Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/1-14pjlOSMBI4tpfAmFvs81RoOOg.roa
File:                     1-14pjlOSMBI4tpfAmFvs81RoOOg.roa (raw, json)
Hash identifier:          TWarz7B73WqcBvIaq1I404XPgnwfd2rTFA2q5w6ttQU=
Subject key identifier:   FB:5E:29:8E:53:92:30:12:38:B6:97:C0:98:5B:EC:F3:54:68:38:E8
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       018CC9BBB340AAF190E7822054166DC83D94
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/1-14pjlOSMBI4tpfAmFvs81RoOOg.roa
Signing time:             Tue 02 Jan 2024 10:32:50 +0000
ROA not before:           Tue 02 Jan 2024 10:32:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2027
IP address blocks:        80.67.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b3:40:aa:f1:90:e7:82:20:54:16:6d:c8:3d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan  2 10:32:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb5e298e5392301238b697c0985becf3546838e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e0:28:7f:8e:63:05:bf:cc:0e:e4:f7:72:36:
                    71:ff:75:e6:46:d4:e3:68:a5:cd:1e:bc:88:c6:16:
                    57:74:a4:51:a0:63:bc:2d:05:c0:d5:c8:fb:e0:b5:
                    7f:e7:d4:f5:b9:1f:b7:8b:76:58:c6:25:56:9d:1d:
                    ea:1c:f9:27:b5:db:a3:e5:22:96:5b:78:44:4a:9d:
                    01:62:5e:28:dd:0f:d3:5d:c8:09:40:d0:ab:10:f6:
                    7d:af:a1:2f:db:b8:93:8e:f5:3e:fc:21:26:c9:47:
                    cc:10:d9:1f:e7:d9:f7:42:10:8e:d5:76:7f:61:b7:
                    54:a4:db:bf:4c:01:a0:7d:40:9f:b1:14:0b:39:7d:
                    1a:08:3e:ef:4c:79:d9:47:c7:76:11:4c:77:cb:7a:
                    54:ac:57:04:97:f3:68:30:41:ea:0f:db:ff:8d:4a:
                    a5:cd:0a:7c:81:fe:f1:00:df:86:6a:40:ed:cb:e8:
                    23:54:7a:66:37:e3:7c:3d:da:51:4f:ef:37:56:d6:
                    aa:0c:65:83:21:e5:29:a8:18:b6:e0:9e:4e:d9:53:
                    23:c1:77:14:c7:00:6e:fb:e1:a3:1c:c7:c9:d8:58:
                    47:d1:a9:85:61:e1:7b:99:ad:ad:d4:a6:c3:ab:d1:
                    86:d3:aa:4c:0b:13:03:6d:ff:d1:b7:8d:20:7f:b3:
                    5f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:5E:29:8E:53:92:30:12:38:B6:97:C0:98:5B:EC:F3:54:68:38:E8
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/1-14pjlOSMBI4tpfAmFvs81RoOOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.67.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:81:43:8c:96:b1:7f:db:30:0a:79:a4:25:b4:e1:8c:e3:1f:
         28:66:9a:da:8a:71:c4:2c:5e:f6:2e:dd:52:ec:2c:57:db:51:
         c8:9c:e2:2a:69:c8:dd:86:09:b9:c8:75:49:4d:8b:0b:91:68:
         11:0a:b5:74:22:fb:c9:ca:52:2c:05:de:a2:cd:5a:7f:98:31:
         33:c7:99:60:8a:c5:2d:40:2e:67:99:30:cc:f5:38:04:a6:a7:
         5f:df:48:cb:2d:22:90:a2:7d:b1:9e:68:5d:cf:87:e0:cb:da:
         a9:07:f2:b5:f7:d4:97:16:ac:de:d5:5f:ae:8a:55:dd:a6:12:
         d0:f2:74:39:99:e2:1b:18:25:31:e4:c1:11:11:4a:9d:60:aa:
         c8:b9:d3:19:a5:06:94:e1:e1:2a:42:2e:2d:b6:bb:c4:c8:65:
         21:17:cd:2c:d3:c4:f3:1e:29:c8:9f:49:ca:e0:1d:79:35:9a:
         55:d1:58:29:89:87:b0:51:9d:36:b6:24:d2:c6:55:e1:e3:12:
         0b:bb:3e:15:e9:60:87:d6:40:83:80:fc:71:fe:cd:11:8f:29:
         79:50:4a:4e:23:60:cd:a7:5f:7e:48:18:17:8b:93:1c:08:3b:
         55:86:7d:5c:d6:04:89:af:2f:ba:c7:1c:b8:4e:80:13:51:b1:
         bb:ab:f0:19
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJu7NAqvGQ54IgVBZtyD2UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjQwMTAyMTAzMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjVlMjk4ZTUzOTIzMDEyMzhiNjk3YzA5ODViZWNmMzU0NjgzOGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOAof45jBb/MDuT3cjZx/3XmRtTj
aKXNHryIxhZXdKRRoGO8LQXA1cj74LV/59T1uR+3i3ZYxiVWnR3qHPkntduj5SKW
W3hESp0BYl4o3Q/TXcgJQNCrEPZ9r6Ev27iTjvU+/CEmyUfMENkf59n3QhCO1XZ/
YbdUpNu/TAGgfUCfsRQLOX0aCD7vTHnZR8d2EUx3y3pUrFcEl/NoMEHqD9v/jUql
zQp8gf7xAN+GakDty+gjVHpmN+N8PdpRT+83VtaqDGWDIeUpqBi24J5O2VMjwXcU
xwBu++GjHMfJ2FhH0amFYeF7ma2t1KbDq9GG06pMCxMDbf/Rt40gf7Nf3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPteKY5TkjASOLaXwJhb7PNUaDjoMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvMS0xNHBqbE9TTUJJNHRwZkFtRnZzODFSb09PZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2MvZTVhODkyLTIzZjUtNDlmYS1iNmE5LWE2NTIzM2IzZTk3
NS8xL2N1MHZ1M0lULV9NcTFNQ0gtTEN5TE96dlQtby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFBDpzAN
BgkqhkiG9w0BAQsFAAOCAQEAyYFDjJaxf9swCnmkJbThjOMfKGaa2opxxCxe9i7d
UuwsV9tRyJziKmnI3YYJuch1SU2LC5FoEQq1dCL7ycpSLAXeos1af5gxM8eZYIrF
LUAuZ5kwzPU4BKanX99Iyy0ikKJ9sZ5oXc+H4MvaqQfytffUlxas3tVfropV3aYS
0PJ0OZniGxglMeTBERFKnWCqyLnTGaUGlOHhKkIuLba7xMhlIRfNLNPE8x4pyJ9J
yuAdeTWaVdFYKYmHsFGdNrYk0sZV4eMSC7s+Felgh9ZAg4D8cf7NEY8peVBKTiNg
zadffkgYF4uTHAg7VYZ9XNYEia8vusccuE6AE1Gxu6vwGQ==
-----END CERTIFICATE-----