Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/2d7609-2142-4a03-b11e-1148fde7aef7/1/M6m4mzr7mt-7zZhpWwgzFwkcciw.roa
File:                     M6m4mzr7mt-7zZhpWwgzFwkcciw.roa (raw, json)
Hash identifier:          zA20CPBynHIs6aIQLdBsx0EMxs35D3OBLAuUTFtNgXI=
Subject key identifier:   33:A9:B8:9B:3A:FB:9A:DF:BB:CD:98:69:5B:08:33:17:09:1C:72:2C
Certificate issuer:       /CN=a0a6d6b087461fdec6a5b9d52d29832d8f299c87
Certificate serial:       018CC493936018102EB3B9A0122C9CA412C5
Authority key identifier: A0:A6:D6:B0:87:46:1F:DE:C6:A5:B9:D5:2D:29:83:2D:8F:29:9C:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oKbWsIdGH97GpbnVLSmDLY8pnIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/2d7609-2142-4a03-b11e-1148fde7aef7/1/M6m4mzr7mt-7zZhpWwgzFwkcciw.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25569
IP address blocks:        80.82.0.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/2d7609-2142-4a03-b11e-1148fde7aef7/1/oKbWsIdGH97GpbnVLSmDLY8pnIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/2d7609-2142-4a03-b11e-1148fde7aef7/1/oKbWsIdGH97GpbnVLSmDLY8pnIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oKbWsIdGH97GpbnVLSmDLY8pnIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:93:60:18:10:2e:b3:b9:a0:12:2c:9c:a4:12:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0a6d6b087461fdec6a5b9d52d29832d8f299c87
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33a9b89b3afb9adfbbcd98695b083317091c722c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f6:aa:7a:9f:c0:9e:99:d2:a1:24:c5:13:fa:
                    e7:09:cc:35:e8:e8:2b:29:ae:66:54:86:ca:31:43:
                    30:aa:3b:41:f1:6f:07:58:32:c3:e7:a4:2d:76:c9:
                    65:e7:4e:5a:32:01:52:a3:ee:d9:e0:be:ca:c9:45:
                    65:ad:ed:a6:f0:1f:e9:75:b9:83:a6:53:89:0b:c0:
                    c4:90:c5:dd:f2:5d:9b:9f:1d:3d:fc:ca:67:e6:b4:
                    3a:b2:be:09:68:a4:53:95:ed:73:8d:67:d4:57:04:
                    9a:27:a0:a1:0e:f0:89:eb:8f:06:49:b0:a2:3c:05:
                    95:5d:6b:2b:04:fb:ea:ed:0c:17:15:9d:bd:de:a6:
                    3a:5d:1d:00:c6:41:28:01:1f:4e:74:8a:32:21:52:
                    aa:2a:47:11:eb:1a:7d:fd:00:83:f2:16:4e:6e:3b:
                    51:b3:aa:bf:2c:70:ec:3a:a7:49:c1:73:d7:11:16:
                    06:5f:18:ab:87:bb:33:2c:51:d3:0d:05:f4:7d:54:
                    3d:71:7f:4c:ee:fa:64:34:00:a4:65:cf:14:8b:c3:
                    30:ec:ff:bb:d3:d3:e7:42:9f:2c:d3:23:c8:48:d0:
                    f7:77:5c:10:dc:e1:c5:df:30:e2:f9:32:84:a4:c4:
                    f3:bc:29:06:41:73:fc:85:66:8d:fd:92:ed:5a:d8:
                    3b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A9:B8:9B:3A:FB:9A:DF:BB:CD:98:69:5B:08:33:17:09:1C:72:2C
            X509v3 Authority Key Identifier:
