Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/CGUIbzoJQeR65zTqWRGx45Ja8R4.roa
File:                     CGUIbzoJQeR65zTqWRGx45Ja8R4.roa (raw, json)
Hash identifier:          UN/Fnr6DI0baScUU9VdPUEJZbYixDKuX8x8+IhMnZMs=
Subject key identifier:   08:65:08:6F:3A:09:41:E4:7A:E7:34:EA:59:11:B1:E3:92:5A:F1:1E
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D77388EE779797E433ED7CA2CDE727
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/CGUIbzoJQeR65zTqWRGx45Ja8R4.roa
Signing time:             Wed 01 Jan 2025 21:48:29 +0000
ROA not before:           Wed 01 Jan 2025 21:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212228
IP address blocks:        80.77.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:73:88:ee:77:97:97:e4:33:ed:7c:a2:cd:e7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0865086f3a0941e47ae734ea5911b1e3925af11e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a9:13:09:f0:11:16:1d:36:b5:cb:38:6d:cf:
                    56:ef:95:3d:f6:0e:50:70:49:e4:42:84:40:74:42:
                    e8:69:eb:fa:49:d6:4e:81:e2:6d:0f:8f:83:f1:53:
                    e1:55:76:e6:54:d7:a3:7b:30:40:01:11:9b:04:6d:
                    04:3b:bf:10:71:19:47:bc:83:9b:e6:af:2a:5b:1a:
                    5f:57:2c:53:f6:37:df:90:e8:77:d7:14:aa:67:59:
                    f5:98:08:4f:74:07:2b:a4:4b:2b:97:54:db:f5:7a:
                    ff:72:9e:8e:69:60:8b:81:47:87:9f:31:30:68:33:
                    12:ff:d9:fb:f4:84:ef:af:3e:a9:51:88:9b:44:88:
                    be:f0:1d:ca:b4:1c:a2:c2:86:c2:fd:ad:eb:06:64:
                    b6:02:82:5f:c1:28:24:fe:9d:9a:a7:79:70:4b:7f:
                    1f:ba:d9:cd:e9:b7:d9:2c:82:98:ad:66:fe:0f:c3:
                    a9:83:f4:cc:f5:5e:9a:f9:68:d8:e6:84:c6:57:81:
                    51:e7:16:10:15:dd:bf:04:41:c1:03:1c:07:fb:99:
                    5d:90:16:ce:1b:3e:ef:07:67:93:81:05:56:fe:2f:
                    e7:91:2d:ab:cd:14:f8:fc:cf:41:63:c7:67:d0:d0:
                    99:ec:e0:b7:4f:36:8c:8e:76:3b:a7:02:11:39:e8:
                    bb:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:65:08:6F:3A:09:41:E4:7A:E7:34:EA:59:11:B1:E3:92:5A:F1:1E
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/CGUIbzoJQeR65zTqWRGx45Ja8R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:b4:a7:f8:da:50:1b:2a:62:13:4e:0d:50:be:cf:16:01:2f:
         29:68:36:4e:a2:24:62:da:65:01:06:11:ca:60:7f:98:73:a4:
         e3:62:0c:2a:1b:5b:e9:e7:d2:0c:d6:e9:04:cf:66:1e:d4:e0:
         28:1a:5b:19:82:4d:dc:13:7a:04:06:51:73:70:e8:f1:0f:40:
         d6:80:bb:57:55:e8:0c:35:d8:a4:16:2a:f0:43:ee:19:18:7c:
         aa:78:16:59:ca:17:ab:53:7c:9b:a8:f2:c3:f3:95:41:14:ae:
         2d:75:b8:62:dd:d1:7e:69:f9:12:bf:26:e3:ff:70:c7:3b:6a:
         c6:05:77:b9:04:0c:13:4b:91:49:c2:7c:95:ed:57:67:ba:c4:
         67:8c:43:b1:9d:0e:36:f6:01:c7:8a:42:d7:35:0d:99:ae:15:
         4a:fe:9f:4c:87:7e:52:74:e3:db:a9:79:4f:47:db:c1:57:f8:
         58:f6:a1:3e:f7:27:27:88:0d:80:27:c5:5d:ae:86:6b:a6:4e:
         a2:8a:b9:6b:3e:a5:68:c7:db:2a:1a:96:43:3a:9c:c7:9d:b0:
         32:b7:ed:49:ed:f5:be:22:48:b5:1f:1a:88:e3:44:57:ee:8b:
         47:6b:95:d9:9b:95:e4:b6:76:a8:9b:99:4d:9b:b8:a7:c8:ff:
         5c:08:4c:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj13OI7neXl+Qz7XyizecnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODY1MDg2ZjNhMDk0MWU0N2FlNzM0ZWE1OTExYjFlMzkyNWFmMTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6kTCfARFh02tcs4bc9W75U99g5Q
cEnkQoRAdELoaev6SdZOgeJtD4+D8VPhVXbmVNejezBAARGbBG0EO78QcRlHvIOb
5q8qWxpfVyxT9jffkOh31xSqZ1n1mAhPdAcrpEsrl1Tb9Xr/cp6OaWCLgUeHnzEw
aDMS/9n79ITvrz6pUYibRIi+8B3KtByiwobC/a3rBmS2AoJfwSgk/p2ap3lwS38f
utnN6bfZLIKYrWb+D8Opg/TM9V6a+WjY5oTGV4FR5xYQFd2/BEHBAxwH+5ldkBbO
Gz7vB2eTgQVW/i/nkS2rzRT4/M9BY8dn0NCZ7OC3TzaMjnY7pwIROei7xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhlCG86CUHkeuc06lkRseOSWvEeMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvQ0dVSWJ6b0pRZVI2NXpUcVdSR3g0NUphOFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE0XMA0G
CSqGSIb3DQEBCwUAA4IBAQCstKf42lAbKmITTg1Qvs8WAS8paDZOoiRi2mUBBhHK
YH+Yc6TjYgwqG1vp59IM1ukEz2Ye1OAoGlsZgk3cE3oEBlFzcOjxD0DWgLtXVegM
NdikFirwQ+4ZGHyqeBZZyherU3ybqPLD85VBFK4tdbhi3dF+afkSvybj/3DHO2rG
BXe5BAwTS5FJwnyV7VdnusRnjEOxnQ429gHHikLXNQ2ZrhVK/p9Mh35SdOPbqXlP
R9vBV/hY9qE+9ycniA2AJ8VdroZrpk6iirlrPqVox9sqGpZDOpzHnbAyt+1J7fW+
Iki1HxqI40RX7otHa5XZm5Xktnaom5lNm7inyP9cCEwv
-----END CERTIFICATE-----