Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/eAJf1shLltuAdbTmGWti91t3LTg.roa
File:                     eAJf1shLltuAdbTmGWti91t3LTg.roa (raw, json)
Hash identifier:          8/RHu353a+jymfpXxCoIOn3xjWTjYdrxghHFteMflfs=
Subject key identifier:   78:02:5F:D6:C8:4B:96:DB:80:75:B4:E6:19:6B:62:F7:5B:77:2D:38
Certificate issuer:       /CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
Certificate serial:       01942444851218B26ADD2A3FC66CCF7433BD
Authority key identifier: 2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/eAJf1shLltuAdbTmGWti91t3LTg.roa
Signing time:             Wed 01 Jan 2025 23:47:37 +0000
ROA not before:           Wed 01 Jan 2025 23:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        80.244.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:85:12:18:b2:6a:dd:2a:3f:c6:6c:cf:74:33:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
        Validity
            Not Before: Jan  1 23:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78025fd6c84b96db8075b4e6196b62f75b772d38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:50:66:8c:10:64:ea:51:38:9d:53:40:d6:ae:
                    f0:0d:a4:ea:82:77:a7:e3:78:db:d9:4f:8e:13:d3:
                    be:10:ac:6f:c4:6b:36:2c:63:8f:29:3b:e5:a7:c5:
                    7d:0c:a5:e0:7b:d5:56:7f:18:67:0a:47:38:7a:52:
                    14:67:90:a2:df:81:9e:ba:37:53:51:d8:ba:bc:d0:
                    9c:4a:9d:cf:ae:57:dd:a7:d1:81:a6:47:68:50:66:
                    98:e7:da:38:30:93:25:7a:6e:d1:f3:ff:20:fb:6f:
                    df:2e:3d:d9:32:bc:5a:c4:df:7a:73:77:da:cb:f4:
                    3e:0b:51:08:96:0d:ff:4f:5b:86:71:84:38:11:e3:
                    07:fd:0d:a9:e1:7d:26:70:d7:f5:ed:2d:16:4e:31:
                    cc:6f:c2:6d:0b:82:04:36:4a:23:a6:06:4f:ab:fa:
                    b1:a3:13:5e:e3:70:eb:8d:81:57:c4:3f:21:1e:ba:
                    d9:17:3a:68:19:3d:32:ec:f0:2b:f7:74:24:64:7e:
                    5f:94:dd:d2:24:ab:9e:06:54:a1:b2:3a:5c:f5:6e:
                    ca:e0:67:50:7f:29:26:6d:59:c5:61:57:c0:ec:62:
                    f2:07:da:df:48:75:00:3a:30:65:99:8b:05:a1:ac:
                    ad:cf:2b:62:5f:cf:58:f7:5a:cb:ff:c4:72:7a:18:
                    98:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:02:5F:D6:C8:4B:96:DB:80:75:B4:E6:19:6B:62:F7:5B:77:2D:38
            X509v3 Authority Key Identifier:
                keyid:2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/eAJf1shLltuAdbTmGWti91t3LTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:8c:5a:d9:43:c2:46:04:ff:85:c4:2d:09:21:74:41:b2:4c:
         d6:81:98:09:45:12:97:d0:f2:af:86:8c:0e:d7:94:19:35:03:
         2b:df:70:d9:1e:ad:ee:8a:2f:68:aa:26:e0:69:a6:29:d6:94:
         fb:32:36:e3:15:f6:f1:95:a8:0b:a0:1a:c8:72:26:2f:cf:8b:
         70:41:7f:24:32:93:c7:aa:6e:2e:90:da:18:ce:3d:18:f1:31:
         54:e0:b0:9e:ca:61:0e:57:c8:6c:10:d7:04:ef:a1:bb:7c:ce:
         c5:3d:ce:1b:11:a9:0b:30:dd:47:63:55:df:6a:19:ad:fd:72:
         76:a0:30:7d:9a:05:a4:ab:f2:92:af:a1:ca:7f:af:b6:92:1a:
         c6:d4:fd:c5:20:1c:c0:13:48:88:fe:d5:96:60:40:f2:f6:3a:
         32:9f:82:b0:e4:c2:4a:67:da:aa:fc:8c:e5:21:4d:8f:11:4f:
         01:2f:51:e9:4b:27:25:ea:37:a6:fe:a4:eb:e6:4d:c7:aa:78:
         af:ff:da:d7:ee:13:f8:98:be:73:c1:f3:55:b9:c5:36:bf:ad:
         fd:66:97:5f:a0:3b:d4:1a:90:c2:d1:cf:dd:d2:f2:dc:c4:2a:
         be:78:1d:ef:d8:7c:1d:b4:56:89:c3:93:1b:c9:24:6f:2d:e8:
         d3:59:53:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRIUSGLJq3So/xmzPdDO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQxNDJiNWI2YTUyOThkNmI4ZmE1ODQ1ZjI5ODc4Y2Zl
YmJjNTQwHhcNMjUwMTAxMjM0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODAyNWZkNmM4NGI5NmRiODA3NWI0ZTYxOTZiNjJmNzViNzcyZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FBmjBBk6lE4nVNA1q7wDaTqgnen
43jb2U+OE9O+EKxvxGs2LGOPKTvlp8V9DKXge9VWfxhnCkc4elIUZ5Ci34GeujdT
Udi6vNCcSp3Prlfdp9GBpkdoUGaY59o4MJMlem7R8/8g+2/fLj3ZMrxaxN96c3fa
y/Q+C1EIlg3/T1uGcYQ4EeMH/Q2p4X0mcNf17S0WTjHMb8JtC4IENkojpgZPq/qx
oxNe43DrjYFXxD8hHrrZFzpoGT0y7PAr93QkZH5flN3SJKueBlShsjpc9W7K4GdQ
fykmbVnFYVfA7GLyB9rfSHUAOjBlmYsFoaytzytiX89Y91rL/8RyehiYGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgCX9bIS5bbgHW05hlrYvdbdy04MB8GA1UdIwQY
MBaAFCttFCtbalKY1rj6WEXymHjP67xUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUt
OGJlZmVlNDllZDRkLzEvZUFKZjFzaExsdHVBZGJUbUdXdGk5MXQzTFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUtOGJlZmVlNDllZDRk
LzEvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPQLMA0G
CSqGSIb3DQEBCwUAA4IBAQBMjFrZQ8JGBP+FxC0JIXRBskzWgZgJRRKX0PKvhowO
15QZNQMr33DZHq3uii9oqibgaaYp1pT7MjbjFfbxlagLoBrIciYvz4twQX8kMpPH
qm4ukNoYzj0Y8TFU4LCeymEOV8hsENcE76G7fM7FPc4bEakLMN1HY1Xfahmt/XJ2
oDB9mgWkq/KSr6HKf6+2khrG1P3FIBzAE0iI/tWWYEDy9joyn4Kw5MJKZ9qq/Izl
IU2PEU8BL1HpSycl6jem/qTr5k3Hqniv/9rX7hP4mL5zwfNVucU2v639ZpdfoDvU
GpDC0c/d0vLcxCq+eB3v2HwdtFaJw5MbySRvLejTWVPb
-----END CERTIFICATE-----