Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/fNZMbnQMgTAK0Zgb7xMWM1Qd3dI.roa
File:                     fNZMbnQMgTAK0Zgb7xMWM1Qd3dI.roa (raw, json)
Hash identifier:          BfsFTEpekQyKXJd+qFQ/cSg4okv8+qp9Gcb8wC29DdI=
Subject key identifier:   7C:D6:4C:6E:74:0C:81:30:0A:D1:98:1B:EF:13:16:33:54:1D:DD:D2
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       018CCA2A8F39E6EDDABA0798D19BA28BC727
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/fNZMbnQMgTAK0Zgb7xMWM1Qd3dI.roa
Signing time:             Tue 02 Jan 2024 12:33:55 +0000
ROA not before:           Tue 02 Jan 2024 12:33:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        80.253.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:8f:39:e6:ed:da:ba:07:98:d1:9b:a2:8b:c7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  2 12:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cd64c6e740c81300ad1981bef131633541dddd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:57:fc:a4:43:f2:8a:c0:d9:db:ef:23:68:84:
                    64:3e:cd:f2:75:29:8b:92:98:6b:05:93:86:f0:31:
                    71:4b:67:91:d9:6e:8a:cd:7f:ec:05:56:94:85:c1:
                    9e:19:34:22:a6:d6:a5:fa:95:64:02:7e:48:cd:1c:
                    6b:0a:f0:c8:33:18:26:c2:96:16:59:9f:5f:79:2c:
                    68:ec:71:56:2b:a0:ce:60:21:44:16:72:f5:e5:f6:
                    0e:7a:3f:55:10:5a:d1:50:f0:7c:3d:80:4e:51:17:
                    9f:d0:e8:8c:39:15:cf:88:9b:7a:85:b3:97:60:93:
                    71:a7:c6:9b:0b:03:f4:e3:2b:48:8a:50:9b:38:f4:
                    34:f7:e4:b0:b5:d5:93:8b:ce:22:d3:9b:a0:b4:28:
                    a0:d8:3d:53:77:da:26:f0:ae:9a:be:83:36:14:d9:
                    1d:81:38:1a:25:39:66:c6:b5:90:b7:eb:f0:6c:76:
                    e3:7d:df:6f:bd:0d:4b:c0:69:27:f7:19:04:5d:df:
                    e6:32:4c:1b:3e:45:49:3e:22:7a:f0:39:34:10:38:
                    55:ba:1d:47:32:40:c0:50:17:38:84:71:dc:40:47:
                    c5:65:af:03:02:53:3b:35:d4:fa:76:9c:60:49:11:
                    24:02:7c:4a:d3:98:fd:67:27:ab:7e:36:cc:c9:ef:
                    21:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D6:4C:6E:74:0C:81:30:0A:D1:98:1B:EF:13:16:33:54:1D:DD:D2
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/fNZMbnQMgTAK0Zgb7xMWM1Qd3dI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:bb:6c:f2:35:f1:34:cb:3b:a3:6c:d1:3b:b3:c2:4f:31:96:
         98:17:e2:fa:52:ae:3d:44:af:20:0a:02:4a:2e:52:86:49:71:
         30:df:11:d4:54:6b:7d:4c:09:ea:e8:80:03:16:62:e9:ef:24:
         79:e9:b0:a3:3c:47:7b:9a:2e:50:50:d1:6f:5f:5d:b3:48:c4:
         b9:92:70:4e:51:eb:b6:f1:6d:e6:19:a2:9b:b1:bc:81:fa:e3:
         24:52:f9:91:59:5a:16:c1:b7:07:f1:48:45:4b:a4:65:06:62:
         ba:43:bd:69:8d:58:9b:79:e9:08:ce:15:92:2a:83:8f:c1:81:
         6f:c1:20:2b:45:c4:51:9c:53:11:98:b1:5e:08:a6:b7:26:75:
         d5:5c:d1:fd:2e:7b:87:1e:19:5e:1f:26:ea:b3:48:78:10:3f:
         7a:be:15:48:95:b7:c3:e8:76:7f:39:a1:aa:a7:d0:cc:4a:60:
         83:5c:5d:72:5f:06:ef:61:1e:e7:9f:2f:fc:e9:43:ab:5f:9d:
         cc:74:10:6e:4d:eb:e2:89:ae:04:94:61:43:79:49:73:39:77:
         3e:ad:10:62:d1:bc:67:7c:c2:a0:3e:91:6d:c3:dc:f1:7e:7c:
         2b:4b:c6:81:b3:77:32:f4:3b:ab:b6:56:07:5b:25:62:26:90:
         1c:cd:7b:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKo855u3augeY0Zuii8cnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjQwMTAyMTIzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Q2NGM2ZTc0MGM4MTMwMGFkMTk4MWJlZjEzMTYzMzU0MWRkZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVf8pEPyisDZ2+8jaIRkPs3ydSmL
kphrBZOG8DFxS2eR2W6KzX/sBVaUhcGeGTQiptal+pVkAn5IzRxrCvDIMxgmwpYW
WZ9feSxo7HFWK6DOYCFEFnL15fYOej9VEFrRUPB8PYBOURef0OiMORXPiJt6hbOX
YJNxp8abCwP04ytIilCbOPQ09+SwtdWTi84i05ugtCig2D1Td9om8K6avoM2FNkd
gTgaJTlmxrWQt+vwbHbjfd9vvQ1LwGkn9xkEXd/mMkwbPkVJPiJ68Dk0EDhVuh1H
MkDAUBc4hHHcQEfFZa8DAlM7NdT6dpxgSREkAnxK05j9ZyerfjbMye8hfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzWTG50DIEwCtGYG+8TFjNUHd3SMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvZk5aTWJuUU1nVEFLMFpnYjd4TVdNMVFkM2RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUP1zMA0G
CSqGSIb3DQEBCwUAA4IBAQALu2zyNfE0yzujbNE7s8JPMZaYF+L6Uq49RK8gCgJK
LlKGSXEw3xHUVGt9TAnq6IADFmLp7yR56bCjPEd7mi5QUNFvX12zSMS5knBOUeu2
8W3mGaKbsbyB+uMkUvmRWVoWwbcH8UhFS6RlBmK6Q71pjVibeekIzhWSKoOPwYFv
wSArRcRRnFMRmLFeCKa3JnXVXNH9LnuHHhleHybqs0h4ED96vhVIlbfD6HZ/OaGq
p9DMSmCDXF1yXwbvYR7nny/86UOrX53MdBBuTeviia4ElGFDeUlzOXc+rRBi0bxn
fMKgPpFtw9zxfnwrS8aBs3cy9DurtlYHWyViJpAczXvX
-----END CERTIFICATE-----