c:c8:55:e3:29:46:1b:de:10:2a:dd:41:
         30:e5:65:53:1c:ec:70:ca:4d:c0:2d:a7:98:9e:39:32:e4:0c:
         10:3b:fe:3b:e5:54:58:65:f6:60:f7:d3:88:77:a2:31:f4:57:
         10:81:66:4f:ab:ac:13:79:7d:4f:d7:29:d8:d3:44:6d:53:0c:
         06:ec:a3:e7:94:f6:fe:13:67:a9:83:07:d8:cd:2e:25:6d:ab:
         de:da:65:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlH1lpHt8YLe0WvL3D1F6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQwMTAyMDAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgzNTA1MGJiNmZkMGI2M2Y1MjliN2VkMDFmNjRiMGRhZGJhMDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv70vCOnTS0j4HuWeHb//tF6yuo/v
191n68gMpJQSIjsy1DYCkwIyn86M8Es5p7RwMVZIg+LyMB1M9VDuDr71a2QXQKpA
5db7WM+LgiX3FYclN6MfwSMi4pi01zLbSLIbVRtzELJYh+Tv4nkxk9VY5OygJGmZ
4rK/li/zf4QMgZdwWxKvgf4HhDjGeeYBWsPxgqOh8rQcVPA1wWWdr1ARj0wshH8h
FlIJMmc5uN6T6Mka8kvFq1tqvIlWRXnyGtzUprAVR+wwEdjbb/FJA9Iy8UxA7+xK
QJIx9VZojEmw1nH17adRUkYXEJFcWTgSUznPX7iN0szeuYy3MaK3ALAR/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+DUFC7b9C2P1KbftAfZLDa26AHMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvUDROUVVMdHYwTFlfVXB0LTBCOWtzTnJib0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFNbMA0G
CSqGSIb3DQEBCwUAA4IBAQANKJl6iPMFbbY02T0lvw8HsBw1i0JGCvBa8ENyfVEe
Rl5Sj/yLR/oKdbyh16teq5N+NSkgYZ/Aem7UNk4BPhKXK1PyHaLtcdsnIuwOXr3m
KkO0Rf4eaPWYNidH1gwBe/YLr7HCNNPwAQFVLxqZuB3omteUMUOBh58ZNGatDbFT
1C5ovcQIHUwdPsUF5fsstgzuI1vTYcFXOspzAv1wsSM8AVlI/DvLMLyMyFXjKUYb
3hAq3UEw5WVTHOxwyk3ALaeYnjky5AwQO/475VRYZfZg99OId6Ix9FcQgWZPq6wT
eX1P1ynY00RtUwwG7KPnlPb+E2epgwfYzS4lbave2mW4
-----END CERTIFICATE-----