Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/D7DvCExBQgY8WFr0p209nYcx6KE.roa
File:                     D7DvCExBQgY8WFr0p209nYcx6KE.roa (raw, json)
Hash identifier:          dMytONdHpO/TSkESKgHgZMzQTupoAO2jUDaLGKFIoyM=
Subject key identifier:   0F:B0:EF:08:4C:41:42:06:3C:58:5A:F4:A7:6D:3D:9D:87:31:E8:A1
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1AB5A329E489104D876BF5A491D6
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/D7DvCExBQgY8WFr0p209nYcx6KE.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34905
IP address blocks:        80.120.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1a:b5:a3:29:e4:89:10:4d:87:6b:f5:a4:91:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fb0ef084c4142063c585af4a76d3d9d8731e8a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4a:25:3b:f9:74:8c:5c:89:79:e6:d6:2e:ed:
                    80:39:77:85:66:90:9a:76:b3:51:7a:c3:03:02:5e:
                    cf:b1:1b:b1:2f:0d:ba:19:da:08:d0:8b:fe:86:58:
                    15:4d:2b:21:1f:d1:e4:e5:96:a6:87:1c:3d:9e:62:
                    a1:e7:ea:02:05:d5:9c:84:5b:dd:4f:d3:8c:6e:61:
                    94:7e:56:ed:ec:6a:01:d7:21:17:c4:39:d9:75:4f:
                    d7:94:40:55:96:40:22:c0:ca:f0:0f:39:ca:f5:12:
                    44:5c:a4:03:79:4e:fa:d3:f1:8c:6c:57:cf:fb:97:
                    ec:43:57:b7:ca:7e:83:2c:f9:9a:c1:24:05:df:73:
                    b6:6b:cf:27:38:32:02:4a:21:dd:49:f9:8e:5f:c8:
                    9b:c7:fc:bf:9f:5f:7d:0f:7c:0e:05:42:b0:a8:91:
                    78:f3:17:51:fd:cc:1d:32:c5:92:bf:ac:00:7d:4d:
                    ab:01:06:41:fb:33:cb:5f:17:27:9c:82:c2:a7:d5:
                    3f:86:8b:42:41:51:dd:eb:28:ca:67:3e:29:87:52:
                    d3:ae:05:bb:fd:34:2e:b9:49:8f:f8:11:45:09:a5:
                    87:a2:c2:86:88:fb:4c:db:e4:ef:99:73:59:06:7c:
                    c0:29:a5:33:6d:64:cc:7f:17:68:c7:d6:34:e7:d5:
                    94:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:B0:EF:08:4C:41:42:06:3C:58:5A:F4:A7:6D:3D:9D:87:31:E8:A1
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/D7DvCExBQgY8WFr0p209nYcx6KE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.120.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:c8:31:e3:10:05:6d:7d:64:35:b7:32:08:da:12:c7:58:6b:
         ed:58:78:81:42:6b:d3:1d:72:83:a7:10:fd:af:6d:03:95:5e:
         d4:d4:58:34:45:e1:77:d3:59:f6:87:60:72:e6:8c:c0:93:86:
         0c:67:7f:dc:08:8f:db:b6:01:95:81:3f:5e:cb:51:f9:60:05:
         ef:2d:e7:07:6a:a9:36:60:a0:95:b3:b0:d9:ee:e1:60:f8:fb:
         e5:49:1a:9f:c0:18:d4:a5:59:6f:7b:54:f1:f7:48:7d:62:8b:
         a7:95:64:fd:73:33:c2:0e:f4:63:cb:94:5b:3f:d4:49:01:73:
         c3:22:30:ec:af:0c:92:af:09:b7:82:2c:25:24:64:76:a9:b4:
         6d:0b:93:58:8d:d7:9c:d4:96:f0:32:51:84:b1:be:77:52:69:
         f4:56:af:8a:1f:bf:74:69:b8:16:bc:ed:77:11:28:e2:8b:0c:
         1c:ce:c9:2b:97:8c:a0:ed:2a:7d:f9:41:fa:6c:d9:c7:fa:6c:
         69:21:cf:f5:a3:e9:32:7b:9b:c2:8b:61:75:d8:7a:9b:76:d3:
         5e:77:6d:2b:3c:dc:a1:75:b4:27:ba:30:f7:82:1e:3f:75:bf:
         8c:24:dd:c8:5f:e0:5a:ca:33:71:df:f0:19:a2:b9:86:f1:ee:
         9c:68:14:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Bq1oynkiRBNh2v1pJHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmIwZWYwODRjNDE0MjA2M2M1ODVhZjRhNzZkM2Q5ZDg3MzFlOGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkolO/l0jFyJeebWLu2AOXeFZpCa
drNResMDAl7PsRuxLw26GdoI0Iv+hlgVTSshH9Hk5Zamhxw9nmKh5+oCBdWchFvd
T9OMbmGUflbt7GoB1yEXxDnZdU/XlEBVlkAiwMrwDznK9RJEXKQDeU760/GMbFfP
+5fsQ1e3yn6DLPmawSQF33O2a88nODICSiHdSfmOX8ibx/y/n199D3wOBUKwqJF4
8xdR/cwdMsWSv6wAfU2rAQZB+zPLXxcnnILCp9U/hotCQVHd6yjKZz4ph1LTrgW7
/TQuuUmP+BFFCaWHosKGiPtM2+TvmXNZBnzAKaUzbWTMfxdox9Y059WUTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+w7whMQUIGPFha9KdtPZ2HMeihMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvRDdEdkNFeEJRZ1k4V0ZyMHAyMDluWWN4NktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUHg6MA0G
CSqGSIb3DQEBCwUAA4IBAQAmyDHjEAVtfWQ1tzII2hLHWGvtWHiBQmvTHXKDpxD9
r20DlV7U1Fg0ReF301n2h2By5ozAk4YMZ3/cCI/btgGVgT9ey1H5YAXvLecHaqk2
YKCVs7DZ7uFg+PvlSRqfwBjUpVlve1Tx90h9YounlWT9czPCDvRjy5RbP9RJAXPD
IjDsrwySrwm3giwlJGR2qbRtC5NYjdec1JbwMlGEsb53Umn0Vq+KH790abgWvO13
ESjiiwwczskrl4yg7Sp9+UH6bNnH+mxpIc/1o+kye5vCi2F12HqbdtNed20rPNyh
dbQnujD3gh4/db+MJN3IX+BayjNx3/AZormG8e6caBR6
-----END CERTIFICATE-----