Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/7vrnu67xIoSE_pu2BZVnQBkMX6w.roa
File:                     7vrnu67xIoSE_pu2BZVnQBkMX6w.roa (raw, json)
Hash identifier:          i9/GsLbRSNoL62qFquUYOvMjKfuAj9tP/QPnCR15B1Y=
Subject key identifier:   EE:FA:E7:BB:AE:F1:22:84:84:FE:9B:B6:05:95:67:40:19:0C:5F:AC
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       01903B730E6BB522792372631186CE0A09EF
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/7vrnu67xIoSE_pu2BZVnQBkMX6w.roa
Signing time:             Fri 21 Jun 2024 15:38:34 +0000
ROA not before:           Fri 21 Jun 2024 15:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47256
IP address blocks:        80.66.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3b:73:0e:6b:b5:22:79:23:72:63:11:86:ce:0a:09:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jun 21 15:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eefae7bbaef1228484fe9bb605956740190c5fac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e8:37:73:d7:b9:89:85:ec:b4:af:9f:ba:f1:
                    ba:d0:dc:f5:3c:c9:a4:d2:5a:ef:3a:1e:8d:53:ca:
                    98:6d:e0:3e:ad:c1:d1:bb:c4:52:75:d2:a1:74:4d:
                    eb:61:9a:b8:c9:a7:d7:f9:5f:8d:cb:08:cb:19:83:
                    83:4b:fc:56:40:42:fa:36:22:73:e5:c3:26:60:55:
                    7b:28:6e:70:be:92:60:9a:f7:ce:e7:2f:2c:4d:b7:
                    77:bd:45:6f:2c:9e:b6:d7:7d:09:3f:9b:59:b4:a9:
                    3d:b4:3b:88:2e:28:07:e2:f8:27:9f:03:e3:4e:f5:
                    e6:06:8c:6c:46:77:4f:d1:78:84:ac:76:32:47:03:
                    bf:56:f2:27:58:a4:95:c5:13:7b:84:56:ff:26:cb:
                    b6:a4:6b:74:58:6a:fe:da:11:a9:ba:85:56:b4:13:
                    b3:44:48:07:57:36:a7:23:58:1a:bf:09:16:32:ee:
                    58:ad:5f:96:46:72:89:81:5c:d3:a6:79:01:79:86:
                    59:db:6a:22:c6:52:2f:91:58:5f:81:41:07:a2:1c:
                    2b:3b:78:5b:ba:07:6f:7b:96:c8:7c:9d:17:73:b3:
                    7b:49:ed:b9:55:29:a1:68:30:3a:4d:a2:3d:c6:3f:
                    38:cc:dc:06:ec:d5:c3:23:f1:ed:3b:b0:34:78:31:
                    5f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:FA:E7:BB:AE:F1:22:84:84:FE:9B:B6:05:95:67:40:19:0C:5F:AC
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/7vrnu67xIoSE_pu2BZVnQBkMX6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:26:5b:f7:0d:61:fb:23:db:76:39:ca:b1:65:c9:62:26:ac:
         bd:1b:7c:9f:fe:0d:7a:1c:47:13:4d:c4:09:77:c4:9f:d6:b1:
         ed:3c:3d:39:c1:d4:1c:0d:c1:6d:06:88:4c:0e:f7:c7:c2:c4:
         5b:c1:de:77:bc:b4:fc:3a:ab:8b:5d:0c:75:9b:fe:28:08:ff:
         85:36:a3:46:9c:16:f9:e2:6c:f0:f3:17:cc:4e:c0:3b:d8:51:
         21:9a:95:75:97:76:bd:ab:b3:70:17:ee:37:ae:d2:db:8d:49:
         b0:3b:f6:a4:e7:93:33:50:97:85:95:8f:9b:b8:00:5a:d6:fb:
         10:39:0c:ea:64:e8:66:f2:60:ed:29:1f:ff:f3:8f:65:0b:12:
         a0:88:eb:ec:24:04:d8:81:04:6f:3d:2e:a2:fc:01:b3:de:c6:
         6b:51:d6:7f:20:56:31:f3:c1:eb:fb:bf:09:9d:9f:87:e4:f6:
         f8:53:76:db:4d:82:43:1d:fd:67:0e:34:e2:5d:ba:ec:a2:55:
         36:bb:cd:0e:2d:e2:74:42:04:af:88:0d:a0:a0:37:9d:06:49:
         d1:ad:2f:7f:5f:aa:94:87:b0:1f:41:42:6f:17:1d:19:c4:5c:
         13:a0:96:1c:c5:5d:c4:b5:bc:19:f7:8a:f9:71:e4:21:42:ab:
         ac:c3:36:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA7cw5rtSJ5I3JjEYbOCgnvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwNjIxMTUzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWZhZTdiYmFlZjEyMjg0ODRmZTliYjYwNTk1Njc0MDE5MGM1ZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+g3c9e5iYXstK+fuvG60Nz1PMmk
0lrvOh6NU8qYbeA+rcHRu8RSddKhdE3rYZq4yafX+V+NywjLGYODS/xWQEL6NiJz
5cMmYFV7KG5wvpJgmvfO5y8sTbd3vUVvLJ62130JP5tZtKk9tDuILigH4vgnnwPj
TvXmBoxsRndP0XiErHYyRwO/VvInWKSVxRN7hFb/Jsu2pGt0WGr+2hGpuoVWtBOz
REgHVzanI1gavwkWMu5YrV+WRnKJgVzTpnkBeYZZ22oixlIvkVhfgUEHohwrO3hb
ugdve5bIfJ0Xc7N7Se25VSmhaDA6TaI9xj84zNwG7NXDI/HtO7A0eDFfNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7657uu8SKEhP6btgWVZ0AZDF+sMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvN3ZybnU2N3hJb1NFX3B1MkJaVm5RQmtNWDZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJGMA0G
CSqGSIb3DQEBCwUAA4IBAQA9Jlv3DWH7I9t2OcqxZcliJqy9G3yf/g16HEcTTcQJ
d8Sf1rHtPD05wdQcDcFtBohMDvfHwsRbwd53vLT8OquLXQx1m/4oCP+FNqNGnBb5
4mzw8xfMTsA72FEhmpV1l3a9q7NwF+43rtLbjUmwO/ak55MzUJeFlY+buABa1vsQ
OQzqZOhm8mDtKR//849lCxKgiOvsJATYgQRvPS6i/AGz3sZrUdZ/IFYx88Hr+78J
nZ+H5Pb4U3bbTYJDHf1nDjTiXbrsolU2u80OLeJ0QgSviA2goDedBknRrS9/X6qU
h7AfQUJvFx0ZxFwToJYcxV3EtbwZ94r5ceQhQquswzbw
-----END CERTIFICATE-----