Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/f1-8DtxwacrQ9nW7DJjOTsUukQY.roa
File:                     f1-8DtxwacrQ9nW7DJjOTsUukQY.roa (raw, json)
Hash identifier:          uDn7X0l0ZolgFOMi8Plw0obaEdrI956f0R4B6FzuemE=
Subject key identifier:   7F:5F:BC:0E:DC:70:69:CA:D0:F6:75:BB:0C:98:CE:4E:C5:2E:91:06
Certificate issuer:       /CN=cc275b217df1de988ca2192a83ae11ddf423a44f
Certificate serial:       018CC9BC9B51DF8FDC4405DECF4C2D7EF0E5
Authority key identifier: CC:27:5B:21:7D:F1:DE:98:8C:A2:19:2A:83:AE:11:DD:F4:23:A4:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zCdbIX3x3piMohkqg64R3fQjpE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/f1-8DtxwacrQ9nW7DJjOTsUukQY.roa
Signing time:             Tue 02 Jan 2024 10:33:50 +0000
ROA not before:           Tue 02 Jan 2024 10:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42622
IP address blocks:        80.72.0.0/20 maxlen: 20
                          185.84.212.0/22 maxlen: 22
                          2a00:f4c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/zCdbIX3x3piMohkqg64R3fQjpE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/zCdbIX3x3piMohkqg64R3fQjpE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zCdbIX3x3piMohkqg64R3fQjpE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:9b:51:df:8f:dc:44:05:de:cf:4c:2d:7e:f0:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc275b217df1de988ca2192a83ae11ddf423a44f
        Validity
            Not Before: Jan  2 10:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f5fbc0edc7069cad0f675bb0c98ce4ec52e9106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:20:cd:d3:70:40:85:d9:b2:15:a0:91:97:2d:
                    dc:79:b9:2f:87:6c:a1:a4:de:b4:72:0d:a9:97:73:
                    55:a3:c6:ce:f9:80:99:c7:c3:10:98:09:13:2b:73:
                    de:d3:7d:68:0b:89:c7:10:d1:c9:1b:7d:ea:6d:e5:
                    aa:09:4b:c1:fb:a1:56:cf:b8:67:50:d1:c4:fc:41:
                    61:be:dd:ba:f2:d4:81:5a:48:3d:68:33:53:09:e8:
                    59:77:f6:e2:4c:ec:b0:8f:14:40:64:04:a5:1a:5c:
                    d2:c5:1a:f2:dc:b8:27:e7:c9:a6:d1:ed:9a:46:9e:
                    94:00:b0:26:6c:fb:40:7f:a9:c5:38:c6:7c:a6:94:
                    df:5e:d4:ed:51:31:22:07:fd:5a:a0:ec:81:f5:7e:
                    86:f8:74:77:04:d4:83:dc:03:eb:f5:29:07:72:6e:
                    ba:19:d3:c2:7b:3a:6b:98:0d:81:d3:6e:41:2e:21:
                    d8:40:48:5f:59:24:b1:83:0f:f1:c7:67:fb:23:3d:
                    50:34:f3:60:68:6d:1a:bb:36:7d:f8:7e:62:0a:32:
                    97:2c:20:32:05:19:97:08:a2:44:99:bc:ef:6c:dd:
                    aa:d5:40:d6:d6:bb:35:65:fa:45:e0:d6:de:55:1c:
                    1d:6c:7f:67:44:6a:9f:e5:ac:3f:a9:14:6e:93:f8:
                    e5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:5F:BC:0E:DC:70:69:CA:D0:F6:75:BB:0C:98:CE:4E:C5:2E:91:06
            X509v3 Authority Key Identifier:
