Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/t-vvyyJncvAAfAa96YEzMwSH7gE.roa
File:                     t-vvyyJncvAAfAa96YEzMwSH7gE.roa (raw, json)
Hash identifier:          +EAIODGI0gSrFAD6b3Gzh1imFWAdsumE5Q8Vo1ZApM4=
Subject key identifier:   B7:EB:EF:CB:22:67:72:F0:00:7C:06:BD:E9:81:33:33:04:87:EE:01
Certificate issuer:       /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial:       01942369730D35D6F6A8D1F201DC8AB8F282
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/t-vvyyJncvAAfAa96YEzMwSH7gE.roa
Signing time:             Wed 01 Jan 2025 19:48:20 +0000
ROA not before:           Wed 01 Jan 2025 19:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205727
IP address blocks:        80.211.240.0/20 maxlen: 24
                          176.107.128.0/20 maxlen: 24
                          2a00:6d47::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:73:0d:35:d6:f6:a8:d1:f2:01:dc:8a:b8:f2:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
        Validity
            Not Before: Jan  1 19:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7ebefcb226772f0007c06bde98133330487ee01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:24:14:ce:9e:3a:18:57:78:cc:9e:0c:a9:a9:
                    28:9b:67:a8:a7:5b:fd:e1:69:4b:b2:d7:be:9d:84:
                    8b:26:c8:f4:e9:63:75:be:7e:4c:e3:d5:5a:dd:13:
                    04:29:e7:5b:90:aa:74:74:24:b6:b8:d4:9a:98:6b:
                    f1:ba:bc:cf:13:c3:d7:a4:6c:a0:2d:69:d2:fb:cd:
                    00:9c:f0:ae:4c:92:35:c8:58:8b:59:c7:0d:95:ca:
                    85:02:02:2a:4e:b3:f6:35:fd:da:ae:62:29:d9:cf:
                    27:a8:f4:db:b1:dc:0a:7d:09:bf:a8:3d:e8:b0:c2:
                    5a:15:60:8b:c8:38:04:ac:1f:cd:bc:21:92:ce:e2:
                    d7:29:95:a7:d9:02:c1:db:06:ca:64:45:e2:2d:b6:
                    59:ec:d2:58:4e:1f:62:ad:6a:1b:d8:36:d3:b2:a4:
                    87:08:78:47:bb:3c:db:64:f6:53:76:f4:be:03:3c:
                    52:62:38:72:66:60:ae:38:2d:e5:25:8c:7a:a3:75:
                    20:1a:ad:7e:e3:c7:44:ed:9b:e7:91:a7:45:26:1f:
                    c3:5e:e3:34:d5:14:a7:fc:9f:c3:b7:50:e2:61:df:
                    a8:42:0b:a7:52:82:4b:c5:5e:dc:a7:2c:c4:5f:10:
                    64:c2:7c:10:2a:83:a6:a0:b7:84:38:37:97:c3:a5:
                    9e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:EB:EF:CB:22:67:72:F0:00:7C:06:BD:E9:81:33:33:04:87:EE:01
            X509v3 Authority Key Identifier:
                keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/t-vvyyJncvAAfAa96YEzMwSH7gE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.211.240.0/20
                  176.107.128.0/20
                IPv6:
                  2a00:6d47::/36

    Signature Algorithm: sha256WithRSAEncryption
         89:e3:11:e7:ce:86:2f:d1:db:81:06:a1:00:8c:8f:f1:f9:82:
         7e:21:3c:f9:aa:ff:1c:5b:24:e8:c0:be:53:b3:6b:6f:ae:fe:
         c0:73:b0:46:e3:3c:77:19:0c:92:c5:8d:17:9c:3a:cd:19:d8:
         cf:0c:10:39:01:f7:b6:14:fa:41:68:56:c2:be:ef:08:ea:e5:
         0d:2f:0b:86:78:df:38:78:3e:c7:12:86:7d:f8:9f:59:3a:d8:
         55:f5:c0:77:15:97:5e:ba:24:d4:49:9e:95:2f:4e:23:d2:28:
         9a:f2:c3:eb:b3:fe:6a:fe:94:62:20:3b:9f:39:8f:d4:10:8e:
         a6:bf:68:22:07:8f:78:ed:a6:6d:cc:1a:63:67:62:f5:80:4a:
         80:ad:cd:bf:a6:6c:42:e9:f6:94:2c:ca:54:ca:6a:a5:8c:93:
         2e:fa:71:05:00:af:0c:08:bb:49:64:63:54:d2:71:6b:63:02:
         44:67:35:49:9f:d5:0c:88:4c:ae:a5:e4:72:a6:81:0c:ff:9a:
         a8:2f:5e:38:2c:a6:00:22:ee:1e:d7:b4:33:71:2b:4b:63:8d:
         cb:13:89:ae:8e:5f:8b:72:89:d0:e5:e9:e5:8a:86:d2:1f:0c:
         e4:1e:43:81:00:1e:18:d7:88:b9:73:c3:8b:84:99:56:91:65:
         6f:c4:83:f9
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQjaXMNNdb2qNHyAdyKuPKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjUwMTAxMTk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2ViZWZjYjIyNjc3MmYwMDA3YzA2YmRlOTgxMzMzMzA0ODdlZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyQUzp46GFd4zJ4Mqakom2eop1v9
4WlLste+nYSLJsj06WN1vn5M49Va3RMEKedbkKp0dCS2uNSamGvxurzPE8PXpGyg
LWnS+80AnPCuTJI1yFiLWccNlcqFAgIqTrP2Nf3armIp2c8nqPTbsdwKfQm/qD3o
sMJaFWCLyDgErB/NvCGSzuLXKZWn2QLB2wbKZEXiLbZZ7NJYTh9irWob2DbTsqSH
CHhHuzzbZPZTdvS+AzxSYjhyZmCuOC3lJYx6o3UgGq1+48dE7ZvnkadFJh/DXuM0
1RSn/J/Dt1DiYd+oQgunUoJLxV7cpyzEXxBkwnwQKoOmoLeEODeXw6WebwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFLfr78siZ3LwAHwGvemBMzMEh+4BMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvdC12dnl5Sm5jdkFBZkFhOTZZRXpNd1NIN2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQEUNPwAwQE
sGuAMA4EAgACMAgDBgQqAG1HADANBgkqhkiG9w0BAQsFAAOCAQEAieMR586GL9Hb
gQahAIyP8fmCfiE8+ar/HFsk6MC+U7Nrb67+wHOwRuM8dxkMksWNF5w6zRnYzwwQ
OQH3thT6QWhWwr7vCOrlDS8LhnjfOHg+xxKGffifWTrYVfXAdxWXXrok1EmelS9O
I9IomvLD67P+av6UYiA7nzmP1BCOpr9oIgePeO2mbcwaY2di9YBKgK3Nv6ZsQun2
lCzKVMpqpYyTLvpxBQCvDAi7SWRjVNJxa2MCRGc1SZ/VDIhMrqXkcqaBDP+aqC9e
OCymACLuHte0M3ErS2ONyxOJro5fi3KJ0OXp5YqG0h8M5B5DgQAeGNeIuXPDi4SZ
VpFlb8SD+Q==
-----END CERTIFICATE-----