Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/nJGYGKu35BPUHSl06W5_FEUhBGw.roa
File:                     nJGYGKu35BPUHSl06W5_FEUhBGw.roa (raw, json)
Hash identifier:          +68++gsm6j3Cs1/dcd1pG8ojvhLuxt1k+V5TlQHQoa8=
Subject key identifier:   9C:91:98:18:AB:B7:E4:13:D4:1D:29:74:E9:6E:7F:14:45:21:04:6C
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       01934A69D4D41335208DD7ADEEBBF10ABED1
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/nJGYGKu35BPUHSl06W5_FEUhBGw.roa
Signing time:             Wed 20 Nov 2024 16:31:09 +0000
ROA not before:           Wed 20 Nov 2024 16:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213834
IP address blocks:        80.64.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:69:d4:d4:13:35:20:8d:d7:ad:ee:bb:f1:0a:be:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Nov 20 16:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c919818abb7e413d41d2974e96e7f144521046c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ed:e5:4b:43:ca:7f:3e:15:1b:78:d8:15:de:
                    73:57:cb:bb:a6:15:90:83:c2:cc:b8:38:42:fa:b3:
                    09:6d:0b:c7:5f:52:82:bc:a5:36:be:36:da:07:e8:
                    cd:bb:4d:2e:1d:cd:86:ff:a6:d4:3b:29:8e:84:8f:
                    88:e6:ca:78:b5:71:88:b6:72:62:5e:29:73:f9:c3:
                    ae:a2:35:18:25:75:f5:3f:30:e1:ad:a8:73:c2:5c:
                    1b:d3:6e:d8:00:60:9d:07:12:05:23:fb:e7:be:3d:
                    aa:80:4e:35:e5:e5:19:45:71:0d:ce:e6:e4:1c:25:
                    5c:d2:82:fb:b1:1d:c0:09:e1:42:0f:d4:c1:e9:9d:
                    bd:26:11:80:b0:ed:d6:7c:65:ad:c4:78:d4:a4:9f:
                    1b:ed:45:70:f0:db:fd:b9:4c:23:de:7d:a2:8d:8b:
                    6e:7a:1b:df:5e:d2:bb:b1:2b:e5:54:33:2f:48:7b:
                    61:62:0c:8d:09:77:09:9c:29:f3:30:2a:15:28:cd:
                    43:dd:f0:82:59:63:f2:28:c8:6c:c0:bb:28:34:bf:
                    aa:d2:b5:de:e7:20:f6:0b:d4:9f:1d:b4:36:34:c8:
                    0f:b7:c3:e1:f0:c4:6b:8e:dc:5d:b6:f0:fe:83:c3:
                    21:9c:2a:9b:26:94:bc:9a:b8:88:87:7a:33:3f:ce:
                    70:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:91:98:18:AB:B7:E4:13:D4:1D:29:74:E9:6E:7F:14:45:21:04:6C
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/nJGYGKu35BPUHSl06W5_FEUhBGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:17:75:d6:3b:d1:3a:aa:23:40:63:24:4b:e7:cc:bf:70:4a:
         57:0a:92:cb:52:c1:59:33:57:ab:e8:e9:93:99:32:7b:44:91:
         7d:1c:1a:56:a4:5b:67:3b:0b:05:db:11:6f:32:d6:04:03:94:
         23:3b:00:29:7a:6a:a0:24:b1:44:58:88:40:8b:1c:72:63:7a:
         a1:8f:92:4b:46:4f:95:ba:03:c8:d9:24:23:88:c1:ed:d6:bf:
         23:64:a7:9f:30:40:3e:dd:1c:7e:da:c9:b6:c2:33:39:ea:ab:
         a0:8f:a2:8d:51:be:04:8d:88:32:da:cd:02:f9:4d:b4:40:83:
         16:d0:5b:9e:94:5c:3e:a6:13:56:2a:b4:86:ed:ba:f0:55:d5:
         e5:90:e3:14:f6:09:b1:ef:de:f0:1d:72:54:88:55:45:17:e1:
         05:05:bf:09:05:a1:3a:7c:99:3c:eb:68:5e:ff:d0:1e:c7:14:
         ca:6b:63:3d:b6:4d:90:0f:6c:00:ae:fd:63:22:52:10:b2:99:
         d0:1f:94:32:8e:e4:cf:9d:64:07:6a:d7:7e:64:0b:b7:ab:c3:
         4c:06:a1:87:c8:68:fa:6b:e2:6d:09:ab:43:9c:4d:d4:15:53:
         5e:36:4b:5a:f4:ef:51:ba:11:68:8d:5e:81:91:29:3b:5a:98:
         96:00:5c:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNKadTUEzUgjdet7rvxCr7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQxMTIwMTYzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzkxOTgxOGFiYjdlNDEzZDQxZDI5NzRlOTZlN2YxNDQ1MjEwNDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u3lS0PKfz4VG3jYFd5zV8u7phWQ
g8LMuDhC+rMJbQvHX1KCvKU2vjbaB+jNu00uHc2G/6bUOymOhI+I5sp4tXGItnJi
Xilz+cOuojUYJXX1PzDhrahzwlwb027YAGCdBxIFI/vnvj2qgE415eUZRXENzubk
HCVc0oL7sR3ACeFCD9TB6Z29JhGAsO3WfGWtxHjUpJ8b7UVw8Nv9uUwj3n2ijYtu
ehvfXtK7sSvlVDMvSHthYgyNCXcJnCnzMCoVKM1D3fCCWWPyKMhswLsoNL+q0rXe
5yD2C9SfHbQ2NMgPt8Ph8MRrjtxdtvD+g8MhnCqbJpS8mriIh3ozP85wmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyRmBirt+QT1B0pdOlufxRFIQRsMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvbkpHWUdLdTM1QlBVSFNsMDZXNV9GRVVoQkd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEAWMA0G
CSqGSIb3DQEBCwUAA4IBAQCNF3XWO9E6qiNAYyRL58y/cEpXCpLLUsFZM1er6OmT
mTJ7RJF9HBpWpFtnOwsF2xFvMtYEA5QjOwApemqgJLFEWIhAixxyY3qhj5JLRk+V
ugPI2SQjiMHt1r8jZKefMEA+3Rx+2sm2wjM56qugj6KNUb4EjYgy2s0C+U20QIMW
0FuelFw+phNWKrSG7brwVdXlkOMU9gmx797wHXJUiFVFF+EFBb8JBaE6fJk862he
/9AexxTKa2M9tk2QD2wArv1jIlIQspnQH5QyjuTPnWQHatd+ZAu3q8NMBqGHyGj6
a+JtCatDnE3UFVNeNkta9O9RuhFojV6BkSk7WpiWAFwP
-----END CERTIFICATE-----