Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/75cd45-60b5-4c4b-b8b8-9f3c09bb741c/1/GZ5yz25RSm-Wx6zNA-MOyUum7c8.roa
File:                     GZ5yz25RSm-Wx6zNA-MOyUum7c8.roa (raw, json)
Hash identifier:          HPy8Bj2XcaycfnfLW4+sVxIq8ilfGUvjjJFHNeQqvmk=
Subject key identifier:   19:9E:72:CF:6E:51:4A:6F:96:C7:AC:CD:03:E3:0E:C9:4B:A6:ED:CF
Certificate issuer:       /CN=10c836e5ce2bfeb821f37d64a49c161855fe2c52
Certificate serial:       018CED1BF2566CAA44D4EEC943BE2AE8CF80
Authority key identifier: 10:C8:36:E5:CE:2B:FE:B8:21:F3:7D:64:A4:9C:16:18:55:FE:2C:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EMg25c4r_rgh831kpJwWGFX-LFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/75cd45-60b5-4c4b-b8b8-9f3c09bb741c/1/GZ5yz25RSm-Wx6zNA-MOyUum7c8.roa
Signing time:             Tue 09 Jan 2024 07:24:40 +0000
ROA not before:           Tue 09 Jan 2024 07:24:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47692
IP address blocks:        80.249.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/75cd45-60b5-4c4b-b8b8-9f3c09bb741c/1/EMg25c4r_rgh831kpJwWGFX-LFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/75cd45-60b5-4c4b-b8b8-9f3c09bb741c/1/EMg25c4r_rgh831kpJwWGFX-LFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EMg25c4r_rgh831kpJwWGFX-LFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:1b:f2:56:6c:aa:44:d4:ee:c9:43:be:2a:e8:cf:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10c836e5ce2bfeb821f37d64a49c161855fe2c52
        Validity
            Not Before: Jan  9 07:24:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=199e72cf6e514a6f96c7accd03e30ec94ba6edcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:26:fe:2f:cd:5d:68:9c:9c:b7:2f:bc:89:0f:
                    2b:af:c9:6b:9b:12:60:32:7e:2a:d5:7f:9d:e4:0a:
                    86:33:6f:53:b5:74:10:63:3f:39:0c:e2:d0:d2:3e:
                    d6:07:ac:d2:88:4f:53:a9:6c:14:49:80:90:d8:a7:
                    fb:13:c7:45:00:10:8f:85:75:e7:30:a9:ad:ae:dc:
                    31:90:ac:c5:fe:15:c0:52:99:56:19:22:42:29:57:
                    4f:30:45:3e:5f:89:c2:db:2d:b2:89:70:74:94:c2:
                    c2:d4:86:40:86:0a:8f:54:e5:ff:41:67:10:3c:8e:
                    1d:13:2d:c2:bc:65:97:dc:77:ab:70:95:c9:15:ce:
                    70:58:db:41:f9:4b:46:1e:85:4c:6f:5d:34:62:9e:
                    7c:09:65:56:10:cf:89:af:de:c1:7a:30:0e:e5:e5:
                    20:85:47:b7:82:19:92:99:23:d1:35:fa:57:3d:5c:
                    8a:49:3f:d5:36:96:04:74:2a:16:d5:40:92:0d:a8:
                    d6:61:3a:16:6c:a6:7b:e8:ca:58:be:35:f1:0c:34:
                    13:fd:d8:db:75:84:9f:c7:db:2c:ae:9b:98:a4:c4:
                    41:e7:33:3f:83:e4:94:2e:0c:2d:14:f3:33:a5:a7:
                    dd:ba:8c:77:ca:11:45:f7:98:cb:34:89:47:ed:cb:
                    ca:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:9E:72:CF:6E:51:4A:6F:96:C7:AC:CD:03:E3:0E:C9:4B:A6:ED:CF
            X509v3 Authority Key Identifier:
