Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/znkhaKLQ_cJMTTFqHIVMPkyc8_k.roa
File:                     znkhaKLQ_cJMTTFqHIVMPkyc8_k.roa (raw, json)
Hash identifier:          z5cgWn9ZQspuG9RcDc0kklzp69KCEQWX9R5oJPgBkgk=
Subject key identifier:   CE:79:21:68:A2:D0:FD:C2:4C:4D:31:6A:1C:85:4C:3E:4C:9C:F3:F9
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019368EEF4C3729C9325D2E1D1CE6642525B
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/znkhaKLQ_cJMTTFqHIVMPkyc8_k.roa
Signing time:             Tue 26 Nov 2024 14:45:10 +0000
ROA not before:           Tue 26 Nov 2024 14:45:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     328543
IP address blocks:        185.80.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 09:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:68:ee:f4:c3:72:9c:93:25:d2:e1:d1:ce:66:42:52:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Nov 26 14:45:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce792168a2d0fdc24c4d316a1c854c3e4c9cf3f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:29:f4:8c:6a:5b:a9:ff:f3:85:34:66:37:ac:
                    a5:b5:b7:18:04:4e:31:4b:a5:83:8e:be:09:b7:67:
                    c3:d2:20:84:33:c1:e9:f5:e9:95:d9:43:a5:b8:4b:
                    d6:e6:a6:3e:65:a5:10:53:c0:7d:2a:80:b0:7c:e1:
                    15:9f:4f:66:27:0a:5b:3a:a6:26:0d:79:a7:f3:7f:
                    9e:0c:b5:a2:7e:0c:62:97:51:ff:b8:30:f8:06:77:
                    09:44:55:74:a0:44:25:b9:f2:3c:25:bd:59:21:37:
                    26:6d:c6:b5:2e:19:9e:9a:4a:d2:9c:3d:e8:7a:c3:
                    7f:c9:9e:52:38:bf:bc:93:62:f3:c9:bc:d5:e5:fa:
                    cc:9f:84:fb:5a:1f:d8:29:4e:b4:e2:5b:a5:05:3e:
                    9f:f3:31:7c:23:8b:d8:c2:6b:e9:b3:c0:40:8b:24:
                    d9:87:7f:d5:fc:6d:17:90:4e:c8:a9:54:ed:30:d5:
                    25:a0:0e:1a:7f:ca:9e:29:3a:f6:70:8c:fa:bc:88:
                    25:75:29:51:8d:a8:b1:33:03:a7:d7:73:a3:82:22:
                    93:6c:48:7d:2b:1f:86:17:7f:b9:82:3c:0e:92:db:
                    37:ae:87:c1:52:f4:c4:3e:64:66:22:40:8d:44:df:
                    2a:d1:09:c4:17:01:49:1e:82:e7:b9:07:01:8f:60:
                    c6:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:79:21:68:A2:D0:FD:C2:4C:4D:31:6A:1C:85:4C:3E:4C:9C:F3:F9
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/znkhaKLQ_cJMTTFqHIVMPkyc8_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:1d:a0:11:3c:01:d4:01:eb:cb:0f:de:ca:93:f4:cc:f5:fa:
         3c:f3:f5:d3:19:33:83:5d:c1:11:d0:67:11:2e:05:56:a9:48:
         eb:8e:62:7b:b6:a7:d4:f2:9c:98:b4:cc:92:d3:6d:3e:7c:78:
         d7:a3:af:9a:3f:8d:b0:b5:99:e1:fa:3b:f1:c5:73:aa:40:bb:
         aa:a8:04:b4:2b:e6:9e:7b:8d:79:96:bf:ba:ea:71:65:40:7e:
         34:37:db:90:2f:01:f9:c5:54:39:43:e5:ae:3a:35:e4:97:5d:
         d6:5f:97:a4:c5:d4:e6:1a:61:88:8a:6d:95:21:3c:ee:dd:4e:
         56:0a:6f:08:9c:c1:11:58:e7:46:fd:76:9e:c1:88:19:f9:b4:
         5a:fd:36:d1:28:21:e1:55:20:df:73:e9:8b:90:15:55:f4:15:
         21:b0:2b:b8:7d:3f:bc:85:7b:9c:48:99:12:b2:30:31:b8:85:
         c4:d3:74:1a:9a:dd:ec:6a:7c:86:f8:3d:86:7c:a0:83:36:2b:
         f1:9c:14:ce:42:41:60:2c:80:16:e7:05:5d:12:17:78:ed:d2:
         f3:73:f9:47:d8:38:0c:10:f9:5b:85:f2:28:97:c7:5e:2b:23:
         e0:89:a2:12:49:04:f2:25:f1:d9:8b:77:7d:c7:f4:57:15:4a:
         fc:5e:2f:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNo7vTDcpyTJdLh0c5mQlJbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjQxMTI2MTQ0NTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTc5MjE2OGEyZDBmZGMyNGM0ZDMxNmExYzg1NGMzZTRjOWNmM2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySn0jGpbqf/zhTRmN6yltbcYBE4x
S6WDjr4Jt2fD0iCEM8Hp9emV2UOluEvW5qY+ZaUQU8B9KoCwfOEVn09mJwpbOqYm
DXmn83+eDLWifgxil1H/uDD4BncJRFV0oEQlufI8Jb1ZITcmbca1LhmemkrSnD3o
esN/yZ5SOL+8k2LzybzV5frMn4T7Wh/YKU604lulBT6f8zF8I4vYwmvps8BAiyTZ
h3/V/G0XkE7IqVTtMNUloA4af8qeKTr2cIz6vIgldSlRjaixMwOn13OjgiKTbEh9
Kx+GF3+5gjwOkts3rofBUvTEPmRmIkCNRN8q0QnEFwFJHoLnuQcBj2DGAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM55IWii0P3CTE0xahyFTD5MnPP5MB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvem5raGFLTFFfY0pNVFRGcUhJVk1Qa3ljOF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVDIMA0G
CSqGSIb3DQEBCwUAA4IBAQAmHaARPAHUAevLD97Kk/TM9fo88/XTGTODXcER0GcR
LgVWqUjrjmJ7tqfU8pyYtMyS020+fHjXo6+aP42wtZnh+jvxxXOqQLuqqAS0K+ae
e415lr+66nFlQH40N9uQLwH5xVQ5Q+WuOjXkl13WX5ekxdTmGmGIim2VITzu3U5W
Cm8InMERWOdG/XaewYgZ+bRa/TbRKCHhVSDfc+mLkBVV9BUhsCu4fT+8hXucSJkS
sjAxuIXE03Qamt3sanyG+D2GfKCDNivxnBTOQkFgLIAW5wVdEhd47dLzc/lH2DgM
EPlbhfIol8deKyPgiaISSQTyJfHZi3d9x/RXFUr8Xi+X
-----END CERTIFICATE-----