Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/gTX3Cwtg2gH5FsWY2dtBLohjYXU.roa
File:                     gTX3Cwtg2gH5FsWY2dtBLohjYXU.roa (raw, json)
Hash identifier:          0RY0w5MfllqPnn+hC9SxX0VzXBfZy8GGIiQgQXLm79s=
Subject key identifier:   81:35:F7:0B:0B:60:DA:01:F9:16:C5:98:D9:DB:41:2E:88:63:61:75
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       0191DB3C50D309A2C6CBFC51A3A12A72BE2A
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/gTX3Cwtg2gH5FsWY2dtBLohjYXU.roa
Signing time:             Tue 10 Sep 2024 09:20:48 +0000
ROA not before:           Tue 10 Sep 2024 09:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        80.93.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:db:3c:50:d3:09:a2:c6:cb:fc:51:a3:a1:2a:72:be:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Sep 10 09:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8135f70b0b60da01f916c598d9db412e88636175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4c:80:af:82:36:17:96:0e:1c:4f:12:13:1e:
                    5c:66:e9:96:a4:d0:56:22:fd:e4:47:6c:f7:55:38:
                    9a:77:73:9a:74:df:73:3f:5d:ce:6e:ac:bb:43:1a:
                    e2:fc:c0:01:6d:a9:fd:80:4a:c7:a8:a8:1f:a9:8e:
                    3d:c8:5b:27:5b:f3:81:c8:74:d1:ae:03:75:0b:41:
                    03:e4:11:db:1c:12:e7:26:0c:7f:b4:c6:8d:7d:ae:
                    72:5a:79:02:3c:c7:2e:cd:e3:3a:46:19:6d:83:73:
                    d2:34:a9:d4:04:23:ae:83:30:75:9f:e4:ad:b8:f0:
                    c4:e1:52:cb:24:e4:4e:68:be:2b:15:33:18:12:6a:
                    34:9c:a8:0e:82:05:5c:0c:71:b3:e6:9d:01:c3:89:
                    30:44:0a:d1:54:cb:85:d2:d1:40:6a:78:8d:d1:c4:
                    f5:7f:a5:b1:cd:d3:d3:91:f5:0b:cd:1a:b6:a8:62:
                    38:fe:17:2e:81:ff:c3:ac:a1:b7:a9:08:96:da:ca:
                    5b:98:88:3c:d5:d6:5b:e5:39:af:6c:98:f0:8a:91:
                    7d:a9:20:4d:3b:2d:f6:6c:d8:d3:b4:ac:de:ac:05:
                    f6:dd:52:a4:a2:6c:28:1d:70:c5:3d:8f:aa:f2:f4:
                    2f:24:8a:2d:f5:07:6b:5b:45:ef:3f:e1:da:50:2f:
                    96:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:35:F7:0B:0B:60:DA:01:F9:16:C5:98:D9:DB:41:2E:88:63:61:75
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/gTX3Cwtg2gH5FsWY2dtBLohjYXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:d8:e6:6a:1c:8f:56:79:97:3f:30:d3:b7:83:6b:7e:a8:9b:
         5c:ed:69:c6:6d:0a:4c:19:c4:fe:fa:8d:92:c8:0e:8a:fa:2a:
         1a:6e:be:f7:24:c6:64:bf:c3:51:86:28:b4:0c:f3:6e:c0:8c:
         41:1d:4a:16:83:fb:12:43:6b:4a:92:b4:ba:d1:f1:3b:98:c2:
         8c:5a:7e:09:af:f5:10:08:65:9d:c7:16:cc:28:7b:36:9e:be:
         4a:36:a8:b1:a5:cb:77:fb:42:dc:8e:14:ea:2d:0e:5f:4b:09:
         e0:be:8c:67:f5:72:9e:7d:73:f9:66:90:dd:48:bd:f6:7f:66:
         6f:0b:c9:e9:c7:20:83:2f:64:98:a5:17:0d:69:96:7c:11:1a:
         41:db:36:99:00:ae:32:bc:8f:99:11:16:6b:d6:dc:ab:be:5c:
         94:5b:a1:56:20:08:c9:57:67:53:1f:58:78:a0:64:b4:71:88:
         92:22:06:f9:1b:fe:99:c2:b6:26:ff:6e:d3:7f:f7:eb:cc:74:
         ca:09:07:55:2e:3f:16:d3:01:19:43:49:41:b6:f7:07:32:63:
         9b:8d:a8:5b:f5:3e:d6:cf:71:94:15:08:bc:53:ae:33:63:40:
         df:0a:58:f0:45:50:12:36:ab:f7:91:60:54:28:37:25:c4:c7:
         e0:61:82:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHbPFDTCaLGy/xRo6Eqcr4qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjQwOTEwMDkyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTM1ZjcwYjBiNjBkYTAxZjkxNmM1OThkOWRiNDEyZTg4NjM2MTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0yAr4I2F5YOHE8SEx5cZumWpNBW
Iv3kR2z3VTiad3OadN9zP13Obqy7Qxri/MABban9gErHqKgfqY49yFsnW/OByHTR
rgN1C0ED5BHbHBLnJgx/tMaNfa5yWnkCPMcuzeM6Rhltg3PSNKnUBCOugzB1n+St
uPDE4VLLJOROaL4rFTMYEmo0nKgOggVcDHGz5p0Bw4kwRArRVMuF0tFAaniN0cT1
f6WxzdPTkfULzRq2qGI4/hcugf/DrKG3qQiW2spbmIg81dZb5TmvbJjwipF9qSBN
Oy32bNjTtKzerAX23VKkomwoHXDFPY+q8vQvJIot9QdrW0XvP+HaUC+WUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIE19wsLYNoB+RbFmNnbQS6IY2F1MB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvZ1RYM0N3dGcyZ0g1RnNXWTJkdEJMb2hqWVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF3OMA0G
CSqGSIb3DQEBCwUAA4IBAQBC2OZqHI9WeZc/MNO3g2t+qJtc7WnGbQpMGcT++o2S
yA6K+ioabr73JMZkv8NRhii0DPNuwIxBHUoWg/sSQ2tKkrS60fE7mMKMWn4Jr/UQ
CGWdxxbMKHs2nr5KNqixpct3+0LcjhTqLQ5fSwngvoxn9XKefXP5ZpDdSL32f2Zv
C8npxyCDL2SYpRcNaZZ8ERpB2zaZAK4yvI+ZERZr1tyrvlyUW6FWIAjJV2dTH1h4
oGS0cYiSIgb5G/6ZwrYm/27Tf/frzHTKCQdVLj8W0wEZQ0lBtvcHMmObjahb9T7W
z3GUFQi8U64zY0DfCljwRVASNqv3kWBUKDclxMfgYYJd
-----END CERTIFICATE-----