Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ogFkIOLVrp3wLJz0dYWZDAVVYjU.roa
File:                     ogFkIOLVrp3wLJz0dYWZDAVVYjU.roa (raw, json)
Hash identifier:          IXR8cK8nqfMCzAZytOe+2PQcxwDNEGhW9jqngnR07OY=
Subject key identifier:   A2:01:64:20:E2:D5:AE:9D:F0:2C:9C:F4:75:85:99:0C:05:55:62:35
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       018E0625DC851C389BDD720265F6577ADEC7
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ogFkIOLVrp3wLJz0dYWZDAVVYjU.roa
Signing time:             Sun 03 Mar 2024 21:08:48 +0000
ROA not before:           Sun 03 Mar 2024 21:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        80.83.80.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:06:25:dc:85:1c:38:9b:dd:72:02:65:f6:57:7a:de:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Mar  3 21:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2016420e2d5ae9df02c9cf47585990c05556235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:11:9d:b8:c0:ec:10:9e:3a:e2:7c:e5:5a:87:
                    fb:57:e7:ba:8c:68:06:7b:31:29:bb:bc:cc:f0:36:
                    bd:27:87:36:41:ea:6c:05:9b:f2:29:03:9e:2b:6c:
                    da:8a:14:61:20:30:79:c1:89:02:8b:99:a6:24:3a:
                    76:33:ec:2b:69:24:f5:20:1c:6f:9e:88:26:d6:93:
                    a4:06:54:69:e4:d2:04:5a:9e:72:f9:8d:ef:e7:a1:
                    06:bc:9b:41:6a:e1:a6:3d:78:a2:10:b1:0e:5f:14:
                    a6:ea:2d:e3:57:8e:5e:60:be:0e:75:07:8a:f2:78:
                    d3:bc:5d:32:f8:27:fe:ce:18:c6:64:46:4c:1d:70:
                    79:70:ba:ca:ee:53:8e:6c:82:c8:7c:6e:22:d1:6c:
                    b8:e3:d1:79:f5:cd:fb:94:b7:da:76:b4:72:3d:73:
                    ae:fc:0b:c6:ea:26:d9:58:43:5b:3a:af:e3:ba:73:
                    3e:45:e5:9f:a8:67:50:b9:8a:0b:1e:e9:69:c9:5c:
                    de:37:07:1b:31:16:ec:72:35:a2:05:b2:ec:12:6d:
                    04:b9:f3:06:26:37:56:36:ff:a1:20:98:e5:bb:48:
                    9f:1b:68:c1:08:a9:ef:93:0e:0c:4c:f5:cc:86:91:
                    4e:69:3f:91:f6:cb:80:d8:3d:93:c8:46:91:cd:c5:
                    07:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:01:64:20:E2:D5:AE:9D:F0:2C:9C:F4:75:85:99:0C:05:55:62:35
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/ogFkIOLVrp3wLJz0dYWZDAVVYjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         83:74:11:a7:e2:1c:a1:4f:7e:1d:f4:c7:c6:46:fa:97:2c:5d:
         3d:01:5f:15:26:c2:ae:1c:c6:f7:8d:1d:d0:7c:c4:4f:6e:d9:
         e3:ca:77:67:7d:d9:2c:bb:51:75:65:b4:34:75:8e:64:5e:71:
         86:11:83:17:69:01:49:b8:53:7f:12:a2:08:62:e4:c9:10:b3:
         d8:09:21:5a:82:94:cf:d8:e9:21:a6:4f:78:02:58:9e:e2:70:
         54:63:8e:1f:b3:14:14:d3:78:76:ca:82:28:21:23:57:f7:51:
         ab:16:53:b3:96:35:46:6c:40:04:01:68:56:5d:46:5a:80:1f:
         37:8d:a2:fe:df:e6:46:60:ac:ab:74:92:f1:65:60:2c:be:c0:
         8b:8f:af:d9:36:c6:22:df:a4:93:95:bc:c2:65:c8:51:df:4b:
         fe:0d:53:63:a6:6f:14:be:ae:2e:60:2b:3a:60:a6:0b:9d:5d:
         bc:0c:2d:bc:53:de:0b:4c:75:30:1b:53:dd:57:42:d8:22:37:
         e9:fd:b5:c7:b4:e7:26:b3:ba:3a:97:74:04:c6:20:b0:0a:d2:
         6c:af:d4:3a:cf:e9:a7:ea:7d:29:92:30:f3:e6:bd:8c:0b:0c:
         d3:47:36:62:8c:fa:21:4b:51:c0:e2:c2:d7:1d:2f:77:24:29:
         38:97:2b:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4GJdyFHDib3XICZfZXet7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQwMzAzMjEwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjAxNjQyMGUyZDVhZTlkZjAyYzljZjQ3NTg1OTkwYzA1NTU2MjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBGduMDsEJ464nzlWof7V+e6jGgG
ezEpu7zM8Da9J4c2QepsBZvyKQOeK2zaihRhIDB5wYkCi5mmJDp2M+wraST1IBxv
nogm1pOkBlRp5NIEWp5y+Y3v56EGvJtBauGmPXiiELEOXxSm6i3jV45eYL4OdQeK
8njTvF0y+Cf+zhjGZEZMHXB5cLrK7lOObILIfG4i0Wy449F59c37lLfadrRyPXOu
/AvG6ibZWENbOq/junM+ReWfqGdQuYoLHulpyVzeNwcbMRbscjWiBbLsEm0EufMG
JjdWNv+hIJjlu0ifG2jBCKnvkw4MTPXMhpFOaT+R9suA2D2TyEaRzcUH0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIBZCDi1a6d8Cyc9HWFmQwFVWI1MB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvb2dGa0lPTFZycDN3TEp6MGRZV1pEQVZWWWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUFNQMA0G
CSqGSIb3DQEBCwUAA4IBAQCDdBGn4hyhT34d9MfGRvqXLF09AV8VJsKuHMb3jR3Q
fMRPbtnjyndnfdksu1F1ZbQ0dY5kXnGGEYMXaQFJuFN/EqIIYuTJELPYCSFagpTP
2Okhpk94Alie4nBUY44fsxQU03h2yoIoISNX91GrFlOzljVGbEAEAWhWXUZagB83
jaL+3+ZGYKyrdJLxZWAsvsCLj6/ZNsYi36STlbzCZchR30v+DVNjpm8Uvq4uYCs6
YKYLnV28DC28U94LTHUwG1PdV0LYIjfp/bXHtOcms7o6l3QExiCwCtJsr9Q6z+mn
6n0pkjDz5r2MCwzTRzZijPohS1HA4sLXHS93JCk4lyuJ
-----END CERTIFICATE-----