Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/ilyh709wFNRgVSf8-FIF4wsN9-k.roa
File:                     ilyh709wFNRgVSf8-FIF4wsN9-k.roa (raw, json)
Hash identifier:          NSXgZZjVUouG+M+9XjrMyuXfs/q5W396eebWt6A23NE=
Subject key identifier:   8A:5C:A1:EF:4F:70:14:D4:60:55:27:FC:F8:52:05:E3:0B:0D:F7:E9
Certificate issuer:       /CN=2ac64dc21cb5fd4d0bcb02cc2b43fd751fd91e1e
Certificate serial:       018CFD53DC2DDAD888D48DD9EAD353806D92
Authority key identifier: 2A:C6:4D:C2:1C:B5:FD:4D:0B:CB:02:CC:2B:43:FD:75:1F:D9:1E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsZNwhy1_U0LywLMK0P9dR_ZHh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/ilyh709wFNRgVSf8-FIF4wsN9-k.roa
Signing time:             Fri 12 Jan 2024 10:59:40 +0000
ROA not before:           Fri 12 Jan 2024 10:59:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199296
IP address blocks:        80.94.19.0/24 maxlen: 24
                          80.94.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/KsZNwhy1_U0LywLMK0P9dR_ZHh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/KsZNwhy1_U0LywLMK0P9dR_ZHh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsZNwhy1_U0LywLMK0P9dR_ZHh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:53:dc:2d:da:d8:88:d4:8d:d9:ea:d3:53:80:6d:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac64dc21cb5fd4d0bcb02cc2b43fd751fd91e1e
        Validity
            Not Before: Jan 12 10:59:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a5ca1ef4f7014d4605527fcf85205e30b0df7e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:86:95:0a:03:cc:42:2d:53:de:9f:fa:0a:2c:
                    94:59:f6:bc:80:08:fa:af:36:df:18:e1:08:ea:45:
                    03:e4:fb:32:09:9b:39:24:61:ca:b7:ff:10:68:22:
                    9e:d6:90:e2:82:cb:23:f7:8b:5a:8f:6f:db:c4:db:
                    69:60:25:3b:f0:de:3d:32:a5:b4:8c:28:a0:19:70:
                    d9:e2:27:30:2f:c2:a4:e7:47:bd:fc:48:1d:a1:52:
                    83:eb:a6:49:d3:5f:02:99:e3:03:cc:9d:94:25:72:
                    e6:f5:32:fd:2b:e9:fe:3f:88:db:98:f5:d0:91:12:
                    8c:e0:98:35:e0:dd:e7:9b:52:c8:d2:61:62:16:0f:
                    0e:06:a0:93:c0:7e:42:9a:27:83:df:f6:a1:5a:b3:
                    30:6c:b0:d9:dd:93:a3:73:25:47:96:72:28:6b:6f:
                    17:7c:1a:61:ab:fd:5a:6d:c6:47:18:ca:c6:69:3e:
                    3d:51:ad:25:14:32:cd:07:e0:23:e1:09:df:c7:54:
                    2d:0c:40:42:db:f3:8d:5f:4d:12:04:6f:b3:ba:8a:
                    ce:10:f6:72:e8:e3:88:fc:a2:3b:d4:68:34:6c:a9:
                    da:43:9a:c1:29:36:2d:29:a6:ee:a8:f4:43:29:0f:
                    0b:6b:aa:ec:2c:b5:b2:cb:c0:2f:03:bc:16:31:b8:
                    f3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:5C:A1:EF:4F:70:14:D4:60:55:27:FC:F8:52:05:E3:0B:0D:F7:E9
            X509v3 Authority Key Identifier:
