Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/75ad67-6f48-49c5-bf4a-faa74127dc78/1/2RYqLOOOCbthDUAcjKq8EsDLRUQ.roa
File:                     2RYqLOOOCbthDUAcjKq8EsDLRUQ.roa (raw, json)
Hash identifier:          Q1LOM4u7XAO8escJ6IGTLdV2wb9RNCfCJR9rh+j96Ys=
Subject key identifier:   D9:16:2A:2C:E3:8E:09:BB:61:0D:40:1C:8C:AA:BC:12:C0:CB:45:44
Certificate issuer:       /CN=11d27711906e41d0bfd7ae01bc0a38d3e79e2601
Certificate serial:       01941FFA4BB99FA8B2884CE0E1779E593D69
Authority key identifier: 11:D2:77:11:90:6E:41:D0:BF:D7:AE:01:BC:0A:38:D3:E7:9E:26:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EdJ3EZBuQdC_164BvAo40-eeJgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/75ad67-6f48-49c5-bf4a-faa74127dc78/1/2RYqLOOOCbthDUAcjKq8EsDLRUQ.roa
Signing time:             Wed 01 Jan 2025 03:48:04 +0000
ROA not before:           Wed 01 Jan 2025 03:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41354
IP address blocks:        185.80.84.0/22 maxlen: 22
                          185.80.84.0/23 maxlen: 23
                          185.80.86.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/75ad67-6f48-49c5-bf4a-faa74127dc78/1/EdJ3EZBuQdC_164BvAo40-eeJgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/75ad67-6f48-49c5-bf4a-faa74127dc78/1/EdJ3EZBuQdC_164BvAo40-eeJgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EdJ3EZBuQdC_164BvAo40-eeJgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4b:b9:9f:a8:b2:88:4c:e0:e1:77:9e:59:3d:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11d27711906e41d0bfd7ae01bc0a38d3e79e2601
        Validity
            Not Before: Jan  1 03:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9162a2ce38e09bb610d401c8caabc12c0cb4544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:0c:6d:ec:88:33:31:79:d5:98:b5:27:f5:bc:
                    bf:aa:45:3a:8d:ef:19:a4:35:77:3a:dd:a2:70:0c:
                    f8:0c:73:0c:27:4f:d1:4b:39:67:fa:84:b6:15:8b:
                    0a:63:4b:56:c1:2c:0b:05:6c:26:95:86:72:bd:2f:
                    8e:27:4a:e0:f0:be:6a:8f:ff:e3:e8:37:35:0a:e0:
                    5d:19:80:b0:e2:e7:50:99:7e:2e:80:bd:65:25:eb:
                    27:e5:c3:09:a4:a0:9d:b5:d8:fd:13:35:24:09:9b:
                    9b:fc:d0:59:18:9e:ec:ac:c5:4c:90:e8:dd:53:10:
                    93:a2:d2:c3:1d:cb:97:0f:4d:8a:98:d8:ef:f5:50:
                    be:92:51:94:00:d0:3b:49:86:40:4c:6a:bb:f8:b2:
                    e8:e2:2f:8c:e5:18:51:2c:bf:8c:3a:2c:cd:c3:21:
                    39:50:f1:23:7f:a2:46:45:0f:ed:99:9f:bd:f9:48:
                    e2:df:9c:ee:31:05:e1:c2:65:53:6b:48:79:e1:65:
                    7e:13:51:1b:8c:3a:3b:8a:4c:2b:4c:f8:45:3a:02:
                    8b:e2:c0:85:94:e5:58:44:0b:81:2b:41:26:8c:93:
                    e1:b1:dc:2d:ab:75:1d:07:36:32:12:fc:33:95:c1:
                    a9:47:74:eb:c4:ed:69:17:20:3f:7c:fb:8f:e7:a8:
                    0f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:16:2A:2C:E3:8E:09:BB:61:0D:40:1C:8C:AA:BC:12:C0:CB:45:44
