Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/7KVCTwe-yf3ru7jgzchmAT6yBWo.roa
File:                     7KVCTwe-yf3ru7jgzchmAT6yBWo.roa (raw, json)
Hash identifier:          3A709P2++qe75An2XUc0/D8KMLOxqTtzHZ8/WKXRfME=
Subject key identifier:   EC:A5:42:4F:07:BE:C9:FD:EB:BB:B8:E0:CD:C8:66:01:3E:B2:05:6A
Certificate issuer:       /CN=e9b1a6c061455c08e9147b281fc7424cbc545f41
Certificate serial:       018CC801186A7E23342E2D6DB3C7027F1326
Authority key identifier: E9:B1:A6:C0:61:45:5C:08:E9:14:7B:28:1F:C7:42:4C:BC:54:5F:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bGmwGFFXAjpFHsoH8dCTLxUX0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/7KVCTwe-yf3ru7jgzchmAT6yBWo.roa
Signing time:             Tue 02 Jan 2024 02:29:24 +0000
ROA not before:           Tue 02 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202803
IP address blocks:        80.64.212.0/23 maxlen: 23
                          80.64.212.0/22 maxlen: 22
                          80.64.214.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/6bGmwGFFXAjpFHsoH8dCTLxUX0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/6bGmwGFFXAjpFHsoH8dCTLxUX0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6bGmwGFFXAjpFHsoH8dCTLxUX0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:18:6a:7e:23:34:2e:2d:6d:b3:c7:02:7f:13:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b1a6c061455c08e9147b281fc7424cbc545f41
        Validity
            Not Before: Jan  2 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eca5424f07bec9fdebbbb8e0cdc866013eb2056a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7f:f6:69:fe:d4:b7:d6:aa:44:6d:05:a8:0f:
                    95:97:63:3e:7a:0c:f0:a9:7f:10:61:13:ef:53:37:
                    b3:82:69:84:ec:5a:24:4a:3b:00:da:22:db:ef:b0:
                    a9:f2:7a:35:0b:a0:6f:8b:6a:50:75:13:b9:b0:d2:
                    85:a5:96:1a:84:83:ec:fd:3b:11:3f:f2:42:e3:4e:
                    c9:98:65:d9:b5:3e:4b:0d:96:23:3f:25:a5:a7:e4:
                    8c:0f:f4:88:3e:db:55:0f:61:5f:15:7f:27:eb:ff:
                    4f:9f:52:5a:99:77:fa:9a:b9:0f:0e:24:a1:ad:f1:
                    24:25:a5:01:1d:65:bd:54:30:50:0f:ae:01:a7:27:
                    a7:9a:ac:a4:57:f7:1c:77:8a:aa:09:91:8f:a1:aa:
                    bd:61:a4:08:9d:45:59:8e:48:fa:da:ce:4b:34:33:
                    75:73:89:19:b9:ce:90:29:e4:10:06:cb:6f:aa:f6:
                    6d:d1:ae:cc:19:60:43:93:ec:0f:f1:59:ff:86:a0:
                    ee:ff:c2:82:c0:10:91:ee:03:2b:15:49:b6:61:f1:
                    44:3c:00:d4:54:ec:43:d5:83:ef:3c:a0:8e:c3:e8:
                    49:5a:35:53:74:a2:b4:dc:d5:70:e2:01:29:4b:cf:
                    7f:da:2a:bf:67:01:15:62:6a:c7:c8:7b:93:46:76:
                    3c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A5:42:4F:07:BE:C9:FD:EB:BB:B8:E0:CD:C8:66:01:3E:B2:05:6A
            X509v3 Authority Key Identifier:
