Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Ea4e2w-TlhuAPELanmi8d1DxoVs.roa
File:                     Ea4e2w-TlhuAPELanmi8d1DxoVs.roa (raw, json)
Hash identifier:          QOPC10tzMsvEvvFKM74uMnOkNuc45EJt2v+p/yfgetA=
Subject key identifier:   11:AE:1E:DB:0F:93:96:1B:80:3C:42:DA:9E:68:BC:77:50:F1:A1:5B
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D76EBF13623FFCE0B3F6825F5B9BBD
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Ea4e2w-TlhuAPELanmi8d1DxoVs.roa
Signing time:             Wed 01 Jan 2025 21:48:28 +0000
ROA not before:           Wed 01 Jan 2025 21:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205597
IP address blocks:        80.77.27.0/24 maxlen: 24
                          2a01:367:ff0f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:6e:bf:13:62:3f:fc:e0:b3:f6:82:5f:5b:9b:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11ae1edb0f93961b803c42da9e68bc7750f1a15b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:85:89:76:71:dd:aa:57:97:bb:70:e6:b9:bf:
                    ed:52:1f:c3:0c:d2:be:bd:91:4c:04:d0:3c:7d:14:
                    78:f8:a3:af:92:ec:ca:3c:48:49:43:65:53:f6:2f:
                    08:ec:05:f3:68:0d:3a:da:ca:03:ca:fb:f5:e0:02:
                    91:54:20:6c:b5:c1:15:58:50:42:27:f2:01:59:5c:
                    33:a9:42:f4:71:ef:b9:1d:0f:1b:01:1c:1e:26:98:
                    81:71:18:a0:a2:91:44:c0:92:f9:38:23:e1:49:3e:
                    38:04:94:97:ee:6c:2a:70:05:3e:74:f0:f8:db:e6:
                    d5:bc:47:52:3f:e2:88:ab:89:bf:04:e9:0b:a0:5c:
                    5b:d7:dc:0b:ec:4d:8a:a7:a9:cc:ba:3b:30:66:a7:
                    78:f9:b2:fd:91:e5:79:84:5c:d7:15:e4:c2:2a:70:
                    3c:c1:0d:cd:97:d2:10:b9:30:24:83:13:68:aa:d5:
                    31:47:25:2b:c5:24:6e:ed:96:5e:73:da:96:80:4c:
                    76:95:7a:b9:97:82:d0:c0:5a:43:2f:a4:6b:7d:3f:
                    74:ae:17:8d:05:df:c9:87:4a:46:5a:0a:86:fe:06:
                    6f:be:bd:0c:31:70:80:d2:97:c9:33:5a:0c:73:8c:
                    38:25:08:96:63:da:86:36:82:5f:90:2c:c2:64:03:
                    47:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:AE:1E:DB:0F:93:96:1B:80:3C:42:DA:9E:68:BC:77:50:F1:A1:5B
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Ea4e2w-TlhuAPELanmi8d1DxoVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.27.0/24
                IPv6:
                  2a01:367:ff0f::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:2f:23:31:32:29:58:1c:de:5c:c7:ed:25:b5:1d:2f:32:22:
         83:5d:20:81:80:20:52:80:7f:48:3f:d2:37:3a:77:f0:4c:72:
         3f:a4:16:be:18:b6:47:52:aa:9f:86:b7:2f:20:0f:0f:c2:e4:
         b3:05:98:1e:52:a0:18:18:59:8b:67:25:d3:29:0b:0c:09:0a:
         b7:f9:d3:6b:4d:65:de:70:83:dd:ff:5d:ac:9a:7d:cf:23:13:
         2c:8d:22:62:c0:47:75:3a:3f:b8:21:22:b4:6c:85:87:23:4c:
         bd:d2:35:b3:ec:ab:22:44:58:93:0e:5f:e3:e8:a6:2f:84:3d:
         1b:42:0c:e0:97:4e:31:fe:9b:95:56:79:5c:fe:db:68:ef:6c:
         0f:60:a7:fd:4e:ba:a5:4a:db:d5:43:b1:fd:45:37:44:c1:fe:
         cd:42:17:37:d9:76:d7:c0:ee:c3:5d:63:c3:9f:c8:fe:21:17:
         e4:47:02:4e:92:85:53:0a:63:4f:db:83:a5:09:af:38:0d:c1:
         38:42:27:5f:be:07:d6:0d:c0:1b:d7:2d:7f:18:0e:e0:84:1b:
         f4:fe:06:99:08:dd:37:e0:e2:1d:f6:84:7d:c4:10:b4:37:99:
         1b:03:4f:3e:14:e9:53:23:fb:87:db:15:64:c6:83:5a:1d:f2:
         85:ee:16:69
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQj126/E2I//OCz9oJfW5u9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWFlMWVkYjBmOTM5NjFiODAzYzQyZGE5ZTY4YmM3NzUwZjFhMTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYWJdnHdqleXu3Dmub/tUh/DDNK+
vZFMBNA8fRR4+KOvkuzKPEhJQ2VT9i8I7AXzaA062soDyvv14AKRVCBstcEVWFBC
J/IBWVwzqUL0ce+5HQ8bARweJpiBcRigopFEwJL5OCPhST44BJSX7mwqcAU+dPD4
2+bVvEdSP+KIq4m/BOkLoFxb19wL7E2Kp6nMujswZqd4+bL9keV5hFzXFeTCKnA8
wQ3Nl9IQuTAkgxNoqtUxRyUrxSRu7ZZec9qWgEx2lXq5l4LQwFpDL6RrfT90rheN
Bd/Jh0pGWgqG/gZvvr0MMXCA0pfJM1oMc4w4JQiWY9qGNoJfkCzCZANHNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBGuHtsPk5YbgDxC2p5ovHdQ8aFbMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvRWE0ZTJ3LVRsaHVBUEVMYW5taThkMUR4b1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUE0bMA8E
AgACMAkDBwAqAQNn/w8wDQYJKoZIhvcNAQELBQADggEBAGQvIzEyKVgc3lzH7SW1
HS8yIoNdIIGAIFKAf0g/0jc6d/BMcj+kFr4YtkdSqp+Gty8gDw/C5LMFmB5SoBgY
WYtnJdMpCwwJCrf502tNZd5wg93/Xayafc8jEyyNImLAR3U6P7ghIrRshYcjTL3S
NbPsqyJEWJMOX+Popi+EPRtCDOCXTjH+m5VWeVz+22jvbA9gp/1OuqVK29VDsf1F
N0TB/s1CFzfZdtfA7sNdY8OfyP4hF+RHAk6ShVMKY0/bg6UJrzgNwThCJ1++B9YN
wBvXLX8YDuCEG/T+BpkI3Tfg4h32hH3EELQ3mRsDTz4U6VMj+4fbFWTGg1od8oXu
Fmk=
-----END CERTIFICATE-----