Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/NxftkZQxhYA3gBK3YLZ--5dhjYY.roa
File:                     NxftkZQxhYA3gBK3YLZ--5dhjYY.roa (raw, json)
Hash identifier:          4yrwLP1M0nV7nvr8eZqE21N8mlyaBcxifLM+RHEawwg=
Subject key identifier:   37:17:ED:91:94:31:85:80:37:80:12:B7:60:B6:7E:FB:97:61:8D:86
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018CD8FE37C8F11958CD01DC2084BC87A4FE
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/NxftkZQxhYA3gBK3YLZ--5dhjYY.roa
Signing time:             Fri 05 Jan 2024 09:39:48 +0000
ROA not before:           Fri 05 Jan 2024 09:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206980
IP address blocks:        80.66.82.0/24 maxlen: 24
                          80.66.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d8:fe:37:c8:f1:19:58:cd:01:dc:20:84:bc:87:a4:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  5 09:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3717ed9194318580378012b760b67efb97618d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:65:9f:15:77:3c:46:2e:24:a1:a8:c2:1d:e5:
                    bf:49:30:3f:dd:c0:3f:0b:a8:89:31:ef:37:d1:d8:
                    78:21:da:49:23:ad:64:28:04:49:0e:a4:fb:f3:39:
                    3f:98:60:1b:5e:73:59:5d:ec:30:08:d7:f4:36:64:
                    9f:94:19:eb:99:3a:76:d5:49:c0:00:d0:d1:da:ff:
                    5b:a3:b3:bc:8e:df:3b:a1:e9:9f:8b:e0:7b:db:ca:
                    b9:8b:3a:6e:89:56:b3:db:92:2f:d8:71:ad:e1:76:
                    62:48:59:a1:ec:1b:d7:e9:81:c7:12:e3:86:af:b2:
                    b2:bc:e5:ca:90:cd:22:1c:87:21:38:6a:17:27:e9:
                    75:b4:f5:bb:56:0f:47:64:df:da:e0:e3:ea:b9:6f:
                    69:ea:6e:b9:81:c7:26:40:db:be:4c:cb:04:3d:01:
                    bc:3e:fa:0a:71:3d:88:68:e0:93:aa:eb:d6:ee:13:
                    ac:91:a3:55:93:1c:48:5e:3a:46:0a:c0:f5:17:20:
                    39:cd:ab:a2:ef:82:10:82:0e:3c:69:2d:c1:4d:7c:
                    d6:65:1c:06:a6:b2:98:07:26:c5:7a:f4:ef:d8:b0:
                    87:4e:81:cc:5b:f6:2f:de:6b:51:74:b1:43:f8:0b:
                    e1:53:c1:ca:81:ca:f4:ed:83:3e:42:3d:05:2b:2b:
                    5b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:17:ED:91:94:31:85:80:37:80:12:B7:60:B6:7E:FB:97:61:8D:86
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/NxftkZQxhYA3gBK3YLZ--5dhjYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.71.0/24
                  80.66.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:fb:c1:6d:34:59:0f:a8:fb:fc:d5:e5:8d:d2:5e:3b:f5:d0:
         0a:a9:47:4f:b5:0a:35:c1:b4:67:de:92:c0:46:30:c5:88:26:
         72:ee:37:94:05:63:fb:56:e7:dc:81:f2:89:50:e1:55:9d:98:
         0c:6e:39:37:1b:ab:ac:fa:44:97:e9:ba:a0:b2:8f:21:de:0b:
         d8:91:bc:08:98:cd:c9:51:17:c0:96:16:cb:25:07:40:d6:54:
         cc:c0:37:45:6d:ec:4a:43:60:4f:e5:08:3a:1c:65:12:5b:c5:
         75:b3:5e:77:ae:b0:97:48:11:06:1e:22:73:bf:e8:cb:a7:02:
         df:d0:eb:50:31:08:2f:7b:56:6a:77:c9:ed:59:f2:31:e5:c3:
         a7:31:bb:86:28:a7:4f:df:09:65:eb:06:ed:f2:13:5e:ef:8b:
         d2:8a:d1:de:2b:12:8c:5f:dd:b9:fd:82:1d:e7:59:83:a7:93:
         a9:bf:74:ea:b6:c6:6c:dd:eb:24:97:2e:ef:0a:64:f5:7c:15:
         08:66:27:e4:2e:a6:0b:c2:5e:98:10:95:1b:83:58:44:43:9c:
         54:90:42:45:78:32:c7:99:df:23:72:e9:8e:90:df:e1:98:38:
         a9:bc:e1:c8:20:8e:e2:20:be:a6:b0:22:87:06:97:83:b5:44:
         33:c1:45:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzY/jfI8RlYzQHcIIS8h6T+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMTA1MDkzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzE3ZWQ5MTk0MzE4NTgwMzc4MDEyYjc2MGI2N2VmYjk3NjE4ZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmWfFXc8Ri4koajCHeW/STA/3cA/
C6iJMe830dh4IdpJI61kKARJDqT78zk/mGAbXnNZXewwCNf0NmSflBnrmTp21UnA
ANDR2v9bo7O8jt87oemfi+B728q5izpuiVaz25Iv2HGt4XZiSFmh7BvX6YHHEuOG
r7KyvOXKkM0iHIchOGoXJ+l1tPW7Vg9HZN/a4OPquW9p6m65gccmQNu+TMsEPQG8
PvoKcT2IaOCTquvW7hOskaNVkxxIXjpGCsD1FyA5zaui74IQgg48aS3BTXzWZRwG
prKYBybFevTv2LCHToHMW/Yv3mtRdLFD+AvhU8HKgcr07YM+Qj0FKytbTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDcX7ZGUMYWAN4ASt2C2fvuXYY2GMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvTnhmdGtaUXhoWUEzZ0JLM1lMWi0tNWRoallZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEJHAwQA
UEJSMA0GCSqGSIb3DQEBCwUAA4IBAQBG+8FtNFkPqPv81eWN0l479dAKqUdPtQo1
wbRn3pLARjDFiCZy7jeUBWP7VufcgfKJUOFVnZgMbjk3G6us+kSX6bqgso8h3gvY
kbwImM3JURfAlhbLJQdA1lTMwDdFbexKQ2BP5Qg6HGUSW8V1s153rrCXSBEGHiJz
v+jLpwLf0OtQMQgve1Zqd8ntWfIx5cOnMbuGKKdP3wll6wbt8hNe74vSitHeKxKM
X925/YId51mDp5Opv3TqtsZs3eskly7vCmT1fBUIZifkLqYLwl6YEJUbg1hEQ5xU
kEJFeDLHmd8jcumOkN/hmDipvOHIII7iIL6msCKHBpeDtUQzwUXk
-----END CERTIFICATE-----