Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/810c11-a105-4db1-a6b5-392b863c9f03/1/87P_Ci_iU70ncygI7CnpcT0_t3U.roa
File:                     87P_Ci_iU70ncygI7CnpcT0_t3U.roa (raw, json)
Hash identifier:          Dx/6MtnsELNcfT3Kd/IAvBHzZJiX4ArB2AnOrW867fY=
Subject key identifier:   F3:B3:FF:0A:2F:E2:53:BD:27:73:28:08:EC:29:E9:71:3D:3F:B7:75
Certificate issuer:       /CN=ecba774ba82fb0427f766e783e770f4bd96416f9
Certificate serial:       0194258F563073D0942FF7363C9012539060
Authority key identifier: EC:BA:77:4B:A8:2F:B0:42:7F:76:6E:78:3E:77:0F:4B:D9:64:16:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Lp3S6gvsEJ_dm54PncPS9lkFvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/810c11-a105-4db1-a6b5-392b863c9f03/1/87P_Ci_iU70ncygI7CnpcT0_t3U.roa
Signing time:             Thu 02 Jan 2025 05:48:58 +0000
ROA not before:           Thu 02 Jan 2025 05:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198394
IP address blocks:        80.84.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/810c11-a105-4db1-a6b5-392b863c9f03/1/7Lp3S6gvsEJ_dm54PncPS9lkFvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/810c11-a105-4db1-a6b5-392b863c9f03/1/7Lp3S6gvsEJ_dm54PncPS9lkFvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Lp3S6gvsEJ_dm54PncPS9lkFvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:56:30:73:d0:94:2f:f7:36:3c:90:12:53:90:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecba774ba82fb0427f766e783e770f4bd96416f9
        Validity
            Not Before: Jan  2 05:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3b3ff0a2fe253bd27732808ec29e9713d3fb775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:db:a7:ff:61:ec:1a:17:03:8a:03:da:40:2d:
                    30:32:45:90:be:90:af:65:a5:35:80:48:d2:53:ca:
                    cc:3d:d1:e7:ae:69:1c:d5:44:19:db:8b:49:1e:56:
                    34:bc:38:b3:37:30:3b:cb:24:a3:77:8e:e8:44:12:
                    23:9d:a0:47:22:7c:2a:8b:9c:db:52:6d:05:ab:f5:
                    7e:c9:46:63:77:d6:46:01:b8:9c:fc:ea:f0:c2:e7:
                    77:2a:cf:fa:33:68:e4:c0:ba:5e:5a:93:87:70:da:
                    1b:03:dd:9d:4c:0c:b9:41:01:d8:cc:2d:84:f6:f8:
                    14:8e:43:b6:f6:2b:35:8c:a6:2a:3e:42:e0:14:af:
                    e6:96:a5:96:77:7c:db:72:1d:4e:96:1b:3e:70:6c:
                    f9:2f:f2:05:bd:08:c1:95:eb:95:79:89:88:b4:f2:
                    92:cb:9f:df:52:e3:1c:3d:e8:55:02:5a:0f:45:b9:
                    7f:54:90:2c:db:4f:fe:b3:50:4d:69:7a:ec:80:ef:
                    d3:7c:51:cf:9d:d5:dc:b8:59:9b:f0:ca:21:64:a7:
                    e1:fe:69:3a:83:f8:51:99:64:39:a2:b4:14:57:13:
                    7d:23:55:58:a7:c4:78:46:de:ac:90:9b:97:27:95:
                    c3:22:e1:9f:1c:ed:92:60:6c:94:bb:88:8d:83:f7:
                    48:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:B3:FF:0A:2F:E2:53:BD:27:73:28:08:EC:29:E9:71:3D:3F:B7:75
            X509v3 Authority Key Identifier:
