Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ksyRBvgYlK-jaQCzeVBPOoZTVBg.roa
File:                     ksyRBvgYlK-jaQCzeVBPOoZTVBg.roa (raw, json)
Hash identifier:          c7QpTl2e7n313528KQH+1qxxiF+kiu3ajPIfb39U9Fc=
Subject key identifier:   92:CC:91:06:F8:18:94:AF:A3:69:00:B3:79:50:4F:3A:86:53:54:18
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019344D1081468B0D203639397DD35F2B49C
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ksyRBvgYlK-jaQCzeVBPOoZTVBg.roa
Signing time:             Tue 19 Nov 2024 14:26:09 +0000
ROA not before:           Tue 19 Nov 2024 14:26:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4648
IP address blocks:        80.83.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:d1:08:14:68:b0:d2:03:63:93:97:dd:35:f2:b4:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Nov 19 14:26:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92cc9106f81894afa36900b379504f3a86535418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cb:0e:1d:67:23:7f:d4:52:88:db:d0:2b:d5:
                    bd:1b:41:fe:52:6d:e0:74:90:ae:d8:ab:e6:21:8a:
                    2a:76:58:8c:1c:63:cc:b9:c5:25:8c:32:cc:25:3a:
                    68:26:40:1e:a9:d8:49:28:21:7c:eb:a5:af:0c:85:
                    98:cc:fd:2b:ec:f7:50:f7:63:f8:74:20:f2:64:e0:
                    f3:dc:de:ce:9d:e2:4a:a0:e8:bf:66:94:80:1a:98:
                    12:5e:1a:b2:27:49:b2:c3:87:8b:bd:56:15:d8:39:
                    3e:f7:c8:b4:85:d4:32:cf:73:77:ae:b5:7f:58:8d:
                    0d:0b:b9:34:a1:6c:e7:e8:db:42:35:c3:98:02:5e:
                    30:1a:87:5c:6b:59:fb:bc:6e:86:17:21:67:d6:30:
                    c7:31:7d:f6:70:f5:6c:10:1a:dc:bc:10:1b:c5:8c:
                    8c:52:42:f1:df:8b:e8:c3:27:bd:99:96:e8:bc:95:
                    3e:72:d4:a9:a8:b8:f6:31:78:58:09:0c:05:98:0c:
                    89:f8:97:a7:87:e6:58:ff:d3:80:c5:79:d5:43:42:
                    af:6c:47:45:89:db:7e:ee:f6:11:83:1f:74:66:08:
                    c3:a3:e5:c7:f8:46:33:6d:9c:ad:64:22:4e:23:ce:
                    c5:74:56:6a:cf:4d:de:32:03:53:a8:9d:e5:4c:00:
                    fc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:CC:91:06:F8:18:94:AF:A3:69:00:B3:79:50:4F:3A:86:53:54:18
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ksyRBvgYlK-jaQCzeVBPOoZTVBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:6e:bb:e0:a9:c3:06:fd:49:24:82:89:38:76:c9:7f:83:b0:
         7c:79:fd:b0:ab:ed:58:3d:dd:8d:c5:d7:2d:80:d5:64:ac:3f:
         b0:71:42:41:b9:cc:7f:da:55:85:47:28:db:23:8a:20:b3:46:
         9a:c9:1d:6c:42:de:cf:32:2e:c8:2d:57:2d:5c:6d:d4:ba:01:
         d6:da:7e:b8:86:86:e9:8e:6c:c4:78:dd:57:40:35:d9:50:2d:
         7a:93:e9:b0:d2:66:71:7e:19:bf:1e:0a:5d:f7:64:01:a5:44:
         f7:f8:36:02:da:ab:a1:b7:8e:ad:a6:d5:3c:38:e7:c6:01:a0:
         32:94:60:52:47:47:aa:78:33:41:86:5c:7c:87:2e:ba:47:1c:
         1f:e3:f1:c5:e4:7c:4f:71:91:b2:a5:41:82:da:c7:ae:58:e0:
         e5:dd:f7:71:90:f2:64:cf:7d:77:60:2b:68:91:fc:df:ba:94:
         80:46:c3:4e:e0:b4:94:cf:67:5d:2d:3d:65:33:9b:28:c1:8e:
         8e:6c:6c:8b:a9:1d:46:61:b1:d8:e1:d0:5d:a9:d9:e9:3b:43:
         89:bd:f8:ad:5d:ee:1c:d6:bc:56:f4:c1:4b:30:78:f9:01:84:
         06:38:4d:b7:29:48:e0:8a:a3:58:e0:9b:e7:e2:69:ed:93:46:
         ba:cc:f5:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNE0QgUaLDSA2OTl9018rScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQxMTE5MTQyNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmNjOTEwNmY4MTg5NGFmYTM2OTAwYjM3OTUwNGYzYTg2NTM1NDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAussOHWcjf9RSiNvQK9W9G0H+Um3g
dJCu2KvmIYoqdliMHGPMucUljDLMJTpoJkAeqdhJKCF866WvDIWYzP0r7PdQ92P4
dCDyZODz3N7OneJKoOi/ZpSAGpgSXhqyJ0myw4eLvVYV2Dk+98i0hdQyz3N3rrV/
WI0NC7k0oWzn6NtCNcOYAl4wGodca1n7vG6GFyFn1jDHMX32cPVsEBrcvBAbxYyM
UkLx34vowye9mZbovJU+ctSpqLj2MXhYCQwFmAyJ+Jenh+ZY/9OAxXnVQ0KvbEdF
idt+7vYRgx90ZgjDo+XH+EYzbZytZCJOI87FdFZqz03eMgNTqJ3lTAD8awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLMkQb4GJSvo2kAs3lQTzqGU1QYMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEva3N5UkJ2Z1lsSy1qYVFDemVWQlBPb1pUVkJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUFNcMA0G
CSqGSIb3DQEBCwUAA4IBAQAJbrvgqcMG/Ukkgok4dsl/g7B8ef2wq+1YPd2Nxdct
gNVkrD+wcUJBucx/2lWFRyjbI4ogs0aayR1sQt7PMi7ILVctXG3UugHW2n64hobp
jmzEeN1XQDXZUC16k+mw0mZxfhm/Hgpd92QBpUT3+DYC2quht46tptU8OOfGAaAy
lGBSR0eqeDNBhlx8hy66Rxwf4/HF5HxPcZGypUGC2seuWODl3fdxkPJkz313YCto
kfzfupSARsNO4LSUz2ddLT1lM5sowY6ObGyLqR1GYbHY4dBdqdnpO0OJvfitXe4c
1rxW9MFLMHj5AYQGOE23KUjgiqNY4Jvn4mntk0a6zPVR
-----END CERTIFICATE-----