                keyid:A0:A6:D6:B0:87:46:1F:DE:C6:A5:B9:D5:2D:29:83:2D:8F:29:9C:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKbWsIdGH97GpbnVLSmDLY8pnIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/2d7609-2142-4a03-b11e-1148fde7aef7/1/M6m4mzr7mt-7zZhpWwgzFwkcciw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/2d7609-2142-4a03-b11e-1148fde7aef7/1/oKbWsIdGH97GpbnVLSmDLY8pnIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.82.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         48:5c:8c:b8:0b:0f:47:b4:c7:e7:c4:6d:ef:38:cd:db:70:a3:
         ac:13:18:a2:8b:ef:5f:7d:96:9d:d9:ba:d3:f5:8e:ca:ce:c6:
         8c:1f:6d:0d:a4:89:9b:46:16:7c:98:9e:42:6e:57:7e:90:b1:
         ee:66:b0:4b:31:9d:25:64:72:07:70:74:e4:e5:2e:fe:50:1a:
         94:d6:7b:12:49:1a:92:6e:3e:c8:90:15:fa:54:94:82:c8:5a:
         7c:7a:d9:6f:ea:03:bc:ac:a3:83:8b:ee:f9:bd:fe:9a:f6:52:
         9f:34:79:67:b1:82:71:cb:26:69:a6:83:f7:6d:b0:ef:ff:24:
         26:ab:a0:19:6d:15:0c:60:48:1c:1f:d8:e8:f7:a1:3b:8e:69:
         7e:b2:80:7d:89:e4:17:0c:43:38:b5:42:49:f8:76:c6:f5:b5:
         f3:2b:5f:05:d0:d5:a9:fd:5d:3b:bd:4d:47:b7:4a:11:0d:f8:
         4f:75:4b:72:7d:8f:70:b1:1a:aa:d8:71:b3:a9:5c:d2:eb:3e:
         f0:cd:b8:ad:64:25:65:e8:4d:dc:87:cd:e1:36:d6:35:8e:9c:
         3b:cf:e8:40:19:f4:52:d3:4f:f9:d9:a9:82:05:48:7d:7f:54:
         a8:29:2d:3e:fa:a1:42:6e:ed:08:d6:71:7c:d1:41:88:5c:aa:
         f9:46:7d:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5NgGBAus7mgEiycpBLFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYTZkNmIwODc0NjFmZGVjNmE1YjlkNTJkMjk4MzJkOGYy
OTljODcwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2E5Yjg5YjNhZmI5YWRmYmJjZDk4Njk1YjA4MzMxNzA5MWM3MjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/aqep/AnpnSoSTFE/rnCcw16Ogr
Ka5mVIbKMUMwqjtB8W8HWDLD56Qtdsll505aMgFSo+7Z4L7KyUVlre2m8B/pdbmD
plOJC8DEkMXd8l2bnx09/Mpn5rQ6sr4JaKRTle1zjWfUVwSaJ6ChDvCJ648GSbCi
PAWVXWsrBPvq7QwXFZ293qY6XR0AxkEoAR9OdIoyIVKqKkcR6xp9/QCD8hZObjtR
s6q/LHDsOqdJwXPXERYGXxirh7szLFHTDQX0fVQ9cX9M7vpkNACkZc8Ui8Mw7P+7
09PnQp8s0yPISND3d1wQ3OHF3zDi+TKEpMTzvCkGQXP8hWaN/ZLtWtg7HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOpuJs6+5rfu82YaVsIMxcJHHIsMB8GA1UdIwQY
MBaAFKCm1rCHRh/exqW51S0pgy2PKZyHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0tiV3NJZEdIOTdHcGJuVkxTbURMWThwbkljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8yZDc2MDktMjE0Mi00YTAzLWIxMWUt
MTE0OGZkZTdhZWY3LzEvTTZtNG16cjdtdC03elpocFd3Z3pGd2tjY2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8yZDc2MDktMjE0Mi00YTAzLWIxMWUtMTE0OGZkZTdhZWY3
LzEvb0tiV3NJZEdIOTdHcGJuVkxTbURMWThwbkljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUFIAMA0G
CSqGSIb3DQEBCwUAA4IBAQBIXIy4Cw9HtMfnxG3vOM3bcKOsExiii+9ffZad2brT
9Y7KzsaMH20NpImbRhZ8mJ5Cbld+kLHuZrBLMZ0lZHIHcHTk5S7+UBqU1nsSSRqS
bj7IkBX6VJSCyFp8etlv6gO8rKODi+75vf6a9lKfNHlnsYJxyyZppoP3bbDv/yQm
q6AZbRUMYEgcH9jo96E7jml+soB9ieQXDEM4tUJJ+HbG9bXzK18F0NWp/V07vU1H
t0oRDfhPdUtyfY9wsRqq2HGzqVzS6z7wzbitZCVl6E3ch83hNtY1jpw7z+hAGfRS
00/52amCBUh9f1SoKS0++qFCbu0I1nF80UGIXKr5Rn0z
-----END CERTIFICATE-----