Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/ybS-EzQPwrApIgbEorR_sY798fE.roa
File:                     ybS-EzQPwrApIgbEorR_sY798fE.roa (raw, json)
Hash identifier:          lDTyKZn7BpjHSH4bVKOrG+FhzPW6IkaHc7lUMfClApA=
Subject key identifier:   C9:B4:BE:13:34:0F:C2:B0:29:22:06:C4:A2:B4:7F:B1:8E:FD:F1:F1
Certificate issuer:       /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial:       018CC7273BD733CE422928D05F2A53FF0189
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/ybS-EzQPwrApIgbEorR_sY798fE.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9145
IP address blocks:        80.69.112.0/20 maxlen: 20
                          2a03:1e01::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3b:d7:33:ce:42:29:28:d0:5f:2a:53:ff:01:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9b4be13340fc2b0292206c4a2b47fb18efdf1f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:01:25:92:8b:b6:5d:e5:cb:45:2f:d0:5a:27:
                    48:bd:7e:d5:c1:39:b7:ec:9d:12:11:88:e7:d1:3c:
                    8e:42:3f:fe:91:2a:c9:07:fe:b9:f6:80:c1:c3:a7:
                    72:d2:be:12:ce:6d:20:d4:71:7e:c8:af:49:89:3e:
                    1e:61:ca:26:fc:21:d5:20:cb:05:80:f5:44:f2:52:
                    a6:94:bc:3f:bd:d3:01:25:09:c9:a3:4f:42:49:a6:
                    ce:7a:c7:a1:b2:f9:bf:b7:f5:0c:c6:3a:e3:c1:11:
                    30:91:41:4b:8b:42:60:de:43:e4:4d:91:ea:00:f9:
                    c1:66:2e:dd:43:32:16:fe:92:47:25:f9:91:1c:82:
                    ca:ec:fd:a8:46:74:62:3e:eb:6d:cc:46:42:0c:64:
                    8c:cf:5a:6b:a2:09:e7:c0:97:85:e0:fc:fb:34:c9:
                    be:76:04:4b:8f:2d:3c:c5:d2:df:16:d0:75:32:7f:
                    6c:ce:df:d3:ba:08:a5:1d:c8:27:8b:df:f8:53:73:
                    66:bf:0e:d5:62:fb:cc:13:c9:09:66:ee:4b:2d:7f:
                    8f:86:49:ac:24:33:d2:1e:33:1d:7b:ef:4a:c3:c3:
                    7b:7a:c1:43:56:28:4c:e0:a4:46:ca:09:50:29:c9:
                    07:e7:ca:44:0d:f7:29:54:79:27:06:4d:71:67:5f:
                    e3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:B4:BE:13:34:0F:C2:B0:29:22:06:C4:A2:B4:7F:B1:8E:FD:F1:F1
            X509v3 Authority Key Identifier:
                keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/ybS-EzQPwrApIgbEorR_sY798fE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.69.112.0/20
                IPv6:
                  2a03:1e01::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:54:b0:58:79:f2:f8:61:95:54:87:91:87:eb:0b:91:51:20:
         a2:5a:b7:03:03:9e:d4:16:aa:b7:82:17:22:e1:40:80:c6:84:
         b3:dd:4a:e6:b8:2e:26:11:b8:66:19:89:bc:5b:cb:6e:f2:4a:
         a0:fa:b0:6a:ad:01:4f:6f:bd:41:c6:04:4b:cb:e9:4c:82:61:
         7f:2b:83:8a:e8:c1:ac:86:1e:da:14:f2:48:a1:33:4e:b1:fc:
         38:ca:18:b7:5c:0b:7b:62:64:66:e0:84:71:2d:b8:b6:3e:1a:
         29:4f:53:3b:cc:94:bf:41:df:9e:c1:2e:39:c7:bd:b1:ca:ad:
         15:d3:46:e9:2b:45:ef:b6:00:75:f2:3f:35:60:45:c8:26:e3:
         42:12:5c:dc:e4:25:d1:39:e0:87:2b:84:ee:d3:e0:32:aa:0e:
         08:f8:3f:72:e4:24:f8:51:9b:ad:9c:87:03:f7:70:48:22:88:
         10:10:9b:41:66:52:2c:71:ed:54:3e:80:b3:97:bd:bc:f5:e9:
         79:61:34:f5:ac:0d:3d:b7:97:88:93:30:c3:b9:b2:e7:bf:8c:
         29:62:4d:a2:c0:7e:b5:8c:b4:4a:70:5a:58:23:cb:18:bd:57:
         d9:6d:6a:e7:df:28:9d:37:f6:74:06:2b:90:e6:b2:d4:05:f4:
         b1:a0:69:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJzvXM85CKSjQXypT/wGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWI0YmUxMzM0MGZjMmIwMjkyMjA2YzRhMmI0N2ZiMThlZmRmMWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAElkou2XeXLRS/QWidIvX7VwTm3
7J0SEYjn0TyOQj/+kSrJB/659oDBw6dy0r4Szm0g1HF+yK9JiT4eYcom/CHVIMsF
gPVE8lKmlLw/vdMBJQnJo09CSabOesehsvm/t/UMxjrjwREwkUFLi0Jg3kPkTZHq
APnBZi7dQzIW/pJHJfmRHILK7P2oRnRiPuttzEZCDGSMz1prognnwJeF4Pz7NMm+
dgRLjy08xdLfFtB1Mn9szt/TugilHcgni9/4U3Nmvw7VYvvME8kJZu5LLX+Phkms
JDPSHjMde+9Kw8N7esFDVihM4KRGyglQKckH58pEDfcpVHknBk1xZ1/jJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMm0vhM0D8KwKSIGxKK0f7GO/fHxMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEveWJTLUV6UVB3ckFwSWdiRW9yUl9zWTc5OGZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUEVwMA0E
AgACMAcDBQAqAx4BMA0GCSqGSIb3DQEBCwUAA4IBAQC2VLBYefL4YZVUh5GH6wuR
USCiWrcDA57UFqq3ghci4UCAxoSz3UrmuC4mEbhmGYm8W8tu8kqg+rBqrQFPb71B
xgRLy+lMgmF/K4OK6MGshh7aFPJIoTNOsfw4yhi3XAt7YmRm4IRxLbi2PhopT1M7
zJS/Qd+ewS45x72xyq0V00bpK0XvtgB18j81YEXIJuNCElzc5CXROeCHK4Tu0+Ay
qg4I+D9y5CT4UZutnIcD93BIIogQEJtBZlIsce1UPoCzl7289el5YTT1rA09t5eI
kzDDubLnv4wpYk2iwH61jLRKcFpYI8sYvVfZbWrn3yidN/Z0BiuQ5rLUBfSxoGno
-----END CERTIFICATE-----