Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/nr6R1CHv5Gmg4V2CaUKqmg73fEc.roa
File:                     nr6R1CHv5Gmg4V2CaUKqmg73fEc.roa (raw, json)
Hash identifier:          ow1tAahTQ7Xb/YdT5t/NbiiDXdyE2M8+iM8Wm/e0pCU=
Subject key identifier:   9E:BE:91:D4:21:EF:E4:69:A0:E1:5D:82:69:42:AA:9A:0E:F7:7C:47
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC2064A2392BAE2165FB7028CFBA3B
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/nr6R1CHv5Gmg4V2CaUKqmg73fEc.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202453
IP address blocks:        80.120.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:20:64:a2:39:2b:ae:21:65:fb:70:28:cf:ba:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ebe91d421efe469a0e15d826942aa9a0ef77c47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:34:66:36:27:7d:dc:8f:77:34:1d:10:ab:86:
                    2a:f0:42:a4:46:8b:30:8b:dd:f7:11:c7:a7:9f:16:
                    78:17:62:02:3c:9a:08:69:2e:f0:d1:a9:cc:8a:5d:
                    e8:1a:0f:c2:b7:5b:2e:97:1d:b3:d0:77:b9:fe:52:
                    fb:9e:ea:e9:b6:12:6c:89:6d:36:b1:9f:48:36:85:
                    3e:da:0b:48:bf:91:fb:c5:f1:e4:c7:f6:5f:f9:20:
                    5f:93:2f:ec:64:5b:01:9a:ba:c4:a0:02:46:8c:31:
                    14:2a:0e:4d:dd:12:f7:f5:04:cd:41:3f:11:5c:0e:
                    de:9b:c8:05:2c:97:26:c4:f7:b0:01:7b:8b:83:0b:
                    cf:2c:dd:a0:28:ee:89:a4:3d:60:be:48:f2:59:79:
                    25:61:ef:c1:bf:85:c2:47:ed:04:8a:fc:d2:02:e9:
                    f0:8f:83:2e:bd:a3:12:11:a5:13:a6:45:5e:07:71:
                    ee:92:cc:49:d0:6f:4b:78:60:f5:7b:f7:99:54:53:
                    f7:3d:e2:a5:64:fc:2e:87:18:51:9f:fe:d7:34:91:
                    4a:c4:67:6b:3a:48:a4:31:f2:ef:5c:5c:19:ed:c2:
                    5d:4c:e2:ad:5f:3d:7f:06:a0:93:d3:35:2d:79:dc:
                    f9:48:c0:54:13:90:0c:69:bb:68:e1:35:51:e8:56:
                    44:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:BE:91:D4:21:EF:E4:69:A0:E1:5D:82:69:42:AA:9A:0E:F7:7C:47
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/nr6R1CHv5Gmg4V2CaUKqmg73fEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.120.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:07:87:e8:74:5b:1e:7b:a7:a5:e4:58:e1:e1:8c:e8:b5:5d:
         86:3e:dd:f1:59:c8:0d:60:01:b4:4a:ae:86:85:d6:cc:cd:16:
         3f:02:ed:d0:92:c8:1a:df:58:41:0c:9f:94:4c:bc:04:ec:5f:
         02:d2:d4:96:7d:ea:38:4a:06:0c:15:6b:ae:c2:a3:78:57:58:
         f8:c1:60:94:c4:7f:cb:48:fa:47:f8:05:f8:98:bb:76:c1:83:
         28:53:ba:2b:5a:d5:e8:ac:0f:e0:10:e7:17:4e:9b:3a:48:8d:
         ae:4a:33:3d:4a:8f:85:d3:3d:d1:a4:b9:4b:a1:4a:5f:39:77:
         6a:ef:a7:d9:92:66:18:19:3d:01:5c:8f:e6:3a:18:3d:b9:6e:
         71:33:ee:26:b1:d5:3f:e1:84:79:29:ff:25:3e:4d:24:df:20:
         ef:f9:fb:9e:62:1f:46:a8:8b:77:f1:c3:82:fb:cb:1d:ea:6d:
         91:07:1b:99:11:6d:fb:c2:14:ec:4f:d1:6d:f1:3f:68:9c:e7:
         65:d9:dc:c3:94:8f:1e:8d:94:e7:04:ed:24:ea:05:ad:00:a0:
         2e:1d:6d:66:d9:6e:c5:b4:f6:4d:8f:bc:d5:2e:d8:dc:da:1a:
         03:72:26:64:58:14:39:63:a1:57:0b:88:ee:30:e8:2e:47:ed:
         1b:30:37:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CBkojkrriFl+3Aoz7o7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWJlOTFkNDIxZWZlNDY5YTBlMTVkODI2OTQyYWE5YTBlZjc3YzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTRmNid93I93NB0Qq4Yq8EKkRosw
i933EcennxZ4F2ICPJoIaS7w0anMil3oGg/Ct1sulx2z0He5/lL7nurpthJsiW02
sZ9INoU+2gtIv5H7xfHkx/Zf+SBfky/sZFsBmrrEoAJGjDEUKg5N3RL39QTNQT8R
XA7em8gFLJcmxPewAXuLgwvPLN2gKO6JpD1gvkjyWXklYe/Bv4XCR+0EivzSAunw
j4MuvaMSEaUTpkVeB3HuksxJ0G9LeGD1e/eZVFP3PeKlZPwuhxhRn/7XNJFKxGdr
OkikMfLvXFwZ7cJdTOKtXz1/BqCT0zUtedz5SMBUE5AMabto4TVR6FZEWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6+kdQh7+RpoOFdgmlCqpoO93xHMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvbnI2UjFDSHY1R21nNFYyQ2FVS3FtZzczZkVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUHgNMA0G
CSqGSIb3DQEBCwUAA4IBAQDGB4fodFsee6el5Fjh4YzotV2GPt3xWcgNYAG0Sq6G
hdbMzRY/Au3Qksga31hBDJ+UTLwE7F8C0tSWfeo4SgYMFWuuwqN4V1j4wWCUxH/L
SPpH+AX4mLt2wYMoU7orWtXorA/gEOcXTps6SI2uSjM9So+F0z3RpLlLoUpfOXdq
76fZkmYYGT0BXI/mOhg9uW5xM+4msdU/4YR5Kf8lPk0k3yDv+fueYh9GqIt38cOC
+8sd6m2RBxuZEW37whTsT9Ft8T9onOdl2dzDlI8ejZTnBO0k6gWtAKAuHW1m2W7F
tPZNj7zVLtjc2hoDciZkWBQ5Y6FXC4juMOguR+0bMDeF
-----END CERTIFICATE-----