Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/1-1fD9INC6tdul0-Zxx4kw5UQaSA.roa
File:                     1-1fD9INC6tdul0-Zxx4kw5UQaSA.roa (raw, json)
Hash identifier:          xArWY+ZJbdFaL3BIojqGwzrX81Sbjb4pJCyT9h2MU5E=
Subject key identifier:   FB:57:C3:F4:83:42:EA:D7:6E:97:4F:99:C7:1E:24:C3:95:10:69:20
Certificate issuer:       /CN=767eb661936dc95da3ecc4ca3eaf581389c0d855
Certificate serial:       0194266BCC95900BB13012E2393E0FD4E515
Authority key identifier: 76:7E:B6:61:93:6D:C9:5D:A3:EC:C4:CA:3E:AF:58:13:89:C0:D8:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn62YZNtyV2j7MTKPq9YE4nA2FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/1-1fD9INC6tdul0-Zxx4kw5UQaSA.roa
Signing time:             Thu 02 Jan 2025 09:49:46 +0000
ROA not before:           Thu 02 Jan 2025 09:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        80.73.136.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/dn62YZNtyV2j7MTKPq9YE4nA2FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/dn62YZNtyV2j7MTKPq9YE4nA2FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn62YZNtyV2j7MTKPq9YE4nA2FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 18:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:cc:95:90:0b:b1:30:12:e2:39:3e:0f:d4:e5:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767eb661936dc95da3ecc4ca3eaf581389c0d855
        Validity
            Not Before: Jan  2 09:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb57c3f48342ead76e974f99c71e24c395106920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:78:ff:0d:a0:eb:39:e7:bb:6c:92:9f:6c:e3:
                    0c:44:b5:ad:9c:6e:15:78:c1:bd:1e:a2:59:09:da:
                    f3:ec:d9:e5:e7:cd:15:a6:a7:7d:d2:45:a9:6a:25:
                    41:a4:60:f0:4e:1a:aa:72:e4:f6:47:e8:51:b4:79:
                    1f:8c:a7:23:cb:ee:6a:b0:b1:a1:20:3b:7b:97:7e:
                    bf:9f:83:15:d6:34:d5:12:42:a8:7f:0a:9b:69:48:
                    de:f3:56:31:86:47:06:09:c6:e2:7c:b9:02:43:c7:
                    0e:35:7d:05:44:32:a9:da:62:46:74:f4:c1:71:69:
                    fa:b5:40:10:37:d6:42:be:cb:47:a2:92:16:7c:59:
                    5c:64:14:82:28:40:d1:3e:9e:90:d2:9f:c4:cb:4c:
                    8c:19:e7:7e:72:7d:1b:1a:41:4a:c4:8f:94:bf:4e:
                    c0:fe:bd:23:b2:71:b6:64:c2:7a:ab:0a:ec:4f:21:
                    77:3d:e5:ca:7f:4e:1f:ee:b3:d2:8f:d0:5f:c7:8f:
                    4b:95:94:41:a2:7c:37:9f:e9:70:db:93:e9:11:57:
                    7f:1f:de:27:b1:a7:b2:5d:14:29:ea:58:2f:c5:12:
                    cd:c3:86:d1:36:09:30:a7:5b:60:e3:e0:26:dc:f6:
                    8b:4a:fa:6b:cc:76:8f:4b:90:69:76:78:a0:5f:57:
                    75:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:57:C3:F4:83:42:EA:D7:6E:97:4F:99:C7:1E:24:C3:95:10:69:20
            X509v3 Authority Key Identifier:
