Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/7ed08b-492d-44bf-9e4e-fe573b023fd2/1/CFgfumA6eVbdyiTFC9BHJp42GfE.roa
File:                     CFgfumA6eVbdyiTFC9BHJp42GfE.roa (raw, json)
Hash identifier:          oFBXnKcPnVTkxujnsJ/QBxuD4X+2KW/MSJq1V1POY4w=
Subject key identifier:   08:58:1F:BA:60:3A:79:56:DD:CA:24:C5:0B:D0:47:26:9E:36:19:F1
Certificate issuer:       /CN=f7bc29f353852d180d23410997d0f047ec1778d3
Certificate serial:       018CCA2A83AA23330829A842797AA3457DE6
Authority key identifier: F7:BC:29:F3:53:85:2D:18:0D:23:41:09:97:D0:F0:47:EC:17:78:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/97wp81OFLRgNI0EJl9DwR-wXeNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/7ed08b-492d-44bf-9e4e-fe573b023fd2/1/CFgfumA6eVbdyiTFC9BHJp42GfE.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        160.45.0.0/16 maxlen: 16
                          130.133.0.0/16 maxlen: 16
                          87.77.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/7ed08b-492d-44bf-9e4e-fe573b023fd2/1/97wp81OFLRgNI0EJl9DwR-wXeNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/7ed08b-492d-44bf-9e4e-fe573b023fd2/1/97wp81OFLRgNI0EJl9DwR-wXeNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/97wp81OFLRgNI0EJl9DwR-wXeNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:83:aa:23:33:08:29:a8:42:79:7a:a3:45:7d:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7bc29f353852d180d23410997d0f047ec1778d3
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08581fba603a7956ddca24c50bd047269e3619f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:1c:6b:8d:36:44:cd:7a:16:de:be:cc:98:89:
                    70:5a:2a:5d:2a:47:03:11:af:db:71:01:36:7f:95:
                    92:78:f5:d2:e6:01:52:6e:64:07:83:9d:e9:ee:a0:
                    33:bf:d0:2b:99:bf:e6:dd:07:1e:19:40:69:1a:39:
                    d1:aa:ff:fb:76:28:a1:bc:0c:56:fd:80:a0:58:85:
                    01:da:9f:be:7b:c0:86:b7:cc:73:5a:c9:a1:25:7b:
                    00:bb:3e:10:ef:50:5e:5a:c4:64:fe:ec:31:60:2c:
                    0b:63:57:b3:ef:84:8e:99:2d:53:67:3d:eb:28:d7:
                    37:7b:50:77:97:c0:4a:20:94:d0:46:23:44:14:07:
                    8d:dd:29:08:bd:6b:24:fa:3f:5e:60:4e:fe:94:fa:
                    c0:d7:ab:8c:28:1e:6c:ae:5b:ce:25:d2:d4:f6:dd:
                    59:34:b3:ae:12:ca:b8:99:c9:c1:eb:5e:8f:8f:ca:
                    c2:8f:90:94:ff:d3:c1:bd:07:bf:6e:5b:c3:a5:0a:
                    5a:f0:92:59:c3:bf:e0:84:43:73:a3:58:9a:ad:f5:
                    b4:b5:24:54:2d:59:39:23:a4:85:ce:4e:e0:b8:f2:
                    85:c0:e3:a1:ba:06:a7:70:c0:01:15:c7:a3:ab:4c:
                    6f:2f:d9:98:fb:0e:87:5e:f1:3a:1a:e9:fa:5a:79:
                    71:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:58:1F:BA:60:3A:79:56:DD:CA:24:C5:0B:D0:47:26:9E:36:19:F1
            X509v3 Authority Key Identifier:
