Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/U_Q2XeMZId_klz_qN0qCdaKdCYI.roa
File:                     U_Q2XeMZId_klz_qN0qCdaKdCYI.roa (raw, json)
Hash identifier:          aS7sA2wMEEoB1+xVVxjtOd4SumUMNvJJd+Lm5ejRnvk=
Subject key identifier:   53:F4:36:5D:E3:19:21:DF:E4:97:3F:EA:37:4A:82:75:A2:9D:09:82
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       018CC7947B9DEA13A66846502F7432499479
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/U_Q2XeMZId_klz_qN0qCdaKdCYI.roa
Signing time:             Tue 02 Jan 2024 00:30:46 +0000
ROA not before:           Tue 02 Jan 2024 00:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        80.83.80.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:7b:9d:ea:13:a6:68:46:50:2f:74:32:49:94:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 00:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53f4365de31921dfe4973fea374a8275a29d0982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5b:5e:89:08:d9:a4:06:40:38:bc:4a:2d:39:
                    e2:24:89:6d:e1:ca:fd:b2:21:81:0d:f4:43:3d:c4:
                    95:21:8b:97:0d:53:77:66:44:bb:6f:0a:a3:6a:30:
                    47:52:95:34:bb:2f:8c:27:1e:57:a8:2a:89:ff:a6:
                    a4:36:ac:80:dd:87:7f:41:9d:05:b6:aa:cb:c7:f2:
                    6a:aa:fc:34:a3:7f:2b:b7:be:94:19:77:83:1c:9f:
                    fc:79:1b:96:0d:0b:60:b3:65:e8:5b:b5:a1:51:64:
                    68:03:36:e9:79:99:76:51:53:b0:b4:d7:b0:f9:9e:
                    0d:3b:b9:87:5e:8d:ba:8e:a1:23:63:b7:9d:27:72:
                    0e:2a:5d:85:df:50:57:8c:88:1f:f8:35:58:14:99:
                    21:3e:e8:46:d1:4c:1a:55:69:53:3e:61:70:18:7d:
                    64:1b:17:09:8e:c8:01:a6:93:45:cd:87:63:cb:49:
                    fc:26:b1:5d:68:d0:7a:9a:2d:43:f9:43:38:a9:f7:
                    65:3c:a9:fb:d3:12:b8:f2:78:e3:a4:cd:87:5a:ae:
                    5c:19:e1:22:45:78:6f:ba:d2:a2:fc:78:89:7f:bc:
                    7f:28:7d:b4:5a:53:bb:5f:b1:2e:ab:52:b5:d8:e5:
                    b2:39:5b:20:50:e2:29:31:2b:41:8c:61:62:7a:14:
                    af:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:F4:36:5D:E3:19:21:DF:E4:97:3F:EA:37:4A:82:75:A2:9D:09:82
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/U_Q2XeMZId_klz_qN0qCdaKdCYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         31:1f:af:67:b0:d9:07:3a:a3:51:36:31:72:15:9c:03:15:e9:
         f1:61:c1:6b:36:19:c5:c3:2b:20:4a:53:6d:06:9f:8a:67:b9:
         46:e6:1d:83:77:72:75:af:32:93:fa:1b:81:52:8d:df:13:87:
         03:b9:72:0d:45:5a:99:54:4c:2b:03:53:6e:c1:13:30:16:f7:
         28:9a:72:a8:2d:a1:6c:fa:02:29:64:15:9f:f5:dc:a3:39:34:
         77:85:60:63:6b:e9:7c:ac:33:9f:24:c6:a7:7f:5d:5b:bc:17:
         e8:fd:14:3d:ff:8f:22:54:10:cf:16:77:21:d6:9c:c0:cf:8d:
         ad:94:83:dc:e6:52:0d:b1:09:a7:48:57:a1:86:16:7a:59:ca:
         10:c3:63:94:1d:99:c7:02:72:39:c2:f9:2f:9d:b1:9c:92:61:
         de:5a:a1:2c:b0:8c:41:25:d5:93:87:b4:44:1e:b6:82:f6:c7:
         ea:ba:54:46:9c:fe:3b:94:3e:65:8c:3c:0e:c5:6b:5c:3c:ae:
         87:1b:54:79:a1:17:b9:2c:13:43:7b:ed:d2:93:b2:a5:39:76:
         3d:81:e4:d3:33:65:4e:17:dc:a8:71:a6:f7:8e:53:9a:fa:c8:
         50:8c:39:b4:1f:25:65:8a:d8:e5:d1:89:e8:07:0f:e8:78:9a:
         c0:ab:18:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlHud6hOmaEZQL3QySZR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQwMTAyMDAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Y0MzY1ZGUzMTkyMWRmZTQ5NzNmZWEzNzRhODI3NWEyOWQwOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVteiQjZpAZAOLxKLTniJIlt4cr9
siGBDfRDPcSVIYuXDVN3ZkS7bwqjajBHUpU0uy+MJx5XqCqJ/6akNqyA3Yd/QZ0F
tqrLx/Jqqvw0o38rt76UGXeDHJ/8eRuWDQtgs2XoW7WhUWRoAzbpeZl2UVOwtNew
+Z4NO7mHXo26jqEjY7edJ3IOKl2F31BXjIgf+DVYFJkhPuhG0UwaVWlTPmFwGH1k
GxcJjsgBppNFzYdjy0n8JrFdaNB6mi1D+UM4qfdlPKn70xK48njjpM2HWq5cGeEi
RXhvutKi/HiJf7x/KH20WlO7X7Euq1K12OWyOVsgUOIpMStBjGFiehSvJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFP0Nl3jGSHf5Jc/6jdKgnWinQmCMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvVV9RMlhlTVpJZF9rbHpfcU4wcUNkYUtkQ1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUFNQMA0G
CSqGSIb3DQEBCwUAA4IBAQAxH69nsNkHOqNRNjFyFZwDFenxYcFrNhnFwysgSlNt
Bp+KZ7lG5h2Dd3J1rzKT+huBUo3fE4cDuXINRVqZVEwrA1NuwRMwFvcomnKoLaFs
+gIpZBWf9dyjOTR3hWBja+l8rDOfJManf11bvBfo/RQ9/48iVBDPFnch1pzAz42t
lIPc5lINsQmnSFehhhZ6WcoQw2OUHZnHAnI5wvkvnbGckmHeWqEssIxBJdWTh7RE
HraC9sfqulRGnP47lD5ljDwOxWtcPK6HG1R5oRe5LBNDe+3Sk7KlOXY9geTTM2VO
F9yocab3jlOa+shQjDm0HyVlitjl0YnoBw/oeJrAqxg5
-----END CERTIFICATE-----