Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Id5wc7K2k2BZ_lTwphWlmy3X_fk.roa
File:                     Id5wc7K2k2BZ_lTwphWlmy3X_fk.roa (raw, json)
Hash identifier:          F7U+X1N7IzdunJ8+jBr140/SI5ZhZIcFBwZ4YwFHkEE=
Subject key identifier:   21:DE:70:73:B2:B6:93:60:59:FE:54:F0:A6:15:A5:9B:2D:D7:FD:F9
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AE946114614473D552C37F0741155
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Id5wc7K2k2BZ_lTwphWlmy3X_fk.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207408
IP address blocks:        80.77.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e9:46:11:46:14:47:3d:55:2c:37:f0:74:11:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21de7073b2b6936059fe54f0a615a59b2dd7fdf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:37:eb:cc:39:bc:a1:4d:f2:9a:ea:72:9a:16:
                    56:af:43:aa:71:ce:fc:28:f6:74:17:5e:24:84:13:
                    d2:5e:8c:09:a7:86:27:14:54:f5:2e:2c:4e:90:a1:
                    3e:78:f9:2e:77:5d:8b:38:33:fd:f4:70:2a:c7:04:
                    9c:6e:af:09:26:fc:d6:47:d1:ea:42:a4:5e:c0:98:
                    35:fe:a8:60:09:f2:0f:9d:6e:76:c0:18:67:e9:49:
                    d3:e7:39:4a:e0:2a:ae:6f:1c:3c:6f:58:68:4d:f4:
                    e8:0b:8a:72:a3:6c:5a:17:b6:e8:6a:12:26:08:f5:
                    8d:14:54:07:1a:18:d2:3e:e7:00:6b:5b:5d:3b:83:
                    93:81:06:ea:d3:6f:fa:37:f3:22:e0:bd:50:ed:e9:
                    37:2f:81:0c:2d:de:fe:a4:ee:2a:7e:99:25:c2:53:
                    c5:c4:4a:da:87:31:0d:e1:1e:17:49:29:9a:f1:46:
                    e7:29:62:73:92:04:cf:24:61:ff:b9:f2:53:f5:6c:
                    9e:8b:43:d9:0b:32:42:f4:14:d4:89:f2:da:f7:e8:
                    01:1e:c5:58:7a:5e:5d:46:12:96:69:f0:b7:a3:c6:
                    87:ab:bc:f8:ed:99:e9:37:2c:f2:b0:7d:a7:63:4b:
                    6f:65:57:cb:98:53:de:6c:ed:bd:2a:c1:fd:0e:ab:
                    08:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:DE:70:73:B2:B6:93:60:59:FE:54:F0:A6:15:A5:9B:2D:D7:FD:F9
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Id5wc7K2k2BZ_lTwphWlmy3X_fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:27:e5:d4:19:d5:6b:10:07:ff:df:7e:b4:65:f6:38:8b:3f:
         8e:88:78:6e:8c:be:a0:42:13:a3:e2:64:87:d2:88:c6:30:a1:
         a8:99:37:02:52:62:de:ea:eb:96:6f:ec:ef:0e:66:1a:ea:23:
         b1:c7:51:74:d7:3b:a6:e9:78:59:32:da:49:83:d3:87:91:19:
         95:a8:16:9b:a7:8e:63:bf:6e:4e:39:a0:8f:c1:5e:80:9c:d8:
         4b:0d:84:11:f1:ea:17:57:92:2d:75:ce:28:75:cc:e5:a4:dc:
         fc:41:b9:ba:66:ac:d0:fd:70:fa:05:ec:ea:c1:4e:0b:a9:0e:
         1e:c7:f0:a2:16:68:3b:7d:97:cc:ef:96:e5:21:8c:a1:66:0f:
         0a:4f:f6:ca:6f:74:75:ea:c3:ff:67:c3:54:2f:b2:ac:62:93:
         b0:6b:70:83:d4:e3:f6:15:1e:2e:eb:b4:a1:02:51:4c:20:62:
         70:a7:3c:e3:1d:38:8c:52:f5:bc:bb:1e:87:ac:59:e2:5b:ee:
         04:51:24:e2:a6:3c:96:56:d8:1b:9c:06:7a:84:c8:af:5e:01:
         a3:44:41:06:dc:c8:51:ba:fb:be:0e:26:4d:ba:24:b4:be:10:
         9a:d4:77:4e:07:6f:0e:24:24:00:80:8c:85:69:5d:60:6a:97:
         80:e8:d0:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSulGEUYURz1VLDfwdBFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWRlNzA3M2IyYjY5MzYwNTlmZTU0ZjBhNjE1YTU5YjJkZDdmZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjfrzDm8oU3ymupymhZWr0Oqcc78
KPZ0F14khBPSXowJp4YnFFT1LixOkKE+ePkud12LODP99HAqxwScbq8JJvzWR9Hq
QqRewJg1/qhgCfIPnW52wBhn6UnT5zlK4Cqubxw8b1hoTfToC4pyo2xaF7boahIm
CPWNFFQHGhjSPucAa1tdO4OTgQbq02/6N/Mi4L1Q7ek3L4EMLd7+pO4qfpklwlPF
xErahzEN4R4XSSma8UbnKWJzkgTPJGH/ufJT9Wyei0PZCzJC9BTUifLa9+gBHsVY
el5dRhKWafC3o8aHq7z47ZnpNyzysH2nY0tvZVfLmFPebO29KsH9DqsICwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHecHOytpNgWf5U8KYVpZst1/35MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvSWQ1d2M3SzJrMkJaX2xUd3BoV2xteTNYX2ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE0ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBtJ+XUGdVrEAf/3360ZfY4iz+OiHhujL6gQhOj4mSH
0ojGMKGomTcCUmLe6uuWb+zvDmYa6iOxx1F01zum6XhZMtpJg9OHkRmVqBabp45j
v25OOaCPwV6AnNhLDYQR8eoXV5Itdc4odczlpNz8Qbm6ZqzQ/XD6BezqwU4LqQ4e
x/CiFmg7fZfM75blIYyhZg8KT/bKb3R16sP/Z8NUL7KsYpOwa3CD1OP2FR4u67Sh
AlFMIGJwpzzjHTiMUvW8ux6HrFniW+4EUSTipjyWVtgbnAZ6hMivXgGjREEG3MhR
uvu+DiZNuiS0vhCa1HdOB28OJCQAgIyFaV1gapeA6NBA
-----END CERTIFICATE-----