                keyid:EC:BA:77:4B:A8:2F:B0:42:7F:76:6E:78:3E:77:0F:4B:D9:64:16:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Lp3S6gvsEJ_dm54PncPS9lkFvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/810c11-a105-4db1-a6b5-392b863c9f03/1/87P_Ci_iU70ncygI7CnpcT0_t3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/810c11-a105-4db1-a6b5-392b863c9f03/1/7Lp3S6gvsEJ_dm54PncPS9lkFvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:3e:e7:e1:11:c5:5a:2e:38:09:8a:c7:81:9b:5e:bc:54:21:
         cd:30:81:bc:e7:48:d8:7c:7c:17:2d:12:9f:71:c9:34:e8:dc:
         48:e9:52:23:42:36:70:cf:d3:9c:79:b4:88:7a:a5:52:4c:32:
         ea:0b:a7:ee:86:fe:10:7c:55:29:41:f4:a8:ac:14:6d:7d:09:
         e6:fa:9c:6c:13:e4:80:0c:85:65:4d:5c:16:63:ea:dc:fd:b5:
         2c:bd:2c:8f:6f:73:78:ad:9d:9c:a8:78:c9:fe:d4:e8:32:c9:
         06:df:b3:e2:99:58:ff:7b:3c:df:20:db:3d:9c:ae:28:18:da:
         ab:20:3f:a4:db:a7:1d:7d:59:2c:cc:1f:77:4d:21:00:9d:c0:
         94:0f:88:01:5d:e6:17:dc:17:e9:de:90:94:44:ef:84:ac:41:
         69:97:44:0f:63:0a:1f:f4:de:b2:ee:d3:a0:b9:32:c6:c7:14:
         d2:6e:7e:1c:cf:59:fc:f1:33:62:35:be:e3:f6:1c:3d:2c:e4:
         87:9d:c1:06:31:0a:18:36:4b:ee:25:5d:df:a7:d5:88:62:eb:
         54:c5:47:23:45:12:0c:d5:15:f2:79:0a:90:3c:25:2d:b0:e7:
         da:6b:cd:43:d6:b9:8d:e1:2b:1d:1c:25:28:d3:85:28:dc:91:
         d6:01:1e:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj1Ywc9CUL/c2PJASU5BgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjYmE3NzRiYTgyZmIwNDI3Zjc2NmU3ODNlNzcwZjRiZDk2
NDE2ZjkwHhcNMjUwMTAyMDU0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2IzZmYwYTJmZTI1M2JkMjc3MzI4MDhlYzI5ZTk3MTNkM2ZiNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Nun/2HsGhcDigPaQC0wMkWQvpCv
ZaU1gEjSU8rMPdHnrmkc1UQZ24tJHlY0vDizNzA7yySjd47oRBIjnaBHInwqi5zb
Um0Fq/V+yUZjd9ZGAbic/Orwwud3Ks/6M2jkwLpeWpOHcNobA92dTAy5QQHYzC2E
9vgUjkO29is1jKYqPkLgFK/mlqWWd3zbch1Olhs+cGz5L/IFvQjBleuVeYmItPKS
y5/fUuMcPehVAloPRbl/VJAs20/+s1BNaXrsgO/TfFHPndXcuFmb8MohZKfh/mk6
g/hRmWQ5orQUVxN9I1VYp8R4Rt6skJuXJ5XDIuGfHO2SYGyUu4iNg/dIHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOz/wov4lO9J3MoCOwp6XE9P7d1MB8GA1UdIwQY
MBaAFOy6d0uoL7BCf3ZueD53D0vZZBb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0xwM1M2Z3ZzRUpfZG01NFBuY1BTOWxrRnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi84MTBjMTEtYTEwNS00ZGIxLWE2YjUt
MzkyYjg2M2M5ZjAzLzEvODdQX0NpX2lVNzBuY3lnSTdDbnBjVDBfdDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi84MTBjMTEtYTEwNS00ZGIxLWE2YjUtMzkyYjg2M2M5ZjAz
LzEvN0xwM1M2Z3ZzRUpfZG01NFBuY1BTOWxrRnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFSSMA0G
CSqGSIb3DQEBCwUAA4IBAQBUPufhEcVaLjgJiseBm168VCHNMIG850jYfHwXLRKf
cck06NxI6VIjQjZwz9OcebSIeqVSTDLqC6fuhv4QfFUpQfSorBRtfQnm+pxsE+SA
DIVlTVwWY+rc/bUsvSyPb3N4rZ2cqHjJ/tToMskG37PimVj/ezzfINs9nK4oGNqr
ID+k26cdfVkszB93TSEAncCUD4gBXeYX3Bfp3pCURO+ErEFpl0QPYwof9N6y7tOg
uTLGxxTSbn4cz1n88TNiNb7j9hw9LOSHncEGMQoYNkvuJV3fp9WIYutUxUcjRRIM
1RXyeQqQPCUtsOfaa81D1rmN4SsdHCUo04Uo3JHWAR56
-----END CERTIFICATE-----