Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/jT2zMCyuWT5Y52_civ74FQa7slY.roa
File:                     jT2zMCyuWT5Y52_civ74FQa7slY.roa (raw, json)
Hash identifier:          pdn3KBuFE5Q+sbc3Xl8Pmbx+254iR1EjGuzLCM6jpXE=
Subject key identifier:   8D:3D:B3:30:2C:AE:59:3E:58:E7:6F:DC:8A:FE:F8:15:06:BB:B2:56
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F95945A6D3E0E1D2748B0EA3473CC
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/jT2zMCyuWT5Y52_civ74FQa7slY.roa
Signing time:             Tue 02 Jan 2024 04:30:05 +0000
ROA not before:           Tue 02 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197616
IP address blocks:        80.233.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:95:94:5a:6d:3e:0e:1d:27:48:b0:ea:34:73:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d3db3302cae593e58e76fdc8afef81506bbb256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e3:89:69:71:86:c4:20:8d:3c:59:10:14:37:
                    02:ae:94:d2:e5:62:79:01:09:5b:17:f8:da:f6:2f:
                    da:96:4b:1b:92:28:ea:a6:72:8e:b7:e6:2c:4f:70:
                    b8:f8:cf:b4:51:c9:35:c5:16:f3:fa:52:48:1e:19:
                    96:6c:6e:a7:f4:31:f9:a9:73:7f:26:96:a9:28:a6:
                    2d:29:d8:ad:75:f7:8f:9e:77:ef:cb:5b:91:21:85:
                    7f:38:41:23:bb:87:fe:91:24:d7:f0:60:df:f4:7b:
                    68:c2:a9:5d:64:f5:14:ec:3b:c5:d5:a2:02:ef:a1:
                    8a:a0:72:6d:29:43:7f:02:db:23:f6:af:88:05:d6:
                    97:5c:64:3a:83:42:9a:67:c1:d6:48:f4:2b:b1:98:
                    9c:ef:5e:64:05:82:c0:a5:6d:bd:f9:0b:88:8b:59:
                    29:63:f7:dc:01:c6:d2:98:8b:22:73:0a:d9:1c:24:
                    70:60:b7:2b:df:c8:10:5a:d3:b1:44:e1:4d:62:2c:
                    9a:29:26:96:a8:5d:d4:e1:31:3a:45:a2:a0:a0:1c:
                    be:9c:e8:ac:e5:d7:be:e7:22:25:31:a2:5e:59:81:
                    22:07:07:ac:73:f7:3e:96:39:63:7c:70:86:c9:dd:
                    30:c9:89:93:6e:94:8a:b4:06:23:c6:cb:06:af:d6:
                    86:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:3D:B3:30:2C:AE:59:3E:58:E7:6F:DC:8A:FE:F8:15:06:BB:B2:56
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/jT2zMCyuWT5Y52_civ74FQa7slY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.233.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bd:87:7f:5f:e5:78:7b:ba:bb:17:0f:b7:0d:51:d5:8f:f9:5c:
         b3:cf:28:5f:8a:46:ec:26:5a:d4:08:74:a4:99:d4:02:f1:25:
         49:ac:62:1f:35:9d:22:dd:e0:66:8a:98:03:42:96:29:e1:25:
         cb:60:95:04:67:3e:34:d5:98:48:45:aa:37:04:a4:49:33:8c:
         8e:8a:e7:f5:9b:62:e8:b0:84:8a:37:48:84:85:6e:99:71:e1:
         18:b0:44:89:ba:c2:61:c7:79:12:76:b5:1f:ea:db:04:49:46:
         43:98:c3:4b:33:cd:09:34:77:fb:33:d3:82:9b:4a:04:7c:da:
         4b:d6:ac:72:3f:f2:7c:d4:76:5f:2b:88:ba:21:d3:19:1f:d6:
         c6:e6:7b:bc:e4:0f:2d:6c:f4:a7:46:f2:d6:63:da:90:31:4f:
         6f:b7:4a:06:cc:bc:b7:5e:41:e6:45:41:b2:d9:d8:bb:90:45:
         da:ff:0c:bd:68:3d:58:95:d9:4c:17:a9:df:4e:27:25:d1:f4:
         ba:18:18:34:bf:35:b8:a6:30:5a:dd:51:76:63:df:d2:b3:16:
         8b:8b:0f:6b:c3:80:85:34:e7:5a:33:3a:b3:04:50:d1:6f:70:
         79:06:da:8c:58:93:11:d5:7a:ab:55:7e:ae:f0:70:a3:1e:50:
         c9:fd:91:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5WUWm0+Dh0nSLDqNHPMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDNkYjMzMDJjYWU1OTNlNThlNzZmZGM4YWZlZjgxNTA2YmJiMjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eOJaXGGxCCNPFkQFDcCrpTS5WJ5
AQlbF/ja9i/alksbkijqpnKOt+YsT3C4+M+0Uck1xRbz+lJIHhmWbG6n9DH5qXN/
JpapKKYtKditdfePnnfvy1uRIYV/OEEju4f+kSTX8GDf9HtowqldZPUU7DvF1aIC
76GKoHJtKUN/Atsj9q+IBdaXXGQ6g0KaZ8HWSPQrsZic715kBYLApW29+QuIi1kp
Y/fcAcbSmIsicwrZHCRwYLcr38gQWtOxROFNYiyaKSaWqF3U4TE6RaKgoBy+nOis
5de+5yIlMaJeWYEiBwesc/c+ljljfHCGyd0wyYmTbpSKtAYjxssGr9aGcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI09szAsrlk+WOdv3Ir++BUGu7JWMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvalQyek1DeXVXVDVZNTJfY2l2NzRGUWE3c2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUOnwMA0G
CSqGSIb3DQEBCwUAA4IBAQC9h39f5Xh7ursXD7cNUdWP+VyzzyhfikbsJlrUCHSk
mdQC8SVJrGIfNZ0i3eBmipgDQpYp4SXLYJUEZz401ZhIRao3BKRJM4yOiuf1m2Lo
sISKN0iEhW6ZceEYsESJusJhx3kSdrUf6tsESUZDmMNLM80JNHf7M9OCm0oEfNpL
1qxyP/J81HZfK4i6IdMZH9bG5nu85A8tbPSnRvLWY9qQMU9vt0oGzLy3XkHmRUGy
2di7kEXa/wy9aD1YldlMF6nfTicl0fS6GBg0vzW4pjBa3VF2Y9/SsxaLiw9rw4CF
NOdaMzqzBFDRb3B5BtqMWJMR1XqrVX6u8HCjHlDJ/ZEV
-----END CERTIFICATE-----