Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/VqGI977rLYSlPvPeIqKzU5gAsRQ.roa
File:                     VqGI977rLYSlPvPeIqKzU5gAsRQ.roa (raw, json)
Hash identifier:          lpVLT1GI44DAxERwMidgTiLaLBc+qxFL0OsVYhw1jZs=
Subject key identifier:   56:A1:88:F7:BE:EB:2D:84:A5:3E:F3:DE:22:A2:B3:53:98:00:B1:14
Certificate issuer:       /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial:       01967BCA6B9B890CC0D921F6589C04A2B646
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/VqGI977rLYSlPvPeIqKzU5gAsRQ.roa
Signing time:             Mon 28 Apr 2025 09:46:25 +0000
ROA not before:           Mon 28 Apr 2025 09:46:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        80.243.16.0/21 maxlen: 21
                          80.243.24.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 12:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:ca:6b:9b:89:0c:c0:d9:21:f6:58:9c:04:a2:b6:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
        Validity
            Not Before: Apr 28 09:46:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56a188f7beeb2d84a53ef3de22a2b3539800b114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:99:2e:1c:b0:9c:dc:ce:16:65:a2:02:7c:fc:
                    31:1a:ef:a3:53:d7:ad:85:df:9e:1b:cf:eb:bc:98:
                    1a:97:d6:57:16:9e:b4:a2:79:51:a0:2c:96:e9:3b:
                    53:35:74:ad:46:bf:60:bf:3d:b4:05:12:7a:2a:17:
                    79:d4:e1:ef:25:c5:0d:86:71:a3:c8:b6:45:a2:04:
                    37:61:00:7b:c1:ff:6d:23:83:e2:be:ee:39:d3:2d:
                    f8:25:ab:1d:4d:b0:9d:a6:19:12:b9:78:c6:24:61:
                    9b:18:62:f2:e0:6e:8e:bd:13:66:b3:8c:a0:b9:17:
                    b4:eb:ed:d2:5b:0a:f4:83:8f:3f:21:06:e1:fe:de:
                    8f:fa:31:05:51:22:ae:5a:ea:a2:2d:a7:91:b3:d6:
                    77:d2:63:1e:32:a8:4b:e8:d9:58:91:f4:43:50:86:
                    b8:44:82:71:13:fd:83:0f:07:1a:f1:fc:ff:32:04:
                    dc:52:6c:fe:9e:29:ce:4b:c6:7b:fb:ef:a3:67:4f:
                    d2:6d:92:1a:c9:89:8a:51:92:89:bc:85:c8:75:21:
                    2c:79:d3:d5:3d:9b:d9:ad:85:a1:1f:1f:65:d8:ea:
                    52:1e:68:5e:fd:a7:66:45:6c:0d:89:73:c8:32:5b:
                    60:c7:46:92:20:e6:9b:bc:e6:74:f2:0c:43:e9:25:
                    16:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A1:88:F7:BE:EB:2D:84:A5:3E:F3:DE:22:A2:B3:53:98:00:B1:14
            X509v3 Authority Key Identifier:
                keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/VqGI977rLYSlPvPeIqKzU5gAsRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.243.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ac:62:77:c7:2d:84:b2:fb:28:44:18:c7:26:83:39:48:b0:97:
         4b:85:b4:7f:59:d1:79:a0:8c:0a:70:58:3c:d2:1c:7d:be:73:
         3e:a9:cd:a0:01:35:f0:d4:40:0a:2c:57:2e:a8:28:ce:36:83:
         cb:95:7c:85:c9:e8:67:26:d6:c3:af:c2:53:b8:94:82:f6:67:
         7b:a2:34:c5:c9:38:90:24:a9:f6:48:20:f4:51:a5:c0:f8:a1:
         8d:8e:4a:a9:25:54:15:46:a5:c4:17:02:a9:12:e7:9c:78:87:
         14:fb:01:91:d9:6b:3a:69:6a:45:8f:59:8a:43:cc:6f:90:72:
         bf:6f:a9:1f:5f:38:19:4f:90:b1:08:a8:31:a6:8b:8b:52:b9:
         62:09:94:3e:bb:c3:eb:b9:60:cc:cd:32:89:c0:c3:36:f9:83:
         f3:6d:97:14:09:a1:0c:39:a4:76:3a:3b:90:b6:91:7d:2e:44:
         e1:69:26:28:b7:53:b1:15:01:51:c3:7e:be:f6:a4:9b:d4:eb:
         9e:cf:8a:7a:bc:03:e4:cc:55:b8:a6:2f:78:3a:a9:a9:e5:07:
         28:9a:d6:9a:10:fe:be:2a:21:f5:f4:3e:b0:23:b0:a8:a7:9b:
         ef:2c:5a:99:b3:26:5f:53:b3:b0:cd:92:27:2b:98:c3:78:15:
         b7:56:e9:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ7ymubiQzA2SH2WJwEorZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjUwNDI4MDk0NjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmExODhmN2JlZWIyZDg0YTUzZWYzZGUyMmEyYjM1Mzk4MDBiMTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZkuHLCc3M4WZaICfPwxGu+jU9et
hd+eG8/rvJgal9ZXFp60onlRoCyW6TtTNXStRr9gvz20BRJ6Khd51OHvJcUNhnGj
yLZFogQ3YQB7wf9tI4Pivu450y34JasdTbCdphkSuXjGJGGbGGLy4G6OvRNms4yg
uRe06+3SWwr0g48/IQbh/t6P+jEFUSKuWuqiLaeRs9Z30mMeMqhL6NlYkfRDUIa4
RIJxE/2DDwca8fz/MgTcUmz+ninOS8Z7+++jZ0/SbZIayYmKUZKJvIXIdSEsedPV
PZvZrYWhHx9l2OpSHmhe/admRWwNiXPIMltgx0aSIOabvOZ08gxD6SUW0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFahiPe+6y2EpT7z3iKis1OYALEUMB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvVnFHSTk3N3JMWVNsUHZQZUlxS3pVNWdBc1JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPMQMA0G
CSqGSIb3DQEBCwUAA4IBAQCsYnfHLYSy+yhEGMcmgzlIsJdLhbR/WdF5oIwKcFg8
0hx9vnM+qc2gATXw1EAKLFcuqCjONoPLlXyFyehnJtbDr8JTuJSC9md7ojTFyTiQ
JKn2SCD0UaXA+KGNjkqpJVQVRqXEFwKpEueceIcU+wGR2Ws6aWpFj1mKQ8xvkHK/
b6kfXzgZT5CxCKgxpouLUrliCZQ+u8PruWDMzTKJwMM2+YPzbZcUCaEMOaR2OjuQ
tpF9LkThaSYot1OxFQFRw36+9qSb1Ouez4p6vAPkzFW4pi94Oqmp5QcomtaaEP6+
KiH19D6wI7Cop5vvLFqZsyZfU7OwzZInK5jDeBW3VunC
-----END CERTIFICATE-----