Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/MvXI14tDwVTEk5R-D7-LraqIO4w.roa
File:                     MvXI14tDwVTEk5R-D7-LraqIO4w.roa (raw, json)
Hash identifier:          3BHAzhEhaXiTqmDVNfIXzHzlk0Nw0qhzvKzpdNvcPCU=
Subject key identifier:   32:F5:C8:D7:8B:43:C1:54:C4:93:94:7E:0F:BF:8B:AD:AA:88:3B:8C
Certificate issuer:       /CN=ab53ec0e9a053cbbe0e9a071bcad9e68a99ccfa8
Certificate serial:       01965C8C24A9F8B3A68473F754C6A8A67EA2
Authority key identifier: AB:53:EC:0E:9A:05:3C:BB:E0:E9:A0:71:BC:AD:9E:68:A9:9C:CF:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1PsDpoFPLvg6aBxvK2eaKmcz6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/MvXI14tDwVTEk5R-D7-LraqIO4w.roa
Signing time:             Tue 22 Apr 2025 08:10:10 +0000
ROA not before:           Tue 22 Apr 2025 08:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34731
IP address blocks:        80.76.16.0/20 maxlen: 20
                          80.76.16.0/21 maxlen: 23
                          80.76.24.0/21 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/q1PsDpoFPLvg6aBxvK2eaKmcz6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/q1PsDpoFPLvg6aBxvK2eaKmcz6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1PsDpoFPLvg6aBxvK2eaKmcz6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5c:8c:24:a9:f8:b3:a6:84:73:f7:54:c6:a8:a6:7e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab53ec0e9a053cbbe0e9a071bcad9e68a99ccfa8
        Validity
            Not Before: Apr 22 08:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32f5c8d78b43c154c493947e0fbf8badaa883b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:91:a6:80:1b:04:ed:eb:50:56:45:a9:0e:dc:
                    c4:0b:20:3f:80:d6:ee:82:49:14:4e:a2:63:c6:21:
                    8a:72:a7:f9:05:c0:5d:73:f0:b3:2b:e4:a7:12:25:
                    ff:34:18:eb:b2:97:4b:9f:0e:91:ea:1c:dc:d7:9d:
                    b4:f2:d4:6b:56:7d:4c:e2:c8:a7:c1:2a:c5:a4:d7:
                    98:7f:38:65:d5:8b:a9:ec:11:d7:c5:bd:03:79:cd:
                    2d:c0:96:71:94:55:d7:47:3c:40:4b:df:38:09:ec:
                    cf:bf:8c:e0:3e:ea:39:53:09:cc:4b:e2:21:6e:4a:
                    2c:d9:c7:87:55:2f:76:15:68:7b:95:78:56:bd:66:
                    87:0b:5c:9b:f6:f4:19:65:6f:7b:7b:ac:db:98:b9:
                    c6:29:cb:b5:b0:4b:af:fd:c4:1f:6b:9f:ce:c5:6c:
                    5a:93:98:15:80:79:c6:8f:d5:f4:5e:48:1f:49:98:
                    17:92:17:7d:ec:be:64:c6:40:9e:24:ea:62:04:dc:
                    47:04:90:fb:f0:c2:3b:1c:52:a7:76:f5:83:b5:9f:
                    fc:6b:ea:c1:c9:d2:4c:7d:43:c0:13:f9:df:1e:2b:
                    11:77:30:e0:c5:3c:d6:cd:a7:70:6c:08:69:69:39:
                    20:74:d4:39:e9:15:0c:5d:54:0e:4a:48:b6:3a:74:
                    63:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:F5:C8:D7:8B:43:C1:54:C4:93:94:7E:0F:BF:8B:AD:AA:88:3B:8C
            X509v3 Authority Key Identifier:
