Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/E1oroh8wTQ_uKqUraD1dfoKIu28.roa
File:                     E1oroh8wTQ_uKqUraD1dfoKIu28.roa (raw, json)
Hash identifier:          2a+nfNyW8UtSqSEyAiUnud2xMo3xyWFVYLXXODxYZ5Y=
Subject key identifier:   13:5A:2B:A2:1F:30:4D:0F:EE:2A:A5:2B:68:3D:5D:7E:82:88:BB:6F
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       01906A2E02CBAD98AAFDA27136AAF59EEBE8
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/E1oroh8wTQ_uKqUraD1dfoKIu28.roa
Signing time:             Sun 30 Jun 2024 17:25:18 +0000
ROA not before:           Sun 30 Jun 2024 17:25:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        80.254.236.0/22 maxlen: 24
                          185.220.28.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6a:2e:02:cb:ad:98:aa:fd:a2:71:36:aa:f5:9e:eb:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Jun 30 17:25:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=135a2ba21f304d0fee2aa52b683d5d7e8288bb6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5b:2e:02:a5:48:01:93:f8:5d:4e:09:96:dd:
                    78:3a:1e:f2:eb:c8:ff:9d:45:b9:88:30:86:ab:8d:
                    d9:da:ae:b7:65:c6:55:23:1c:8b:01:1a:4f:7d:92:
                    7a:c5:e3:3c:5e:25:d0:17:c8:7f:a2:9c:dc:c2:39:
                    25:88:79:de:9b:aa:c7:0d:b8:35:2c:2c:b5:e9:33:
                    7d:4a:6a:c8:ed:44:26:b8:09:71:16:aa:e9:a7:55:
                    ff:1a:b5:6d:02:aa:67:09:82:45:ce:97:da:b3:47:
                    35:ed:0a:f4:29:11:44:00:97:89:53:f0:38:5f:0a:
                    93:81:51:f6:b6:69:78:b7:36:1c:2d:bc:76:af:64:
                    0e:90:42:e4:33:b2:c6:ac:8a:15:43:f7:c0:f6:c6:
                    d4:5b:23:83:1f:cd:7b:ac:97:62:ed:0a:c3:c6:d0:
                    bc:4c:67:8b:e8:b1:32:ef:28:77:35:ac:d0:99:25:
                    e3:f2:d3:3d:6c:6c:bb:f2:15:e2:96:cd:6e:60:46:
                    79:32:53:89:2a:7b:4a:71:c5:a3:02:df:6a:1c:56:
                    15:4d:14:79:86:c4:80:7d:a1:e0:1d:41:11:8c:4f:
                    91:5c:46:1e:89:1f:36:94:0e:92:21:5f:ef:24:bf:
                    75:1e:10:1b:10:7f:39:ae:ad:b0:b2:f7:a8:29:2b:
                    af:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:5A:2B:A2:1F:30:4D:0F:EE:2A:A5:2B:68:3D:5D:7E:82:88:BB:6F
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/E1oroh8wTQ_uKqUraD1dfoKIu28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.254.236.0/22
                  185.220.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:c3:92:a4:18:e2:9e:0d:a0:7d:d0:ff:bc:fe:ae:49:14:09:
         99:b9:36:47:4d:4b:d8:34:3a:f6:3c:d6:7c:77:26:03:f8:25:
         66:43:c9:4c:8a:0b:b6:42:84:f8:bb:50:6b:ef:f5:31:bf:be:
         a3:49:96:62:c3:d1:6a:1a:b7:44:e4:a3:63:ef:94:fd:1a:0d:
         87:fe:aa:a3:bd:1e:83:1c:b6:72:e6:44:5c:bd:2d:c1:b0:38:
         70:c9:7a:e8:d5:dc:82:2b:1f:5b:25:cb:18:8f:7b:c1:e1:9d:
         69:77:9d:6d:7b:64:15:a1:48:a3:2a:7b:31:b9:94:0b:3f:f0:
         d2:90:db:99:24:b3:f1:65:8f:98:3f:92:9e:1d:61:4e:06:5b:
         16:0b:f5:c4:b3:9b:79:1b:62:8f:74:cd:42:9e:a5:79:9f:5c:
         4a:88:38:96:ca:60:e1:ae:49:2e:7b:dc:e3:30:f6:4c:b7:7f:
         55:bd:87:e6:4e:3b:dc:21:bf:6d:f7:c7:6f:a6:5c:42:a8:d5:
         4e:d8:1d:ae:c0:26:4d:2a:c2:fa:3b:b0:6c:6f:4f:8a:5e:83:
         3b:ef:80:66:66:9d:f6:6a:41:9c:2a:03:ba:75:98:6d:65:ce:
         da:80:d3:45:22:81:95:82:f5:75:8e:fa:88:38:a0:70:0a:25:
         e2:55:e3:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBqLgLLrZiq/aJxNqr1nuvoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjQwNjMwMTcyNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzVhMmJhMjFmMzA0ZDBmZWUyYWE1MmI2ODNkNWQ3ZTgyODhiYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVsuAqVIAZP4XU4Jlt14Oh7y68j/
nUW5iDCGq43Z2q63ZcZVIxyLARpPfZJ6xeM8XiXQF8h/opzcwjkliHnem6rHDbg1
LCy16TN9SmrI7UQmuAlxFqrpp1X/GrVtAqpnCYJFzpfas0c17Qr0KRFEAJeJU/A4
XwqTgVH2tml4tzYcLbx2r2QOkELkM7LGrIoVQ/fA9sbUWyODH817rJdi7QrDxtC8
TGeL6LEy7yh3NazQmSXj8tM9bGy78hXils1uYEZ5MlOJKntKccWjAt9qHFYVTRR5
hsSAfaHgHUERjE+RXEYeiR82lA6SIV/vJL91HhAbEH85rq2wsveoKSuvdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBNaK6IfME0P7iqlK2g9XX6CiLtvMB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvRTFvcm9oOHdUUV91S3FVcmFEMWRmb0tJdTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUP7sAwQC
udwcMA0GCSqGSIb3DQEBCwUAA4IBAQCdw5KkGOKeDaB90P+8/q5JFAmZuTZHTUvY
NDr2PNZ8dyYD+CVmQ8lMigu2QoT4u1Br7/Uxv76jSZZiw9FqGrdE5KNj75T9Gg2H
/qqjvR6DHLZy5kRcvS3BsDhwyXro1dyCKx9bJcsYj3vB4Z1pd51te2QVoUijKnsx
uZQLP/DSkNuZJLPxZY+YP5KeHWFOBlsWC/XEs5t5G2KPdM1CnqV5n1xKiDiWymDh
rkkue9zjMPZMt39VvYfmTjvcIb9t98dvplxCqNVO2B2uwCZNKsL6O7Bsb0+KXoM7
74BmZp32akGcKgO6dZhtZc7agNNFIoGVgvV1jvqIOKBwCiXiVeOa
-----END CERTIFICATE-----