Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/vH8Vx2fiZM9TZKYzGR-dN8mcvAE.roa
File:                     vH8Vx2fiZM9TZKYzGR-dN8mcvAE.roa (raw, json)
Hash identifier:          x5UtWQ3vHr+Q5TRZNBaOyWHDjvarp7p3ABGr8OcPj8A=
Subject key identifier:   BC:7F:15:C7:67:E2:64:CF:53:64:A6:33:19:1F:9D:37:C9:9C:BC:01
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018DD01C3EFBC5DAA89ACFD30B79A24E1E3F
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/vH8Vx2fiZM9TZKYzGR-dN8mcvAE.roa
Signing time:             Thu 22 Feb 2024 09:18:48 +0000
ROA not before:           Thu 22 Feb 2024 09:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59425
IP address blocks:        80.64.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:1c:3e:fb:c5:da:a8:9a:cf:d3:0b:79:a2:4e:1e:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Feb 22 09:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc7f15c767e264cf5364a633191f9d37c99cbc01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:17:77:69:a5:92:66:1e:ac:a6:e4:92:bf:44:
                    71:fc:d3:0b:f8:fe:73:10:52:e6:fa:98:35:8c:f2:
                    9f:cc:5e:73:0b:1d:81:28:63:37:f7:43:d5:95:ec:
                    f5:d9:1f:dc:c4:95:70:69:5b:ba:46:78:84:22:d5:
                    3d:83:7a:4f:3a:1a:19:c2:c6:b8:8d:aa:d7:68:86:
                    0a:27:e8:45:cf:e3:22:dd:bc:95:50:ab:5d:8d:9f:
                    62:6d:8d:2f:34:ab:08:90:dc:7f:25:07:ec:4b:75:
                    03:8c:66:ea:ca:8a:7c:16:e4:ae:4b:bf:ec:40:d9:
                    c0:b3:fe:52:c0:2c:9e:1e:ba:f9:43:fd:d8:1a:1d:
                    25:93:6d:f1:85:e2:ec:f4:fb:95:99:9c:05:2d:cc:
                    d8:08:c4:1c:40:0a:cc:b1:da:70:76:bd:a2:60:65:
                    f9:eb:0a:9e:e1:b6:61:4e:08:44:bd:e7:ae:37:f4:
                    cb:44:74:d7:af:40:99:80:d6:c6:39:54:9f:28:fc:
                    06:f8:80:e3:70:1e:c1:16:3c:1b:9b:32:00:38:70:
                    22:d9:f8:15:4a:09:7b:b6:a2:41:f6:c5:26:5d:16:
                    c4:23:21:f2:52:05:c6:bf:c1:31:43:03:e1:d6:ef:
                    fb:87:4c:c4:10:f8:0b:76:14:df:6c:d3:d7:9c:ed:
                    d1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:7F:15:C7:67:E2:64:CF:53:64:A6:33:19:1F:9D:37:C9:9C:BC:01
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/vH8Vx2fiZM9TZKYzGR-dN8mcvAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:99:2c:43:fc:29:d3:ab:09:9e:97:e0:b9:44:37:6d:d8:80:
         13:e7:8a:cd:3c:7d:70:ee:82:52:45:7e:f8:00:41:07:ee:82:
         68:f3:44:10:f6:94:f3:2b:de:fd:a9:e0:47:65:96:f8:44:18:
         6a:1c:a8:e4:48:77:2f:40:a0:ed:36:e6:cd:93:a9:d1:7e:58:
         df:b7:7c:30:f3:41:07:01:bd:7c:4c:37:7d:49:7c:41:98:97:
         71:66:db:89:1d:ad:ab:a2:e6:a3:a5:42:2f:6a:22:e5:0f:8b:
         2a:48:af:01:1b:ea:6b:59:92:2a:28:84:58:70:bb:1c:48:8f:
         c4:eb:7b:1b:71:da:34:e3:00:12:23:29:cf:86:a6:82:76:d8:
         66:73:b8:d1:d6:6c:c1:c0:e2:fc:11:db:a4:ed:c8:fb:0e:8b:
         26:07:e2:48:e5:03:f6:6f:d2:a7:b9:da:b1:bf:7f:ea:63:ab:
         a2:30:89:f9:4f:ba:92:3f:3f:51:d2:9e:ce:ce:83:36:58:27:
         82:8b:0f:f1:d4:b9:5a:09:5d:1f:c6:4e:2e:ff:1f:b4:dd:99:
         26:5a:fc:52:fa:3b:16:13:7d:34:20:65:f8:ef:4e:f6:73:ec:
         a8:21:a0:0f:16:b3:49:6b:97:0b:18:c6:43:e4:31:d8:17:8a:
         1a:e6:ff:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3QHD77xdqoms/TC3miTh4/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMjIyMDkxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzdmMTVjNzY3ZTI2NGNmNTM2NGE2MzMxOTFmOWQzN2M5OWNiYzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRd3aaWSZh6spuSSv0Rx/NML+P5z
EFLm+pg1jPKfzF5zCx2BKGM390PVlez12R/cxJVwaVu6RniEItU9g3pPOhoZwsa4
jarXaIYKJ+hFz+Mi3byVUKtdjZ9ibY0vNKsIkNx/JQfsS3UDjGbqyop8FuSuS7/s
QNnAs/5SwCyeHrr5Q/3YGh0lk23xheLs9PuVmZwFLczYCMQcQArMsdpwdr2iYGX5
6wqe4bZhTghEveeuN/TLRHTXr0CZgNbGOVSfKPwG+IDjcB7BFjwbmzIAOHAi2fgV
Sgl7tqJB9sUmXRbEIyHyUgXGv8ExQwPh1u/7h0zEEPgLdhTfbNPXnO3RDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLx/Fcdn4mTPU2SmMxkfnTfJnLwBMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvdkg4VngyZmlaTTlUWktZekdSLWROOG1jdkFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEAeMA0G
CSqGSIb3DQEBCwUAA4IBAQAQmSxD/CnTqwmel+C5RDdt2IAT54rNPH1w7oJSRX74
AEEH7oJo80QQ9pTzK979qeBHZZb4RBhqHKjkSHcvQKDtNubNk6nRfljft3ww80EH
Ab18TDd9SXxBmJdxZtuJHa2rouajpUIvaiLlD4sqSK8BG+prWZIqKIRYcLscSI/E
63sbcdo04wASIynPhqaCdthmc7jR1mzBwOL8Eduk7cj7DosmB+JI5QP2b9Knudqx
v3/qY6uiMIn5T7qSPz9R0p7OzoM2WCeCiw/x1LlaCV0fxk4u/x+03ZkmWvxS+jsW
E300IGX47072c+yoIaAPFrNJa5cLGMZD5DHYF4oa5v8l
-----END CERTIFICATE-----