                keyid:2A:C6:4D:C2:1C:B5:FD:4D:0B:CB:02:CC:2B:43:FD:75:1F:D9:1E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsZNwhy1_U0LywLMK0P9dR_ZHh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/ilyh709wFNRgVSf8-FIF4wsN9-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/KsZNwhy1_U0LywLMK0P9dR_ZHh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.94.19.0/24
                  80.94.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:44:b8:3c:7d:ee:05:7b:d2:59:01:e5:c9:7d:3b:3d:ae:e1:
         0c:d8:9b:26:63:3b:9e:7e:f5:0d:db:03:3e:b1:9b:bc:e3:0b:
         5e:69:e9:26:8b:e3:8c:c1:93:1b:d3:b4:12:fe:d9:38:8a:10:
         0a:92:13:29:90:7c:d2:fb:1a:fd:7e:11:ea:e8:e9:78:0c:7e:
         90:f4:a1:dc:a6:c7:32:8b:91:8d:8e:bc:80:51:9a:e5:ba:7a:
         1f:5d:ab:a1:8a:83:7c:4c:54:2c:14:6c:4e:bf:e5:c1:7d:4b:
         68:3e:02:29:f8:a9:d8:3e:02:f7:ee:c4:83:08:db:a9:06:c7:
         68:f8:f9:e6:22:03:96:a6:9a:4f:11:fd:0f:73:69:0c:e4:11:
         28:9e:49:d6:73:2a:3f:c2:9a:e4:dd:bd:c4:c9:5a:a0:65:ed:
         c5:6c:23:c3:90:a1:e0:3b:43:ba:a7:26:83:ed:ad:1a:20:9d:
         65:4c:0e:30:df:7b:3f:e4:12:af:70:7d:cf:1f:60:d7:3b:e7:
         57:54:8a:73:0f:e4:9f:15:04:b7:dc:aa:a2:5d:ff:6b:2b:16:
         84:ef:a2:29:46:3e:02:0a:e9:48:f9:df:df:2a:e6:dc:5e:fd:
         ac:f6:6f:2c:68:69:72:a6:23:8e:db:a3:5b:61:39:94:aa:53:
         12:b2:54:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYz9U9wt2tiI1I3Z6tNTgG2SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzY0ZGMyMWNiNWZkNGQwYmNiMDJjYzJiNDNmZDc1MWZk
OTFlMWUwHhcNMjQwMTEyMTA1OTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTVjYTFlZjRmNzAxNGQ0NjA1NTI3ZmNmODUyMDVlMzBiMGRmN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oaVCgPMQi1T3p/6CiyUWfa8gAj6
rzbfGOEI6kUD5PsyCZs5JGHKt/8QaCKe1pDigssj94taj2/bxNtpYCU78N49MqW0
jCigGXDZ4icwL8Kk50e9/EgdoVKD66ZJ018CmeMDzJ2UJXLm9TL9K+n+P4jbmPXQ
kRKM4Jg14N3nm1LI0mFiFg8OBqCTwH5CmieD3/ahWrMwbLDZ3ZOjcyVHlnIoa28X
fBphq/1abcZHGMrGaT49Ua0lFDLNB+Aj4Qnfx1QtDEBC2/ONX00SBG+zuorOEPZy
6OOI/KI71Gg0bKnaQ5rBKTYtKabuqPRDKQ8La6rsLLWyy8AvA7wWMbjzbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIpcoe9PcBTUYFUn/PhSBeMLDffpMB8GA1UdIwQY
MBaAFCrGTcIctf1NC8sCzCtD/XUf2R4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NaTndoeTFfVTBMeXdMTUswUDlkUl9aSGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9kZTFkYjQtZWM3OC00ZTQxLTk1NzAt
MDk3YzNjMWMyNTQwLzEvaWx5aDcwOXdGTlJnVlNmOC1GSUY0d3NOOS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9kZTFkYjQtZWM3OC00ZTQxLTk1NzAtMDk3YzNjMWMyNTQw
LzEvS3NaTndoeTFfVTBMeXdMTUswUDlkUl9aSGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUF4TAwQA
UF4XMA0GCSqGSIb3DQEBCwUAA4IBAQBQRLg8fe4Fe9JZAeXJfTs9ruEM2JsmYzue
fvUN2wM+sZu84wteaekmi+OMwZMb07QS/tk4ihAKkhMpkHzS+xr9fhHq6Ol4DH6Q
9KHcpscyi5GNjryAUZrlunofXauhioN8TFQsFGxOv+XBfUtoPgIp+KnYPgL37sSD
CNupBsdo+PnmIgOWpppPEf0Pc2kM5BEonknWcyo/wprk3b3EyVqgZe3FbCPDkKHg
O0O6pyaD7a0aIJ1lTA4w33s/5BKvcH3PH2DXO+dXVIpzD+SfFQS33KqiXf9rKxaE
76IpRj4CCulI+d/fKubcXv2s9m8saGlypiOO26NbYTmUqlMSslTB
-----END CERTIFICATE-----