Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/V8J01GJ5zIM4veiDRHZy_TKM1H0.roa
File:                     V8J01GJ5zIM4veiDRHZy_TKM1H0.roa (raw, json)
Hash identifier:          dlv88++Gq04DpOT/bLoD9EKj+qY1adV+MZpyrTkC8zU=
Subject key identifier:   57:C2:74:D4:62:79:CC:83:38:BD:E8:83:44:76:72:FD:32:8C:D4:7D
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       018CCA2BCDDEDF9EA8D7A7E04AAC73B78FF6
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/V8J01GJ5zIM4veiDRHZy_TKM1H0.roa
Signing time:             Tue 02 Jan 2024 12:35:17 +0000
ROA not before:           Tue 02 Jan 2024 12:35:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34086
IP address blocks:        80.158.0.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 01:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:cd:de:df:9e:a8:d7:a7:e0:4a:ac:73:b7:8f:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan  2 12:35:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57c274d46279cc8338bde883447672fd328cd47d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:66:09:95:9a:c3:1a:5c:d2:81:0a:a9:18:bb:
                    60:54:2c:ec:6e:cf:9a:7e:61:a6:b0:49:94:be:d8:
                    bc:89:e0:8d:48:e0:24:d9:d8:6c:aa:74:29:a8:9f:
                    3d:a1:54:55:12:6e:8c:25:6a:08:4d:63:cc:fc:de:
                    ed:c7:9a:81:e3:e0:6a:11:b9:f6:66:95:7e:4b:b6:
                    26:70:93:cd:27:90:ce:e7:f9:21:42:58:84:a0:2b:
                    56:10:39:49:98:d3:4a:55:99:49:70:25:d0:57:ba:
                    1f:3d:91:45:fa:6e:7d:82:b0:0a:dd:99:c7:b8:2a:
                    9b:8d:72:4f:6d:50:17:2c:18:60:21:f3:e8:c0:15:
                    5c:95:5b:49:3c:ff:0d:ff:1d:70:23:de:57:a0:16:
                    f3:35:1a:9b:1f:fc:1d:1b:ef:67:cd:9d:b1:bf:26:
                    80:e0:f3:eb:c4:a0:45:8c:3d:c8:c8:f2:eb:b4:63:
                    1e:28:ab:1e:43:16:b9:f1:7b:4b:44:f7:39:5a:bc:
                    ae:8f:6e:78:bd:9d:7e:2e:53:2f:61:f0:68:c2:c9:
                    bb:0e:6e:eb:14:32:46:a4:b2:85:33:ed:ed:59:a0:
                    dc:ac:62:15:20:90:91:20:33:61:8b:e0:70:2c:08:
                    65:1d:a9:94:75:be:58:10:76:dd:70:6a:00:35:cd:
                    d0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:C2:74:D4:62:79:CC:83:38:BD:E8:83:44:76:72:FD:32:8C:D4:7D
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/V8J01GJ5zIM4veiDRHZy_TKM1H0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.158.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         91:82:fc:e4:e6:9a:89:2f:e4:1c:ae:2f:d3:75:22:8b:02:0b:
         c8:13:4e:91:ee:5d:a2:59:dc:f7:e7:f8:82:f3:d4:ec:d1:c7:
         53:fa:1f:2a:a2:0b:e8:9e:cd:f0:69:7a:b5:30:17:c4:62:fd:
         42:a8:f3:66:45:3c:be:f1:43:03:2f:6d:b8:fe:70:4e:06:23:
         34:f8:93:4f:15:b8:e5:ef:f0:84:1d:69:ed:37:f2:cd:8a:e2:
         06:8e:b5:05:70:94:b1:2c:c5:40:19:bf:39:a0:f5:8d:70:08:
         72:93:0f:19:b6:6b:53:e8:1b:64:58:1e:15:d0:a7:96:f0:eb:
         2f:87:97:05:9d:6c:04:19:c7:5d:a5:cd:09:10:a8:5c:4f:ae:
         e6:d0:f4:f4:ae:90:40:23:c3:93:9b:8b:11:c6:f2:ac:68:2b:
         67:05:72:ee:6d:da:dc:4e:9d:ac:1c:08:2b:05:a5:96:31:bd:
         c8:a5:89:46:c5:00:fc:0b:35:7b:62:d9:91:a6:e8:2c:ff:37:
         08:d7:b2:c0:30:a1:b9:b9:36:62:4e:23:f7:4c:55:a8:b4:74:
         44:39:26:e7:e9:5a:d6:7f:e4:3c:6b:94:c5:dc:44:54:ca:b2:
         c6:6c:1f:64:35:6d:fa:e3:e7:62:b1:67:10:ff:97:d6:c5:67:
         26:51:21:c5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKK83e356o16fgSqxzt4/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDcxMDBlNzdlZDkxMTlkNjZlMjMyMWJiNjcxMWQ3ZTc2
MDk4MmIwHhcNMjQwMTAyMTIzNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2MyNzRkNDYyNzljYzgzMzhiZGU4ODM0NDc2NzJmZDMyOGNkNDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWYJlZrDGlzSgQqpGLtgVCzsbs+a
fmGmsEmUvti8ieCNSOAk2dhsqnQpqJ89oVRVEm6MJWoITWPM/N7tx5qB4+BqEbn2
ZpV+S7YmcJPNJ5DO5/khQliEoCtWEDlJmNNKVZlJcCXQV7ofPZFF+m59grAK3ZnH
uCqbjXJPbVAXLBhgIfPowBVclVtJPP8N/x1wI95XoBbzNRqbH/wdG+9nzZ2xvyaA
4PPrxKBFjD3IyPLrtGMeKKseQxa58XtLRPc5Wryuj254vZ1+LlMvYfBowsm7Dm7r
FDJGpLKFM+3tWaDcrGIVIJCRIDNhi+BwLAhlHamUdb5YEHbdcGoANc3Q2QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFfCdNRiecyDOL3og0R2cv0yjNR9MB8GA1UdIwQY
MBaAFPrXEA537ZEZ1m4jIbtnEdfnYJgrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10Y1FEbmZ0a1JuV2JpTWh1MmNSMS1kZ21Dcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUy
LTc2YjBkZGEyYmYzZS8xL1Y4SjAxR0o1eklNNHZlaURSSFp5X1RLTTFIMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUyLTc2YjBkZGEyYmYz
ZS8xLzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAdQngAw
DQYJKoZIhvcNAQELBQADggEBAJGC/OTmmokv5ByuL9N1IosCC8gTTpHuXaJZ3Pfn
+ILz1OzRx1P6HyqiC+iezfBperUwF8Ri/UKo82ZFPL7xQwMvbbj+cE4GIzT4k08V
uOXv8IQdae038s2K4gaOtQVwlLEsxUAZvzmg9Y1wCHKTDxm2a1PoG2RYHhXQp5bw
6y+HlwWdbAQZx12lzQkQqFxPrubQ9PSukEAjw5ObixHG8qxoK2cFcu5t2txOnawc
CCsFpZYxvciliUbFAPwLNXti2ZGm6Cz/NwjXssAwobm5NmJOI/dMVai0dEQ5Jufp
WtZ/5DxrlMXcRFTKssZsH2Q1bfrj52KxZxD/l9bFZyZRIcU=
-----END CERTIFICATE-----