Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/eHMGQjOZXw5_rgA5oZKFNp9N7uM.roa
File:                     eHMGQjOZXw5_rgA5oZKFNp9N7uM.roa (raw, json)
Hash identifier:          q00YxCXZiKyV5wcFj6KKfNq78k1TGXTXOtVaRpAUIsY=
Subject key identifier:   78:73:06:42:33:99:5F:0E:7F:AE:00:39:A1:92:85:36:9F:4D:EE:E3
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018CC86F50E27869709D8C5266715F931870
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/eHMGQjOZXw5_rgA5oZKFNp9N7uM.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8711
IP address blocks:        80.66.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:50:e2:78:69:70:9d:8c:52:66:71:5f:93:18:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7873064233995f0e7fae0039a19285369f4deee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ea:a2:16:d6:87:c6:91:9a:3d:79:0b:9a:ce:
                    a1:36:5d:6e:61:f2:31:a4:76:22:28:fc:67:3a:e0:
                    22:10:24:c8:9e:71:fc:90:a8:d3:5b:3f:ea:a7:80:
                    a6:f6:9e:d8:8b:cd:41:8b:73:82:41:5e:ed:de:c5:
                    f0:8b:46:b5:2e:0e:4b:0c:6e:60:5e:01:b9:74:52:
                    47:fc:ef:2e:b7:c5:0b:38:5f:09:36:d1:57:53:f4:
                    66:cd:4d:56:b9:d3:bb:ac:75:7b:9c:58:f4:42:18:
                    1a:3f:0d:dd:85:02:86:53:88:82:1f:18:fc:76:54:
                    df:5f:53:f3:d9:dc:a2:3b:47:ae:78:58:4f:50:d8:
                    c8:91:3c:32:75:22:2b:34:0e:bd:5c:41:1d:51:14:
                    37:8d:48:ef:7b:f0:d7:33:f6:01:92:db:ba:97:ee:
                    6f:a5:04:6a:11:39:29:ca:75:8d:b8:83:25:5d:e4:
                    2e:87:60:ba:a1:47:86:30:fc:2c:18:3d:b7:34:67:
                    2f:00:ba:c9:a7:cf:b2:f4:13:44:93:dc:32:e7:87:
                    74:ee:29:da:40:d9:70:86:40:1b:eb:1a:15:b8:07:
                    6a:c7:d4:a6:87:78:f4:dd:8a:0c:2a:d2:58:15:8c:
                    6e:9f:f6:36:b5:7e:ba:07:58:48:eb:1d:dd:c6:43:
                    d6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:73:06:42:33:99:5F:0E:7F:AE:00:39:A1:92:85:36:9F:4D:EE:E3
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/eHMGQjOZXw5_rgA5oZKFNp9N7uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:19:17:b1:66:6d:66:f1:d0:2a:0d:55:5f:fa:56:f0:7b:f1:
         79:15:8c:26:ce:fa:cc:0a:42:fe:64:cf:21:d5:35:34:e6:23:
         42:f9:a0:45:f3:cc:d9:a3:63:f3:90:82:f1:da:0d:ca:c1:07:
         1d:3f:43:52:41:d2:ea:39:91:e7:e7:56:31:92:e3:9b:01:fe:
         22:84:b4:88:46:7e:73:65:cc:ad:69:53:cd:fe:74:a3:1b:0c:
         11:d2:ee:0d:f8:cd:44:da:75:b8:ff:8a:79:21:60:3d:53:f4:
         75:c5:c9:4e:d9:82:f3:83:4e:d5:25:3e:5e:90:f2:0c:6e:7a:
         95:12:82:15:e0:27:98:ae:24:b4:f9:8a:2c:ac:51:30:72:6b:
         5d:47:52:d5:8c:8d:d3:67:b4:3f:93:8d:bb:5a:00:78:02:e3:
         ac:ba:5c:93:07:b4:8d:40:9f:c0:d9:5a:16:22:05:d5:34:22:
         43:ff:33:c3:a9:fa:3d:6a:08:16:ed:ad:3f:20:8a:56:d9:a3:
         bf:40:e0:af:75:9c:7e:9c:07:b3:b5:d4:94:1d:59:15:50:0d:
         dd:56:40:a4:b1:e6:01:de:ef:e6:c9:05:f6:77:c1:3d:3b:77:
         ab:c0:e5:ad:a2:4a:48:22:b8:b7:a7:fd:42:2b:ef:8d:99:fe:
         cf:a3:48:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1DieGlwnYxSZnFfkxhwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODczMDY0MjMzOTk1ZjBlN2ZhZTAwMzlhMTkyODUzNjlmNGRlZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+qiFtaHxpGaPXkLms6hNl1uYfIx
pHYiKPxnOuAiECTInnH8kKjTWz/qp4Cm9p7Yi81Bi3OCQV7t3sXwi0a1Lg5LDG5g
XgG5dFJH/O8ut8ULOF8JNtFXU/RmzU1WudO7rHV7nFj0QhgaPw3dhQKGU4iCHxj8
dlTfX1Pz2dyiO0eueFhPUNjIkTwydSIrNA69XEEdURQ3jUjve/DXM/YBktu6l+5v
pQRqETkpynWNuIMlXeQuh2C6oUeGMPwsGD23NGcvALrJp8+y9BNEk9wy54d07ina
QNlwhkAb6xoVuAdqx9Smh3j03YoMKtJYFYxun/Y2tX66B1hI6x3dxkPWHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhzBkIzmV8Of64AOaGShTafTe7jMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvZUhNR1FqT1pYdzVfcmdBNW9aS0ZOcDlON3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJDMA0G
CSqGSIb3DQEBCwUAA4IBAQCGGRexZm1m8dAqDVVf+lbwe/F5FYwmzvrMCkL+ZM8h
1TU05iNC+aBF88zZo2PzkILx2g3KwQcdP0NSQdLqOZHn51YxkuObAf4ihLSIRn5z
ZcytaVPN/nSjGwwR0u4N+M1E2nW4/4p5IWA9U/R1xclO2YLzg07VJT5ekPIMbnqV
EoIV4CeYriS0+YosrFEwcmtdR1LVjI3TZ7Q/k427WgB4AuOsulyTB7SNQJ/A2VoW
IgXVNCJD/zPDqfo9aggW7a0/IIpW2aO/QOCvdZx+nAeztdSUHVkVUA3dVkCkseYB
3u/myQX2d8E9O3erwOWtokpIIri3p/1CK++Nmf7Po0gv
-----END CERTIFICATE-----