                keyid:E9:B1:A6:C0:61:45:5C:08:E9:14:7B:28:1F:C7:42:4C:BC:54:5F:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bGmwGFFXAjpFHsoH8dCTLxUX0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/7KVCTwe-yf3ru7jgzchmAT6yBWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/afdf95-2834-4dcc-b41d-3f9f264ceb20/1/6bGmwGFFXAjpFHsoH8dCTLxUX0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:28:45:c7:63:4b:ce:b5:85:6c:79:ad:23:fe:6d:83:9d:32:
         a9:d2:ab:af:ab:c7:e5:28:c3:bf:85:88:70:ef:30:92:74:69:
         e5:54:31:ba:66:2e:80:1a:13:fd:20:b4:2b:e1:8f:ea:bc:b6:
         c0:b6:12:35:73:97:49:c1:94:f6:69:c8:97:d4:47:53:21:e9:
         1b:fb:37:63:f9:b4:c7:98:61:e2:99:92:19:21:a2:c1:18:60:
         14:d1:f9:c5:82:9d:8d:ab:2e:73:15:d0:66:10:44:5e:68:2a:
         18:17:21:9f:7e:67:b1:6b:d7:48:69:cb:ac:37:46:46:47:0c:
         72:40:a9:6a:a3:70:76:da:e6:b8:04:56:8e:64:42:33:cc:3a:
         60:82:66:91:5d:14:ad:e4:39:b3:4f:cf:9f:84:05:cc:12:b5:
         34:70:d3:d8:f8:af:3e:4e:73:4e:68:b9:1b:2b:ce:b3:34:b2:
         a7:c3:c2:9e:e9:7e:55:6c:c3:af:66:7a:6a:50:1b:7d:18:79:
         70:5b:17:99:0c:70:54:e4:d7:12:af:89:60:59:b1:14:af:72:
         c6:99:97:f2:d3:48:cc:26:84:fc:8d:25:33:fa:be:0a:a0:f0:
         65:0a:fd:f3:4c:2e:c7:88:3d:b9:01:e8:d5:d3:06:18:6d:41:
         97:df:5d:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARhqfiM0Li1ts8cCfxMmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjFhNmMwNjE0NTVjMDhlOTE0N2IyODFmYzc0MjRjYmM1
NDVmNDEwHhcNMjQwMTAyMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2E1NDI0ZjA3YmVjOWZkZWJiYmI4ZTBjZGM4NjYwMTNlYjIwNTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0X/2af7Ut9aqRG0FqA+Vl2M+egzw
qX8QYRPvUzezgmmE7FokSjsA2iLb77Cp8no1C6Bvi2pQdRO5sNKFpZYahIPs/TsR
P/JC407JmGXZtT5LDZYjPyWlp+SMD/SIPttVD2FfFX8n6/9Pn1JamXf6mrkPDiSh
rfEkJaUBHWW9VDBQD64BpyenmqykV/ccd4qqCZGPoaq9YaQInUVZjkj62s5LNDN1
c4kZuc6QKeQQBstvqvZt0a7MGWBDk+wP8Vn/hqDu/8KCwBCR7gMrFUm2YfFEPADU
VOxD1YPvPKCOw+hJWjVTdKK03NVw4gEpS89/2iq/ZwEVYmrHyHuTRnY83wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOylQk8Hvsn967u44M3IZgE+sgVqMB8GA1UdIwQY
MBaAFOmxpsBhRVwI6RR7KB/HQky8VF9BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJHbXdHRkZYQWpwRkhzb0g4ZENUTHhVWDBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hZmRmOTUtMjgzNC00ZGNjLWI0MWQt
M2Y5ZjI2NGNlYjIwLzEvN0tWQ1R3ZS15ZjNydTdqZ3pjaG1BVDZ5QldvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hZmRmOTUtMjgzNC00ZGNjLWI0MWQtM2Y5ZjI2NGNlYjIw
LzEvNmJHbXdHRkZYQWpwRkhzb0g4ZENUTHhVWDBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUEDUMA0G
CSqGSIb3DQEBCwUAA4IBAQCOKEXHY0vOtYVsea0j/m2DnTKp0quvq8flKMO/hYhw
7zCSdGnlVDG6Zi6AGhP9ILQr4Y/qvLbAthI1c5dJwZT2aciX1EdTIekb+zdj+bTH
mGHimZIZIaLBGGAU0fnFgp2Nqy5zFdBmEEReaCoYFyGffmexa9dIacusN0ZGRwxy
QKlqo3B22ua4BFaOZEIzzDpggmaRXRSt5DmzT8+fhAXMErU0cNPY+K8+TnNOaLkb
K86zNLKnw8Ke6X5VbMOvZnpqUBt9GHlwWxeZDHBU5NcSr4lgWbEUr3LGmZfy00jM
JoT8jSUz+r4KoPBlCv3zTC7HiD25AejV0wYYbUGX311s
-----END CERTIFICATE-----