Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QcArWdy5l7Q1OkfxgfXL01QDyG8.roa
File:                     QcArWdy5l7Q1OkfxgfXL01QDyG8.roa (raw, json)
Hash identifier:          XrQSNx4dkV3UcZ0fI39DrX4EDDCOXGiqfX06y2PodtM=
Subject key identifier:   41:C0:2B:59:DC:B9:97:B4:35:3A:47:F1:81:F5:CB:D3:54:03:C8:6F
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369D1D74D65D4108CB174DAE105AD67
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QcArWdy5l7Q1OkfxgfXL01QDyG8.roa
Signing time:             Wed 01 Jan 2025 19:48:45 +0000
ROA not before:           Wed 01 Jan 2025 19:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59425
IP address blocks:        80.64.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d1:d7:4d:65:d4:10:8c:b1:74:da:e1:05:ad:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41c02b59dcb997b4353a47f181f5cbd35403c86f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:5a:34:a1:a2:9b:d3:a8:71:3c:6d:e5:0b:1e:
                    7b:5d:3c:14:c0:16:e7:ae:2e:0e:7b:6a:3f:45:bb:
                    8c:9c:6b:ad:e3:13:ab:36:8e:a0:07:87:c9:de:1e:
                    f9:14:20:db:06:ad:68:53:f4:54:74:fd:f0:e9:84:
                    64:f2:ed:28:df:76:7d:8a:92:7f:66:e3:88:ba:94:
                    cf:42:da:a6:a7:b8:8c:3f:b1:fc:5e:c3:e9:54:66:
                    ba:db:45:47:db:9c:32:38:16:ba:09:6f:e8:17:0e:
                    1c:d3:52:fd:09:28:cd:7b:31:90:f3:75:b2:7b:eb:
                    cc:55:2e:55:59:e4:6a:27:b5:f8:3f:4e:34:70:33:
                    8f:f5:a9:eb:bd:06:31:07:1a:44:c8:0d:8f:d3:fc:
                    88:aa:7f:28:0b:b5:f4:2d:7c:b2:68:2a:9d:7c:e5:
                    3a:a5:bd:81:76:fd:3c:ab:13:83:c0:8d:13:fe:a5:
                    9a:10:2a:f0:3e:75:a0:0a:26:02:8a:51:b9:b9:b6:
                    bc:96:82:93:2f:a3:c6:1d:3b:d0:36:87:ad:84:3a:
                    47:ed:ef:9c:68:7e:c5:75:9f:e7:06:ff:4b:43:28:
                    ca:da:cd:92:65:a4:c8:a3:6b:ed:7d:0a:51:a2:ec:
                    6d:1d:89:8d:9b:74:a9:ec:db:3f:71:de:05:4a:c7:
                    3a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:C0:2B:59:DC:B9:97:B4:35:3A:47:F1:81:F5:CB:D3:54:03:C8:6F
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/QcArWdy5l7Q1OkfxgfXL01QDyG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:73:8c:95:f0:97:0e:11:04:ad:3f:c8:ec:46:b2:3a:66:0e:
         54:04:04:9d:75:5e:e6:a0:4a:99:07:b5:2d:df:f8:f9:df:ee:
         08:a9:77:a2:eb:5e:d2:73:70:dd:58:32:ca:32:d1:f2:8e:f3:
         8b:83:8f:da:83:9a:17:35:b6:6f:95:9c:c5:7d:3e:71:7b:49:
         bc:d6:88:be:97:4f:28:fc:a4:7d:19:b3:90:78:45:11:19:74:
         a2:9a:b1:43:ae:b1:1b:ea:3e:94:80:11:28:46:72:f8:56:58:
         7c:8a:4d:c3:9d:af:28:6e:03:63:42:9e:8c:d3:6c:e9:43:b0:
         03:8a:0d:bc:aa:eb:80:8a:df:7e:d9:f4:71:b3:6e:01:65:fb:
         f5:6f:e1:43:62:c6:84:a1:25:9a:ba:c5:fd:93:44:3e:b6:d9:
         e6:b5:d2:97:51:2a:91:46:be:bb:cd:1b:c2:04:7c:75:71:c9:
         d3:83:4d:31:b2:52:f4:71:21:f4:4c:8d:18:a0:d8:04:87:18:
         91:4d:1a:d6:f8:9e:00:f5:34:20:c5:3d:88:cd:6c:d7:c9:09:
         b0:1e:39:53:91:39:c4:62:44:67:78:fc:d7:0c:bf:a1:8f:b4:
         b2:7e:94:10:f2:15:58:95:6f:5d:a1:6d:d0:a9:4c:49:66:a8:
         f0:1b:a9:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjadHXTWXUEIyxdNrhBa1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWMwMmI1OWRjYjk5N2I0MzUzYTQ3ZjE4MWY1Y2JkMzU0MDNjODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Fo0oaKb06hxPG3lCx57XTwUwBbn
ri4Oe2o/RbuMnGut4xOrNo6gB4fJ3h75FCDbBq1oU/RUdP3w6YRk8u0o33Z9ipJ/
ZuOIupTPQtqmp7iMP7H8XsPpVGa620VH25wyOBa6CW/oFw4c01L9CSjNezGQ83Wy
e+vMVS5VWeRqJ7X4P040cDOP9anrvQYxBxpEyA2P0/yIqn8oC7X0LXyyaCqdfOU6
pb2Bdv08qxODwI0T/qWaECrwPnWgCiYCilG5uba8loKTL6PGHTvQNoethDpH7e+c
aH7FdZ/nBv9LQyjK2s2SZaTIo2vtfQpRouxtHYmNm3Sp7Ns/cd4FSsc6mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHAK1ncuZe0NTpH8YH1y9NUA8hvMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvUWNBcldkeTVsN1ExT2tmeGdmWEwwMVFEeUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEAeMA0G
CSqGSIb3DQEBCwUAA4IBAQAFc4yV8JcOEQStP8jsRrI6Zg5UBASddV7moEqZB7Ut
3/j53+4IqXei617Sc3DdWDLKMtHyjvOLg4/ag5oXNbZvlZzFfT5xe0m81oi+l08o
/KR9GbOQeEURGXSimrFDrrEb6j6UgBEoRnL4Vlh8ik3Dna8obgNjQp6M02zpQ7AD
ig28quuAit9+2fRxs24BZfv1b+FDYsaEoSWausX9k0Q+ttnmtdKXUSqRRr67zRvC
BHx1ccnTg00xslL0cSH0TI0YoNgEhxiRTRrW+J4A9TQgxT2IzWzXyQmwHjlTkTnE
YkRnePzXDL+hj7SyfpQQ8hVYlW9doW3QqUxJZqjwG6l6
-----END CERTIFICATE-----