Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/BVbo9uh3-UvDvwSZi6BfXSBGPHU.roa
File:                     BVbo9uh3-UvDvwSZi6BfXSBGPHU.roa (raw, json)
Hash identifier:          Z8qyhH6viB+EEzaDtRv3WrjvxrAR7rKFv4csNYovB+g=
Subject key identifier:   05:56:E8:F6:E8:77:F9:4B:C3:BF:04:99:8B:A0:5F:5D:20:46:3C:75
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       019427489204C5C5AFB85F448F6947AB985A
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/BVbo9uh3-UvDvwSZi6BfXSBGPHU.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        80.93.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:92:04:c5:c5:af:b8:5f:44:8f:69:47:ab:98:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0556e8f6e877f94bc3bf04998ba05f5d20463c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:61:53:f4:62:3f:bb:f7:d6:b8:44:72:b5:04:
                    67:95:5c:01:c0:56:79:0b:f8:0d:61:c7:36:42:cf:
                    e5:21:54:76:ba:e3:ae:93:10:bc:4b:d4:20:da:39:
                    d1:06:b2:4e:cc:37:c9:3d:ad:94:78:26:8c:94:ff:
                    f0:28:35:a1:34:32:b5:19:7a:47:63:5c:74:64:e9:
                    c0:2a:16:b3:68:81:f0:ef:c6:5b:64:38:a7:40:8a:
                    8a:fd:0d:c3:65:ff:05:eb:96:54:56:7b:a3:20:3e:
                    06:f3:6e:88:21:86:7a:fb:ea:1e:11:18:e6:9d:39:
                    1f:0e:f3:b2:89:5d:53:31:4c:16:39:3e:e8:bf:1e:
                    52:31:5f:61:4e:04:34:38:f7:c9:89:5e:9f:f8:3d:
                    54:84:23:d6:88:31:d2:6c:f7:4f:14:a5:de:fc:2a:
                    d4:78:03:36:64:a5:10:9d:8f:b8:ff:41:d3:ba:d1:
                    eb:b3:94:e7:33:3b:9c:a5:f1:27:36:d0:ba:a8:44:
                    ae:f7:9e:e6:3f:e2:8f:b6:d2:16:b7:78:8f:61:c9:
                    0b:21:48:fb:ac:8e:90:9a:01:e3:33:1a:bb:26:b7:
                    e3:c4:7c:da:d0:6f:e0:64:a7:42:b6:da:60:1a:da:
                    f3:8b:01:0b:ff:57:e9:c8:f3:04:3f:c1:63:5b:d6:
                    cc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:56:E8:F6:E8:77:F9:4B:C3:BF:04:99:8B:A0:5F:5D:20:46:3C:75
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/BVbo9uh3-UvDvwSZi6BfXSBGPHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:1b:13:2a:53:88:e5:8f:d1:0c:e0:15:42:d0:61:fb:1c:06:
         9b:d6:14:6f:ce:28:fc:cf:7e:51:16:79:16:76:b5:a1:86:04:
         d9:2d:76:c3:8e:80:a7:c4:4d:e7:90:c8:79:0e:91:4e:93:8b:
         60:cc:69:8d:0e:86:cd:17:c7:b6:d2:53:41:70:c2:70:02:13:
         19:d6:01:91:64:cc:8b:df:c2:d0:34:83:fb:d8:44:e9:e4:5c:
         93:7c:6c:ea:99:71:a2:c3:97:00:61:2c:cc:2b:33:f1:ea:f2:
         2e:c2:89:b1:93:0f:88:30:a8:83:20:bf:4a:b0:26:02:d9:bb:
         e1:e8:a6:7b:34:6a:b5:8b:75:c9:a5:11:2d:48:f6:f9:20:37:
         92:89:1c:76:14:dc:19:40:fa:12:19:bd:b3:4e:87:c8:8b:59:
         bf:3c:af:eb:b2:a3:4c:1c:b4:bf:28:3e:64:70:22:14:da:70:
         89:a1:7a:b0:48:b4:78:f9:b0:00:fd:22:ad:9a:8a:a7:fe:67:
         12:1c:74:aa:0c:0b:4f:e1:d6:2c:a6:f9:6e:1b:1d:ac:b5:7b:
         ff:c6:d6:c2:57:3e:57:fa:fb:cc:18:00:ca:e3:0a:c2:33:a1:
         44:a3:76:9f:ed:f7:5f:24:aa:e8:da:ea:71:2c:6b:ff:9d:bc:
         0a:d1:0b:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJIExcWvuF9Ej2lHq5haMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTU2ZThmNmU4NzdmOTRiYzNiZjA0OTk4YmEwNWY1ZDIwNDYzYzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2FT9GI/u/fWuERytQRnlVwBwFZ5
C/gNYcc2Qs/lIVR2uuOukxC8S9Qg2jnRBrJOzDfJPa2UeCaMlP/wKDWhNDK1GXpH
Y1x0ZOnAKhazaIHw78ZbZDinQIqK/Q3DZf8F65ZUVnujID4G826IIYZ6++oeERjm
nTkfDvOyiV1TMUwWOT7ovx5SMV9hTgQ0OPfJiV6f+D1UhCPWiDHSbPdPFKXe/CrU
eAM2ZKUQnY+4/0HTutHrs5TnMzucpfEnNtC6qESu957mP+KPttIWt3iPYckLIUj7
rI6QmgHjMxq7JrfjxHza0G/gZKdCttpgGtrziwEL/1fpyPMEP8FjW9bM5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVW6Pbod/lLw78EmYugX10gRjx1MB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvQlZibzl1aDMtVXZEdndTWmk2QmZYU0JHUEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF3IMA0G
CSqGSIb3DQEBCwUAA4IBAQAYGxMqU4jlj9EM4BVC0GH7HAab1hRvzij8z35RFnkW
drWhhgTZLXbDjoCnxE3nkMh5DpFOk4tgzGmNDobNF8e20lNBcMJwAhMZ1gGRZMyL
38LQNIP72ETp5FyTfGzqmXGiw5cAYSzMKzPx6vIuwomxkw+IMKiDIL9KsCYC2bvh
6KZ7NGq1i3XJpREtSPb5IDeSiRx2FNwZQPoSGb2zTofIi1m/PK/rsqNMHLS/KD5k
cCIU2nCJoXqwSLR4+bAA/SKtmoqn/mcSHHSqDAtP4dYspvluGx2stXv/xtbCVz5X
+vvMGADK4wrCM6FEo3af7fdfJKro2upxLGv/nbwK0Quq
-----END CERTIFICATE-----