                keyid:76:7E:B6:61:93:6D:C9:5D:A3:EC:C4:CA:3E:AF:58:13:89:C0:D8:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn62YZNtyV2j7MTKPq9YE4nA2FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/1-1fD9INC6tdul0-Zxx4kw5UQaSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/dn62YZNtyV2j7MTKPq9YE4nA2FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.73.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         46:eb:26:46:a4:7d:87:1a:8c:04:db:ff:d8:8a:9a:6b:5b:da:
         38:f4:a2:00:2f:01:86:85:28:4e:ff:fd:1d:eb:98:41:48:1d:
         76:f8:a0:bb:88:ab:7a:49:ba:d9:f5:88:97:e7:56:78:c2:64:
         12:d5:be:15:fd:5e:ac:09:f3:52:39:7a:bd:de:c8:6f:1d:de:
         40:76:a6:10:be:d1:65:95:8b:6c:40:f2:aa:62:51:10:9e:09:
         53:8b:b4:9a:88:5b:00:53:a7:fc:80:5a:fa:28:9e:d9:93:d6:
         b3:98:44:f4:b9:49:0b:7c:25:58:a1:b5:1a:98:51:29:7b:45:
         2b:22:48:f6:5a:27:c0:59:ad:b8:e9:ac:68:fe:bb:26:70:50:
         e8:29:b4:fd:f7:4b:23:8a:24:ab:80:56:70:5f:a0:22:b8:24:
         40:e6:30:fc:78:3d:50:ef:2a:76:bf:91:30:bc:e8:73:28:7a:
         44:08:06:e6:dd:fb:45:5c:86:e0:d8:30:9f:4a:32:31:1d:f2:
         0a:4f:47:90:0f:4a:ba:13:12:b7:da:04:c7:b9:e2:26:29:71:
         4a:1d:77:96:19:f0:4e:2a:90:7d:1b:33:23:17:00:b5:3c:05:
         e5:d4:f8:a9:47:ff:4d:cb:f7:b4:66:a0:59:13:a4:ed:13:e3:
         19:06:50:92
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQma8yVkAuxMBLiOT4P1OUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2ViNjYxOTM2ZGM5NWRhM2VjYzRjYTNlYWY1ODEzODlj
MGQ4NTUwHhcNMjUwMTAyMDk0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjU3YzNmNDgzNDJlYWQ3NmU5NzRmOTljNzFlMjRjMzk1MTA2OTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHj/DaDrOee7bJKfbOMMRLWtnG4V
eMG9HqJZCdrz7Nnl580Vpqd90kWpaiVBpGDwThqqcuT2R+hRtHkfjKcjy+5qsLGh
IDt7l36/n4MV1jTVEkKofwqbaUje81YxhkcGCcbifLkCQ8cONX0FRDKp2mJGdPTB
cWn6tUAQN9ZCvstHopIWfFlcZBSCKEDRPp6Q0p/Ey0yMGed+cn0bGkFKxI+Uv07A
/r0jsnG2ZMJ6qwrsTyF3PeXKf04f7rPSj9Bfx49LlZRBonw3n+lw25PpEVd/H94n
saeyXRQp6lgvxRLNw4bRNgkwp1tg4+Am3PaLSvprzHaPS5BpdnigX1d1ZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPtXw/SDQurXbpdPmcceJMOVEGkgMB8GA1UdIwQY
MBaAFHZ+tmGTbcldo+zEyj6vWBOJwNhVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG42MllaTnR5VjJqN01US1BxOVlFNG5BMkZVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yYTVhOWMtYmRmOS00ZWQwLWFkMzMt
ZjQ1NzU0NDM2M2VmLzEvMS0xZkQ5SU5DNnRkdWwwLVp4eDRrdzVVUWFTQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzAvMmE1YTljLWJkZjktNGVkMC1hZDMzLWY0NTc1NDQzNjNl
Zi8xL2RuNjJZWk50eVYyajdNVEtQcTlZRTRuQTJGVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1BJiDAN
BgkqhkiG9w0BAQsFAAOCAQEARusmRqR9hxqMBNv/2Iqaa1vaOPSiAC8BhoUoTv/9
HeuYQUgddvigu4irekm62fWIl+dWeMJkEtW+Ff1erAnzUjl6vd7Ibx3eQHamEL7R
ZZWLbEDyqmJREJ4JU4u0mohbAFOn/IBa+iie2ZPWs5hE9LlJC3wlWKG1GphRKXtF
KyJI9lonwFmtuOmsaP67JnBQ6Cm0/fdLI4okq4BWcF+gIrgkQOYw/Hg9UO8qdr+R
MLzocyh6RAgG5t37RVyG4Ngwn0oyMR3yCk9HkA9KuhMSt9oEx7niJilxSh13lhnw
TiqQfRszIxcAtTwF5dT4qUf/Tcv3tGagWROk7RPjGQZQkg==
-----END CERTIFICATE-----