Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/WIERuWm0enBkYOYMrqQzankQzLU.roa
File:                     WIERuWm0enBkYOYMrqQzankQzLU.roa (raw, json)
Hash identifier:          gfzkvm5iwhDgvqrFKV1wVvKu1fcQf/i6ba95FCdepG0=
Subject key identifier:   58:81:11:B9:69:B4:7A:70:64:60:E6:0C:AE:A4:33:6A:79:10:CC:B5
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1B74ED76903D4B67A62C68B88300
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/WIERuWm0enBkYOYMrqQzankQzLU.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39285
IP address blocks:        80.121.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1b:74:ed:76:90:3d:4b:67:a6:2c:68:b8:83:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=588111b969b47a706460e60caea4336a7910ccb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:92:d0:c7:a7:b0:f8:11:20:cf:52:20:5a:11:
                    52:09:1d:17:59:f2:e1:0a:29:67:dc:c5:c8:53:bf:
                    83:d2:90:9e:86:4d:6d:1e:ba:00:21:8e:ad:ac:a3:
                    cb:ee:54:6d:bd:62:92:ca:e6:1f:d4:df:81:7b:83:
                    32:f2:8d:cc:3e:52:41:2a:7d:fe:73:65:6f:c4:91:
                    10:bc:88:b1:b7:ff:96:97:3f:b7:c4:4d:4c:58:49:
                    de:83:ca:1d:0d:0f:c5:a9:77:bb:a9:ea:fd:a7:78:
                    3e:41:00:11:28:4a:7c:62:f1:72:55:e1:4f:87:e3:
                    c7:1f:1e:c3:ad:1e:73:d0:da:41:91:db:15:05:a4:
                    1c:16:ba:90:05:98:ac:65:b8:85:7a:8c:79:be:b5:
                    36:af:c6:5c:97:5b:f8:87:4f:87:df:e4:01:f1:19:
                    f2:4c:15:a2:f8:81:6b:e0:6a:f4:8e:6c:8d:44:be:
                    27:6b:c8:d0:6e:2c:54:2c:f7:9c:cb:27:db:ec:2a:
                    b0:0f:86:d9:7f:d4:59:ec:03:03:95:fa:ad:73:77:
                    2c:62:61:5b:2f:8a:fe:78:91:a6:c2:bb:d8:bb:86:
                    5f:de:94:62:b0:9e:54:9b:02:42:43:cf:04:95:2b:
                    0e:f7:68:8d:d6:f6:1e:06:19:7c:7e:0d:82:db:dc:
                    ce:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:81:11:B9:69:B4:7A:70:64:60:E6:0C:AE:A4:33:6A:79:10:CC:B5
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/WIERuWm0enBkYOYMrqQzankQzLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.121.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:4e:50:cb:6e:37:39:b7:33:41:1c:3d:b9:23:b2:64:9d:1a:
         a6:c3:bb:fb:5a:a4:db:d1:d0:9e:bd:5f:9c:08:4a:d5:e8:6f:
         3d:71:4b:ee:b0:8c:d5:71:f4:06:67:d1:11:90:fb:e2:ae:00:
         1f:ad:d8:df:ef:22:83:83:58:f1:db:a7:d0:16:95:9f:ec:fe:
         26:4c:5d:b4:3e:c6:67:88:86:d0:91:a3:62:31:66:67:f7:7a:
         35:66:df:95:ce:90:2d:9f:f1:ed:ee:5a:73:50:61:38:f7:c9:
         f6:28:50:ff:42:fd:96:f7:2d:53:bf:aa:fe:cf:45:c2:be:a6:
         af:1b:f7:e0:94:5f:3c:08:88:3a:62:ad:33:0b:f6:51:6d:2e:
         e8:35:e2:e1:09:c2:ea:0a:00:a5:ff:85:3b:a4:ea:70:28:c5:
         e1:33:7d:5a:27:46:d7:2f:62:c2:6e:d4:f8:dc:d5:4f:c6:a9:
         15:b8:9f:2f:1c:00:13:03:4c:20:05:07:06:2e:6f:d7:ce:80:
         50:59:69:ca:f7:dc:ab:b1:4a:d5:17:07:1b:78:3a:a0:2b:eb:
         4e:f2:75:57:45:07:af:7d:c3:0a:64:52:b5:16:0f:09:79:98:
         bd:b6:82:a9:58:be:c0:b0:0c:68:36:ce:c6:ec:d7:76:48:93:
         a5:75:63:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Bt07XaQPUtnpixouIMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODgxMTFiOTY5YjQ3YTcwNjQ2MGU2MGNhZWE0MzM2YTc5MTBjY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZLQx6ew+BEgz1IgWhFSCR0XWfLh
Ciln3MXIU7+D0pCehk1tHroAIY6trKPL7lRtvWKSyuYf1N+Be4My8o3MPlJBKn3+
c2VvxJEQvIixt/+Wlz+3xE1MWEneg8odDQ/FqXe7qer9p3g+QQARKEp8YvFyVeFP
h+PHHx7DrR5z0NpBkdsVBaQcFrqQBZisZbiFeox5vrU2r8Zcl1v4h0+H3+QB8Rny
TBWi+IFr4Gr0jmyNRL4na8jQbixULPecyyfb7CqwD4bZf9RZ7AMDlfqtc3csYmFb
L4r+eJGmwrvYu4Zf3pRisJ5UmwJCQ88ElSsO92iN1vYeBhl8fg2C29zODwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiBEblptHpwZGDmDK6kM2p5EMy1MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvV0lFUnVXbTBlbkJrWU9ZTXJxUXphbmtRekxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUHnNMA0G
CSqGSIb3DQEBCwUAA4IBAQB8TlDLbjc5tzNBHD25I7JknRqmw7v7WqTb0dCevV+c
CErV6G89cUvusIzVcfQGZ9ERkPvirgAfrdjf7yKDg1jx26fQFpWf7P4mTF20PsZn
iIbQkaNiMWZn93o1Zt+VzpAtn/Ht7lpzUGE498n2KFD/Qv2W9y1Tv6r+z0XCvqav
G/fglF88CIg6Yq0zC/ZRbS7oNeLhCcLqCgCl/4U7pOpwKMXhM31aJ0bXL2LCbtT4
3NVPxqkVuJ8vHAATA0wgBQcGLm/XzoBQWWnK99yrsUrVFwcbeDqgK+tO8nVXRQev
fcMKZFK1Fg8JeZi9toKpWL7AsAxoNs7G7Nd2SJOldWPh
-----END CERTIFICATE-----