            X509v3 Authority Key Identifier:
                keyid:11:D2:77:11:90:6E:41:D0:BF:D7:AE:01:BC:0A:38:D3:E7:9E:26:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EdJ3EZBuQdC_164BvAo40-eeJgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/75ad67-6f48-49c5-bf4a-faa74127dc78/1/2RYqLOOOCbthDUAcjKq8EsDLRUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/75ad67-6f48-49c5-bf4a-faa74127dc78/1/EdJ3EZBuQdC_164BvAo40-eeJgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:59:71:da:cd:d9:ce:f0:3e:e1:39:e1:f8:7c:64:84:e8:6a:
         de:cb:61:bf:f7:82:93:52:61:d6:e2:53:dd:a2:df:ce:a6:cf:
         72:97:8c:8e:f8:3f:12:58:ad:56:71:3f:d3:d5:fe:3b:ce:be:
         b6:06:9d:bb:fe:95:20:25:78:f8:ee:b5:b7:8c:97:f8:92:0a:
         ba:6b:60:b4:8a:9a:8c:71:70:81:dd:81:47:d4:69:3f:da:56:
         7d:c4:ab:eb:71:a9:83:f0:a6:63:59:72:bc:19:9c:7b:cb:99:
         47:cc:e9:13:87:d2:51:8e:b7:5d:33:f0:47:71:f5:74:f2:6a:
         e6:1f:a5:7d:00:50:78:16:08:a3:a6:be:16:41:c3:08:c5:d4:
         c5:a9:90:d0:51:50:fc:1a:dc:d2:5e:96:94:82:43:a8:7d:de:
         04:62:cc:8a:da:24:aa:dd:86:de:41:75:2f:2d:1e:a4:94:68:
         b9:ee:69:94:a7:86:bb:fe:06:9d:f2:d1:0c:39:16:e8:54:eb:
         5f:64:a0:24:e9:59:c8:8f:d4:b4:08:7d:b7:2a:fa:8c:5d:08:
         f0:50:57:90:fe:61:6f:fa:9d:a1:54:6e:18:0c:25:7e:42:06:
         c5:8e:a0:c5:d7:d9:8c:76:75:90:75:14:4b:f9:48:43:72:fd:
         36:69:f9:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+ku5n6iyiEzg4XeeWT1pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZDI3NzExOTA2ZTQxZDBiZmQ3YWUwMWJjMGEzOGQzZTc5
ZTI2MDEwHhcNMjUwMTAxMDM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTE2MmEyY2UzOGUwOWJiNjEwZDQwMWM4Y2FhYmMxMmMwY2I0NTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Axt7IgzMXnVmLUn9by/qkU6je8Z
pDV3Ot2icAz4DHMMJ0/RSzln+oS2FYsKY0tWwSwLBWwmlYZyvS+OJ0rg8L5qj//j
6Dc1CuBdGYCw4udQmX4ugL1lJesn5cMJpKCdtdj9EzUkCZub/NBZGJ7srMVMkOjd
UxCTotLDHcuXD02KmNjv9VC+klGUANA7SYZATGq7+LLo4i+M5RhRLL+MOizNwyE5
UPEjf6JGRQ/tmZ+9+Uji35zuMQXhwmVTa0h54WV+E1EbjDo7ikwrTPhFOgKL4sCF
lOVYRAuBK0EmjJPhsdwtq3UdBzYyEvwzlcGpR3TrxO1pFyA/fPuP56gPeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkWKizjjgm7YQ1AHIyqvBLAy0VEMB8GA1UdIwQY
MBaAFBHSdxGQbkHQv9euAbwKONPnniYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWRKM0VaQnVRZENfMTY0QnZBbzQwLWVlSmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi83NWFkNjctNmY0OC00OWM1LWJmNGEt
ZmFhNzQxMjdkYzc4LzEvMlJZcUxPT09DYnRoRFVBY2pLcThFc0RMUlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi83NWFkNjctNmY0OC00OWM1LWJmNGEtZmFhNzQxMjdkYzc4
LzEvRWRKM0VaQnVRZENfMTY0QnZBbzQwLWVlSmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVBUMA0G
CSqGSIb3DQEBCwUAA4IBAQCZWXHazdnO8D7hOeH4fGSE6Grey2G/94KTUmHW4lPd
ot/Ops9yl4yO+D8SWK1WcT/T1f47zr62Bp27/pUgJXj47rW3jJf4kgq6a2C0ipqM
cXCB3YFH1Gk/2lZ9xKvrcamD8KZjWXK8GZx7y5lHzOkTh9JRjrddM/BHcfV08mrm
H6V9AFB4Fgijpr4WQcMIxdTFqZDQUVD8GtzSXpaUgkOofd4EYsyK2iSq3YbeQXUv
LR6klGi57mmUp4a7/gad8tEMORboVOtfZKAk6VnIj9S0CH23KvqMXQjwUFeQ/mFv
+p2hVG4YDCV+QgbFjqDF19mMdnWQdRRL+UhDcv02afk+
-----END CERTIFICATE-----