Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/FtUQDEV_goV9Q63cZwJrNo1XKeY.roa
File:                     FtUQDEV_goV9Q63cZwJrNo1XKeY.roa (raw, json)
Hash identifier:          Poc/aj2i2jRAb5gMRxZ1X3AZiJk2CkXvF60h8JBU3Lg=
Subject key identifier:   16:D5:10:0C:45:7F:82:85:7D:43:AD:DC:67:02:6B:36:8D:57:29:E6
Certificate issuer:       /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial:       019427488C63CE866B087A906CF4F8BB0A54
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/FtUQDEV_goV9Q63cZwJrNo1XKeY.roa
Signing time:             Thu 02 Jan 2025 13:50:53 +0000
ROA not before:           Thu 02 Jan 2025 13:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9145
IP address blocks:        80.69.112.0/20 maxlen: 20
                          2a03:1e01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8c:63:ce:86:6b:08:7a:90:6c:f4:f8:bb:0a:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
        Validity
            Not Before: Jan  2 13:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16d5100c457f82857d43addc67026b368d5729e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:5c:9f:4d:68:21:01:42:99:4a:7c:9c:96:70:
                    a8:f4:73:e6:19:1f:bc:11:be:c4:11:06:c7:20:6e:
                    28:4b:1e:5c:15:56:7f:f5:76:41:4d:e6:b1:7f:58:
                    01:31:86:f3:3d:01:f6:06:2c:6b:55:17:7f:b9:3a:
                    1b:07:27:63:b4:b2:ba:ca:21:ec:a3:32:52:48:54:
                    ed:3c:c9:37:c4:09:96:c3:a9:d8:8e:eb:a5:dd:cc:
                    db:0e:9d:24:cb:e8:51:ed:5a:be:04:31:45:3d:d4:
                    2c:e9:74:32:1d:9e:af:8d:02:c3:aa:3a:c3:56:f7:
                    5c:4d:02:08:95:25:a4:05:95:d1:c7:9f:50:99:1b:
                    ec:d2:12:93:26:51:80:16:5d:67:61:38:03:de:17:
                    2f:de:ed:17:af:f5:42:05:e3:f9:cf:22:dc:f3:62:
                    bd:c7:78:c7:58:b1:52:37:88:cc:3c:e0:0b:cd:25:
                    54:38:8f:36:f8:43:24:e3:c3:fb:27:0a:1b:f3:5f:
                    ae:89:aa:47:81:02:71:2b:8f:08:ef:29:f5:13:40:
                    bf:b8:5e:fd:43:08:0c:81:f2:3f:85:a7:d1:87:59:
                    c3:89:fa:9e:28:c4:5a:39:78:9e:28:01:e3:cc:6d:
                    2c:c6:96:de:34:d5:e7:5e:ea:15:65:06:33:dc:b1:
                    c4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D5:10:0C:45:7F:82:85:7D:43:AD:DC:67:02:6B:36:8D:57:29:E6
            X509v3 Authority Key Identifier:
                keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/FtUQDEV_goV9Q63cZwJrNo1XKeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.69.112.0/20
                IPv6:
                  2a03:1e01::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:3b:1e:e4:1a:b6:53:75:5c:31:fb:46:83:af:06:eb:9f:cf:
         68:b6:2f:1c:7c:be:cd:13:c9:3e:3c:40:6f:35:73:97:00:29:
         45:d5:f9:aa:db:53:a5:d5:e8:1a:f8:ec:19:d3:d5:89:2a:ed:
         3c:31:3f:9a:45:5e:75:8b:20:38:e1:83:3b:b9:64:53:27:68:
         f9:4b:93:cc:aa:ca:51:91:2e:14:7b:cb:bb:41:74:be:c7:13:
         f3:7a:15:51:92:5f:9a:6a:4b:67:5c:66:11:b0:19:a2:1e:ee:
         7b:20:3b:c1:8e:4e:43:2a:8a:af:f0:17:4c:53:e5:1c:bf:25:
         98:44:74:02:c3:3c:75:72:88:7e:c3:01:70:a1:29:cc:0a:55:
         49:e9:93:52:c0:3c:f5:34:39:76:24:6d:4f:cb:b8:45:f1:43:
         a7:e4:59:2d:a6:43:92:ed:99:fe:3f:b9:06:6c:9f:2a:07:35:
         c5:2e:ad:70:f8:40:be:86:9b:05:cd:00:92:78:96:9e:1f:10:
         68:d7:6d:0c:c2:b2:0d:d4:4f:9d:c3:bc:ed:31:0c:98:20:7b:
         de:e3:a3:cc:3d:7e:ad:28:4a:b2:47:c5:12:a4:b0:78:63:e7:
         71:0a:3e:31:34:5b:04:8e:af:e0:51:8b:ff:fa:36:a2:c5:b3:
         22:4a:a4:98
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnSIxjzoZrCHqQbPT4uwpUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjUwMTAyMTM1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQ1MTAwYzQ1N2Y4Mjg1N2Q0M2FkZGM2NzAyNmIzNjhkNTcyOWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1yfTWghAUKZSnyclnCo9HPmGR+8
Eb7EEQbHIG4oSx5cFVZ/9XZBTeaxf1gBMYbzPQH2BixrVRd/uTobBydjtLK6yiHs
ozJSSFTtPMk3xAmWw6nYjuul3czbDp0ky+hR7Vq+BDFFPdQs6XQyHZ6vjQLDqjrD
VvdcTQIIlSWkBZXRx59QmRvs0hKTJlGAFl1nYTgD3hcv3u0Xr/VCBeP5zyLc82K9
x3jHWLFSN4jMPOALzSVUOI82+EMk48P7Jwob81+uiapHgQJxK48I7yn1E0C/uF79
QwgMgfI/hafRh1nDifqeKMRaOXieKAHjzG0sxpbeNNXnXuoVZQYz3LHEiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBbVEAxFf4KFfUOt3GcCazaNVynmMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvRnRVUURFVl9nb1Y5UTYzY1p3SnJObzFYS2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUEVwMA0E
AgACMAcDBQAqAx4BMA0GCSqGSIb3DQEBCwUAA4IBAQCNOx7kGrZTdVwx+0aDrwbr
n89oti8cfL7NE8k+PEBvNXOXAClF1fmq21Ol1ega+OwZ09WJKu08MT+aRV51iyA4
4YM7uWRTJ2j5S5PMqspRkS4Ue8u7QXS+xxPzehVRkl+aaktnXGYRsBmiHu57IDvB
jk5DKoqv8BdMU+UcvyWYRHQCwzx1coh+wwFwoSnMClVJ6ZNSwDz1NDl2JG1Py7hF
8UOn5FktpkOS7Zn+P7kGbJ8qBzXFLq1w+EC+hpsFzQCSeJaeHxBo120MwrIN1E+d
w7ztMQyYIHve46PMPX6tKEqyR8USpLB4Y+dxCj4xNFsEjq/gUYv/+jaixbMiSqSY
-----END CERTIFICATE-----