Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/Kr6j2sg340Kd_qvkpM1D3NjKYmE.roa
File:                     Kr6j2sg340Kd_qvkpM1D3NjKYmE.roa (raw, json)
Hash identifier:          DjAp6/yHjMTL7BRZnKL579NxRFUfnaY1pgWa6HqtUus=
Subject key identifier:   2A:BE:A3:DA:C8:37:E3:42:9D:FE:AB:E4:A4:CD:43:DC:D8:CA:62:61
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       018CC9BBB528A4FE2AB7EC9D9B66BFF5DA91
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/Kr6j2sg340Kd_qvkpM1D3NjKYmE.roa
Signing time:             Tue 02 Jan 2024 10:32:51 +0000
ROA not before:           Tue 02 Jan 2024 10:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57199
IP address blocks:        80.67.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b5:28:a4:fe:2a:b7:ec:9d:9b:66:bf:f5:da:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan  2 10:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2abea3dac837e3429dfeabe4a4cd43dcd8ca6261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f1:02:f6:2e:4a:06:81:49:2c:fc:0b:64:b4:
                    1b:e6:f8:35:72:f4:cf:0b:9d:d3:1a:43:3f:f1:95:
                    df:5d:96:85:a4:3f:c1:d9:f0:87:de:c8:76:3a:53:
                    6f:2d:a8:a3:2c:dc:0c:72:a9:61:48:f7:fc:c6:92:
                    2d:73:50:20:d8:5f:a9:e7:60:77:5a:f4:be:2a:09:
                    01:6e:3b:ce:96:78:02:75:2c:8f:eb:d7:cd:d7:c2:
                    4d:a9:e0:82:4a:73:8f:ff:76:c6:64:1b:b6:c9:58:
                    e1:f0:1d:0a:b4:4c:57:d7:ed:94:09:51:60:93:f0:
                    3a:44:81:76:d7:c4:ca:db:ea:ea:ac:d2:7d:f4:b0:
                    7a:1e:8f:60:f8:19:f4:74:f2:01:1f:f7:13:55:fd:
                    85:0e:39:cb:e1:73:f0:17:3f:8a:84:39:c3:fe:2c:
                    f4:c0:fb:20:41:27:6f:e9:64:da:b0:75:7a:0e:0b:
                    26:72:bf:ed:0e:e8:a5:24:05:b0:56:8e:5f:ee:10:
                    85:01:0a:bf:67:45:27:43:71:0d:19:07:93:5d:5d:
                    85:80:91:56:5d:83:ed:98:8c:21:6b:ee:91:00:2c:
                    9b:94:e2:b2:30:8e:88:ae:b0:84:b2:ce:68:a4:49:
                    ed:f7:b2:7d:fc:d2:c6:40:8c:d6:5e:c9:c5:b7:33:
                    db:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:BE:A3:DA:C8:37:E3:42:9D:FE:AB:E4:A4:CD:43:DC:D8:CA:62:61
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/Kr6j2sg340Kd_qvkpM1D3NjKYmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.67.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:59:9f:63:9e:b3:a8:5f:9c:70:33:30:a0:83:61:b5:5f:64:
         29:ef:5e:e3:d1:0d:cc:d3:99:be:7b:73:ef:28:50:4f:1c:de:
         3d:ee:6d:d0:26:e4:a3:17:a0:23:ce:55:0c:11:af:0b:5a:cf:
         c3:8b:68:c2:88:51:84:99:e6:83:4a:ae:38:6c:d2:64:4d:d6:
         00:ea:5e:32:ef:55:72:25:f7:00:9a:16:5d:56:12:98:f1:dd:
         5a:42:9b:cb:2e:c1:f6:da:d7:3f:63:e1:0f:e2:70:ef:9b:d9:
         cb:cd:75:ba:2a:d5:40:a9:7d:be:25:b2:8a:ba:2b:bc:c8:7e:
         bf:3e:a3:20:60:8e:a7:eb:6b:9a:a3:b5:6a:6f:a2:d3:63:40:
         21:90:1c:34:c9:40:fd:90:be:bc:67:11:c1:8a:e8:6a:1c:89:
         f8:f3:2a:76:9a:86:3f:0f:2c:32:a8:e8:e6:86:87:2a:9a:da:
         d0:74:0e:cc:89:b8:d4:15:f1:cb:ed:4a:df:f5:4d:02:2f:cc:
         7e:8f:ee:97:ab:0f:f3:49:8f:e1:63:29:05:f7:12:d3:05:e8:
         d9:50:c8:da:b4:be:fa:0f:64:83:eb:e6:7f:2d:85:05:0f:54:
         85:2b:58:b5:2b:80:39:93:62:0e:f0:0d:9c:00:8e:12:b7:0d:
         d4:38:10:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7UopP4qt+ydm2a/9dqRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjQwMTAyMTAzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWJlYTNkYWM4MzdlMzQyOWRmZWFiZTRhNGNkNDNkY2Q4Y2E2MjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5fEC9i5KBoFJLPwLZLQb5vg1cvTP
C53TGkM/8ZXfXZaFpD/B2fCH3sh2OlNvLaijLNwMcqlhSPf8xpItc1Ag2F+p52B3
WvS+KgkBbjvOlngCdSyP69fN18JNqeCCSnOP/3bGZBu2yVjh8B0KtExX1+2UCVFg
k/A6RIF218TK2+rqrNJ99LB6Ho9g+Bn0dPIBH/cTVf2FDjnL4XPwFz+KhDnD/iz0
wPsgQSdv6WTasHV6Dgsmcr/tDuilJAWwVo5f7hCFAQq/Z0UnQ3ENGQeTXV2FgJFW
XYPtmIwha+6RACyblOKyMI6IrrCEss5opEnt97J9/NLGQIzWXsnFtzPb0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCq+o9rIN+NCnf6r5KTNQ9zYymJhMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvS3I2ajJzZzM0MEtkX3F2a3BNMUQzTmpLWW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEOnMA0G
CSqGSIb3DQEBCwUAA4IBAQDQWZ9jnrOoX5xwMzCgg2G1X2Qp717j0Q3M05m+e3Pv
KFBPHN497m3QJuSjF6AjzlUMEa8LWs/Di2jCiFGEmeaDSq44bNJkTdYA6l4y71Vy
JfcAmhZdVhKY8d1aQpvLLsH22tc/Y+EP4nDvm9nLzXW6KtVAqX2+JbKKuiu8yH6/
PqMgYI6n62uao7Vqb6LTY0AhkBw0yUD9kL68ZxHBiuhqHIn48yp2moY/DywyqOjm
hocqmtrQdA7MibjUFfHL7Urf9U0CL8x+j+6Xqw/zSY/hYykF9xLTBejZUMjatL76
D2SD6+Z/LYUFD1SFK1i1K4A5k2IO8A2cAI4Stw3UOBBe
-----END CERTIFICATE-----