Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/LAY9sSNA-YJZQYYdnmpTlhxvD2w.roa
File:                     LAY9sSNA-YJZQYYdnmpTlhxvD2w.roa (raw, json)
Hash identifier:          sy6paHPwN5kXrSUvaYyd2hN5gZ9nHNvT8Yp+G0CBKsY=
Subject key identifier:   2C:06:3D:B1:23:40:F9:82:59:41:86:1D:9E:6A:53:96:1C:6F:0F:6C
Certificate issuer:       /CN=47bf2ffeda381e54818df07052cf67e222515f89
Certificate serial:       0194228E07DD20845EFED0442C4388BE0AB1
Authority key identifier: 47:BF:2F:FE:DA:38:1E:54:81:8D:F0:70:52:CF:67:E2:22:51:5F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R78v_to4HlSBjfBwUs9n4iJRX4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/LAY9sSNA-YJZQYYdnmpTlhxvD2w.roa
Signing time:             Wed 01 Jan 2025 15:48:40 +0000
ROA not before:           Wed 01 Jan 2025 15:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        80.91.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/R78v_to4HlSBjfBwUs9n4iJRX4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/R78v_to4HlSBjfBwUs9n4iJRX4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R78v_to4HlSBjfBwUs9n4iJRX4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:07:dd:20:84:5e:fe:d0:44:2c:43:88:be:0a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47bf2ffeda381e54818df07052cf67e222515f89
        Validity
            Not Before: Jan  1 15:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c063db12340f9825941861d9e6a53961c6f0f6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bc:e4:8a:d5:59:0b:52:73:1b:14:9c:77:a6:
                    cb:0c:6e:5e:fc:be:98:41:6c:d5:51:35:fd:dc:aa:
                    77:cc:37:95:ee:e1:09:fb:96:5e:44:2c:92:f6:e9:
                    62:31:cd:85:bb:46:17:6e:78:20:76:ee:10:cc:2c:
                    bc:b1:79:27:c4:a7:1e:0b:02:e1:21:7c:3a:f9:94:
                    07:02:01:ca:0f:2f:1a:82:33:f1:69:c1:a2:a6:cb:
                    aa:8e:d3:74:6d:85:a1:c0:f0:fc:11:d7:f2:a4:83:
                    e3:74:6e:52:ea:56:11:b1:2c:b7:e8:e7:57:84:d0:
                    4c:61:24:bc:d5:09:76:03:c1:03:e8:1a:b3:54:7a:
                    ef:9a:47:1f:b0:a7:9b:38:e6:b3:08:50:21:24:ed:
                    8f:90:1e:ef:47:a5:85:22:f0:0a:18:93:cd:80:a7:
                    23:e0:aa:59:62:c6:8e:28:7f:ac:1f:00:49:f8:14:
                    ba:01:6d:90:a5:95:bd:87:01:36:39:98:f3:89:43:
                    01:1c:10:00:bb:f0:01:fb:45:71:c2:c5:bb:ab:98:
                    8f:3f:27:9b:77:da:f4:84:d4:55:ae:11:b5:2e:80:
                    87:73:e9:22:a8:e3:d0:83:74:cf:29:e4:a7:5e:b3:
                    07:9d:48:c0:d6:7f:2f:30:be:50:90:44:99:91:58:
                    31:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:06:3D:B1:23:40:F9:82:59:41:86:1D:9E:6A:53:96:1C:6F:0F:6C
            X509v3 Authority Key Identifier:
