Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/EooE3hyotGon_M0Vs68JbeZMpRc.roa
File:                     EooE3hyotGon_M0Vs68JbeZMpRc.roa (raw, json)
Hash identifier:          gLD14QGLCQT/iDwTzk/eQZyyyKgtVZy9H+9DVvfoRsQ=
Subject key identifier:   12:8A:04:DE:1C:A8:B4:6A:27:FC:CD:15:B3:AF:09:6D:E6:4C:A5:17
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       018CC9BBB956E3B2EA760F80926D3BCFB150
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/EooE3hyotGon_M0Vs68JbeZMpRc.roa
Signing time:             Tue 02 Jan 2024 10:32:51 +0000
ROA not before:           Tue 02 Jan 2024 10:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207816
IP address blocks:        80.67.166.0/24 maxlen: 24
                          2001:913:7000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b9:56:e3:b2:ea:76:0f:80:92:6d:3b:cf:b1:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan  2 10:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=128a04de1ca8b46a27fccd15b3af096de64ca517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:32:c5:7d:d0:dd:99:0f:27:a8:ae:c6:31:c0:
                    35:7c:c3:f0:dd:c0:0b:55:aa:57:b8:2c:ad:51:03:
                    bb:b5:bb:39:06:8e:c5:8c:f6:45:56:30:bd:9a:01:
                    0d:1f:3d:ef:12:87:d0:7e:a3:7c:d2:29:a3:f9:22:
                    79:73:01:4f:36:8f:12:ec:b3:64:a6:e4:bb:82:b1:
                    67:59:1d:69:58:4f:02:fa:43:34:f6:ef:e7:4d:14:
                    a1:d2:7b:34:a6:c6:f1:cd:3c:d5:30:d8:1d:c2:ec:
                    7c:da:f2:fb:9d:c1:6e:74:82:3c:65:01:a9:58:c3:
                    2b:85:bb:f8:8a:9d:cd:a9:44:38:08:be:60:fd:0f:
                    09:62:8c:0f:41:9d:d5:9a:17:ed:f7:dd:8a:73:07:
                    c6:d3:f8:de:77:29:0a:06:c4:aa:bd:28:33:1a:2b:
                    6e:12:80:f1:7a:34:89:4c:05:8a:b4:c4:5c:4b:0e:
                    56:91:0c:7e:0f:01:10:26:d6:5b:f5:4f:ea:51:0c:
                    25:ba:7a:e6:c8:34:dc:54:05:76:28:86:e3:56:6c:
                    98:a1:d1:39:99:ae:8b:e5:06:96:89:63:4e:a4:83:
                    38:cf:95:d1:f9:d6:e2:ee:ce:18:7d:43:a4:f5:1f:
                    e1:be:9b:24:07:17:64:cf:ee:d6:3c:b6:2f:f5:4e:
                    24:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:8A:04:DE:1C:A8:B4:6A:27:FC:CD:15:B3:AF:09:6D:E6:4C:A5:17
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/EooE3hyotGon_M0Vs68JbeZMpRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.67.166.0/24
                IPv6:
                  2001:913:7000::/36

    Signature Algorithm: sha256WithRSAEncryption
         24:a8:ca:ba:ac:70:d2:33:68:90:eb:10:db:49:e6:d8:49:e8:
         16:67:37:da:e5:6e:c1:17:bd:ee:d0:c7:ff:8d:d1:d8:fe:67:
         48:0e:26:6c:da:c8:27:7c:e0:50:79:ea:f5:88:24:6d:e3:60:
         ac:c6:07:1e:60:49:70:28:b4:d5:05:be:4f:4d:fe:53:7f:20:
         03:f9:4e:cc:8a:69:17:99:a3:aa:77:06:d9:f9:6f:f0:a0:1c:
         2c:3f:5c:8e:21:72:47:54:d0:21:0b:f4:54:79:29:86:14:4b:
         03:f9:89:27:e8:45:17:f4:80:aa:d9:a9:ed:97:4e:fc:f4:42:
         91:04:56:fe:44:1c:4a:c5:3d:b2:67:ab:d1:df:59:42:79:bd:
         22:35:a9:58:27:d5:be:25:d2:8c:77:13:37:c9:d0:bb:ff:e5:
         43:8a:11:ac:79:1c:8f:3c:3e:95:9d:8e:ec:62:e0:39:8c:e0:
         a9:3f:22:3a:e8:de:9b:e2:c2:07:0d:59:60:98:8d:a2:6d:7c:
         02:d2:2b:c1:0e:a1:a9:24:66:c6:c0:19:23:6c:f0:59:c3:a9:
         77:e9:34:6c:01:9e:cb:19:4c:20:6c:d6:4d:68:d4:54:10:49:
         14:7c:9a:75:d2:f4:9f:ff:cd:a1:13:ef:7c:3c:bd:cf:74:35:
         61:fb:88:e7
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzJu7lW47Lqdg+Akm07z7FQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjQwMTAyMTAzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjhhMDRkZTFjYThiNDZhMjdmY2NkMTViM2FmMDk2ZGU2NGNhNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjLFfdDdmQ8nqK7GMcA1fMPw3cAL
VapXuCytUQO7tbs5Bo7FjPZFVjC9mgENHz3vEofQfqN80imj+SJ5cwFPNo8S7LNk
puS7grFnWR1pWE8C+kM09u/nTRSh0ns0psbxzTzVMNgdwux82vL7ncFudII8ZQGp
WMMrhbv4ip3NqUQ4CL5g/Q8JYowPQZ3Vmhft992KcwfG0/jedykKBsSqvSgzGitu
EoDxejSJTAWKtMRcSw5WkQx+DwEQJtZb9U/qUQwlunrmyDTcVAV2KIbjVmyYodE5
ma6L5QaWiWNOpIM4z5XR+dbi7s4YfUOk9R/hvpskBxdkz+7WPLYv9U4krQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFBKKBN4cqLRqJ/zNFbOvCW3mTKUXMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvRW9vRTNoeW90R29uX00wVnM2OEpiZVpNcFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAUEOmMA4E
AgACMAgDBgQgAQkTcDANBgkqhkiG9w0BAQsFAAOCAQEAJKjKuqxw0jNokOsQ20nm
2EnoFmc32uVuwRe97tDH/43R2P5nSA4mbNrIJ3zgUHnq9YgkbeNgrMYHHmBJcCi0
1QW+T03+U38gA/lOzIppF5mjqncG2flv8KAcLD9cjiFyR1TQIQv0VHkphhRLA/mJ
J+hFF/SAqtmp7ZdO/PRCkQRW/kQcSsU9smer0d9ZQnm9IjWpWCfVviXSjHcTN8nQ
u//lQ4oRrHkcjzw+lZ2O7GLgOYzgqT8iOujem+LCBw1ZYJiNom18AtIrwQ6hqSRm
xsAZI2zwWcOpd+k0bAGeyxlMIGzWTWjUVBBJFHyaddL0n//NoRPvfDy9z3Q1YfuI
5w==
-----END CERTIFICATE-----