Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/6zaJe_Hpfic0FK6rRPoQE-aG_Co.roa
File:                     6zaJe_Hpfic0FK6rRPoQE-aG_Co.roa (raw, json)
Hash identifier:          mj5T5JvWc0E64GqkFF2vzJAe4I2XKOmu0VYD+WnK+gc=
Subject key identifier:   EB:36:89:7B:F1:E9:7E:27:34:14:AE:AB:44:FA:10:13:E6:86:FC:2A
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       018CC6B79853F2D62C86C1FF13A345C5B0B1
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/6zaJe_Hpfic0FK6rRPoQE-aG_Co.roa
Signing time:             Mon 01 Jan 2024 20:29:30 +0000
ROA not before:           Mon 01 Jan 2024 20:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50045
IP address blocks:        80.77.160.0/24 maxlen: 24
                          2a02:2518:e000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:98:53:f2:d6:2c:86:c1:ff:13:a3:45:c5:b0:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 20:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb36897bf1e97e273414aeab44fa1013e686fc2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:8c:ad:5f:44:0f:69:77:00:43:1c:0f:46:3f:
                    26:df:3d:a9:88:03:61:31:a4:f0:d9:33:a3:57:01:
                    98:05:66:d6:ba:92:be:c6:6b:ab:29:8f:dd:c2:04:
                    2c:ff:98:75:55:81:9c:fd:9d:d7:42:f0:0b:6c:7a:
                    25:3c:e0:04:9b:c9:29:7c:80:dc:fd:59:4d:37:71:
                    7c:1e:40:bf:6f:a7:d3:d2:b1:61:23:57:86:03:93:
                    47:38:39:39:e0:dc:28:3c:ca:0f:7f:b3:2e:ec:e1:
                    4a:7e:d2:ad:bf:b9:b9:8b:1e:8d:3a:4e:ff:a7:a5:
                    dd:76:0d:88:c9:93:d6:9f:46:ae:35:15:2c:c0:19:
                    10:8c:25:ff:d1:e2:e0:04:31:0b:0c:ac:c4:ff:90:
                    e2:32:fa:01:04:19:fd:bb:7c:c6:18:8a:00:25:f5:
                    21:c0:9f:03:f8:a4:00:ad:b8:56:6f:28:a6:b3:6d:
                    2f:fe:18:04:0f:c7:20:df:da:d8:c1:88:43:8a:1f:
                    eb:11:c0:67:ba:90:2f:53:bc:e3:7e:f0:f9:f2:c3:
                    9e:fc:20:68:c1:d3:cc:83:75:a6:ef:ba:b0:ce:4e:
                    c4:f8:f0:67:26:64:05:23:43:c2:54:ff:e1:41:66:
                    d1:36:54:a2:66:fe:98:4b:54:71:60:06:f8:ba:1a:
                    77:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:36:89:7B:F1:E9:7E:27:34:14:AE:AB:44:FA:10:13:E6:86:FC:2A
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/6zaJe_Hpfic0FK6rRPoQE-aG_Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.160.0/24
                IPv6:
                  2a02:2518:e000::/36

    Signature Algorithm: sha256WithRSAEncryption
         29:ac:03:cc:6d:21:bb:fb:a5:2c:a8:ad:e3:79:98:4a:5d:4d:
         3a:7c:41:d2:89:a5:59:7a:04:3d:c9:44:96:5c:25:09:c6:ef:
         cb:d9:ad:ae:5d:35:19:b4:f1:27:46:24:26:bd:31:50:9c:d0:
         a7:a5:79:c9:a6:ce:f8:2c:93:a6:77:ef:d1:08:4b:ad:18:92:
         4e:df:1b:93:d5:b1:6f:d3:02:fb:ff:8f:0d:45:6f:9e:d3:33:
         a1:66:0f:b8:05:93:aa:1f:3e:59:9d:bc:52:9f:16:bb:7f:e9:
         de:54:37:a8:f3:ca:46:4a:4f:7e:f5:57:b1:b7:03:77:49:0c:
         ed:52:3b:77:9d:ec:cd:5a:95:43:71:0e:e8:00:2a:60:10:d9:
         2a:04:32:4b:23:9e:83:9a:d9:ad:1c:f8:e7:dd:93:f2:95:1c:
         8e:05:98:8f:47:99:04:14:90:90:d7:87:7a:67:ee:ff:2c:4b:
         a1:9b:98:15:88:2f:d0:b9:29:48:c9:74:99:05:79:31:6a:a3:
         60:7b:b5:1a:be:94:7e:60:3f:30:cc:e5:81:61:42:09:d6:0c:
         0a:59:ed:5f:05:4f:20:9a:32:a5:e8:f1:29:04:d5:3f:f4:80:
         3e:07:e7:d7:b3:cb:0d:9c:9e:29:f3:e7:9e:3f:ab:c7:8e:7c:
         45:a4:9f:33
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzGt5hT8tYshsH/E6NFxbCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjQwMTAxMjAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjM2ODk3YmYxZTk3ZTI3MzQxNGFlYWI0NGZhMTAxM2U2ODZmYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIytX0QPaXcAQxwPRj8m3z2piANh
MaTw2TOjVwGYBWbWupK+xmurKY/dwgQs/5h1VYGc/Z3XQvALbHolPOAEm8kpfIDc
/VlNN3F8HkC/b6fT0rFhI1eGA5NHODk54NwoPMoPf7Mu7OFKftKtv7m5ix6NOk7/
p6Xddg2IyZPWn0auNRUswBkQjCX/0eLgBDELDKzE/5DiMvoBBBn9u3zGGIoAJfUh
wJ8D+KQArbhWbyims20v/hgED8cg39rYwYhDih/rEcBnupAvU7zjfvD58sOe/CBo
wdPMg3Wm77qwzk7E+PBnJmQFI0PCVP/hQWbRNlSiZv6YS1RxYAb4uhp3HQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFOs2iXvx6X4nNBSuq0T6EBPmhvwqMB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEvNnphSmVfSHBmaWMwRks2clJQb1FFLWFHX0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAUE2gMA4E
AgACMAgDBgQqAiUY4DANBgkqhkiG9w0BAQsFAAOCAQEAKawDzG0hu/ulLKit43mY
Sl1NOnxB0omlWXoEPclEllwlCcbvy9mtrl01GbTxJ0YkJr0xUJzQp6V5yabO+CyT
pnfv0QhLrRiSTt8bk9Wxb9MC+/+PDUVvntMzoWYPuAWTqh8+WZ28Up8Wu3/p3lQ3
qPPKRkpPfvVXsbcDd0kM7VI7d53szVqVQ3EO6AAqYBDZKgQySyOeg5rZrRz4592T
8pUcjgWYj0eZBBSQkNeHemfu/yxLoZuYFYgv0LkpSMl0mQV5MWqjYHu1Gr6UfmA/
MMzlgWFCCdYMClntXwVPIJoypejxKQTVP/SAPgfn17PLDZyeKfPnnj+rx458RaSf
Mw==
-----END CERTIFICATE-----