Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/p2BFHxvSsQB0Uos-CEtrAOXs_Bw.roa
File:                     p2BFHxvSsQB0Uos-CEtrAOXs_Bw.roa (raw, json)
Hash identifier:          3ogaDE1eNICwpPw2HkDkoSXp1dcfqPsN1bg6bS5m2Vk=
Subject key identifier:   A7:60:45:1F:1B:D2:B1:00:74:52:8B:3E:08:4B:6B:00:E5:EC:FC:1C
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       018CC9BCACBF06B6A6150A425FD327B03791
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/p2BFHxvSsQB0Uos-CEtrAOXs_Bw.roa
Signing time:             Tue 02 Jan 2024 10:33:54 +0000
ROA not before:           Tue 02 Jan 2024 10:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35569
IP address blocks:        80.93.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ac:bf:06:b6:a6:15:0a:42:5f:d3:27:b0:37:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Jan  2 10:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a760451f1bd2b10074528b3e084b6b00e5ecfc1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:29:e3:65:f8:a4:5e:9d:e6:f4:2d:37:53:01:
                    c1:e9:0e:09:51:84:ec:4b:10:1f:31:27:01:65:87:
                    33:a1:e7:30:98:d3:c7:10:32:36:74:8e:70:28:0f:
                    99:8c:93:ac:ba:e0:1d:91:3d:e1:e2:86:2e:32:cc:
                    b8:1b:be:51:59:78:8b:cf:57:63:cc:1f:e9:d7:08:
                    de:1c:5c:99:ed:af:16:5c:ce:a3:af:35:65:3f:f9:
                    2f:9e:14:97:6c:47:d8:f1:d7:c0:8b:08:74:23:f6:
                    55:4b:b0:ec:39:af:ef:fb:92:e9:8e:be:43:b7:44:
                    56:e1:63:1a:a6:ef:59:0f:d1:ff:90:3b:e6:11:e6:
                    3c:ca:88:78:ee:45:f6:c2:75:6b:4c:6d:e8:6d:1d:
                    e4:8e:33:2a:cb:a5:b0:e7:32:f7:bb:c1:85:27:18:
                    0e:1d:b3:69:43:74:3f:d4:bc:23:b5:47:0f:e4:f0:
                    cf:0a:91:13:3c:8c:7d:de:37:b2:9b:aa:ad:5a:2c:
                    bf:a0:0b:d0:0b:d7:7b:a0:27:41:3f:6f:0f:c3:b4:
                    41:7d:90:aa:8a:3a:7b:2f:c6:b4:b5:af:7a:4c:91:
                    05:0e:bd:b9:9c:a7:ee:4e:da:95:f1:48:cd:a0:2a:
                    9d:44:a1:73:49:9f:f5:e0:eb:bb:80:3a:4b:6c:c6:
                    dc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:60:45:1F:1B:D2:B1:00:74:52:8B:3E:08:4B:6B:00:E5:EC:FC:1C
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/p2BFHxvSsQB0Uos-CEtrAOXs_Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         71:46:2f:f5:24:a9:48:44:72:fb:15:2c:e0:bb:ef:9f:d9:31:
         d2:30:fe:b1:99:07:0b:cb:06:62:13:bb:09:e7:f0:9b:79:e2:
         83:21:0a:f7:9f:71:29:41:e2:d6:d7:95:43:cd:9f:ff:6c:d0:
         4a:ac:04:08:2f:f5:6f:bc:23:7b:ac:89:a2:ce:86:e0:e3:93:
         42:cc:41:75:38:10:a0:19:9e:a5:0b:e9:b6:f9:94:c4:74:96:
         4b:03:b2:76:86:65:4c:df:62:79:48:e0:e3:2f:48:a5:90:06:
         b0:8e:de:cb:b5:b2:59:60:99:1e:5a:2e:02:5f:70:8f:82:81:
         ac:2d:18:b4:88:39:23:d6:51:59:69:73:75:1b:00:95:5b:7c:
         40:45:22:fd:37:83:b9:25:1c:14:08:d6:e2:c5:81:df:43:cc:
         f1:51:2f:b8:0d:68:d9:a9:f1:ee:65:72:50:ae:8d:67:58:04:
         93:78:05:9d:d6:7b:6b:6a:1f:f6:bd:f9:a3:df:88:fd:71:e3:
         f5:e9:13:4a:37:96:48:e4:7e:68:db:7a:b9:ba:ed:88:5b:51:
         49:a8:df:7f:bd:f2:da:fa:24:23:04:82:09:30:1a:e5:3a:e2:
         d4:3a:2e:26:7e:85:6f:a3:09:5b:06:5b:20:f6:ce:ac:17:10:
         6b:ba:31:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKy/BramFQpCX9MnsDeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjQwMTAyMTAzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzYwNDUxZjFiZDJiMTAwNzQ1MjhiM2UwODRiNmIwMGU1ZWNmYzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCnjZfikXp3m9C03UwHB6Q4JUYTs
SxAfMScBZYczoecwmNPHEDI2dI5wKA+ZjJOsuuAdkT3h4oYuMsy4G75RWXiLz1dj
zB/p1wjeHFyZ7a8WXM6jrzVlP/kvnhSXbEfY8dfAiwh0I/ZVS7DsOa/v+5Lpjr5D
t0RW4WMapu9ZD9H/kDvmEeY8yoh47kX2wnVrTG3obR3kjjMqy6Ww5zL3u8GFJxgO
HbNpQ3Q/1LwjtUcP5PDPCpETPIx93jeym6qtWiy/oAvQC9d7oCdBP28Pw7RBfZCq
ijp7L8a0ta96TJEFDr25nKfuTtqV8UjNoCqdRKFzSZ/14Ou7gDpLbMbc0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdgRR8b0rEAdFKLPghLawDl7PwcMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvcDJCRkh4dlNzUUIwVW9zLUNFdHJBT1hzX0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUF04MA0G
CSqGSIb3DQEBCwUAA4IBAQBxRi/1JKlIRHL7FSzgu++f2THSMP6xmQcLywZiE7sJ
5/CbeeKDIQr3n3EpQeLW15VDzZ//bNBKrAQIL/VvvCN7rImizobg45NCzEF1OBCg
GZ6lC+m2+ZTEdJZLA7J2hmVM32J5SODjL0ilkAawjt7LtbJZYJkeWi4CX3CPgoGs
LRi0iDkj1lFZaXN1GwCVW3xARSL9N4O5JRwUCNbixYHfQ8zxUS+4DWjZqfHuZXJQ
ro1nWASTeAWd1ntrah/2vfmj34j9ceP16RNKN5ZI5H5o23q5uu2IW1FJqN9/vfLa
+iQjBIIJMBrlOuLUOi4mfoVvowlbBlsg9s6sFxBrujGE
-----END CERTIFICATE-----