Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/oZQ0KLPPluLJX2BzR4Siyp1MYwc.roa
File:                     oZQ0KLPPluLJX2BzR4Siyp1MYwc.roa (raw, json)
Hash identifier:          CIlSeppEo+vRJ3AidstAx+zMSgZZV9xXWSANjJr4tvk=
Subject key identifier:   A1:94:34:28:B3:CF:96:E2:C9:5F:60:73:47:84:A2:CA:9D:4C:63:07
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D76FEA4AE6EFF51C63F48FA594F394
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/oZQ0KLPPluLJX2BzR4Siyp1MYwc.roa
Signing time:             Wed 01 Jan 2025 21:48:28 +0000
ROA not before:           Wed 01 Jan 2025 21:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207408
IP address blocks:        80.77.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:6f:ea:4a:e6:ef:f5:1c:63:f4:8f:a5:94:f3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1943428b3cf96e2c95f60734784a2ca9d4c6307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bb:09:26:c4:6c:4b:3d:e0:55:b8:5d:56:10:
                    3f:5d:01:00:71:c3:7f:54:df:61:f2:a8:e6:36:2d:
                    f5:8b:66:2e:2a:ba:82:c3:ef:ad:3c:6a:55:a0:c2:
                    a1:aa:3c:32:77:99:b1:38:96:2c:63:48:47:b2:1f:
                    4e:e9:7f:72:8e:58:59:b5:c0:e5:cb:b4:92:ab:53:
                    4b:80:51:88:68:57:e6:f2:73:79:2e:95:25:fb:d7:
                    ae:f3:d9:0f:d8:91:9d:fa:dc:b5:a6:78:5a:59:7a:
                    78:ac:f8:1b:58:cc:b3:da:8d:48:04:77:72:70:b5:
                    03:92:09:c9:94:90:2c:f4:81:00:c4:c0:d0:d0:72:
                    a2:2b:46:d1:bd:36:60:01:b8:0b:6b:16:e0:7d:1b:
                    16:65:6e:f2:f5:35:f0:e2:df:0e:b4:6c:2f:ea:6d:
                    a5:5f:d3:c5:06:b7:2e:6c:4c:23:d4:05:25:c7:8a:
                    2e:bc:68:8b:b9:72:5b:aa:90:ce:66:46:10:04:63:
                    0e:98:54:f4:ed:39:82:c7:4e:4f:61:72:a1:f3:d0:
                    52:ec:53:bd:68:03:11:62:57:a5:d4:21:56:f4:e3:
                    c2:00:2b:6b:8a:9e:04:99:cf:f5:e2:40:7f:4f:9e:
                    91:f5:9c:9d:47:0a:65:49:52:55:8f:71:df:13:99:
                    b1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:94:34:28:B3:CF:96:E2:C9:5F:60:73:47:84:A2:CA:9D:4C:63:07
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/oZQ0KLPPluLJX2BzR4Siyp1MYwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:1c:5e:4a:7f:1c:7a:5c:39:77:b3:38:ce:b1:61:89:48:d2:
         01:ab:51:3c:3b:f6:0f:fb:55:c6:8b:83:f8:69:93:ac:d3:89:
         86:28:cb:be:9e:cc:07:76:0d:a2:6d:57:2e:ca:d6:a7:87:6f:
         96:37:2b:7d:fb:55:cc:b4:11:24:c3:80:11:49:46:16:b2:ee:
         3d:1d:f2:77:b2:39:02:66:f7:9c:e9:c9:e6:c6:0a:be:8b:f5:
         11:2e:10:3e:74:df:8e:08:f5:d0:ba:5f:e4:6a:03:10:8b:76:
         ca:14:22:d1:21:d9:d6:ea:27:cf:fa:47:fb:ed:5d:7d:d9:7b:
         c6:84:dc:f7:75:eb:0e:e0:ac:c5:de:63:8c:1e:6c:ef:d7:11:
         53:23:08:16:78:62:11:a8:57:30:b7:e0:97:8f:46:dc:65:d1:
         d5:5f:0e:5b:b7:bf:6c:17:4c:9f:2e:f2:b4:96:cc:a2:d8:c0:
         46:0a:65:13:e3:b3:84:7f:e1:d0:f7:1d:52:4c:cb:46:b4:07:
         ab:b4:ca:e1:7d:34:96:fc:2b:d7:e1:08:14:e4:a3:08:75:3b:
         23:e5:0b:50:4e:06:4b:96:a7:07:b3:67:2b:87:fd:bd:65:b5:
         dc:90:85:85:20:46:bd:ec:c5:9b:27:98:63:cb:67:26:7a:03:
         36:13:c9:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj12/qSubv9Rxj9I+llPOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTk0MzQyOGIzY2Y5NmUyYzk1ZjYwNzM0Nzg0YTJjYTlkNGM2MzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbsJJsRsSz3gVbhdVhA/XQEAccN/
VN9h8qjmNi31i2YuKrqCw++tPGpVoMKhqjwyd5mxOJYsY0hHsh9O6X9yjlhZtcDl
y7SSq1NLgFGIaFfm8nN5LpUl+9eu89kP2JGd+ty1pnhaWXp4rPgbWMyz2o1IBHdy
cLUDkgnJlJAs9IEAxMDQ0HKiK0bRvTZgAbgLaxbgfRsWZW7y9TXw4t8OtGwv6m2l
X9PFBrcubEwj1AUlx4ouvGiLuXJbqpDOZkYQBGMOmFT07TmCx05PYXKh89BS7FO9
aAMRYlel1CFW9OPCACtrip4Emc/14kB/T56R9ZydRwplSVJVj3HfE5mxDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGUNCizz5biyV9gc0eEosqdTGMHMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvb1pRMEtMUFBsdUxKWDJCelI0U2l5cDFNWXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE0ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBSHF5Kfxx6XDl3szjOsWGJSNIBq1E8O/YP+1XGi4P4
aZOs04mGKMu+nswHdg2ibVcuytanh2+WNyt9+1XMtBEkw4ARSUYWsu49HfJ3sjkC
Zvec6cnmxgq+i/URLhA+dN+OCPXQul/kagMQi3bKFCLRIdnW6ifP+kf77V192XvG
hNz3desO4KzF3mOMHmzv1xFTIwgWeGIRqFcwt+CXj0bcZdHVXw5bt79sF0yfLvK0
lsyi2MBGCmUT47OEf+HQ9x1STMtGtAertMrhfTSW/CvX4QgU5KMIdTsj5QtQTgZL
lqcHs2crh/29ZbXckIWFIEa97MWbJ5hjy2cmegM2E8n9
-----END CERTIFICATE-----