Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/zPVRCFoYWkGx7d6M9-S1C4SExnY.roa
File:                     zPVRCFoYWkGx7d6M9-S1C4SExnY.roa (raw, json)
Hash identifier:          rWdbgV5GgqlJmuQB6zTTcbZta+R9VK1Wx3HnYwizOlw=
Subject key identifier:   CC:F5:51:08:5A:18:5A:41:B1:ED:DE:8C:F7:E4:B5:0B:84:84:C6:76
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1F1E32CEC207BEC8025EC390C819
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/zPVRCFoYWkGx7d6M9-S1C4SExnY.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200247
IP address blocks:        80.120.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1f:1e:32:ce:c2:07:be:c8:02:5e:c3:90:c8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccf551085a185a41b1edde8cf7e4b50b8484c676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:69:26:1d:a6:cc:16:b2:a2:6a:04:39:cb:43:
                    fd:f7:22:dd:fe:68:2d:2e:3f:c1:e9:97:b8:42:d4:
                    8e:a9:34:a2:14:b7:42:20:16:0e:ba:99:3d:4d:99:
                    27:c6:7a:65:76:60:07:f0:17:33:7d:84:24:9f:cd:
                    ca:a2:2b:40:6d:11:72:7b:4d:e7:e8:71:c5:13:50:
                    18:59:3e:56:b7:c1:59:76:45:96:88:62:64:9d:da:
                    49:9c:e4:b9:2e:ab:96:9a:6f:2b:de:04:25:a6:cf:
                    e1:9f:ff:b4:da:1e:c3:fb:77:40:82:15:8b:72:68:
                    89:b3:16:63:b4:03:2f:d0:cd:6a:18:1b:29:67:93:
                    c1:dc:3f:2a:a2:86:3e:45:96:bd:5a:9c:7e:18:20:
                    76:fd:03:7b:4f:17:ad:36:ec:87:92:48:b7:da:0c:
                    d3:bc:d8:48:e1:f1:8f:72:71:d7:ae:5f:5c:33:40:
                    3b:cc:a2:fe:66:9d:e9:bd:40:e3:e8:ef:9c:d3:bc:
                    39:68:a3:34:65:00:d6:19:47:5c:d3:b4:52:e3:4f:
                    1f:9d:33:ab:8a:79:c8:fa:30:6e:b1:1f:27:95:51:
                    c7:c6:71:29:f9:dd:39:25:b1:50:03:92:10:fd:1b:
                    81:14:f9:0c:e3:82:96:ee:ef:9f:6f:70:23:af:a9:
                    87:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F5:51:08:5A:18:5A:41:B1:ED:DE:8C:F7:E4:B5:0B:84:84:C6:76
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/zPVRCFoYWkGx7d6M9-S1C4SExnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.120.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:e6:5e:13:7e:c8:76:1b:5f:41:14:1c:df:08:91:46:34:df:
         83:8b:da:8f:8a:15:00:8d:3a:cc:64:00:2f:75:8a:cf:3e:d4:
         12:17:3a:d8:70:36:b6:f5:b4:c0:ff:e7:be:24:fc:77:79:91:
         f4:57:1a:26:90:0f:a6:cb:5c:f1:01:6b:bc:c2:33:e1:c8:bb:
         42:d1:a6:c5:c9:7a:64:95:1d:17:80:55:b8:f9:08:1f:89:74:
         3d:37:b7:74:83:4a:a7:c9:c8:b4:1c:d8:df:73:c1:e7:56:cf:
         c7:65:7c:20:cd:0a:86:6d:43:97:fc:ef:5b:f8:7b:62:cd:68:
         bd:51:cf:88:51:f3:7f:fb:7b:a9:f0:53:28:be:11:10:48:ab:
         45:63:87:a4:e7:e9:7d:9c:1c:2c:fa:c6:50:3d:ad:6f:50:54:
         de:96:e4:1b:d9:26:e7:a9:46:60:5f:cb:87:08:41:24:f7:79:
         51:20:0a:ac:86:11:60:19:1d:01:a5:e5:6e:50:58:f6:e3:d8:
         b9:8d:15:1c:e8:6d:c7:07:64:63:bd:c7:9f:3e:f6:19:a9:2b:
         a0:c9:37:46:8e:24:0e:3c:e2:09:04:21:79:ff:f0:22:84:19:
         b4:06:00:6b:1a:a5:6f:85:6e:a9:1e:d9:3d:9e:85:4c:f0:b3:
         72:25:c0:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3B8eMs7CB77IAl7DkMgZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Y1NTEwODVhMTg1YTQxYjFlZGRlOGNmN2U0YjUwYjg0ODRjNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWkmHabMFrKiagQ5y0P99yLd/mgt
Lj/B6Ze4QtSOqTSiFLdCIBYOupk9TZknxnpldmAH8BczfYQkn83KoitAbRFye03n
6HHFE1AYWT5Wt8FZdkWWiGJkndpJnOS5LquWmm8r3gQlps/hn/+02h7D+3dAghWL
cmiJsxZjtAMv0M1qGBspZ5PB3D8qooY+RZa9Wpx+GCB2/QN7TxetNuyHkki32gzT
vNhI4fGPcnHXrl9cM0A7zKL+Zp3pvUDj6O+c07w5aKM0ZQDWGUdc07RS408fnTOr
innI+jBusR8nlVHHxnEp+d05JbFQA5IQ/RuBFPkM44KW7u+fb3Ajr6mHRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMz1UQhaGFpBse3ejPfktQuEhMZ2MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvelBWUkNGb1lXa0d4N2Q2TTktUzFDNFNFeG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUHgIMA0G
CSqGSIb3DQEBCwUAA4IBAQC05l4Tfsh2G19BFBzfCJFGNN+Di9qPihUAjTrMZAAv
dYrPPtQSFzrYcDa29bTA/+e+JPx3eZH0VxomkA+my1zxAWu8wjPhyLtC0abFyXpk
lR0XgFW4+QgfiXQ9N7d0g0qnyci0HNjfc8HnVs/HZXwgzQqGbUOX/O9b+HtizWi9
Uc+IUfN/+3up8FMovhEQSKtFY4ek5+l9nBws+sZQPa1vUFTeluQb2SbnqUZgX8uH
CEEk93lRIAqshhFgGR0BpeVuUFj249i5jRUc6G3HB2RjvcefPvYZqSugyTdGjiQO
POIJBCF5//AihBm0BgBrGqVvhW6pHtk9noVM8LNyJcAB
-----END CERTIFICATE-----