Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/80F9flZBiBXX7cYq7Fpe6Y1_XmE.roa
File:                     80F9flZBiBXX7cYq7Fpe6Y1_XmE.roa (raw, json)
Hash identifier:          Y34JKxNCm+96WpvR+/eC8NWKCfT+GzSpQDJuXlu4BoI=
Subject key identifier:   F3:41:7D:7E:56:41:88:15:D7:ED:C6:2A:EC:5A:5E:E9:8D:7F:5E:61
Certificate issuer:       /CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
Certificate serial:       018D5E785053CBB954871358A5C40B7E06D9
Authority key identifier: CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/80F9flZBiBXX7cYq7Fpe6Y1_XmE.roa
Signing time:             Wed 31 Jan 2024 07:42:39 +0000
ROA not before:           Wed 31 Jan 2024 07:42:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25234
IP address blocks:        185.71.159.0/24 maxlen: 24
                          2a02:250:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:78:50:53:cb:b9:54:87:13:58:a5:c4:0b:7e:06:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
        Validity
            Not Before: Jan 31 07:42:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3417d7e56418815d7edc62aec5a5ee98d7f5e61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8e:a8:bc:a7:94:83:01:61:4e:c8:8f:2f:37:
                    b3:01:9d:a8:64:86:9e:91:ad:81:77:1e:90:0c:c5:
                    73:26:d9:a0:d4:06:b3:2c:ec:b0:58:27:9a:73:40:
                    66:43:9d:29:82:e0:f3:8b:4c:56:43:3b:5a:58:ea:
                    39:5b:58:f2:84:20:54:e6:02:fb:7c:eb:36:68:3c:
                    b8:30:60:97:2f:dc:2f:4d:f0:3b:5c:bb:3a:02:60:
                    c2:a3:3d:73:61:f4:61:12:02:d9:c6:be:e5:dd:d4:
                    8e:51:ec:e2:9f:61:db:43:f6:1d:a5:4d:75:54:50:
                    ed:aa:54:3e:65:07:c4:e6:e0:ee:47:45:7e:71:27:
                    85:3c:40:09:31:b1:1b:41:ee:23:83:60:80:15:81:
                    d3:f2:08:6a:7a:a6:9c:e5:73:11:91:21:91:62:f1:
                    de:2b:fe:b1:76:d6:0f:f0:d7:94:1d:79:52:74:62:
                    2e:fc:46:77:a1:da:5e:08:16:29:a5:3b:34:ad:c7:
                    46:b5:54:c5:a6:ca:e7:29:a5:59:e0:1a:cc:33:ca:
                    ae:2b:34:1b:6f:83:2c:b3:8f:3c:76:f8:9d:bc:41:
                    68:f1:ba:e8:42:08:bd:ee:c4:a8:30:37:2e:c6:9b:
                    dc:54:68:85:fb:03:00:d1:62:2e:3c:40:f3:ab:74:
                    31:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:41:7D:7E:56:41:88:15:D7:ED:C6:2A:EC:5A:5E:E9:8D:7F:5E:61
            X509v3 Authority Key Identifier:
                keyid:CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/80F9flZBiBXX7cYq7Fpe6Y1_XmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.159.0/24
                IPv6:
                  2a02:250:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:cd:42:5a:f5:69:14:8c:89:0d:c9:73:57:82:cd:d2:fd:b3:
         92:fa:3e:51:25:2f:27:3c:45:73:e1:33:b0:e2:ea:1e:dc:d3:
         57:d4:df:75:b4:fc:dc:e7:46:e7:e9:dc:a7:4a:cb:e2:df:e4:
         bb:62:7c:76:93:d7:7d:88:05:74:85:1b:f9:f2:ac:a8:80:66:
         78:a1:68:25:83:73:08:09:8c:70:56:78:33:3a:9d:8e:ee:ee:
         1a:a7:d5:58:04:08:fb:de:e9:7b:d8:59:36:f3:11:7e:da:26:
         6a:91:5b:02:3a:55:4d:3c:cd:c4:43:2c:72:50:7d:7c:98:3c:
         5e:79:90:40:07:52:e4:0d:ff:82:63:f9:44:4e:f2:f8:00:4a:
         22:fd:8b:89:00:a3:ce:8d:81:91:fc:35:17:36:ea:aa:d9:5d:
         f3:fb:98:bf:ef:ee:3d:bb:55:31:00:e5:e0:cf:aa:c5:a1:dd:
         c2:1b:dc:1f:55:92:2c:08:d0:e7:f3:74:96:47:9b:47:5b:56:
         f0:5e:6c:c1:d6:5c:58:dc:da:d4:a9:96:e7:ce:89:85:f9:52:
         7a:b6:a5:cd:10:72:53:4a:ab:0f:4a:b8:8c:27:e9:59:8b:48:
         f4:e6:74:f8:66:21:f6:d1:54:07:4e:8b:d9:c1:b1:f5:ee:37:
         82:aa:d1:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY1eeFBTy7lUhxNYpcQLfgbZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjVlZTIzYmZmNDJjY2Y2NzlkNzM3N2ZlNGRhNjk1ZDM0
MWFlZjAwHhcNMjQwMTMxMDc0MjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzQxN2Q3ZTU2NDE4ODE1ZDdlZGM2MmFlYzVhNWVlOThkN2Y1ZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmY6ovKeUgwFhTsiPLzezAZ2oZIae
ka2Bdx6QDMVzJtmg1AazLOywWCeac0BmQ50pguDzi0xWQztaWOo5W1jyhCBU5gL7
fOs2aDy4MGCXL9wvTfA7XLs6AmDCoz1zYfRhEgLZxr7l3dSOUezin2HbQ/YdpU11
VFDtqlQ+ZQfE5uDuR0V+cSeFPEAJMbEbQe4jg2CAFYHT8ghqeqac5XMRkSGRYvHe
K/6xdtYP8NeUHXlSdGIu/EZ3odpeCBYppTs0rcdGtVTFpsrnKaVZ4BrMM8quKzQb
b4Mss488dvidvEFo8broQgi97sSoMDcuxpvcVGiF+wMA0WIuPEDzq3QxzwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPNBfX5WQYgV1+3GKuxaXumNf15hMB8GA1UdIwQY
MBaAFM1l7iO/9CzPZ51zd/5NppXTQa7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQt
NWRjMmZhNmEzNTAzLzEvODBGOWZsWkJpQlhYN2NZcTdGcGU2WTFfWG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQtNWRjMmZhNmEzNTAz
LzEveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuUefMA8E
AgACMAkDBwAqAgJQAAMwDQYJKoZIhvcNAQELBQADggEBAL/NQlr1aRSMiQ3Jc1eC
zdL9s5L6PlElLyc8RXPhM7Di6h7c01fU33W0/NznRufp3KdKy+Lf5LtifHaT132I
BXSFG/nyrKiAZnihaCWDcwgJjHBWeDM6nY7u7hqn1VgECPve6XvYWTbzEX7aJmqR
WwI6VU08zcRDLHJQfXyYPF55kEAHUuQN/4Jj+URO8vgASiL9i4kAo86NgZH8NRc2
6qrZXfP7mL/v7j27VTEA5eDPqsWh3cIb3B9VkiwI0OfzdJZHm0dbVvBebMHWXFjc
2tSplufOiYX5Unq2pc0QclNKqw9KuIwn6VmLSPTmdPhmIfbRVAdOi9nBsfXuN4Kq
0aU=
-----END CERTIFICATE-----