                keyid:CC:27:5B:21:7D:F1:DE:98:8C:A2:19:2A:83:AE:11:DD:F4:23:A4:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zCdbIX3x3piMohkqg64R3fQjpE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/f1-8DtxwacrQ9nW7DJjOTsUukQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/5124d0-2b3f-4dab-857d-2e639fca4640/1/zCdbIX3x3piMohkqg64R3fQjpE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.72.0.0/20
                  185.84.212.0/22
                IPv6:
                  2a00:f4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:58:ac:6f:c0:f9:cb:54:e3:e7:b1:40:3f:08:64:f4:2b:bb:
         c9:68:0f:25:c3:74:03:6e:12:a9:10:6b:63:86:50:25:fc:6d:
         83:5a:d5:c5:04:fb:19:ae:62:ac:32:f8:a5:62:d1:0f:f3:9d:
         41:f1:98:03:4f:f3:16:52:c6:4c:f6:7e:0b:8b:93:09:b0:27:
         72:ce:69:f5:79:f7:f5:34:3e:30:8b:d5:e9:3c:36:03:41:bc:
         d4:64:a1:05:c2:33:e8:90:fb:1a:52:6e:29:58:76:88:1a:5a:
         1c:93:e7:70:0d:95:2a:f8:03:8f:93:a5:50:20:b1:b9:c2:30:
         50:71:f1:65:02:79:26:93:3c:71:2e:fc:6f:47:81:8d:0b:30:
         b1:bd:f2:a1:55:73:e6:d7:d8:da:b9:b3:b5:50:09:d2:10:09:
         1d:a0:02:71:dd:05:9f:01:9a:0a:20:3c:5c:79:30:a2:64:03:
         7b:be:d5:01:28:91:40:44:63:9d:f4:ac:83:88:1b:55:02:f2:
         c6:3d:c1:76:d9:67:36:34:1a:37:32:1d:d7:ac:93:00:72:bc:
         4e:a3:54:8f:f8:ad:46:02:c4:ab:67:a9:14:a7:8f:e6:78:3c:
         e4:52:96:76:03:26:25:95:8e:50:89:18:59:2a:ef:6c:e2:14:
         94:25:1d:8f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvJtR34/cRAXez0wtfvDlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMjc1YjIxN2RmMWRlOTg4Y2EyMTkyYTgzYWUxMWRkZjQy
M2E0NGYwHhcNMjQwMTAyMTAzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjVmYmMwZWRjNzA2OWNhZDBmNjc1YmIwYzk4Y2U0ZWM1MmU5MTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6iDN03BAhdmyFaCRly3cebkvh2yh
pN60cg2pl3NVo8bO+YCZx8MQmAkTK3Pe031oC4nHENHJG33qbeWqCUvB+6FWz7hn
UNHE/EFhvt268tSBWkg9aDNTCehZd/biTOywjxRAZASlGlzSxRry3Lgn58mm0e2a
Rp6UALAmbPtAf6nFOMZ8ppTfXtTtUTEiB/1aoOyB9X6G+HR3BNSD3APr9SkHcm66
GdPCezprmA2B025BLiHYQEhfWSSxgw/xx2f7Iz1QNPNgaG0auzZ9+H5iCjKXLCAy
BRmXCKJEmbzvbN2q1UDW1rs1ZfpF4NbeVRwdbH9nRGqf5aw/qRRuk/jliQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH9fvA7ccGnK0PZ1uwyYzk7FLpEGMB8GA1UdIwQY
MBaAFMwnWyF98d6YjKIZKoOuEd30I6RPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekNkYklYM3gzcGlNb2hrcWc2NFIzZlFqcEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS81MTI0ZDAtMmIzZi00ZGFiLTg1N2Qt
MmU2MzlmY2E0NjQwLzEvZjEtOER0eHdhY3JROW5XN0RKak9Uc1V1a1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS81MTI0ZDAtMmIzZi00ZGFiLTg1N2QtMmU2MzlmY2E0NjQw
LzEvekNkYklYM3gzcGlNb2hrcWc2NFIzZlFqcEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUEgAAwQC
uVTUMA0EAgACMAcDBQAqAPTAMA0GCSqGSIb3DQEBCwUAA4IBAQBoWKxvwPnLVOPn
sUA/CGT0K7vJaA8lw3QDbhKpEGtjhlAl/G2DWtXFBPsZrmKsMvilYtEP851B8ZgD
T/MWUsZM9n4Li5MJsCdyzmn1eff1ND4wi9XpPDYDQbzUZKEFwjPokPsaUm4pWHaI
Glock+dwDZUq+AOPk6VQILG5wjBQcfFlAnkmkzxxLvxvR4GNCzCxvfKhVXPm19ja
ubO1UAnSEAkdoAJx3QWfAZoKIDxceTCiZAN7vtUBKJFARGOd9KyDiBtVAvLGPcF2
2Wc2NBo3Mh3XrJMAcrxOo1SP+K1GAsSrZ6kUp4/meDzkUpZ2AyYllY5QiRhZKu9s
4hSUJR2P
-----END CERTIFICATE-----