Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/mHPI6ziQlfw_LqOAsA9ciBy0btU.roa
File:                     mHPI6ziQlfw_LqOAsA9ciBy0btU.roa (raw, json)
Hash identifier:          rGOCR6nuyMuqjGzrjZryVLVUqTtjVCBQMkXUQ60z0BA=
Subject key identifier:   98:73:C8:EB:38:90:95:FC:3F:2E:A3:80:B0:0F:5C:88:1C:B4:6E:D5
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018DE536C5F72655602B443E12B7FF3D081D
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/mHPI6ziQlfw_LqOAsA9ciBy0btU.roa
Signing time:             Mon 26 Feb 2024 11:39:48 +0000
ROA not before:           Mon 26 Feb 2024 11:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        80.66.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:36:c5:f7:26:55:60:2b:44:3e:12:b7:ff:3d:08:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Feb 26 11:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9873c8eb389095fc3f2ea380b00f5c881cb46ed5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f0:34:9d:74:09:fd:fc:41:32:58:c9:a3:ed:
                    5d:33:38:78:25:36:7d:10:24:4e:67:79:aa:16:1e:
                    94:53:04:15:79:ca:e2:74:cf:92:90:f9:be:e1:cb:
                    8f:04:70:76:56:6e:e3:59:2d:d9:52:35:b0:34:c6:
                    19:65:24:e1:b9:9a:b0:85:6d:95:f1:10:4a:c2:21:
                    c9:66:29:27:86:07:16:64:2e:94:84:27:2e:76:66:
                    81:6c:3d:e6:8f:4d:5b:07:e7:27:de:0b:e0:11:01:
                    08:02:de:8e:0e:b3:60:c5:1c:f0:bf:e2:fe:6d:12:
                    e4:36:10:6c:ac:38:65:55:8a:a6:78:fe:30:b6:02:
                    3e:18:c0:d3:01:fa:f0:b1:32:6e:7c:f3:1f:0b:c8:
                    bb:06:80:bc:d8:95:32:d2:cc:75:f2:29:53:13:db:
                    2b:db:f3:ed:6e:c3:db:bd:d2:fc:d7:9d:61:e2:3c:
                    62:49:11:e4:b8:86:05:64:c4:5b:db:4d:a0:a5:47:
                    d8:eb:fd:2e:40:52:8b:83:47:5f:31:d6:16:58:2b:
                    77:80:77:a4:40:4d:f7:96:a9:db:de:a1:92:b1:6f:
                    d0:7b:2c:e9:77:89:b7:7e:27:b0:59:49:69:8e:0f:
                    d6:29:a2:ae:55:5d:fc:24:64:e1:b1:60:5e:8c:3f:
                    8c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:73:C8:EB:38:90:95:FC:3F:2E:A3:80:B0:0F:5C:88:1C:B4:6E:D5
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/mHPI6ziQlfw_LqOAsA9ciBy0btU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:b9:e6:f4:db:9d:f3:c9:62:aa:4d:a8:99:a7:50:d8:45:2a:
         97:e5:ed:41:c2:2f:10:36:0c:9b:94:c2:4b:b7:10:56:1d:35:
         84:fe:02:bc:62:47:36:b9:59:f0:bd:56:89:27:33:c9:06:e5:
         3d:c7:5c:5c:04:bd:dc:2a:01:9b:24:1d:bc:2e:59:52:54:17:
         8c:97:69:2e:4d:98:73:79:e3:c2:ab:e0:6e:f2:01:65:b3:c7:
         a5:4b:17:1a:03:99:ed:26:80:0c:79:7e:e2:5e:37:27:da:63:
         f1:96:d0:1f:6d:3e:9d:16:ba:69:8d:b0:3a:08:66:e9:ed:25:
         b0:ce:73:e5:31:7c:aa:77:e0:b4:37:de:67:a4:52:80:04:89:
         47:3b:63:b9:12:05:4e:2c:63:02:2c:36:18:66:ef:f8:09:88:
         e8:4b:7f:e2:51:27:f0:66:6e:fe:1e:7d:64:6c:af:fd:42:74:
         77:8e:3d:ff:4c:eb:41:7a:a4:b4:3a:49:15:e0:5e:ed:9b:de:
         a8:54:c3:ba:6f:44:1a:13:e5:dc:bf:ed:40:3f:a7:16:38:6d:
         2e:a8:7a:d5:c7:5e:66:60:b4:94:41:62:de:57:88:c2:42:e1:
         d2:6e:43:6c:25:80:a2:75:06:35:bc:d5:05:69:56:70:bf:91:
         32:5c:9d:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3lNsX3JlVgK0Q+Erf/PQgdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMjI2MTEzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODczYzhlYjM4OTA5NWZjM2YyZWEzODBiMDBmNWM4ODFjYjQ2ZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfA0nXQJ/fxBMljJo+1dMzh4JTZ9
ECROZ3mqFh6UUwQVecridM+SkPm+4cuPBHB2Vm7jWS3ZUjWwNMYZZSThuZqwhW2V
8RBKwiHJZiknhgcWZC6UhCcudmaBbD3mj01bB+cn3gvgEQEIAt6ODrNgxRzwv+L+
bRLkNhBsrDhlVYqmeP4wtgI+GMDTAfrwsTJufPMfC8i7BoC82JUy0sx18ilTE9sr
2/PtbsPbvdL8151h4jxiSRHkuIYFZMRb202gpUfY6/0uQFKLg0dfMdYWWCt3gHek
QE33lqnb3qGSsW/Qeyzpd4m3fiewWUlpjg/WKaKuVV38JGThsWBejD+MbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhzyOs4kJX8Py6jgLAPXIgctG7VMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvbUhQSTZ6aVFsZndfTHFPQXNBOWNpQnkwYnRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJUMA0G
CSqGSIb3DQEBCwUAA4IBAQAYueb0253zyWKqTaiZp1DYRSqX5e1Bwi8QNgyblMJL
txBWHTWE/gK8Ykc2uVnwvVaJJzPJBuU9x1xcBL3cKgGbJB28LllSVBeMl2kuTZhz
eePCq+Bu8gFls8elSxcaA5ntJoAMeX7iXjcn2mPxltAfbT6dFrppjbA6CGbp7SWw
znPlMXyqd+C0N95npFKABIlHO2O5EgVOLGMCLDYYZu/4CYjoS3/iUSfwZm7+Hn1k
bK/9QnR3jj3/TOtBeqS0OkkV4F7tm96oVMO6b0QaE+Xcv+1AP6cWOG0uqHrVx15m
YLSUQWLeV4jCQuHSbkNsJYCidQY1vNUFaVZwv5EyXJ1R
-----END CERTIFICATE-----