Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/fvX9lVCmVkwxFN8HZnxPO7cbKOc.roa
File:                     fvX9lVCmVkwxFN8HZnxPO7cbKOc.roa (raw, json)
Hash identifier:          0YH2vuu49gx5SRz7HwNFAksVufD7yu4WlEj1/zzH+14=
Subject key identifier:   7E:F5:FD:95:50:A6:56:4C:31:14:DF:07:66:7C:4F:3B:B7:1B:28:E7
Certificate issuer:       /CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
Certificate serial:       019427B5528A36E0F2E18AB11A4E9471C4D5
Authority key identifier: 52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/fvX9lVCmVkwxFN8HZnxPO7cbKOc.roa
Signing time:             Thu 02 Jan 2025 15:49:42 +0000
ROA not before:           Thu 02 Jan 2025 15:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        80.73.120.0/21 maxlen: 24
                          80.88.76.0/22 maxlen: 24
                          185.76.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:52:8a:36:e0:f2:e1:8a:b1:1a:4e:94:71:c4:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
        Validity
            Not Before: Jan  2 15:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ef5fd9550a6564c3114df07667c4f3bb71b28e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f8:db:18:ed:52:72:0c:56:fb:e7:c9:87:40:
                    ca:22:90:e9:dc:d4:f2:53:29:cf:54:74:43:2b:9b:
                    b0:47:ec:d6:ed:d6:e8:d5:41:cd:3e:c9:ab:2c:cb:
                    97:10:e3:f9:f6:c4:34:bf:31:f1:48:2a:61:09:52:
                    b1:46:7b:b9:c6:6b:eb:78:f2:7d:6a:73:d5:35:9d:
                    db:16:52:5b:41:c4:2f:62:e0:c6:4f:8c:ae:32:20:
                    69:9d:e3:23:2b:68:06:39:13:f4:cb:6d:2f:a2:d6:
                    ee:4c:b9:82:b1:48:f7:aa:6f:05:bd:8c:54:9b:06:
                    8f:98:17:39:cb:67:a6:09:58:80:16:b5:fb:ee:99:
                    3d:9d:71:02:49:f8:e3:9b:31:92:cf:c1:8e:81:34:
                    f9:d6:22:a3:52:ca:70:49:d9:2b:65:57:ba:31:99:
                    67:87:40:6e:53:5b:4f:3f:b2:57:06:cd:67:fe:42:
                    87:ed:26:51:04:d7:4b:0b:e6:8d:1d:0f:da:31:e8:
                    ab:b8:de:32:52:46:55:f8:aa:a2:a5:a9:72:d8:19:
                    55:87:90:aa:3a:e9:b7:ea:54:f0:02:0f:7d:85:b3:
                    de:52:e1:f8:13:b5:4d:7a:b5:6b:8a:04:be:c3:01:
                    cb:a3:9e:10:a7:a4:ab:38:b4:82:7b:a0:9c:bd:52:
                    66:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:F5:FD:95:50:A6:56:4C:31:14:DF:07:66:7C:4F:3B:B7:1B:28:E7
            X509v3 Authority Key Identifier:
                keyid:52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/fvX9lVCmVkwxFN8HZnxPO7cbKOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.73.120.0/21
                  80.88.76.0/22
                  185.76.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:a8:e0:07:df:ac:bb:e8:8d:a7:69:60:e9:f1:dd:7a:85:b0:
         ae:41:ca:0b:42:10:4c:c7:8a:fe:45:10:5a:a0:90:a2:4c:74:
         a5:2a:a2:0a:c6:27:a4:24:12:a2:76:07:62:c5:08:65:0e:5f:
         b3:37:85:90:0c:b0:99:a6:bb:00:6f:c3:de:56:6d:52:3d:d9:
         ec:7e:d8:52:bb:32:11:8a:a7:53:bc:85:a8:7d:6b:c4:c2:fb:
         71:3b:4b:df:6d:3f:4e:bc:43:29:ae:16:45:cc:3f:28:fc:9f:
         6c:33:bf:36:05:6b:c1:8f:a9:fc:0c:29:43:34:42:04:2b:02:
         76:8b:a3:cd:66:a8:46:39:63:91:90:8e:f5:36:54:48:09:96:
         24:95:ad:7f:63:12:1a:f7:b3:5f:0a:9f:98:c6:d9:b5:72:27:
         78:a2:65:7a:55:92:ad:10:d7:d5:40:6a:52:0d:67:2e:2c:ae:
         de:67:b5:bc:a8:c6:e6:ab:76:65:39:bd:dd:b4:be:57:88:6e:
         3e:21:53:b8:56:eb:99:41:65:84:98:8a:da:64:54:82:4c:19:
         83:65:de:b9:0e:a8:f1:1b:40:d2:e4:12:68:47:97:25:d6:62:
         68:98:2d:dd:0b:93:89:91:76:5c:b4:f2:bd:30:3c:b7:2a:24:
         cd:27:7d:7a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntVKKNuDy4YqxGk6UccTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTVjOTBjYTkyODMxM2JjNzBkMjY4M2JiMGY2NGQ2MzJi
MjczYTEwHhcNMjUwMTAyMTU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWY1ZmQ5NTUwYTY1NjRjMzExNGRmMDc2NjdjNGYzYmI3MWIyOGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvjbGO1ScgxW++fJh0DKIpDp3NTy
UynPVHRDK5uwR+zW7dbo1UHNPsmrLMuXEOP59sQ0vzHxSCphCVKxRnu5xmvrePJ9
anPVNZ3bFlJbQcQvYuDGT4yuMiBpneMjK2gGORP0y20votbuTLmCsUj3qm8FvYxU
mwaPmBc5y2emCViAFrX77pk9nXECSfjjmzGSz8GOgTT51iKjUspwSdkrZVe6MZln
h0BuU1tPP7JXBs1n/kKH7SZRBNdLC+aNHQ/aMeiruN4yUkZV+Kqipaly2BlVh5Cq
Oum36lTwAg99hbPeUuH4E7VNerVrigS+wwHLo54Qp6SrOLSCe6CcvVJmdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH71/ZVQplZMMRTfB2Z8Tzu3GyjnMB8GA1UdIwQY
MBaAFFKlyQypKDE7xw0mg7sPZNYysnOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUt
MTNlZDYzM2Y5MjJhLzEvZnZYOWxWQ21Wa3d4Rk44SFpueFBPN2NiS09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUtMTNlZDYzM2Y5MjJh
LzEvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDUEl4AwQC
UFhMAwQCuUwoMA0GCSqGSIb3DQEBCwUAA4IBAQAaqOAH36y76I2naWDp8d16hbCu
QcoLQhBMx4r+RRBaoJCiTHSlKqIKxiekJBKidgdixQhlDl+zN4WQDLCZprsAb8Pe
Vm1SPdnsfthSuzIRiqdTvIWofWvEwvtxO0vfbT9OvEMprhZFzD8o/J9sM782BWvB
j6n8DClDNEIEKwJ2i6PNZqhGOWORkI71NlRICZYkla1/YxIa97NfCp+Yxtm1cid4
omV6VZKtENfVQGpSDWcuLK7eZ7W8qMbmq3ZlOb3dtL5XiG4+IVO4VuuZQWWEmIra
ZFSCTBmDZd65DqjxG0DS5BJoR5cl1mJomC3dC5OJkXZctPK9MDy3KiTNJ316
-----END CERTIFICATE-----