Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/xOUrqzWyOqwBy43SpA2-49CxAoc.roa
File:                     xOUrqzWyOqwBy43SpA2-49CxAoc.roa (raw, json)
Hash identifier:          NHgm7AozGtK5o7Dxcng4SHrCFVYNKzqoN/7BlswFa9Y=
Subject key identifier:   C4:E5:2B:AB:35:B2:3A:AC:01:CB:8D:D2:A4:0D:BE:E3:D0:B1:02:87
Certificate issuer:       /CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
Certificate serial:       018CC87097474D8C1DDBFF9618BB181CCBC4
Authority key identifier: 3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/xOUrqzWyOqwBy43SpA2-49CxAoc.roa
Signing time:             Tue 02 Jan 2024 04:31:11 +0000
ROA not before:           Tue 02 Jan 2024 04:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211531
IP address blocks:        80.245.87.0/24 maxlen: 24
                          149.3.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:97:47:4d:8c:1d:db:ff:96:18:bb:18:1c:cb:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
        Validity
            Not Before: Jan  2 04:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4e52bab35b23aac01cb8dd2a40dbee3d0b10287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3c:52:20:4e:72:5b:1f:ac:0f:bd:d0:2f:4e:
                    37:60:a0:7d:9b:12:f4:a3:8b:6d:c3:aa:7c:80:db:
                    31:4e:ee:a5:e6:5d:69:54:3c:27:e0:4d:1a:dd:1c:
                    c7:b6:9a:34:06:c7:6a:bc:0c:fa:12:8a:ac:cc:4a:
                    14:ab:6b:1b:b1:d3:28:46:93:09:1a:da:8c:f1:9b:
                    b5:f0:eb:a1:94:b5:10:ea:81:a2:d6:d9:e4:f4:b6:
                    b2:94:8a:21:b6:ab:14:d9:3c:43:8d:cb:0a:4b:28:
                    40:b5:1c:fd:b1:cc:56:d6:b0:7a:93:6f:82:95:a2:
                    d2:d6:9a:72:97:25:cb:1e:1e:a1:6f:4c:eb:ba:28:
                    cc:1b:bb:86:a0:6a:7a:ca:7d:6e:ab:94:0a:12:78:
                    70:db:bd:c4:4e:72:96:77:f8:2e:02:75:58:46:34:
                    95:0e:ec:e5:da:a9:5b:4b:93:3f:95:20:11:18:d8:
                    de:b7:72:fc:7e:db:b8:5e:6f:a1:c1:6c:4d:f9:f5:
                    25:e9:e2:4f:6a:b2:4d:f0:45:a9:d4:d4:45:c8:2b:
                    81:78:52:ff:2d:8b:af:fc:35:08:c9:33:27:7c:f9:
                    6a:fd:4c:c3:b2:a4:0e:c1:b0:70:c7:c6:38:dc:b1:
                    f8:1c:5c:28:b2:f5:04:ad:4a:6f:a1:e8:50:5d:64:
                    e2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E5:2B:AB:35:B2:3A:AC:01:CB:8D:D2:A4:0D:BE:E3:D0:B1:02:87
            X509v3 Authority Key Identifier:
                keyid:3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/xOUrqzWyOqwBy43SpA2-49CxAoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.87.0/24
                  149.3.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:1d:68:05:3c:f7:ba:95:26:40:3a:86:1e:0b:c5:14:50:dd:
         25:94:aa:ce:9f:cb:15:79:d9:cf:31:8d:73:5e:ce:cb:dc:a6:
         e4:f2:23:19:ff:b8:7c:1c:ab:47:9f:28:cc:c6:6b:10:6a:5a:
         e5:30:10:22:90:44:1e:e4:e0:c9:5a:79:60:bd:8b:07:3a:8e:
         98:ed:c0:5e:a4:54:eb:59:12:8d:47:a0:e9:73:2d:8a:0e:a0:
         6e:33:79:a8:8d:98:74:2f:63:e6:f0:6f:88:01:86:fd:10:23:
         16:df:79:e3:ea:e0:d4:d3:e9:23:cc:63:10:ca:8c:e2:c1:9b:
         b2:f0:da:18:62:d2:36:84:04:8c:98:c8:f0:15:f6:47:1b:e9:
         73:2e:a6:ac:d6:c5:c3:66:63:07:6d:be:df:27:83:8e:93:97:
         73:0f:f2:01:64:23:97:0b:70:65:33:0e:84:d4:f3:1e:a7:db:
         3b:92:16:63:9e:6e:c5:dd:df:e1:e1:1f:0b:96:80:dc:6c:8c:
         68:02:1c:34:b3:2a:b0:54:58:05:11:07:74:9a:08:a6:a5:0a:
         33:74:ad:c8:ab:42:07:ba:85:3d:3e:d7:75:2d:c5:c0:5e:f5:
         03:d5:07:cb:1f:f7:80:03:a0:98:59:fe:99:92:4a:26:e0:9a:
         42:30:01:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcJdHTYwd2/+WGLsYHMvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZmE2NjM2ZmU2NDQwYWNmMjkzYjc1NzA1YTdhMWRjYWRh
ODQyMGIwHhcNMjQwMTAyMDQzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGU1MmJhYjM1YjIzYWFjMDFjYjhkZDJhNDBkYmVlM2QwYjEwMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujxSIE5yWx+sD73QL043YKB9mxL0
o4ttw6p8gNsxTu6l5l1pVDwn4E0a3RzHtpo0BsdqvAz6EoqszEoUq2sbsdMoRpMJ
GtqM8Zu18OuhlLUQ6oGi1tnk9LaylIohtqsU2TxDjcsKSyhAtRz9scxW1rB6k2+C
laLS1ppylyXLHh6hb0zruijMG7uGoGp6yn1uq5QKEnhw273ETnKWd/guAnVYRjSV
Duzl2qlbS5M/lSARGNjet3L8ftu4Xm+hwWxN+fUl6eJParJN8EWp1NRFyCuBeFL/
LYuv/DUIyTMnfPlq/UzDsqQOwbBwx8Y43LH4HFwosvUErUpvoehQXWTiqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMTlK6s1sjqsAcuN0qQNvuPQsQKHMB8GA1UdIwQY
MBaAFDv6Zjb+ZECs8pO3VwWnodytqEILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEt
OTJlYzUxNWM1OTVhLzEveE9VcnF6V3lPcXdCeTQzU3BBMi00OUN4QW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEtOTJlYzUxNWM1OTVh
LzEvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPVXAwQA
lQO4MA0GCSqGSIb3DQEBCwUAA4IBAQBiHWgFPPe6lSZAOoYeC8UUUN0llKrOn8sV
ednPMY1zXs7L3Kbk8iMZ/7h8HKtHnyjMxmsQalrlMBAikEQe5ODJWnlgvYsHOo6Y
7cBepFTrWRKNR6Dpcy2KDqBuM3mojZh0L2Pm8G+IAYb9ECMW33nj6uDU0+kjzGMQ
yoziwZuy8NoYYtI2hASMmMjwFfZHG+lzLqas1sXDZmMHbb7fJ4OOk5dzD/IBZCOX
C3BlMw6E1PMep9s7khZjnm7F3d/h4R8LloDcbIxoAhw0syqwVFgFEQd0mgimpQoz
dK3Iq0IHuoU9Ptd1LcXAXvUD1QfLH/eAA6CYWf6Zkkom4JpCMAHB
-----END CERTIFICATE-----