Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/WX6sNrF92l686KdkTXPFkLfxe3U.roa
File:                     WX6sNrF92l686KdkTXPFkLfxe3U.roa (raw, json)
Hash identifier:          Abr+DHAKxIPDGR7zdXI5jJnVVIXCf9i5JeUWk/vC2vA=
Subject key identifier:   59:7E:AC:36:B1:7D:DA:5E:BC:E8:A7:64:4D:73:C5:90:B7:F1:7B:75
Certificate issuer:       /CN=535825ce8bf544170282f720a2484141568b0e7d
Certificate serial:       019425FC70DD1A1C7F61A02744C49A926497
Authority key identifier: 53:58:25:CE:8B:F5:44:17:02:82:F7:20:A2:48:41:41:56:8B:0E:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/WX6sNrF92l686KdkTXPFkLfxe3U.roa
Signing time:             Thu 02 Jan 2025 07:48:08 +0000
ROA not before:           Thu 02 Jan 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21177
IP address blocks:        80.84.80.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/U1glzov1RBcCgvcgokhBQVaLDn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/U1glzov1RBcCgvcgokhBQVaLDn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 07:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:70:dd:1a:1c:7f:61:a0:27:44:c4:9a:92:64:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=535825ce8bf544170282f720a2484141568b0e7d
        Validity
            Not Before: Jan  2 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=597eac36b17dda5ebce8a7644d73c590b7f17b75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a4:77:05:07:b9:d3:ea:52:80:b1:11:94:40:
                    38:45:ca:5d:a1:a4:ab:df:d8:00:25:16:99:7c:d4:
                    11:1c:0d:b5:98:fc:91:0b:18:af:15:3e:49:cf:4a:
                    c7:6d:51:a0:21:15:f8:ab:3c:94:42:8b:61:40:54:
                    d7:95:3b:71:fb:17:29:3e:9c:de:7a:ed:f9:40:7f:
                    17:87:8e:85:d0:e2:78:b3:d7:b6:f9:c9:ac:73:25:
                    3d:a1:56:47:37:be:74:1b:db:9a:be:30:e8:06:4d:
                    1d:fd:f7:16:e9:52:ea:4b:19:d3:88:62:70:a9:07:
                    07:27:c9:5d:71:aa:f3:f7:bf:30:83:09:c8:b0:c0:
                    e4:67:6f:71:b6:fb:99:0d:7a:df:91:fd:82:a7:45:
                    0d:b5:2b:a5:17:e9:11:d5:da:00:81:41:1c:b1:3b:
                    f3:f5:58:f5:0d:8a:12:36:d6:f8:8d:9c:4a:fb:5d:
                    3a:2f:f0:d2:08:c4:35:59:c7:17:34:c7:61:f4:65:
                    8b:af:23:97:88:55:9e:58:91:cd:f2:3d:da:fc:1d:
                    02:ae:7b:93:68:4e:59:30:fe:c6:78:3c:95:27:d2:
                    36:57:56:7b:0f:2f:17:8b:9f:bd:6b:fa:8b:20:48:
                    73:a1:e3:12:b2:0f:f2:fa:49:17:b5:54:f4:2f:98:
                    4e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:7E:AC:36:B1:7D:DA:5E:BC:E8:A7:64:4D:73:C5:90:B7:F1:7B:75
            X509v3 Authority Key Identifier:
