Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/T5tVgeVILedLpS9EFxA1XRqWD4s.roa
File:                     T5tVgeVILedLpS9EFxA1XRqWD4s.roa (raw, json)
Hash identifier:          QRMxUbcfjGM2GCItxOA+pSYtl/mLmzK4Aq/a2kiNhCQ=
Subject key identifier:   4F:9B:55:81:E5:48:2D:E7:4B:A5:2F:44:17:10:35:5D:1A:96:0F:8B
Certificate issuer:       /CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
Certificate serial:       018CEF71C981D830D95B02A344B668F112C7
Authority key identifier: AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/T5tVgeVILedLpS9EFxA1XRqWD4s.roa
Signing time:             Tue 09 Jan 2024 18:17:40 +0000
ROA not before:           Tue 09 Jan 2024 18:17:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202278
IP address blocks:        80.75.214.0/24 maxlen: 24
                          2a13:5680::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ef:71:c9:81:d8:30:d9:5b:02:a3:44:b6:68:f1:12:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
        Validity
            Not Before: Jan  9 18:17:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f9b5581e5482de74ba52f441710355d1a960f8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c6:2d:06:77:5e:0f:52:ec:da:bd:61:93:c1:
                    36:fe:a1:6d:5a:b7:1e:e9:b8:e0:20:ab:60:51:a8:
                    3c:0e:8a:dd:64:41:8f:53:03:90:62:32:5f:08:15:
                    c1:c7:d1:f8:36:72:58:7a:bd:8f:89:91:e8:5c:d6:
                    c0:a1:3f:a1:20:a4:4f:9c:3a:b7:c2:7b:70:8f:fb:
                    54:d5:b3:27:c8:30:74:d7:0f:a6:eb:64:26:a8:95:
                    f3:4c:50:80:47:03:d8:76:5c:23:01:19:90:3e:b7:
                    99:6d:ce:2d:ed:55:7a:2d:6e:7c:39:ef:98:88:fa:
                    c5:ad:13:33:c2:ca:b8:a8:de:ce:1d:5f:d1:e7:37:
                    e1:6e:94:8b:7b:46:cd:48:c4:c2:4d:02:86:e8:f2:
                    ee:f6:0f:07:87:7a:dd:2e:98:9b:89:92:a9:b3:42:
                    d6:12:6d:1e:21:22:e0:f5:20:88:c6:3d:18:75:5c:
                    c7:6d:c8:0e:30:03:6c:7a:e5:0b:21:86:0a:88:22:
                    68:64:3f:bf:47:3b:77:c6:ee:6c:ba:87:36:ac:05:
                    33:97:ed:34:b0:3b:90:a1:49:1d:a9:cf:25:15:42:
                    45:98:d7:cc:9a:21:11:52:b8:1c:26:f0:25:4f:3d:
                    58:15:d6:d8:b5:c3:85:5d:66:52:78:f0:cd:5d:d5:
                    c2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:9B:55:81:E5:48:2D:E7:4B:A5:2F:44:17:10:35:5D:1A:96:0F:8B
            X509v3 Authority Key Identifier:
                keyid:AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/T5tVgeVILedLpS9EFxA1XRqWD4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.214.0/24
                IPv6:
                  2a13:5680::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:3f:6a:60:5c:1e:28:e3:36:9a:c5:9e:ac:96:d2:1a:17:ae:
         90:cb:5a:68:ce:4f:ea:48:f0:d3:b8:0f:a6:f9:0a:57:3c:e0:
         96:4a:e8:4c:62:5b:80:6d:d6:99:90:73:15:33:b4:f8:bf:a0:
         56:e9:e3:db:35:d0:82:b6:45:44:58:02:2f:22:55:3c:1a:dd:
         9c:ca:c5:51:a7:a7:95:4b:ec:74:28:b4:8d:09:5a:55:a2:5f:
         86:ad:84:f7:80:94:f3:a8:31:d1:72:c7:73:60:7b:d1:5f:f6:
         62:d1:4b:80:0d:fc:8c:cc:72:79:a0:cc:0b:60:b1:e5:4d:e7:
         56:1d:ec:69:a5:b7:34:96:4f:aa:77:d8:b6:76:fe:9b:8a:a8:
         93:ac:17:b5:d7:f3:36:f0:35:a1:98:5a:16:37:77:d2:a4:52:
         c0:0f:dc:f5:1f:49:f3:b1:ab:c8:19:da:35:0f:36:59:a4:51:
         db:20:80:d1:c7:73:c8:4f:62:2e:2f:86:47:18:cd:9b:7b:e3:
         01:35:e8:91:7e:6a:fd:9f:10:10:c5:72:10:a6:c2:4a:1c:09:
         59:21:02:19:aa:1c:09:1f:f0:89:5d:6e:e8:b4:3c:31:32:27:
         f8:de:2d:e9:ca:fd:ca:28:62:eb:88:be:61:d8:d6:74:19:75:
         38:da:8c:c5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzvccmB2DDZWwKjRLZo8RLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZDg3YmJlZjU5NDM1NDZiMmE4M2QzMWVjMmI5OWFkODgz
ZDUxZDcwHhcNMjQwMTA5MTgxNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjliNTU4MWU1NDgyZGU3NGJhNTJmNDQxNzEwMzU1ZDFhOTYwZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcYtBndeD1Ls2r1hk8E2/qFtWrce
6bjgIKtgUag8DordZEGPUwOQYjJfCBXBx9H4NnJYer2PiZHoXNbAoT+hIKRPnDq3
wntwj/tU1bMnyDB01w+m62QmqJXzTFCARwPYdlwjARmQPreZbc4t7VV6LW58Oe+Y
iPrFrRMzwsq4qN7OHV/R5zfhbpSLe0bNSMTCTQKG6PLu9g8Hh3rdLpibiZKps0LW
Em0eISLg9SCIxj0YdVzHbcgOMANseuULIYYKiCJoZD+/Rzt3xu5suoc2rAUzl+00
sDuQoUkdqc8lFUJFmNfMmiERUrgcJvAlTz1YFdbYtcOFXWZSePDNXdXC8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE+bVYHlSC3nS6UvRBcQNV0alg+LMB8GA1UdIwQY
MBaAFKvYe771lDVGsqg9Mewrma2IPVHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYt
MmY1Yzc0YzY5YWUxLzEvVDV0VmdlVklMZWRMcFM5RUZ4QTFYUnFXRDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYtMmY1Yzc0YzY5YWUx
LzEvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUEvWMA0E
AgACMAcDBQAqE1aAMA0GCSqGSIb3DQEBCwUAA4IBAQAFP2pgXB4o4zaaxZ6sltIa
F66Qy1pozk/qSPDTuA+m+QpXPOCWSuhMYluAbdaZkHMVM7T4v6BW6ePbNdCCtkVE
WAIvIlU8Gt2cysVRp6eVS+x0KLSNCVpVol+GrYT3gJTzqDHRcsdzYHvRX/Zi0UuA
DfyMzHJ5oMwLYLHlTedWHexppbc0lk+qd9i2dv6biqiTrBe11/M28DWhmFoWN3fS
pFLAD9z1H0nzsavIGdo1DzZZpFHbIIDRx3PIT2IuL4ZHGM2be+MBNeiRfmr9nxAQ
xXIQpsJKHAlZIQIZqhwJH/CJXW7otDwxMif43i3pyv3KKGLriL5h2NZ0GXU42ozF
-----END CERTIFICATE-----