Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/QnsXSr4Dzbtn6Db9TUFSHtKfJC0.roa
File:                     QnsXSr4Dzbtn6Db9TUFSHtKfJC0.roa (raw, json)
Hash identifier:          HsleVPbn7SNkt17VorPJLQD2BDlC+qDjVn/ziMBifdM=
Subject key identifier:   42:7B:17:4A:BE:03:CD:BB:67:E8:36:FD:4D:41:52:1E:D2:9F:24:2D
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258FA5B4D1B42C25556847A529034E7C
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/QnsXSr4Dzbtn6Db9TUFSHtKfJC0.roa
Signing time:             Thu 02 Jan 2025 05:49:18 +0000
ROA not before:           Thu 02 Jan 2025 05:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213810
IP address blocks:        80.64.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:a5:b4:d1:b4:2c:25:55:68:47:a5:29:03:4e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=427b174abe03cdbb67e836fd4d41521ed29f242d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4f:cb:f9:42:1e:e5:e4:6f:bd:2b:7d:fa:a6:
                    b5:dc:55:b5:a2:ad:8c:6e:2d:53:52:f7:d3:b9:1f:
                    8b:41:88:b3:73:96:2f:ba:23:d2:9b:4e:81:fe:e5:
                    c9:2b:56:e6:a3:3e:44:b8:f3:55:c4:66:95:cc:56:
                    c2:38:7e:b4:d8:99:a2:d3:68:85:7e:0c:62:4d:24:
                    0f:d3:14:eb:dd:2e:d8:67:9a:ad:0d:2d:46:f7:2a:
                    88:9f:3a:21:3f:2d:96:27:73:2d:54:1a:6c:8a:72:
                    53:64:97:65:95:ea:0d:26:72:81:5a:ed:e9:7b:8f:
                    d7:28:87:ee:0e:0b:c7:5b:da:21:54:60:9f:27:37:
                    63:b1:b5:46:60:20:0e:06:fe:c8:85:c6:c0:a6:a7:
                    22:aa:6a:8f:54:95:84:c5:62:a9:ef:00:66:5b:8f:
                    b6:a7:13:da:bf:ed:2d:7c:2e:63:df:8b:ed:da:e1:
                    69:98:d7:8f:fc:ca:17:b5:d5:d1:f3:e8:d7:aa:61:
                    c0:70:d7:0a:94:3f:e2:c4:2b:73:c3:4d:1c:ca:28:
                    ff:39:28:20:cd:60:f8:01:cd:4c:b9:67:f7:04:e8:
                    f3:5a:a2:86:4c:60:2f:91:1b:11:96:2a:35:49:b9:
                    05:c3:ca:1c:8f:b5:52:fe:02:20:8c:cb:da:dd:42:
                    20:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:7B:17:4A:BE:03:CD:BB:67:E8:36:FD:4D:41:52:1E:D2:9F:24:2D
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/QnsXSr4Dzbtn6Db9TUFSHtKfJC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:0a:93:f9:29:5c:e1:d7:97:db:0e:d7:8c:db:78:5a:8f:53:
         9b:78:a9:48:3f:66:df:f8:9a:eb:0e:c4:72:b5:93:6d:9b:7c:
         22:a8:cf:68:e0:f8:88:8f:a2:ef:00:c2:a6:8c:10:c2:ec:7e:
         c5:cc:a8:3c:fa:93:4a:32:5f:7e:d8:4a:ba:42:8d:46:82:c2:
         71:9d:89:88:6f:d4:5a:57:53:cb:cc:97:7d:87:be:14:51:15:
         7f:63:3c:5d:f3:31:2c:55:5e:22:af:df:15:c5:44:07:f2:2a:
         77:d8:9b:c7:8f:66:ae:e0:d5:b1:c4:47:61:19:be:7d:1d:86:
         76:d6:6e:10:b2:a1:02:9b:a2:6c:f6:8a:ff:2e:7f:14:f0:6c:
         49:52:51:c8:17:a3:93:07:05:14:50:ec:fc:01:7a:a0:fd:b3:
         67:9e:ef:91:a7:03:04:4b:a3:eb:62:21:92:35:7c:3f:85:8b:
         04:0b:a9:f4:36:15:f4:5b:b6:c8:01:2d:79:81:46:34:56:4e:
         32:16:0a:41:d9:5d:33:ab:f9:d5:03:cb:f3:9f:45:d4:0a:c2:
         1a:39:fe:77:30:13:e8:32:f1:b0:02:0b:3c:68:6f:95:c2:12:
         68:d8:e4:1d:a2:df:3c:12:5f:29:8e:71:b0:7f:27:81:40:0b:
         f7:4e:fe:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj6W00bQsJVVoR6UpA058MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjdiMTc0YWJlMDNjZGJiNjdlODM2ZmQ0ZDQxNTIxZWQyOWYyNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlE/L+UIe5eRvvSt9+qa13FW1oq2M
bi1TUvfTuR+LQYizc5YvuiPSm06B/uXJK1bmoz5EuPNVxGaVzFbCOH602Jmi02iF
fgxiTSQP0xTr3S7YZ5qtDS1G9yqInzohPy2WJ3MtVBpsinJTZJdlleoNJnKBWu3p
e4/XKIfuDgvHW9ohVGCfJzdjsbVGYCAOBv7IhcbApqciqmqPVJWExWKp7wBmW4+2
pxPav+0tfC5j34vt2uFpmNeP/MoXtdXR8+jXqmHAcNcKlD/ixCtzw00cyij/OSgg
zWD4Ac1MuWf3BOjzWqKGTGAvkRsRlio1SbkFw8ocj7VS/gIgjMva3UIgdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJ7F0q+A827Z+g2/U1BUh7SnyQtMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvUW5zWFNyNER6YnRuNkRiOVRVRlNIdEtmSkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEAUMA0G
CSqGSIb3DQEBCwUAA4IBAQCeCpP5KVzh15fbDteM23haj1ObeKlIP2bf+JrrDsRy
tZNtm3wiqM9o4PiIj6LvAMKmjBDC7H7FzKg8+pNKMl9+2Eq6Qo1GgsJxnYmIb9Ra
V1PLzJd9h74UURV/Yzxd8zEsVV4ir98VxUQH8ip32JvHj2au4NWxxEdhGb59HYZ2
1m4QsqECm6Js9or/Ln8U8GxJUlHIF6OTBwUUUOz8AXqg/bNnnu+RpwMES6PrYiGS
NXw/hYsEC6n0NhX0W7bIAS15gUY0Vk4yFgpB2V0zq/nVA8vzn0XUCsIaOf53MBPo
MvGwAgs8aG+VwhJo2OQdot88El8pjnGwfyeBQAv3Tv5n
-----END CERTIFICATE-----