Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/Md-crvhdTpDpDvWZiF-t87BiFi8.roa
File:                     Md-crvhdTpDpDvWZiF-t87BiFi8.roa (raw, json)
Hash identifier:          wRs1I/W6rUmHPf9ky7qxgoVzRRGifkp3gc6WUm7ierU=
Subject key identifier:   31:DF:9C:AE:F8:5D:4E:90:E9:0E:F5:99:88:5F:AD:F3:B0:62:16:2F
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018CC86F55B3D5B0138CEA21FBA7A1CF6D1A
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/Md-crvhdTpDpDvWZiF-t87BiFi8.roa
Signing time:             Tue 02 Jan 2024 04:29:48 +0000
ROA not before:           Tue 02 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207957
IP address blocks:        80.66.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:55:b3:d5:b0:13:8c:ea:21:fb:a7:a1:cf:6d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31df9caef85d4e90e90ef599885fadf3b062162f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6f:f2:87:a1:01:25:93:89:fb:96:d4:2f:bc:
                    5b:02:8c:e8:2d:eb:4c:c2:c7:91:29:5f:c5:7c:72:
                    44:23:6a:d2:29:8b:1b:c2:cf:79:98:aa:4f:7c:08:
                    82:5c:5d:98:25:ce:9e:a8:c3:12:53:ab:f8:75:54:
                    06:61:69:3e:70:ed:58:fc:3d:87:42:d4:77:17:a2:
                    9c:17:4a:68:e3:a1:46:f9:9e:d7:9d:46:83:2f:1f:
                    e6:d2:3a:00:c4:fa:de:dc:16:60:67:b0:58:66:60:
                    cc:2d:9e:67:f1:ed:f7:35:0f:f5:e0:ff:ac:76:4a:
                    70:44:d0:68:1a:25:d5:95:01:c8:95:cf:f1:a1:35:
                    07:c0:14:5e:18:7f:fc:86:b2:a6:86:1d:3a:94:85:
                    35:a9:ba:25:0e:b8:21:c5:49:5f:8e:0b:8e:c9:2e:
                    86:ed:6c:23:3d:26:01:0c:44:d6:92:2f:c7:86:09:
                    7c:a9:35:ab:7b:bb:f9:67:d4:04:52:c7:b5:d2:20:
                    4c:f2:cb:21:1e:9d:22:98:82:93:79:35:d4:43:fa:
                    29:9a:c9:8f:01:87:58:4c:93:f5:b8:fc:bb:cb:51:
                    89:25:4a:69:54:d6:35:37:98:f4:29:c5:4b:1e:27:
                    92:a5:5a:c3:fd:1c:02:4a:ab:cf:7e:e4:73:96:89:
                    a8:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:DF:9C:AE:F8:5D:4E:90:E9:0E:F5:99:88:5F:AD:F3:B0:62:16:2F
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/Md-crvhdTpDpDvWZiF-t87BiFi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:5c:1a:83:5e:fe:e1:9b:d5:f8:b0:39:4c:a1:d8:f2:be:10:
         f9:d2:52:29:78:b9:97:f2:53:60:56:e0:12:72:17:08:e8:4d:
         44:ba:aa:04:56:93:65:4d:04:b1:f5:c9:94:52:7d:15:cc:85:
         34:23:65:d8:01:8e:87:41:05:8d:b6:51:72:a4:d8:40:10:c6:
         f5:58:c8:13:01:55:01:c8:e0:05:a5:69:3c:aa:c5:7f:bb:c0:
         b4:83:e3:6a:6b:81:c9:44:18:85:a0:d8:f3:78:33:7b:3c:23:
         2c:05:f4:95:52:b2:92:25:4f:c2:1c:ee:fc:00:21:90:2e:ff:
         f2:60:f5:bf:20:bc:37:ff:c1:18:3d:96:ba:60:ec:a8:46:18:
         04:e8:71:7b:83:6b:e0:0c:e4:47:8d:e0:a5:f6:b0:3d:e6:4d:
         1a:f5:e4:f4:e2:e8:15:0e:e8:d5:34:8e:7e:3c:26:2c:f9:ef:
         67:1d:bf:e8:d7:33:a4:a2:e7:0e:21:c8:62:10:ce:d9:56:12:
         4e:f1:1b:23:76:eb:7e:ba:be:d8:7f:24:63:a4:8c:3e:48:31:
         21:17:9f:b5:b7:20:38:0a:ad:b8:83:9b:8c:72:54:3d:ff:25:
         83:7a:f5:07:50:1c:b8:a2:67:d7:7c:96:f9:31:b4:f7:30:91:
         75:4e:16:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1Wz1bATjOoh+6ehz20aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMTAyMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWRmOWNhZWY4NWQ0ZTkwZTkwZWY1OTk4ODVmYWRmM2IwNjIxNjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuW/yh6EBJZOJ+5bUL7xbAozoLetM
wseRKV/FfHJEI2rSKYsbws95mKpPfAiCXF2YJc6eqMMSU6v4dVQGYWk+cO1Y/D2H
QtR3F6KcF0po46FG+Z7XnUaDLx/m0joAxPre3BZgZ7BYZmDMLZ5n8e33NQ/14P+s
dkpwRNBoGiXVlQHIlc/xoTUHwBReGH/8hrKmhh06lIU1qbolDrghxUlfjguOyS6G
7WwjPSYBDETWki/Hhgl8qTWre7v5Z9QEUse10iBM8sshHp0imIKTeTXUQ/opmsmP
AYdYTJP1uPy7y1GJJUppVNY1N5j0KcVLHieSpVrD/RwCSqvPfuRzlomoRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHfnK74XU6Q6Q71mYhfrfOwYhYvMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvTWQtY3J2aGRUcERwRHZXWmlGLXQ4N0JpRmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJZMA0G
CSqGSIb3DQEBCwUAA4IBAQBoXBqDXv7hm9X4sDlModjyvhD50lIpeLmX8lNgVuAS
chcI6E1EuqoEVpNlTQSx9cmUUn0VzIU0I2XYAY6HQQWNtlFypNhAEMb1WMgTAVUB
yOAFpWk8qsV/u8C0g+Nqa4HJRBiFoNjzeDN7PCMsBfSVUrKSJU/CHO78ACGQLv/y
YPW/ILw3/8EYPZa6YOyoRhgE6HF7g2vgDORHjeCl9rA95k0a9eT04ugVDujVNI5+
PCYs+e9nHb/o1zOkoucOIchiEM7ZVhJO8Rsjdut+ur7YfyRjpIw+SDEhF5+1tyA4
Cq24g5uMclQ9/yWDevUHUBy4omfXfJb5MbT3MJF1ThbB
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:39:38 2024 by rpki-client on console-fra.rpki-client.org