                keyid:10:C8:36:E5:CE:2B:FE:B8:21:F3:7D:64:A4:9C:16:18:55:FE:2C:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EMg25c4r_rgh831kpJwWGFX-LFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/75cd45-60b5-4c4b-b8b8-9f3c09bb741c/1/GZ5yz25RSm-Wx6zNA-MOyUum7c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/75cd45-60b5-4c4b-b8b8-9f3c09bb741c/1/EMg25c4r_rgh831kpJwWGFX-LFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.249.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:c6:2e:05:f2:2c:76:05:cb:65:95:3b:82:27:15:4a:3b:19:
         71:92:89:bd:ac:95:ac:47:7e:aa:fb:f4:f0:02:b8:b9:45:bf:
         40:34:e6:d5:18:89:a4:43:3d:94:86:fd:f0:d7:29:8d:c2:9b:
         7c:d4:5e:46:13:40:37:dd:d0:10:34:61:29:00:8e:a9:d1:5f:
         cd:d2:2f:65:7c:d8:c7:82:69:07:09:4e:d0:84:4f:44:90:62:
         31:60:36:41:ba:da:5e:e1:84:c8:46:88:f5:04:9a:ff:23:6a:
         d6:8a:30:ca:93:bf:d3:4f:9c:98:64:da:5c:9d:de:b7:6f:70:
         67:bc:b3:f9:41:27:e5:a6:c8:cd:f2:26:9f:fd:2c:6e:98:27:
         bb:cf:af:07:fc:a3:1f:a2:f9:ec:90:12:d0:37:94:3a:82:d3:
         15:10:c1:d7:74:5a:b1:63:00:f5:a9:ed:ca:5d:fe:e8:9f:7b:
         bf:18:f3:b9:d9:c8:b4:c9:8d:d9:0f:70:e8:04:d2:8b:12:09:
         2f:cb:57:c8:03:0f:72:72:83:8c:ae:73:ae:da:e7:4b:09:85:
         19:78:42:e2:97:ec:0e:98:68:4c:af:ad:d9:31:d3:14:20:2d:
         da:7d:ae:f9:65:e3:6d:0b:b6:53:5b:52:2d:a5:78:49:59:47:
         1e:b6:c9:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYztG/JWbKpE1O7JQ74q6M+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYzgzNmU1Y2UyYmZlYjgyMWYzN2Q2NGE0OWMxNjE4NTVm
ZTJjNTIwHhcNMjQwMTA5MDcyNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTllNzJjZjZlNTE0YTZmOTZjN2FjY2QwM2UzMGVjOTRiYTZlZGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoib+L81daJycty+8iQ8rr8lrmxJg
Mn4q1X+d5AqGM29TtXQQYz85DOLQ0j7WB6zSiE9TqWwUSYCQ2Kf7E8dFABCPhXXn
MKmtrtwxkKzF/hXAUplWGSJCKVdPMEU+X4nC2y2yiXB0lMLC1IZAhgqPVOX/QWcQ
PI4dEy3CvGWX3HercJXJFc5wWNtB+UtGHoVMb100Yp58CWVWEM+Jr97BejAO5eUg
hUe3ghmSmSPRNfpXPVyKST/VNpYEdCoW1UCSDajWYToWbKZ76MpYvjXxDDQT/djb
dYSfx9ssrpuYpMRB5zM/g+SULgwtFPMzpafduox3yhFF95jLNIlH7cvKlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmecs9uUUpvlseszQPjDslLpu3PMB8GA1UdIwQY
MBaAFBDINuXOK/64IfN9ZKScFhhV/ixSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU1nMjVjNHJfcmdoODMxa3BKd1dHRlgtTEZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83NWNkNDUtNjBiNS00YzRiLWI4Yjgt
OWYzYzA5YmI3NDFjLzEvR1o1eXoyNVJTbS1XeDZ6TkEtTU95VXVtN2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83NWNkNDUtNjBiNS00YzRiLWI4YjgtOWYzYzA5YmI3NDFj
LzEvRU1nMjVjNHJfcmdoODMxa3BKd1dHRlgtTEZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPl5MA0G
CSqGSIb3DQEBCwUAA4IBAQAnxi4F8ix2BctllTuCJxVKOxlxkom9rJWsR36q+/Tw
Ari5Rb9ANObVGImkQz2Uhv3w1ymNwpt81F5GE0A33dAQNGEpAI6p0V/N0i9lfNjH
gmkHCU7QhE9EkGIxYDZButpe4YTIRoj1BJr/I2rWijDKk7/TT5yYZNpcnd63b3Bn
vLP5QSflpsjN8iaf/SxumCe7z68H/KMfovnskBLQN5Q6gtMVEMHXdFqxYwD1qe3K
Xf7on3u/GPO52ci0yY3ZD3DoBNKLEgkvy1fIAw9ycoOMrnOu2udLCYUZeELil+wO
mGhMr63ZMdMUIC3afa75ZeNtC7ZTW1ItpXhJWUcetskL
-----END CERTIFICATE-----