Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/5QprB05ll1uYCquytR4n1W116WM.roa
File:                     5QprB05ll1uYCquytR4n1W116WM.roa (raw, json)
Hash identifier:          kOFqQKS/OdPIqYk3rxYLUDVI5uzIqTlMZr9WxgzKLwM=
Subject key identifier:   E5:0A:6B:07:4E:65:97:5B:98:0A:AB:B2:B5:1E:27:D5:6D:75:E9:63
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       0194244529C080CFFB3121DD9B4EE771CEAE
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/5QprB05ll1uYCquytR4n1W116WM.roa
Signing time:             Wed 01 Jan 2025 23:48:19 +0000
ROA not before:           Wed 01 Jan 2025 23:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207883
IP address blocks:        80.66.68.0/24 maxlen: 24
                          87.251.70.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:29:c0:80:cf:fb:31:21:dd:9b:4e:e7:71:ce:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  1 23:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e50a6b074e65975b980aabb2b51e27d56d75e963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:29:9b:cf:64:98:3f:98:7d:b5:e7:a9:1a:97:
                    ed:87:34:a1:9c:89:e9:5e:72:3d:f5:40:48:00:91:
                    f5:ef:30:9e:f9:13:01:87:ec:cf:04:4f:8f:f9:bd:
                    1c:22:3a:fe:4a:2e:75:42:02:53:cf:77:9e:e7:08:
                    de:66:36:33:88:a7:93:96:c5:7a:e9:6e:83:e0:09:
                    08:e4:4e:3e:0f:a4:4a:d2:09:59:22:41:d1:3f:00:
                    35:0a:ff:8e:0e:98:5a:36:76:98:35:1c:50:4b:fe:
                    c1:78:02:f4:7e:70:7b:2f:ed:03:07:81:1b:e7:4b:
                    95:b1:0a:e8:7d:4f:24:2c:e4:99:65:00:4c:53:ad:
                    9f:c3:c9:82:20:17:aa:d1:64:4e:98:21:5b:b0:a3:
                    f0:cf:18:5c:a1:6f:bc:85:7b:a3:a3:8f:1f:5a:36:
                    ba:b3:dc:2c:5a:43:78:7d:fc:42:39:4f:61:04:c8:
                    d8:aa:6c:a9:19:aa:9f:be:01:08:8c:c1:57:ba:09:
                    41:86:fb:d9:be:47:fe:97:4f:57:4c:00:a8:70:49:
                    e8:9c:a7:8e:33:6c:1d:73:b5:ae:cd:15:23:d9:c1:
                    f7:96:9e:cb:de:a8:7d:84:4e:8d:f9:f9:0f:0b:3f:
                    10:36:69:92:62:fb:71:a3:ad:d5:7e:1b:76:d0:75:
                    63:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0A:6B:07:4E:65:97:5B:98:0A:AB:B2:B5:1E:27:D5:6D:75:E9:63
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/5QprB05ll1uYCquytR4n1W116WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.68.0/24
                  87.251.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:41:d1:40:0d:b5:3b:38:09:13:c1:e4:cf:2b:e3:6d:4f:bc:
         04:f0:ca:73:15:a0:00:45:3f:b0:1e:c9:15:16:ba:53:e5:c5:
         a7:38:33:b0:32:01:ac:92:ba:ae:d3:b2:37:65:92:d8:34:dd:
         29:39:27:50:5a:aa:e0:8c:5b:89:08:8c:2e:bf:74:33:76:e9:
         ef:2d:1a:1f:05:3f:04:2e:f0:64:1b:ef:cc:1f:aa:05:18:ad:
         f9:8c:ce:ff:4d:2d:02:3d:17:78:fb:92:ac:bf:79:b5:9e:cb:
         48:c1:66:ab:01:64:0e:15:08:9e:64:37:84:1f:f6:9c:8e:76:
         4a:27:85:25:2f:55:83:92:0c:37:7f:37:00:10:88:e5:32:c2:
         be:9b:d6:d5:5c:06:db:60:00:07:b9:77:91:26:32:f4:5e:32:
         f8:52:c4:d7:2d:0b:d1:05:ce:bb:d8:63:82:02:c0:9b:b0:02:
         cb:fd:a7:b5:9e:fe:76:ee:b8:7e:4c:60:cf:b9:42:23:3a:89:
         b6:3b:02:48:0b:6e:6f:08:e3:86:01:08:bc:f8:d1:ca:c2:87:
         b3:be:2c:b8:68:5e:ba:02:9b:13:76:ba:9d:8f:89:f3:27:79:
         65:f2:3e:1a:66:62:ab:89:a0:0a:45:e6:a8:c1:3d:88:fb:0a:
         29:ef:01:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRSnAgM/7MSHdm07ncc6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjUwMTAxMjM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTBhNmIwNzRlNjU5NzViOTgwYWFiYjJiNTFlMjdkNTZkNzVlOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwimbz2SYP5h9teepGpfthzShnInp
XnI99UBIAJH17zCe+RMBh+zPBE+P+b0cIjr+Si51QgJTz3ee5wjeZjYziKeTlsV6
6W6D4AkI5E4+D6RK0glZIkHRPwA1Cv+ODphaNnaYNRxQS/7BeAL0fnB7L+0DB4Eb
50uVsQrofU8kLOSZZQBMU62fw8mCIBeq0WROmCFbsKPwzxhcoW+8hXujo48fWja6
s9wsWkN4ffxCOU9hBMjYqmypGaqfvgEIjMFXuglBhvvZvkf+l09XTACocEnonKeO
M2wdc7WuzRUj2cH3lp7L3qh9hE6N+fkPCz8QNmmSYvtxo63Vfht20HVjlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOUKawdOZZdbmAqrsrUeJ9VtdeljMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvNVFwckIwNWxsMXVZQ3F1eXRSNG4xVzExNldNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEJEAwQB
V/tGMA0GCSqGSIb3DQEBCwUAA4IBAQBKQdFADbU7OAkTweTPK+NtT7wE8MpzFaAA
RT+wHskVFrpT5cWnODOwMgGskrqu07I3ZZLYNN0pOSdQWqrgjFuJCIwuv3Qzdunv
LRofBT8ELvBkG+/MH6oFGK35jM7/TS0CPRd4+5Ksv3m1nstIwWarAWQOFQieZDeE
H/acjnZKJ4UlL1WDkgw3fzcAEIjlMsK+m9bVXAbbYAAHuXeRJjL0XjL4UsTXLQvR
Bc672GOCAsCbsALL/ae1nv527rh+TGDPuUIjOom2OwJIC25vCOOGAQi8+NHKwoez
viy4aF66ApsTdrqdj4nzJ3ll8j4aZmKriaAKReaowT2I+wop7wEW
-----END CERTIFICATE-----