Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/nsOvbjb1TNSx2u7BUmQra8F8iNU.roa
File:                     nsOvbjb1TNSx2u7BUmQra8F8iNU.roa (raw, json)
Hash identifier:          y2lXY8swYsJj5FkjF0M5Xak7JQxiOHB7809PchjSzjM=
Subject key identifier:   9E:C3:AF:6E:36:F5:4C:D4:B1:DA:EE:C1:52:64:2B:6B:C1:7C:88:D5
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       01942445252C396FFB5EC2D12094FA819EB2
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/nsOvbjb1TNSx2u7BUmQra8F8iNU.roa
Signing time:             Wed 01 Jan 2025 23:48:18 +0000
ROA not before:           Wed 01 Jan 2025 23:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52000
IP address blocks:        80.66.69.0/24 maxlen: 24
                          87.251.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:25:2c:39:6f:fb:5e:c2:d1:20:94:fa:81:9e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  1 23:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ec3af6e36f54cd4b1daeec152642b6bc17c88d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:16:e2:a6:63:3e:ef:20:1c:79:3c:28:d6:b0:
                    00:b6:52:fe:df:c0:4b:a2:b7:53:ab:e3:9b:33:40:
                    69:b9:62:6d:f1:2a:89:76:c8:ed:73:af:1c:21:92:
                    84:35:3a:de:23:36:51:05:0a:65:c5:e5:ee:5d:33:
                    1c:2f:70:a6:d2:8b:9a:ba:f4:61:ef:e5:52:b1:9c:
                    22:55:18:25:fd:dc:33:10:03:52:56:09:ba:b0:71:
                    bf:9c:0e:4a:2d:68:a5:fd:8d:a2:c5:df:95:84:14:
                    42:9e:d0:aa:01:30:18:f8:f6:f7:ea:5f:ae:cf:3d:
                    48:37:d2:58:a5:4c:34:ee:80:5f:3f:45:22:b1:92:
                    17:8b:9e:1e:11:96:f6:db:fc:ea:8b:e9:c5:8b:86:
                    8c:47:6a:9c:d5:5f:77:78:86:c5:7d:d9:35:e6:bf:
                    bc:a6:9e:49:f2:fb:ca:5b:9c:4a:b5:91:37:00:17:
                    35:bf:14:31:12:3b:5b:ae:93:ce:35:15:a6:fd:4c:
                    e8:28:93:57:26:e8:34:9b:95:10:fa:88:6a:de:8b:
                    d3:71:8d:47:93:fd:dd:dc:c7:43:6d:18:70:0c:3d:
                    66:ac:0c:50:72:a5:7f:b1:27:e3:9e:d7:80:2b:9d:
                    b0:a0:23:fc:6a:43:5a:53:0f:8d:51:fe:5e:0e:11:
                    b1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C3:AF:6E:36:F5:4C:D4:B1:DA:EE:C1:52:64:2B:6B:C1:7C:88:D5
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/nsOvbjb1TNSx2u7BUmQra8F8iNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.69.0/24
                  87.251.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:de:15:85:67:b1:c8:d9:86:cc:7e:b0:57:3a:89:c1:11:c7:
         b2:a9:4d:da:1c:e7:a8:a5:0d:bc:3d:b9:90:d7:74:2a:14:0d:
         e8:9b:ef:f1:42:7c:5b:7f:4d:89:ba:59:59:57:ea:92:35:f2:
         51:fa:38:b3:6c:35:1b:bd:96:27:99:15:1e:87:a6:14:82:d9:
         8b:13:eb:23:38:b1:58:70:fb:0e:d7:77:37:99:f8:ed:d6:6c:
         ca:2d:a8:34:af:c5:e6:f6:8a:1c:e3:71:16:d2:8d:1f:a5:c9:
         21:48:16:dc:f2:04:c6:c4:e6:bb:15:d2:e2:96:22:6d:5f:77:
         1c:2a:bc:07:94:1e:a0:d2:5b:2e:23:ab:9e:0a:41:57:ba:ea:
         be:78:88:ad:f8:f5:a9:66:e5:54:0d:6c:55:21:3f:c5:aa:9e:
         66:e7:19:f4:48:24:97:d0:79:81:30:b3:ef:bc:77:42:3f:c1:
         70:6d:f6:71:58:09:9f:f6:d7:12:cd:36:fc:8e:90:f7:d5:8e:
         8b:86:0c:f3:ef:e4:ad:68:89:99:a6:f6:71:2b:d6:b0:ba:3b:
         16:5d:85:98:87:30:a0:84:f6:d4:7b:d7:39:a8:73:e7:79:17:
         95:13:e9:c8:07:bf:5e:9e:b4:34:5a:58:20:32:6e:5c:3f:c4:
         91:47:27:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRSUsOW/7XsLRIJT6gZ6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjUwMTAxMjM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWMzYWY2ZTM2ZjU0Y2Q0YjFkYWVlYzE1MjY0MmI2YmMxN2M4OGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxbipmM+7yAceTwo1rAAtlL+38BL
ordTq+ObM0BpuWJt8SqJdsjtc68cIZKENTreIzZRBQplxeXuXTMcL3Cm0ouauvRh
7+VSsZwiVRgl/dwzEANSVgm6sHG/nA5KLWil/Y2ixd+VhBRCntCqATAY+Pb36l+u
zz1IN9JYpUw07oBfP0UisZIXi54eEZb22/zqi+nFi4aMR2qc1V93eIbFfdk15r+8
pp5J8vvKW5xKtZE3ABc1vxQxEjtbrpPONRWm/UzoKJNXJug0m5UQ+ohq3ovTcY1H
k/3d3MdDbRhwDD1mrAxQcqV/sSfjnteAK52woCP8akNaUw+NUf5eDhGxxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ7Dr2429UzUsdruwVJkK2vBfIjVMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvbnNPdmJqYjFUTlN4MnU3QlVtUXJhOEY4aU5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEJFAwQA
V/tIMA0GCSqGSIb3DQEBCwUAA4IBAQAI3hWFZ7HI2YbMfrBXOonBEceyqU3aHOeo
pQ28PbmQ13QqFA3om+/xQnxbf02JullZV+qSNfJR+jizbDUbvZYnmRUeh6YUgtmL
E+sjOLFYcPsO13c3mfjt1mzKLag0r8Xm9ooc43EW0o0fpckhSBbc8gTGxOa7FdLi
liJtX3ccKrwHlB6g0lsuI6ueCkFXuuq+eIit+PWpZuVUDWxVIT/Fqp5m5xn0SCSX
0HmBMLPvvHdCP8FwbfZxWAmf9tcSzTb8jpD31Y6Lhgzz7+StaImZpvZxK9awujsW
XYWYhzCghPbUe9c5qHPneReVE+nIB79enrQ0WlggMm5cP8SRRye+
-----END CERTIFICATE-----