Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/J9yG1tiLB3dCh9EGSlW4GgCAIWw.roa
File:                     J9yG1tiLB3dCh9EGSlW4GgCAIWw.roa (raw, json)
Hash identifier:          QyjSyMB4TIk423pYyP5c88ubu2NNLgYkvUBV3SLjNjo=
Subject key identifier:   27:DC:86:D6:D8:8B:07:77:42:87:D1:06:4A:55:B8:1A:00:80:21:6C
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       01921020F7115F44936B49B6044B535AB2DC
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/J9yG1tiLB3dCh9EGSlW4GgCAIWw.roa
Signing time:             Fri 20 Sep 2024 15:50:48 +0000
ROA not before:           Fri 20 Sep 2024 15:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        88.80.142.0/24 maxlen: 24
                          88.80.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:10:20:f7:11:5f:44:93:6b:49:b6:04:4b:53:5a:b2:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Sep 20 15:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27dc86d6d88b07774287d1064a55b81a0080216c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fb:c9:b6:f4:75:3f:e1:a2:63:23:8d:27:9b:
                    31:ba:30:30:3c:7b:76:12:28:37:88:16:ad:4d:e0:
                    9f:ab:e8:62:cd:b1:bc:d2:1f:f8:0d:6b:6e:38:80:
                    a1:fe:f3:1c:c2:e4:8d:83:38:cc:7c:0e:ea:e8:d4:
                    79:a8:87:de:30:d0:37:a3:9c:a6:5d:90:a2:bd:10:
                    aa:69:d7:d9:3d:93:fc:7e:e6:96:e7:4f:0f:c0:47:
                    94:05:cc:77:87:ca:45:f2:c4:15:fc:56:d6:9e:d4:
                    18:f3:f1:ab:99:6e:47:32:ca:85:f9:52:4b:27:51:
                    e0:51:ac:25:f7:e3:c0:9c:f6:ca:60:f0:58:fa:32:
                    ea:a5:b8:cb:71:50:58:4a:77:65:fc:be:1b:b3:81:
                    4b:a4:d0:53:08:7f:40:20:17:b9:e6:8a:ba:de:07:
                    16:63:ae:92:0d:f8:81:43:0e:4b:c0:60:c6:2d:53:
                    e7:6f:5d:97:ca:19:c1:bc:d1:7b:ef:00:fd:e5:fc:
                    ed:39:c2:a7:21:42:ba:d7:fd:39:fe:18:d6:dd:c8:
                    3d:d7:c2:f5:14:77:69:47:8d:3a:60:0d:d0:67:16:
                    de:f8:d4:6f:55:1e:1d:74:9e:1f:81:19:9d:35:c3:
                    81:52:28:35:81:83:a4:8a:43:2d:35:86:aa:ac:20:
                    cf:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:DC:86:D6:D8:8B:07:77:42:87:D1:06:4A:55:B8:1A:00:80:21:6C
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/J9yG1tiLB3dCh9EGSlW4GgCAIWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:94:c5:73:94:b4:b1:78:c0:bc:bc:44:cc:f8:87:89:55:14:
         5a:86:2d:c8:cc:26:8f:d6:3d:08:b5:33:b9:d5:66:7d:22:c3:
         81:77:74:87:da:88:9d:d2:8c:ae:9b:e1:f5:d0:31:96:a6:fe:
         e3:44:9d:76:a4:8b:0f:f5:5b:42:77:66:bf:f7:10:75:f8:23:
         2a:d3:fa:2a:fe:61:11:98:ea:66:96:78:35:b2:c6:9b:4f:3f:
         f3:5e:8c:3f:66:6b:3d:33:97:2f:27:c9:73:75:ea:87:f0:1a:
         3e:64:f1:52:93:bc:d5:ad:c7:e3:cd:04:a1:7e:5d:a1:6f:e8:
         65:01:bc:df:fb:0b:51:ac:8d:72:b0:5c:7e:aa:32:b7:6c:61:
         54:56:e3:b6:21:cb:29:8a:d1:3b:8e:e7:56:30:37:b0:14:51:
         5d:39:9e:d7:6f:87:43:f6:a6:b0:d3:e7:31:b5:56:88:8d:26:
         40:30:9e:d0:db:98:9f:ca:12:87:6c:63:7b:07:9a:58:d2:e5:
         88:5d:c1:f7:b5:bc:a2:5c:e4:1f:90:60:81:f9:cd:f9:0f:8c:
         c6:e7:ee:d8:1e:9f:47:6a:66:83:7e:d6:7c:e7:7b:09:47:48:
         9a:54:d6:43:4a:7e:2c:b9:a3:86:e8:b0:c4:4a:cb:41:e2:d2:
         b7:52:cb:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIQIPcRX0STa0m2BEtTWrLcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwOTIwMTU1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2RjODZkNmQ4OGIwNzc3NDI4N2QxMDY0YTU1YjgxYTAwODAyMTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvvJtvR1P+GiYyONJ5sxujAwPHt2
Eig3iBatTeCfq+hizbG80h/4DWtuOICh/vMcwuSNgzjMfA7q6NR5qIfeMNA3o5ym
XZCivRCqadfZPZP8fuaW508PwEeUBcx3h8pF8sQV/FbWntQY8/GrmW5HMsqF+VJL
J1HgUawl9+PAnPbKYPBY+jLqpbjLcVBYSndl/L4bs4FLpNBTCH9AIBe55oq63gcW
Y66SDfiBQw5LwGDGLVPnb12XyhnBvNF77wD95fztOcKnIUK61/05/hjW3cg918L1
FHdpR406YA3QZxbe+NRvVR4ddJ4fgRmdNcOBUig1gYOkikMtNYaqrCDPlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfchtbYiwd3QofRBkpVuBoAgCFsMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvSjl5RzF0aUxCM2RDaDlFR1NsVzRHZ0NBSVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWFCOMA0G
CSqGSIb3DQEBCwUAA4IBAQAxlMVzlLSxeMC8vETM+IeJVRRahi3IzCaP1j0ItTO5
1WZ9IsOBd3SH2oid0oyum+H10DGWpv7jRJ12pIsP9VtCd2a/9xB1+CMq0/oq/mER
mOpmlng1ssabTz/zXow/Zms9M5cvJ8lzdeqH8Bo+ZPFSk7zVrcfjzQShfl2hb+hl
Abzf+wtRrI1ysFx+qjK3bGFUVuO2IcspitE7judWMDewFFFdOZ7Xb4dD9qaw0+cx
tVaIjSZAMJ7Q25ifyhKHbGN7B5pY0uWIXcH3tbyiXOQfkGCB+c35D4zG5+7YHp9H
amaDftZ853sJR0iaVNZDSn4suaOG6LDESstB4tK3Ustf
-----END CERTIFICATE-----