Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/g2Tr9uvyLm_vlwkGo6cp6yBSgPk.roa
File:                     g2Tr9uvyLm_vlwkGo6cp6yBSgPk.roa (raw, json)
Hash identifier:          FXX+7zvwl+jhFJ/RqVEU3TMW14QBwo/9W7IU9URXq7s=
Subject key identifier:   83:64:EB:F6:EB:F2:2E:6F:EF:97:09:06:A3:A7:29:EB:20:52:80:F9
Certificate issuer:       /CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
Certificate serial:       019427B553141B42B9038994AEE868A47EB6
Authority key identifier: 52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/g2Tr9uvyLm_vlwkGo6cp6yBSgPk.roa
Signing time:             Thu 02 Jan 2025 15:49:42 +0000
ROA not before:           Thu 02 Jan 2025 15:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        80.73.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:53:14:1b:42:b9:03:89:94:ae:e8:68:a4:7e:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
        Validity
            Not Before: Jan  2 15:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8364ebf6ebf22e6fef970906a3a729eb205280f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7b:05:96:16:44:f5:60:e9:02:4e:52:45:1f:
                    ca:fa:39:f9:75:ff:59:6d:12:79:39:bb:40:a0:f9:
                    c2:d3:d5:c5:6e:94:b6:7b:bd:f9:49:fc:f3:14:3e:
                    33:ce:b4:3d:f2:f6:bb:1e:e1:7e:cf:e9:80:a7:74:
                    92:11:0a:f1:71:7b:00:2b:11:e1:4d:03:76:c9:42:
                    9f:eb:24:c9:35:cb:2d:9f:12:dd:06:7f:54:d7:1d:
                    a4:4d:30:7c:e2:c2:53:96:ce:af:de:3a:db:43:65:
                    50:e9:28:32:17:3a:9a:d9:6b:96:2d:e7:d1:e9:bd:
                    18:cc:a5:1b:3d:d5:de:4b:62:cd:28:ac:dc:38:a1:
                    01:92:e6:e2:ef:a7:f2:a8:b8:a4:80:30:0f:dc:68:
                    80:5c:30:18:ab:89:6f:dd:4f:7d:6d:f2:60:cb:f9:
                    de:b2:cd:97:dd:f3:10:4e:41:c7:d9:fe:e8:7f:02:
                    c4:4d:01:1b:84:df:b7:d6:8b:83:8a:71:3a:ab:14:
                    12:71:c6:73:e0:ff:bf:69:e9:29:54:f8:69:2b:6c:
                    30:f9:96:8c:87:22:0f:aa:8a:ec:ce:3c:89:f7:ee:
                    cd:09:f9:a9:e0:f0:9d:35:e5:7f:b3:c2:e4:88:11:
                    64:5e:ba:d3:22:51:b1:8a:6b:dc:d0:b9:f4:0e:91:
                    51:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:64:EB:F6:EB:F2:2E:6F:EF:97:09:06:A3:A7:29:EB:20:52:80:F9
            X509v3 Authority Key Identifier:
                keyid:52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/g2Tr9uvyLm_vlwkGo6cp6yBSgPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.73.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:9c:c1:a7:04:95:ca:0a:c2:3f:45:2c:d8:c4:06:42:33:57:
         cd:12:49:de:78:04:ed:3d:4c:a9:1b:7e:58:53:19:0c:43:1f:
         3f:84:2d:d0:34:ec:86:a7:6e:51:84:29:8f:39:42:30:54:31:
         d0:c4:16:c6:b3:a0:1a:bb:a0:8f:03:8a:60:d5:58:54:fc:76:
         b8:46:56:e1:ea:7e:d3:de:32:c1:8b:96:d8:39:6d:d4:f1:3f:
         0f:d3:5a:18:74:9c:57:bf:48:e2:08:3f:79:31:02:9a:8b:12:
         fc:ba:12:11:46:10:f5:5c:10:86:10:ad:af:ae:5d:e1:6e:c4:
         4b:26:f1:4e:f9:fc:b4:0f:c0:60:d7:6f:0b:a0:3a:9b:e4:4c:
         e0:ba:98:dc:79:50:31:c5:6e:16:ee:f1:7f:f0:d9:55:f9:d7:
         eb:5b:b8:18:2e:88:dc:f2:2b:44:2e:81:aa:b7:df:34:f5:2d:
         ae:07:ad:ad:da:d0:33:a4:35:48:4d:fb:c6:9f:ab:06:d0:28:
         c9:91:30:4f:5a:6b:d2:6a:13:75:b6:13:5b:96:d5:4c:a2:59:
         40:08:ad:88:f6:26:2a:f0:13:eb:09:27:ee:16:20:50:70:6a:
         0a:c9:2c:2e:f1:eb:ce:d7:67:b5:fe:76:63:8f:79:6e:e0:ad:
         dd:bd:32:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntVMUG0K5A4mUruhopH62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTVjOTBjYTkyODMxM2JjNzBkMjY4M2JiMGY2NGQ2MzJi
MjczYTEwHhcNMjUwMTAyMTU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzY0ZWJmNmViZjIyZTZmZWY5NzA5MDZhM2E3MjllYjIwNTI4MGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHsFlhZE9WDpAk5SRR/K+jn5df9Z
bRJ5ObtAoPnC09XFbpS2e735SfzzFD4zzrQ98va7HuF+z+mAp3SSEQrxcXsAKxHh
TQN2yUKf6yTJNcstnxLdBn9U1x2kTTB84sJTls6v3jrbQ2VQ6SgyFzqa2WuWLefR
6b0YzKUbPdXeS2LNKKzcOKEBkubi76fyqLikgDAP3GiAXDAYq4lv3U99bfJgy/ne
ss2X3fMQTkHH2f7ofwLETQEbhN+31ouDinE6qxQSccZz4P+/aekpVPhpK2ww+ZaM
hyIPqorszjyJ9+7NCfmp4PCdNeV/s8LkiBFkXrrTIlGximvc0Ln0DpFRoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINk6/br8i5v75cJBqOnKesgUoD5MB8GA1UdIwQY
MBaAFFKlyQypKDE7xw0mg7sPZNYysnOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUt
MTNlZDYzM2Y5MjJhLzEvZzJUcjl1dnlMbV92bHdrR282Y3A2eUJTZ1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUtMTNlZDYzM2Y5MjJh
LzEvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEltMA0G
CSqGSIb3DQEBCwUAA4IBAQBsnMGnBJXKCsI/RSzYxAZCM1fNEkneeATtPUypG35Y
UxkMQx8/hC3QNOyGp25RhCmPOUIwVDHQxBbGs6Aau6CPA4pg1VhU/Ha4Rlbh6n7T
3jLBi5bYOW3U8T8P01oYdJxXv0jiCD95MQKaixL8uhIRRhD1XBCGEK2vrl3hbsRL
JvFO+fy0D8Bg128LoDqb5EzgupjceVAxxW4W7vF/8NlV+dfrW7gYLojc8itELoGq
t9809S2uB62t2tAzpDVITfvGn6sG0CjJkTBPWmvSahN1thNbltVMollACK2I9iYq
8BPrCSfuFiBQcGoKySwu8evO12e1/nZjj3lu4K3dvTKv
-----END CERTIFICATE-----