Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/ksBpITpVU9OCjDg-K_dfVluJol0.roa
File:                     ksBpITpVU9OCjDg-K_dfVluJol0.roa (raw, json)
Hash identifier:          27EFBQmmA+qF6z4lcYLA4RR0/ooZK3sZs3R0tIqi3ys=
Subject key identifier:   92:C0:69:21:3A:55:53:D3:82:8C:38:3E:2B:F7:5F:56:5B:89:A2:5D
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC2354AF5DCBA855E4576BEABEDA3B
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/ksBpITpVU9OCjDg-K_dfVluJol0.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207868
IP address blocks:        80.120.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:23:54:af:5d:cb:a8:55:e4:57:6b:ea:be:da:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92c069213a5553d3828c383e2bf75f565b89a25d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5a:92:d3:5b:21:1e:ef:a9:7e:c7:e6:5e:42:
                    c4:63:47:fe:b6:3a:4d:7e:7a:eb:9b:59:26:74:bf:
                    a6:cb:5d:35:2a:48:43:38:32:cb:9b:a9:ad:3d:ea:
                    43:9f:45:0e:31:43:6e:a6:f3:3e:b9:33:38:4e:48:
                    3d:f3:50:3c:32:de:13:0a:ec:8d:fd:4c:7d:ee:fe:
                    01:d6:96:1c:59:f6:2b:da:2c:18:95:5f:46:55:eb:
                    37:4c:dd:55:9a:e0:94:20:6b:72:e2:c6:43:91:d3:
                    cf:5b:06:66:19:22:a4:20:05:b8:58:56:8a:b1:40:
                    02:9b:af:8c:df:eb:dc:7d:25:78:58:e7:d8:1a:4b:
                    72:48:b1:6b:1e:6a:3f:11:e0:db:be:3e:a5:17:5c:
                    e0:f8:09:23:47:4b:df:92:1d:f8:2d:cc:cd:12:f6:
                    3e:7e:c7:05:3b:35:45:0e:c8:ab:34:da:1e:0e:f2:
                    15:45:cf:ea:4b:ac:18:b0:7e:a6:dc:8a:14:b5:ee:
                    13:9e:bb:1b:70:5c:9d:92:ad:54:62:79:8a:da:30:
                    2b:42:ec:43:de:c6:02:66:bc:11:95:20:62:49:10:
                    7d:30:f2:17:1c:59:6e:b0:40:d7:f5:f1:ad:4b:69:
                    2c:f5:88:ba:c1:67:64:a7:7d:a6:97:24:98:6a:a6:
                    75:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C0:69:21:3A:55:53:D3:82:8C:38:3E:2B:F7:5F:56:5B:89:A2:5D
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/ksBpITpVU9OCjDg-K_dfVluJol0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.120.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:19:8f:94:29:f7:4b:3b:e4:10:e4:a4:70:f6:e3:47:29:2a:
         15:9f:52:48:22:23:e9:cc:3a:be:f3:e6:80:2a:15:78:15:8d:
         0b:85:f5:bf:e1:2e:ac:3b:79:54:a7:8c:68:7d:2c:19:d8:e4:
         6b:3d:00:84:0b:fe:13:ed:d3:d0:72:d8:72:fc:67:7d:78:82:
         9b:b4:90:b0:61:39:f0:0a:ed:9d:91:5b:ca:02:28:0c:74:0d:
         ff:ca:7a:70:f7:59:49:0d:2d:07:75:e1:21:18:f8:a4:b6:77:
         4f:15:43:cb:6e:68:31:6b:2c:14:17:41:f7:63:32:81:cd:39:
         a3:f4:64:2e:52:4e:f5:56:bd:09:9d:c2:19:9b:bd:9e:5e:b9:
         91:4e:41:e1:7b:d0:e3:63:89:98:29:e2:a7:7d:a6:f4:26:69:
         dc:c2:90:fb:41:78:5f:e2:02:20:6c:f0:f5:44:d7:7e:46:bc:
         25:3e:e4:e3:7e:46:88:80:c2:2d:20:5b:07:b3:d8:17:0a:d0:
         ec:52:34:15:62:50:d8:91:0f:2e:a0:92:47:7d:6b:5f:a2:2c:
         28:85:ec:94:41:61:49:ba:de:d2:94:68:95:95:2b:7e:2d:30:
         a7:48:e9:88:99:0d:02:9b:3f:08:82:72:4b:2f:5a:43:a2:42:
         65:81:68:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CNUr13LqFXkV2vqvto7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmMwNjkyMTNhNTU1M2QzODI4YzM4M2UyYmY3NWY1NjViODlhMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulqS01shHu+pfsfmXkLEY0f+tjpN
fnrrm1kmdL+my101KkhDODLLm6mtPepDn0UOMUNupvM+uTM4Tkg981A8Mt4TCuyN
/Ux97v4B1pYcWfYr2iwYlV9GVes3TN1VmuCUIGty4sZDkdPPWwZmGSKkIAW4WFaK
sUACm6+M3+vcfSV4WOfYGktySLFrHmo/EeDbvj6lF1zg+AkjR0vfkh34LczNEvY+
fscFOzVFDsirNNoeDvIVRc/qS6wYsH6m3IoUte4TnrsbcFydkq1UYnmK2jArQuxD
3sYCZrwRlSBiSRB9MPIXHFlusEDX9fGtS2ks9Yi6wWdkp32mlySYaqZ1/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLAaSE6VVPTgow4Piv3X1ZbiaJdMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEva3NCcElUcFZVOU9DakRnLUtfZGZWbHVKb2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUHgMMA0G
CSqGSIb3DQEBCwUAA4IBAQCGGY+UKfdLO+QQ5KRw9uNHKSoVn1JIIiPpzDq+8+aA
KhV4FY0LhfW/4S6sO3lUp4xofSwZ2ORrPQCEC/4T7dPQcthy/Gd9eIKbtJCwYTnw
Cu2dkVvKAigMdA3/ynpw91lJDS0HdeEhGPiktndPFUPLbmgxaywUF0H3YzKBzTmj
9GQuUk71Vr0JncIZm72eXrmRTkHhe9DjY4mYKeKnfab0JmncwpD7QXhf4gIgbPD1
RNd+RrwlPuTjfkaIgMItIFsHs9gXCtDsUjQVYlDYkQ8uoJJHfWtfoiwoheyUQWFJ
ut7SlGiVlSt+LTCnSOmImQ0Cmz8IgnJLL1pDokJlgWj0
-----END CERTIFICATE-----