                keyid:AB:53:EC:0E:9A:05:3C:BB:E0:E9:A0:71:BC:AD:9E:68:A9:9C:CF:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1PsDpoFPLvg6aBxvK2eaKmcz6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/MvXI14tDwVTEk5R-D7-LraqIO4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/61f398-94f6-4468-85f3-63fcaac31ca3/1/q1PsDpoFPLvg6aBxvK2eaKmcz6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:61:39:a1:32:0a:fa:1c:bc:cb:20:c1:c0:81:01:7c:d5:34:
         54:4d:b6:fd:a1:bd:0b:3d:f4:b3:f5:43:86:84:01:c5:b5:0e:
         3f:93:26:35:cd:c9:e6:d6:08:19:54:52:db:a8:14:53:bf:51:
         2c:ff:22:78:63:a1:6c:a9:04:3d:f1:2b:0a:4f:b4:b7:af:5f:
         7e:4b:84:bd:58:bd:4d:8c:5f:51:5d:d6:eb:f1:dd:8c:31:e4:
         93:39:0a:31:27:f0:ed:50:67:d9:a8:63:29:f8:cf:88:9a:55:
         47:39:63:27:15:d9:57:e9:4a:45:ee:7a:e4:1c:d8:dc:f9:0d:
         1e:d4:50:00:b8:71:da:ba:5b:df:a2:e3:2d:7f:67:7d:cc:8e:
         a7:74:d0:78:7a:18:dc:88:f0:b2:3a:c9:06:2e:cb:22:ba:b0:
         90:45:bb:6c:b9:e6:4a:0c:28:f7:ab:38:86:c4:fd:9f:e3:0a:
         2f:c9:15:da:5d:f2:41:f1:97:fc:09:3e:8d:4d:79:e4:9f:b7:
         2c:db:71:ff:ab:be:de:9a:75:26:a1:6f:7b:f1:ca:93:fb:ac:
         c7:71:87:e3:e0:a0:c3:d9:23:24:bf:37:81:94:71:7b:a9:27:
         a1:bc:bb:97:a0:a9:36:2f:9e:45:0f:82:5d:67:fd:9e:e1:da:
         36:a7:34:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZcjCSp+LOmhHP3VMaopn6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTNlYzBlOWEwNTNjYmJlMGU5YTA3MWJjYWQ5ZTY4YTk5
Y2NmYTgwHhcNMjUwNDIyMDgxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmY1YzhkNzhiNDNjMTU0YzQ5Mzk0N2UwZmJmOGJhZGFhODgzYjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45GmgBsE7etQVkWpDtzECyA/gNbu
gkkUTqJjxiGKcqf5BcBdc/CzK+SnEiX/NBjrspdLnw6R6hzc15208tRrVn1M4sin
wSrFpNeYfzhl1Yup7BHXxb0Dec0twJZxlFXXRzxAS984CezPv4zgPuo5UwnMS+Ih
bkos2ceHVS92FWh7lXhWvWaHC1yb9vQZZW97e6zbmLnGKcu1sEuv/cQfa5/OxWxa
k5gVgHnGj9X0XkgfSZgXkhd97L5kxkCeJOpiBNxHBJD78MI7HFKndvWDtZ/8a+rB
ydJMfUPAE/nfHisRdzDgxTzWzadwbAhpaTkgdNQ56RUMXVQOSki2OnRjGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDL1yNeLQ8FUxJOUfg+/i62qiDuMMB8GA1UdIwQY
MBaAFKtT7A6aBTy74OmgcbytnmipnM+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFQc0Rwb0ZQTHZnNmFCeHZLMmVhS21jejZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82MWYzOTgtOTRmNi00NDY4LTg1ZjMt
NjNmY2FhYzMxY2EzLzEvTXZYSTE0dER3VlRFazVSLUQ3LUxyYXFJTzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82MWYzOTgtOTRmNi00NDY4LTg1ZjMtNjNmY2FhYzMxY2Ez
LzEvcTFQc0Rwb0ZQTHZnNmFCeHZLMmVhS21jejZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUEwQMA0G
CSqGSIb3DQEBCwUAA4IBAQAQYTmhMgr6HLzLIMHAgQF81TRUTbb9ob0LPfSz9UOG
hAHFtQ4/kyY1zcnm1ggZVFLbqBRTv1Es/yJ4Y6FsqQQ98SsKT7S3r19+S4S9WL1N
jF9RXdbr8d2MMeSTOQoxJ/DtUGfZqGMp+M+ImlVHOWMnFdlX6UpF7nrkHNjc+Q0e
1FAAuHHaulvfouMtf2d9zI6ndNB4ehjciPCyOskGLssiurCQRbtsueZKDCj3qziG
xP2f4wovyRXaXfJB8Zf8CT6NTXnkn7cs23H/q77emnUmoW978cqT+6zHcYfj4KDD
2SMkvzeBlHF7qSehvLuXoKk2L55FD4JdZ/2e4do2pzQN
-----END CERTIFICATE-----