Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/xWPNARwQpBOISHplMFnCveHulHs.roa
File:                     xWPNARwQpBOISHplMFnCveHulHs.roa (raw, json)
Hash identifier:          x76KeY32RoMHizZiEdzZFB17pD6cChQ50fAuj/G7f2U=
Subject key identifier:   C5:63:CD:01:1C:10:A4:13:88:48:7A:65:30:59:C2:BD:E1:EE:94:7B
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CF7BCE457E3F7D05E6021086D6242AE74
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/xWPNARwQpBOISHplMFnCveHulHs.roa
Signing time:             Thu 11 Jan 2024 08:56:40 +0000
ROA not before:           Thu 11 Jan 2024 08:56:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203518
IP address blocks:        80.121.192.0/22 maxlen: 22
                          80.121.194.0/24 maxlen: 24
                          80.121.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f7:bc:e4:57:e3:f7:d0:5e:60:21:08:6d:62:42:ae:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan 11 08:56:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c563cd011c10a41388487a653059c2bde1ee947b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b2:30:69:2d:79:ea:09:09:88:01:25:9e:d1:
                    51:57:1d:61:af:94:77:bb:44:e8:1b:8f:78:77:aa:
                    dc:e9:c0:80:23:04:47:62:4f:72:9a:40:55:e6:a8:
                    d5:3f:67:e7:15:5f:09:9d:cc:0f:f9:e9:e0:69:93:
                    da:1f:b2:ac:8f:54:3f:2e:3d:48:ac:98:be:73:4b:
                    bb:4c:80:90:8b:23:a9:0e:20:70:43:43:be:a7:0c:
                    48:23:dc:97:55:38:84:5a:a7:ff:61:24:13:f1:d7:
                    84:b6:2d:2b:8c:8a:24:e5:9f:ce:0a:18:2b:1e:1b:
                    f4:7c:4e:d0:08:61:67:c7:58:1b:2d:5a:72:d9:7b:
                    95:ae:c6:e2:64:d7:14:fa:62:fb:06:f3:fb:63:98:
                    d0:5d:3b:a2:e9:d3:99:3e:55:29:e0:f7:61:55:41:
                    d3:7f:e2:f3:98:4f:49:8a:9b:72:7c:a7:62:42:a7:
                    71:05:30:69:29:dc:25:53:35:ff:4a:0d:27:91:29:
                    5f:0e:20:7a:01:5f:1b:21:21:f1:49:8d:dc:50:93:
                    e9:11:7b:0b:9d:0f:38:0d:ae:d3:f3:ca:58:73:80:
                    95:39:48:ae:2d:94:cf:31:8e:4f:ce:49:85:d8:80:
                    0b:34:63:2d:0b:77:ae:89:20:4a:2a:dd:25:52:a6:
                    dc:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:63:CD:01:1C:10:A4:13:88:48:7A:65:30:59:C2:BD:E1:EE:94:7B
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/xWPNARwQpBOISHplMFnCveHulHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.121.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d5:57:b5:8f:11:db:f5:7e:3c:52:3a:fe:06:d5:f0:bd:ca:ca:
         e3:d6:a4:9c:67:07:9d:ef:ed:2b:8a:b6:bc:86:4a:74:c4:2f:
         99:e9:95:11:61:32:44:bb:bb:44:df:16:02:4a:4e:83:b4:93:
         87:b0:db:d7:a0:58:f2:58:31:0b:33:a3:5e:ae:ec:8f:92:72:
         d5:d2:02:d5:2f:35:0b:cd:33:24:a4:41:6e:98:d6:28:5a:11:
         82:ba:36:9d:9b:5f:1c:81:72:4b:0c:dc:60:9d:c8:33:b8:cd:
         19:4b:c0:a2:25:be:35:c9:a3:47:3a:dd:03:fe:26:f4:2e:15:
         14:54:d8:ff:41:45:ae:7f:1c:65:5f:82:15:32:42:ff:12:3d:
         c4:82:53:1f:b1:75:d0:69:1a:3b:1c:7e:ae:9a:b7:d1:8b:64:
         15:13:95:aa:ce:49:ef:24:9d:81:ef:b7:09:bc:29:a7:61:ca:
         61:80:ce:50:f3:27:35:57:d0:fb:82:3d:c5:d1:18:3b:df:b9:
         6d:6b:e2:6c:f6:5e:c0:ec:c0:6e:7d:f2:33:a7:64:0f:31:15:
         59:ac:30:61:57:ad:d3:c3:04:37:e5:fc:f2:f8:aa:7a:39:23:
         5a:4c:67:7b:2e:d3:d7:28:37:2a:5c:76:63:86:7c:0d:50:67:
         c2:2e:d9:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz3vORX4/fQXmAhCG1iQq50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTExMDg1NjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTYzY2QwMTFjMTBhNDEzODg0ODdhNjUzMDU5YzJiZGUxZWU5NDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLIwaS156gkJiAElntFRVx1hr5R3
u0ToG494d6rc6cCAIwRHYk9ymkBV5qjVP2fnFV8JncwP+engaZPaH7Ksj1Q/Lj1I
rJi+c0u7TICQiyOpDiBwQ0O+pwxII9yXVTiEWqf/YSQT8deEti0rjIok5Z/OChgr
Hhv0fE7QCGFnx1gbLVpy2XuVrsbiZNcU+mL7BvP7Y5jQXTui6dOZPlUp4PdhVUHT
f+LzmE9JiptyfKdiQqdxBTBpKdwlUzX/Sg0nkSlfDiB6AV8bISHxSY3cUJPpEXsL
nQ84Da7T88pYc4CVOUiuLZTPMY5PzkmF2IALNGMtC3euiSBKKt0lUqbcFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMVjzQEcEKQTiEh6ZTBZwr3h7pR7MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEveFdQTkFSd1FwQk9JU0hwbE1GbkN2ZUh1bEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUHnAMA0G
CSqGSIb3DQEBCwUAA4IBAQDVV7WPEdv1fjxSOv4G1fC9ysrj1qScZwed7+0rira8
hkp0xC+Z6ZURYTJEu7tE3xYCSk6DtJOHsNvXoFjyWDELM6NeruyPknLV0gLVLzUL
zTMkpEFumNYoWhGCujadm18cgXJLDNxgncgzuM0ZS8CiJb41yaNHOt0D/ib0LhUU
VNj/QUWufxxlX4IVMkL/Ej3EglMfsXXQaRo7HH6umrfRi2QVE5WqzknvJJ2B77cJ
vCmnYcphgM5Q8yc1V9D7gj3F0Rg737lta+Js9l7A7MBuffIzp2QPMRVZrDBhV63T
wwQ35fzy+Kp6OSNaTGd7LtPXKDcqXHZjhnwNUGfCLtkU
-----END CERTIFICATE-----