Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/AIXAkzQ6j1H4vDys92DgTtbZMfU.roa
File:                     AIXAkzQ6j1H4vDys92DgTtbZMfU.roa (raw, json)
Hash identifier:          L70XBA2ZYZMbs8rrHlsDFi4oq4yazeU/qamDAKsCZpk=
Subject key identifier:   00:85:C0:93:34:3A:8F:51:F8:BC:3C:AC:F7:60:E0:4E:D6:D9:31:F5
Certificate issuer:       /CN=ebfabfa628063f6b8e9888566f5f3fcfa798c621
Certificate serial:       0194228D44D990EE2B5D31F4AEB63204F590
Authority key identifier: EB:FA:BF:A6:28:06:3F:6B:8E:98:88:56:6F:5F:3F:CF:A7:98:C6:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_q_pigGP2uOmIhWb18_z6eYxiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/AIXAkzQ6j1H4vDys92DgTtbZMfU.roa
Signing time:             Wed 01 Jan 2025 15:47:51 +0000
ROA not before:           Wed 01 Jan 2025 15:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43905
IP address blocks:        80.79.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/6_q_pigGP2uOmIhWb18_z6eYxiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/6_q_pigGP2uOmIhWb18_z6eYxiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_q_pigGP2uOmIhWb18_z6eYxiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:44:d9:90:ee:2b:5d:31:f4:ae:b6:32:04:f5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebfabfa628063f6b8e9888566f5f3fcfa798c621
        Validity
            Not Before: Jan  1 15:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0085c093343a8f51f8bc3cacf760e04ed6d931f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f6:78:ed:a4:62:3b:1d:c3:9d:5d:f7:1c:8b:
                    92:fd:c9:19:96:16:0e:50:53:a2:cd:37:26:c4:8e:
                    1b:42:e4:15:f6:9b:25:de:c3:b2:dd:34:23:68:de:
                    93:b6:56:af:1e:04:79:5d:80:26:09:28:f2:f0:df:
                    53:35:cb:a0:19:7c:ef:05:e4:2b:6f:3f:d3:d0:19:
                    0c:8c:64:c1:7e:e5:f6:a1:4f:fc:17:ae:21:c6:dc:
                    2b:8e:b4:a3:76:72:77:ed:59:6c:03:f3:d7:05:78:
                    16:b5:ca:4b:e0:bc:d0:ec:31:b0:83:03:8e:84:14:
                    34:a6:4e:3e:a2:83:ff:60:97:32:a9:21:db:45:10:
                    0a:72:76:e7:e9:63:20:02:4d:5a:fd:59:80:b7:5e:
                    ca:da:db:e0:73:7a:7a:5c:8a:8b:f9:df:4d:b8:c8:
                    89:8b:7b:ed:c3:f9:39:8e:84:b1:d5:f8:f6:32:d0:
                    41:42:fc:cb:4b:4e:32:c5:9c:a2:8b:07:52:bb:5a:
                    c6:2a:37:4b:e9:db:98:59:da:55:78:d9:24:ed:95:
                    0c:95:0d:5a:51:0d:d6:6d:8f:78:a1:47:f8:da:d1:
                    75:e1:03:2b:b7:f1:96:0b:8a:79:dc:9e:d8:58:62:
                    a5:db:3b:ab:86:f7:34:8d:dd:35:3a:9c:8d:09:be:
                    ee:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:85:C0:93:34:3A:8F:51:F8:BC:3C:AC:F7:60:E0:4E:D6:D9:31:F5
            X509v3 Authority Key Identifier:
