Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/j8zVjaV9qZpY8iFLqN_1FT-CLXQ.roa
File:                     j8zVjaV9qZpY8iFLqN_1FT-CLXQ.roa (raw, json)
Hash identifier:          Hsb4xGmzubtN4MtmWa5w7RN2yXBM4DJrJu/zrc5+zPE=
Subject key identifier:   8F:CC:D5:8D:A5:7D:A9:9A:58:F2:21:4B:A8:DF:F5:15:3F:82:2D:74
Certificate issuer:       /CN=a4f8436003d37602026b65531755ca8fcd31bed2
Certificate serial:       018CC86F4B4403E7078459823D705863C493
Authority key identifier: A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/j8zVjaV9qZpY8iFLqN_1FT-CLXQ.roa
Signing time:             Tue 02 Jan 2024 04:29:46 +0000
ROA not before:           Tue 02 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198903
IP address blocks:        80.243.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4b:44:03:e7:07:84:59:82:3d:70:58:63:c4:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f8436003d37602026b65531755ca8fcd31bed2
        Validity
            Not Before: Jan  2 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fccd58da57da99a58f2214ba8dff5153f822d74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d9:3d:98:ed:bb:c6:97:a4:fb:76:c3:dd:e1:
                    b8:d6:c1:98:fe:f8:d6:1d:4e:ce:45:bf:b8:6a:fe:
                    3f:2c:73:ef:58:f7:3f:19:88:ec:c9:de:32:1d:99:
                    52:62:64:2a:25:da:d7:12:ee:a8:3f:9a:1b:24:19:
                    2b:d3:23:ff:af:6f:f8:e8:4a:8c:9d:b1:53:bd:11:
                    e3:26:3c:31:41:bb:7e:5f:81:29:30:5c:7c:08:52:
                    b0:67:b6:25:4a:53:d6:6a:df:ee:02:5b:28:40:71:
                    a1:27:e3:25:4f:2f:5f:28:b6:c3:a5:79:2a:3d:a5:
                    e7:e5:20:11:72:18:bd:55:bd:45:49:f7:a3:62:9a:
                    36:09:f4:4f:f8:6c:95:04:bf:e0:85:e7:f4:19:95:
                    d3:de:27:d8:f4:76:19:6b:c7:3a:41:79:22:27:82:
                    ca:58:13:d9:58:f4:49:4d:48:b2:19:1c:bc:c8:8f:
                    f5:91:0f:52:b4:ca:ad:fe:73:9b:4a:81:3a:3c:66:
                    aa:2d:73:b1:38:ab:8c:5d:df:08:c9:de:26:78:ec:
                    b8:29:4e:46:5a:df:a0:13:0a:79:f4:01:e8:0c:c5:
                    d7:34:10:a2:a6:40:90:96:27:0c:65:7e:c7:69:f3:
                    5c:41:67:37:88:88:fb:e4:b1:72:b2:91:73:b5:a9:
                    0c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:CC:D5:8D:A5:7D:A9:9A:58:F2:21:4B:A8:DF:F5:15:3F:82:2D:74
            X509v3 Authority Key Identifier:
                keyid:A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/j8zVjaV9qZpY8iFLqN_1FT-CLXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.243.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:ca:ac:f3:b5:07:21:e5:dc:e3:1f:a3:a0:36:6b:5e:44:5a:
         36:b7:d8:a0:eb:fd:1a:a9:df:16:bc:1f:c3:11:08:18:d5:23:
         4f:c5:62:02:cc:af:7b:0e:58:8c:46:29:df:94:1d:c6:81:65:
         d9:15:6f:1b:a4:7a:a5:17:97:d0:7e:70:af:98:7f:51:f1:83:
         41:82:51:ba:00:a1:39:23:d7:56:dc:4d:2f:99:2a:ab:a9:c1:
         f3:12:ca:bc:08:4f:c6:4f:e6:77:9b:ff:cc:a7:0a:9d:86:ef:
         27:99:4e:c5:f9:bc:05:20:73:0c:87:43:bb:4f:44:bb:ad:da:
         99:be:d7:72:93:5e:4c:4d:c9:3c:dd:44:d0:3e:8e:61:0a:2e:
         f1:e0:88:2a:5a:29:c7:76:b3:27:b8:a5:24:f4:56:8b:5a:33:
         01:61:bf:9a:d0:37:d3:6e:de:c3:04:df:85:e2:40:a7:a5:3a:
         1e:81:02:97:c1:dd:23:5b:6a:50:c6:19:e2:1e:b0:30:3d:44:
         35:6f:4e:62:71:de:af:54:bf:dc:7d:53:3b:0b:2a:b8:86:87:
         93:ee:fa:a9:a9:31:83:59:ae:12:02:a1:b4:58:c3:0d:6d:e7:
         eb:40:9f:ea:2d:10:b5:69:b2:6f:61:2a:91:61:25:08:6d:32:
         f0:b9:ce:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0tEA+cHhFmCPXBYY8STMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Zjg0MzYwMDNkMzc2MDIwMjZiNjU1MzE3NTVjYThmY2Qz
MWJlZDIwHhcNMjQwMTAyMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmNjZDU4ZGE1N2RhOTlhNThmMjIxNGJhOGRmZjUxNTNmODIyZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdk9mO27xpek+3bD3eG41sGY/vjW
HU7ORb+4av4/LHPvWPc/GYjsyd4yHZlSYmQqJdrXEu6oP5obJBkr0yP/r2/46EqM
nbFTvRHjJjwxQbt+X4EpMFx8CFKwZ7YlSlPWat/uAlsoQHGhJ+MlTy9fKLbDpXkq
PaXn5SARchi9Vb1FSfejYpo2CfRP+GyVBL/ghef0GZXT3ifY9HYZa8c6QXkiJ4LK
WBPZWPRJTUiyGRy8yI/1kQ9StMqt/nObSoE6PGaqLXOxOKuMXd8Iyd4meOy4KU5G
Wt+gEwp59AHoDMXXNBCipkCQlicMZX7HafNcQWc3iIj75LFyspFztakMewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/M1Y2lfamaWPIhS6jf9RU/gi10MB8GA1UdIwQY
MBaAFKT4Q2AD03YCAmtlUxdVyo/NMb7SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQt
MjdiZjgzY2RlZDZiLzEvajh6VmphVjlxWnBZOGlGTHFOXzFGVC1DTFhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQtMjdiZjgzY2RlZDZi
LzEvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPN5MA0G
CSqGSIb3DQEBCwUAA4IBAQBtyqzztQch5dzjH6OgNmteRFo2t9ig6/0aqd8WvB/D
EQgY1SNPxWICzK97DliMRinflB3GgWXZFW8bpHqlF5fQfnCvmH9R8YNBglG6AKE5
I9dW3E0vmSqrqcHzEsq8CE/GT+Z3m//Mpwqdhu8nmU7F+bwFIHMMh0O7T0S7rdqZ
vtdyk15MTck83UTQPo5hCi7x4IgqWinHdrMnuKUk9FaLWjMBYb+a0DfTbt7DBN+F
4kCnpToegQKXwd0jW2pQxhniHrAwPUQ1b05icd6vVL/cfVM7Cyq4hoeT7vqpqTGD
Wa4SAqG0WMMNbefrQJ/qLRC1abJvYSqRYSUIbTLwuc7n
-----END CERTIFICATE-----