                keyid:F7:BC:29:F3:53:85:2D:18:0D:23:41:09:97:D0:F0:47:EC:17:78:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/97wp81OFLRgNI0EJl9DwR-wXeNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/7ed08b-492d-44bf-9e4e-fe573b023fd2/1/CFgfumA6eVbdyiTFC9BHJp42GfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/7ed08b-492d-44bf-9e4e-fe573b023fd2/1/97wp81OFLRgNI0EJl9DwR-wXeNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.77.0.0/16
                  130.133.0.0/16
                  160.45.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         32:c0:41:a0:bc:7f:c6:6c:24:ca:3a:46:2c:d6:00:61:59:34:
         2f:98:ab:89:0f:1f:cc:f8:ce:14:d3:b6:fc:09:8c:07:bb:25:
         df:34:7d:14:2a:e3:da:0a:ca:e8:79:41:e0:d7:18:27:67:3c:
         db:b6:6b:d5:72:51:e4:04:c3:1e:a2:82:47:d9:ba:61:e9:95:
         ee:7e:be:1e:a4:62:f1:15:13:a7:1a:b0:46:5f:c8:7b:df:8e:
         53:9e:81:8c:d4:d6:8d:7b:0c:46:79:bd:1d:3a:cb:b9:4a:97:
         50:64:0b:f9:93:8f:d9:07:e5:0b:19:1e:ed:bf:6f:a0:d6:8f:
         89:71:4f:9e:a7:24:6b:c2:d9:6f:23:e6:18:ad:8e:fc:b8:df:
         8c:93:81:05:55:e7:4d:3b:a9:40:b2:ff:ca:f6:d2:95:a5:53:
         ac:69:04:13:81:bb:4b:f8:ef:3e:4a:0a:78:57:1f:c8:ca:3d:
         97:61:12:fd:0a:bc:99:8f:16:42:7f:02:a3:a8:73:8d:99:5f:
         19:3a:d1:fb:e7:68:a9:fc:95:df:d8:e6:05:80:60:5a:f4:5b:
         a8:6d:59:8b:91:c9:14:87:9a:c4:30:82:f8:49:19:4a:32:2c:
         77:a9:b7:eb:8b:71:46:23:27:22:38:11:37:df:67:4b:45:91:
         e7:ce:a0:cf
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAYzKKoOqIzMIKahCeXqjRX3mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YmMyOWYzNTM4NTJkMTgwZDIzNDEwOTk3ZDBmMDQ3ZWMx
Nzc4ZDMwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODU4MWZiYTYwM2E3OTU2ZGRjYTI0YzUwYmQwNDcyNjllMzYxOWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixxrjTZEzXoW3r7MmIlwWipdKkcD
Ea/bcQE2f5WSePXS5gFSbmQHg53p7qAzv9Armb/m3QceGUBpGjnRqv/7diihvAxW
/YCgWIUB2p++e8CGt8xzWsmhJXsAuz4Q71BeWsRk/uwxYCwLY1ez74SOmS1TZz3r
KNc3e1B3l8BKIJTQRiNEFAeN3SkIvWsk+j9eYE7+lPrA16uMKB5srlvOJdLU9t1Z
NLOuEsq4mcnB616Pj8rCj5CU/9PBvQe/blvDpQpa8JJZw7/ghENzo1iarfW0tSRU
LVk5I6SFzk7guPKFwOOhugancMABFcejq0xvL9mY+w6HXvE6Gun6WnlxxwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFAhYH7pgOnlW3cokxQvQRyaeNhnxMB8GA1UdIwQY
MBaAFPe8KfNThS0YDSNBCZfQ8EfsF3jTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTd3cDgxT0ZMUmdOSTBFSmw5RHdSLXdYZU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS83ZWQwOGItNDkyZC00NGJmLTllNGUt
ZmU1NzNiMDIzZmQyLzEvQ0ZnZnVtQTZlVmJkeWlURkM5QkhKcDQyR2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS83ZWQwOGItNDkyZC00NGJmLTllNGUtZmU1NzNiMDIzZmQy
LzEvOTd3cDgxT0ZMUmdOSTBFSmw5RHdSLXdYZU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAATAPAwMAV00DAwCC
hQMDAKAtMA0GCSqGSIb3DQEBCwUAA4IBAQAywEGgvH/GbCTKOkYs1gBhWTQvmKuJ
Dx/M+M4U07b8CYwHuyXfNH0UKuPaCsroeUHg1xgnZzzbtmvVclHkBMMeooJH2bph
6ZXufr4epGLxFROnGrBGX8h7345TnoGM1NaNewxGeb0dOsu5SpdQZAv5k4/ZB+UL
GR7tv2+g1o+JcU+epyRrwtlvI+YYrY78uN+Mk4EFVedNO6lAsv/K9tKVpVOsaQQT
gbtL+O8+Sgp4Vx/Iyj2XYRL9CryZjxZCfwKjqHONmV8ZOtH752ip/JXf2OYFgGBa
9FuobVmLkckUh5rEMIL4SRlKMix3qbfri3FGIyciOBE332dLRZHnzqDP
-----END CERTIFICATE-----