                keyid:EB:FA:BF:A6:28:06:3F:6B:8E:98:88:56:6F:5F:3F:CF:A7:98:C6:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_q_pigGP2uOmIhWb18_z6eYxiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/AIXAkzQ6j1H4vDys92DgTtbZMfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/6_q_pigGP2uOmIhWb18_z6eYxiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.79.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:17:08:1a:eb:a9:cd:ec:ec:99:e6:5b:68:b8:d7:e4:d2:aa:
         bb:80:88:74:cc:a0:31:b1:ba:24:af:d8:e1:1c:e8:6c:66:4c:
         95:aa:82:e6:fb:a1:6e:99:9c:f8:e3:cd:61:1f:e4:1b:fd:04:
         f5:56:49:2a:a6:35:39:1a:83:b9:a0:e6:5e:91:c4:06:bd:61:
         d2:6f:dc:75:db:f4:3d:0b:78:2b:6e:53:c0:a4:e5:d7:2c:ff:
         85:18:1f:06:ce:7a:87:50:e2:bd:b2:45:fe:b6:89:41:5f:28:
         16:b4:78:1c:7d:27:a2:f2:f4:be:93:a7:97:93:75:91:f9:15:
         f7:2e:82:fd:84:97:77:74:50:69:98:52:00:e2:eb:70:78:b3:
         a2:e6:ca:4c:83:be:ad:1e:b5:3c:db:41:21:18:a2:30:87:e7:
         49:d9:c5:d7:c7:f1:35:e7:69:ca:e8:fe:c6:ac:87:36:3e:c8:
         98:e3:97:1a:73:bd:8f:2b:8b:e6:2c:ce:42:d0:11:66:2c:05:
         a5:1f:74:76:ae:4a:28:80:0f:a9:73:ed:9c:e4:fc:7f:08:a7:
         90:2d:99:aa:a8:6b:70:d1:14:ad:79:3e:59:9f:cb:c5:bc:cc:
         d8:9e:82:37:17:37:1b:cf:80:e4:4d:9d:f5:90:bf:a9:bf:dd:
         d0:94:d9:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijUTZkO4rXTH0rrYyBPWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZmFiZmE2MjgwNjNmNmI4ZTk4ODg1NjZmNWYzZmNmYTc5
OGM2MjEwHhcNMjUwMTAxMTU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDg1YzA5MzM0M2E4ZjUxZjhiYzNjYWNmNzYwZTA0ZWQ2ZDkzMWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfZ47aRiOx3DnV33HIuS/ckZlhYO
UFOizTcmxI4bQuQV9psl3sOy3TQjaN6TtlavHgR5XYAmCSjy8N9TNcugGXzvBeQr
bz/T0BkMjGTBfuX2oU/8F64hxtwrjrSjdnJ37VlsA/PXBXgWtcpL4LzQ7DGwgwOO
hBQ0pk4+ooP/YJcyqSHbRRAKcnbn6WMgAk1a/VmAt17K2tvgc3p6XIqL+d9NuMiJ
i3vtw/k5joSx1fj2MtBBQvzLS04yxZyiiwdSu1rGKjdL6duYWdpVeNkk7ZUMlQ1a
UQ3WbY94oUf42tF14QMrt/GWC4p53J7YWGKl2zurhvc0jd01OpyNCb7uGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACFwJM0Oo9R+Lw8rPdg4E7W2TH1MB8GA1UdIwQY
MBaAFOv6v6YoBj9rjpiIVm9fP8+nmMYhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9xX3BpZ0dQMnVPbUloV2IxOF96NmVZeGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9hM2EzMTEtMzc4NC00ODE4LWFiZjkt
ZTVmZDZlOTg0MmFiLzEvQUlYQWt6UTZqMUg0dkR5czkyRGdUdGJaTWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9hM2EzMTEtMzc4NC00ODE4LWFiZjktZTVmZDZlOTg0MmFi
LzEvNl9xX3BpZ0dQMnVPbUloV2IxOF96NmVZeGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE+ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCFFwga66nN7OyZ5ltouNfk0qq7gIh0zKAxsbokr9jh
HOhsZkyVqoLm+6FumZz4481hH+Qb/QT1VkkqpjU5GoO5oOZekcQGvWHSb9x12/Q9
C3grblPApOXXLP+FGB8GznqHUOK9skX+tolBXygWtHgcfSei8vS+k6eXk3WR+RX3
LoL9hJd3dFBpmFIA4utweLOi5spMg76tHrU820EhGKIwh+dJ2cXXx/E152nK6P7G
rIc2PsiY45cac72PK4vmLM5C0BFmLAWlH3R2rkoogA+pc+2c5Px/CKeQLZmqqGtw
0RSteT5Zn8vFvMzYnoI3Fzcbz4DkTZ31kL+pv93QlNlh
-----END CERTIFICATE-----