                keyid:53:58:25:CE:8B:F5:44:17:02:82:F7:20:A2:48:41:41:56:8B:0E:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1glzov1RBcCgvcgokhBQVaLDn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/WX6sNrF92l686KdkTXPFkLfxe3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/01f736-af83-456c-8b45-5146ab7ea015/1/U1glzov1RBcCgvcgokhBQVaLDn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ba:8c:e0:c4:f6:c8:b7:4b:06:b9:3d:77:1e:e2:c9:71:c7:9e:
         e0:70:08:76:23:dc:03:da:9f:44:b8:f4:6b:34:69:79:bc:e2:
         37:71:8b:81:68:5f:9e:30:84:de:cf:19:6e:27:a4:5c:ec:2b:
         d8:84:77:d7:6b:81:de:3f:3e:09:b0:7f:4c:3b:32:06:8a:45:
         26:ed:e7:38:83:60:f5:30:9f:79:b0:a2:1e:5c:5b:de:85:53:
         d8:52:d6:61:79:c9:e6:ab:21:34:83:9e:e9:d1:a6:21:67:b8:
         33:b8:bc:28:5f:a2:9c:4c:54:3e:35:c7:0e:2f:2e:31:14:b3:
         f6:ba:42:45:2d:0c:8f:2b:a7:2d:17:72:50:6d:ed:44:94:97:
         c2:d0:32:f3:f2:3d:45:12:31:a7:37:6c:94:d3:ea:57:56:63:
         25:30:98:31:16:28:08:47:c0:15:ba:74:8c:ea:bb:40:f9:7b:
         3c:4b:c5:2f:e6:00:1e:2e:5b:eb:76:a9:f7:6f:98:40:08:97:
         bb:81:c7:20:99:6f:cd:51:1d:85:b3:6b:cf:e5:76:9b:5e:c0:
         e7:ea:e3:49:fa:96:ee:f8:a0:6f:2d:84:d0:70:36:f8:9e:74:
         0c:d8:f8:34:0d:0d:fa:c1:62:4a:c5:04:26:71:10:cd:3c:1c:
         67:8b:9c:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/HDdGhx/YaAnRMSakmSXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTgyNWNlOGJmNTQ0MTcwMjgyZjcyMGEyNDg0MTQxNTY4
YjBlN2QwHhcNMjUwMTAyMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTdlYWMzNmIxN2RkYTVlYmNlOGE3NjQ0ZDczYzU5MGI3ZjE3Yjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56R3BQe50+pSgLERlEA4RcpdoaSr
39gAJRaZfNQRHA21mPyRCxivFT5Jz0rHbVGgIRX4qzyUQothQFTXlTtx+xcpPpze
eu35QH8Xh46F0OJ4s9e2+cmscyU9oVZHN750G9uavjDoBk0d/fcW6VLqSxnTiGJw
qQcHJ8ldcarz978wgwnIsMDkZ29xtvuZDXrfkf2Cp0UNtSulF+kR1doAgUEcsTvz
9Vj1DYoSNtb4jZxK+106L/DSCMQ1WccXNMdh9GWLryOXiFWeWJHN8j3a/B0CrnuT
aE5ZMP7GeDyVJ9I2V1Z7Dy8Xi5+9a/qLIEhzoeMSsg/y+kkXtVT0L5hOXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFl+rDaxfdpevOinZE1zxZC38Xt1MB8GA1UdIwQY
MBaAFFNYJc6L9UQXAoL3IKJIQUFWiw59MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFnbHpvdjFSQmNDZ3ZjZ29raEJRVmFMRG4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8wMWY3MzYtYWY4My00NTZjLThiNDUt
NTE0NmFiN2VhMDE1LzEvV1g2c05yRjkybDY4Nktka1RYUEZrTGZ4ZTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8wMWY3MzYtYWY4My00NTZjLThiNDUtNTE0NmFiN2VhMDE1
LzEvVTFnbHpvdjFSQmNDZ3ZjZ29raEJRVmFMRG4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUFRQMA0G
CSqGSIb3DQEBCwUAA4IBAQC6jODE9si3Swa5PXce4slxx57gcAh2I9wD2p9EuPRr
NGl5vOI3cYuBaF+eMITezxluJ6Rc7CvYhHfXa4HePz4JsH9MOzIGikUm7ec4g2D1
MJ95sKIeXFvehVPYUtZhecnmqyE0g57p0aYhZ7gzuLwoX6KcTFQ+NccOLy4xFLP2
ukJFLQyPK6ctF3JQbe1ElJfC0DLz8j1FEjGnN2yU0+pXVmMlMJgxFigIR8AVunSM
6rtA+Xs8S8Uv5gAeLlvrdqn3b5hACJe7gccgmW/NUR2Fs2vP5XabXsDn6uNJ+pbu
+KBvLYTQcDb4nnQM2Pg0DQ36wWJKxQQmcRDNPBxni5wl
-----END CERTIFICATE-----