Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/lnfSRPIjJ_rnv2rA9LFnWqyasxU.roa
File:                     lnfSRPIjJ_rnv2rA9LFnWqyasxU.roa (raw, json)
Hash identifier:          6y5/RH+pWSVtrPaN0CjFr8pkFmjDA1Ymsw/HEzVgX0w=
Subject key identifier:   96:77:D2:44:F2:23:27:FA:E7:BF:6A:C0:F4:B1:67:5A:AC:9A:B3:15
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       019424452A08F11F34FECA3B10726E9E2F8A
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/lnfSRPIjJ_rnv2rA9LFnWqyasxU.roa
Signing time:             Wed 01 Jan 2025 23:48:20 +0000
ROA not before:           Wed 01 Jan 2025 23:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207957
IP address blocks:        80.66.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:2a:08:f1:1f:34:fe:ca:3b:10:72:6e:9e:2f:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  1 23:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9677d244f22327fae7bf6ac0f4b1675aac9ab315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:e7:2f:d7:74:02:21:bf:e9:3f:28:e2:90:d0:
                    27:56:1c:1f:ec:1d:5f:87:a2:8d:00:bb:bd:34:c7:
                    99:f3:39:fc:0b:32:50:da:ba:e0:78:1c:ee:95:8b:
                    aa:17:26:ac:2a:fe:85:e3:06:d9:c6:da:9b:06:ba:
                    c1:b0:8a:57:c8:2d:52:63:04:e7:d4:81:0c:14:fc:
                    4c:5e:cb:14:8b:3c:f2:03:34:09:da:95:f2:35:b1:
                    28:3d:72:ce:28:52:04:80:27:3f:4a:bc:31:0b:a2:
                    52:bf:92:8b:76:40:80:f3:66:22:bc:5d:cb:a9:2d:
                    8e:04:c4:4d:8a:d4:3c:86:b9:16:97:b2:33:bc:1f:
                    cd:ae:0b:e1:68:fa:e6:71:b1:f3:2a:24:4c:16:35:
                    ad:d6:f1:33:2b:c2:c5:73:9c:ec:a9:bc:2a:39:05:
                    d0:c4:6c:d8:c2:65:58:20:85:69:fb:2e:01:c8:f9:
                    5a:5a:97:3e:6c:e7:34:49:90:6e:ac:28:14:42:27:
                    8a:0b:22:73:2d:aa:64:ab:3a:0f:27:43:12:de:1f:
                    ff:9a:bb:82:90:8b:94:eb:37:a0:ba:ad:e7:f1:a1:
                    63:93:61:1d:ed:96:77:df:d0:60:6e:f7:a3:53:a0:
                    72:4e:de:db:6c:e8:29:27:26:23:fe:80:3e:54:3a:
                    6d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:77:D2:44:F2:23:27:FA:E7:BF:6A:C0:F4:B1:67:5A:AC:9A:B3:15
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/lnfSRPIjJ_rnv2rA9LFnWqyasxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:bc:0e:21:37:9c:25:7a:5d:2c:37:85:a9:4c:2f:ca:0d:c5:
         d6:ee:2d:9c:57:43:ca:d4:51:98:0e:18:aa:ec:7c:e2:69:b8:
         b3:84:52:70:3e:a2:56:d6:fd:5f:34:69:70:82:4d:c9:32:a2:
         48:a3:bc:cd:6c:73:b8:8b:5d:98:b1:2b:8f:10:d8:71:06:f7:
         bf:e8:a3:48:25:41:3f:40:1f:07:1c:3b:cc:e7:1e:e7:42:0b:
         96:fa:c2:f7:5b:ae:f2:43:b6:bf:63:a4:e1:14:34:1b:e0:54:
         40:6f:69:a3:02:a3:5b:1f:db:df:9a:91:75:4c:c6:a3:90:54:
         66:72:df:b2:ec:a5:d0:bc:7a:bd:9e:3c:e1:2b:c6:22:21:70:
         ba:c9:b9:20:e7:d7:12:6e:69:ba:39:7c:a6:91:1b:e5:7d:5e:
         4e:d1:4c:b8:52:2c:fd:0d:75:b8:51:da:6c:32:b9:db:a6:0a:
         d7:f9:f4:b2:ab:f3:44:dc:82:48:7d:4a:7d:9e:63:f1:09:5f:
         db:a3:22:9c:fb:1b:ec:ea:82:e2:6b:f8:96:d2:c4:24:63:24:
         52:7a:a2:a4:10:f3:d7:58:f7:6c:7d:0e:21:92:d8:6c:63:61:
         0a:cf:b6:83:23:c8:c8:79:87:d4:37:39:58:c3:ed:f8:91:36:
         ab:57:fc:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRSoI8R80/so7EHJuni+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjUwMTAxMjM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njc3ZDI0NGYyMjMyN2ZhZTdiZjZhYzBmNGIxNjc1YWFjOWFiMzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ecv13QCIb/pPyjikNAnVhwf7B1f
h6KNALu9NMeZ8zn8CzJQ2rrgeBzulYuqFyasKv6F4wbZxtqbBrrBsIpXyC1SYwTn
1IEMFPxMXssUizzyAzQJ2pXyNbEoPXLOKFIEgCc/SrwxC6JSv5KLdkCA82YivF3L
qS2OBMRNitQ8hrkWl7IzvB/NrgvhaPrmcbHzKiRMFjWt1vEzK8LFc5zsqbwqOQXQ
xGzYwmVYIIVp+y4ByPlaWpc+bOc0SZBurCgUQieKCyJzLapkqzoPJ0MS3h//mruC
kIuU6zeguq3n8aFjk2Ed7ZZ339BgbvejU6ByTt7bbOgpJyYj/oA+VDptKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZ30kTyIyf6579qwPSxZ1qsmrMVMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvbG5mU1JQSWpKX3JudjJyQTlMRm5XcXlhc3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJZMA0G
CSqGSIb3DQEBCwUAA4IBAQAxvA4hN5wlel0sN4WpTC/KDcXW7i2cV0PK1FGYDhiq
7HziabizhFJwPqJW1v1fNGlwgk3JMqJIo7zNbHO4i12YsSuPENhxBve/6KNIJUE/
QB8HHDvM5x7nQguW+sL3W67yQ7a/Y6ThFDQb4FRAb2mjAqNbH9vfmpF1TMajkFRm
ct+y7KXQvHq9njzhK8YiIXC6ybkg59cSbmm6OXymkRvlfV5O0Uy4Uiz9DXW4Udps
MrnbpgrX+fSyq/NE3IJIfUp9nmPxCV/boyKc+xvs6oLia/iW0sQkYyRSeqKkEPPX
WPdsfQ4hkthsY2EKz7aDI8jIeYfUNzlYw+34kTarV/xt
-----END CERTIFICATE-----