                keyid:47:BF:2F:FE:DA:38:1E:54:81:8D:F0:70:52:CF:67:E2:22:51:5F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R78v_to4HlSBjfBwUs9n4iJRX4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/LAY9sSNA-YJZQYYdnmpTlhxvD2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/R78v_to4HlSBjfBwUs9n4iJRX4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:13:20:af:45:17:00:c1:b3:cd:37:90:0f:67:82:46:f2:ea:
         c6:ee:6f:d7:15:1d:7e:24:e6:37:26:46:c2:69:36:fa:f2:cf:
         12:43:a5:6b:a0:bd:fd:bd:5a:a3:ea:f2:20:69:da:d9:9c:28:
         67:25:50:2e:de:e9:0a:6d:93:b9:ab:da:21:76:e2:c9:72:82:
         04:f3:b7:c5:18:d7:0a:bd:8e:9c:59:b7:bc:a3:36:57:18:52:
         42:e5:bb:78:2f:a9:e5:fc:d1:41:85:b0:6e:91:27:88:ed:d6:
         ba:5a:8e:fb:46:56:36:de:f9:99:ec:1e:ae:41:c0:4a:88:18:
         c1:73:22:60:bb:87:97:8d:2e:11:51:27:ae:b0:df:47:4e:5a:
         b5:90:a0:39:07:8d:4a:bb:b9:0e:5d:a5:3e:34:b9:a5:1d:c6:
         67:47:a7:b1:ff:28:29:6d:ca:c0:47:be:af:e7:db:e7:7d:69:
         d6:e1:15:22:ee:53:26:9d:05:a4:00:45:65:bd:f4:ee:7e:52:
         78:f3:9f:a3:0f:dd:d3:c7:0a:b0:43:3c:df:a7:19:a7:a9:ea:
         f7:fc:e6:63:4b:4d:bb:55:da:56:ef:f4:4a:c0:26:78:95:b6:
         01:03:6e:70:32:d8:f3:49:4e:1f:c1:7d:02:68:21:15:0c:cf:
         76:f5:a1:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgfdIIRe/tBELEOIvgqxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YmYyZmZlZGEzODFlNTQ4MThkZjA3MDUyY2Y2N2UyMjI1
MTVmODkwHhcNMjUwMTAxMTU0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzA2M2RiMTIzNDBmOTgyNTk0MTg2MWQ5ZTZhNTM5NjFjNmYwZjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7zkitVZC1JzGxScd6bLDG5e/L6Y
QWzVUTX93Kp3zDeV7uEJ+5ZeRCyS9uliMc2Fu0YXbnggdu4QzCy8sXknxKceCwLh
IXw6+ZQHAgHKDy8agjPxacGipsuqjtN0bYWhwPD8EdfypIPjdG5S6lYRsSy36OdX
hNBMYSS81Ql2A8ED6BqzVHrvmkcfsKebOOazCFAhJO2PkB7vR6WFIvAKGJPNgKcj
4KpZYsaOKH+sHwBJ+BS6AW2QpZW9hwE2OZjziUMBHBAAu/AB+0VxwsW7q5iPPyeb
d9r0hNRVrhG1LoCHc+kiqOPQg3TPKeSnXrMHnUjA1n8vML5QkESZkVgxkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwGPbEjQPmCWUGGHZ5qU5Ycbw9sMB8GA1UdIwQY
MBaAFEe/L/7aOB5UgY3wcFLPZ+IiUV+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjc4dl90bzRIbFNCamZCd1VzOW40aUpSWDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8yNDZkMDMtZTA5MC00MzI1LTgyZjEt
MGJkMDk1ZGE3OGVmLzEvTEFZOXNTTkEtWUpaUVlZZG5tcFRsaHh2RDJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8yNDZkMDMtZTA5MC00MzI1LTgyZjEtMGJkMDk1ZGE3OGVm
LzEvUjc4dl90bzRIbFNCamZCd1VzOW40aUpSWDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFvhMA0G
CSqGSIb3DQEBCwUAA4IBAQAAEyCvRRcAwbPNN5APZ4JG8urG7m/XFR1+JOY3JkbC
aTb68s8SQ6VroL39vVqj6vIgadrZnChnJVAu3ukKbZO5q9ohduLJcoIE87fFGNcK
vY6cWbe8ozZXGFJC5bt4L6nl/NFBhbBukSeI7da6Wo77RlY23vmZ7B6uQcBKiBjB
cyJgu4eXjS4RUSeusN9HTlq1kKA5B41Ku7kOXaU+NLmlHcZnR6ex/ygpbcrAR76v
59vnfWnW4RUi7lMmnQWkAEVlvfTuflJ485+jD93TxwqwQzzfpxmnqer3/OZjS027
VdpW7/RKwCZ4lbYBA25wMtjzSU4fwX0CaCEVDM929aGf
-----END CERTIFICATE-----