Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/xEkiw27nSRXD0YX8mmmgmkPtAns.roa
File:                     xEkiw27nSRXD0YX8mmmgmkPtAns.roa (raw, json)
Hash identifier:          YYM95/iDyLjUrsE4wJBcmuwEac+F2swUyOhTmU5i+Ww=
Subject key identifier:   C4:49:22:C3:6E:E7:49:15:C3:D1:85:FC:9A:69:A0:9A:43:ED:02:7B
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       018CC86F555DD9F1DB5FF28A4D431DA39120
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/xEkiw27nSRXD0YX8mmmgmkPtAns.roa
Signing time:             Tue 02 Jan 2024 04:29:48 +0000
ROA not before:           Tue 02 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207883
IP address blocks:        87.251.70.0/23 maxlen: 24
                          80.66.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:55:5d:d9:f1:db:5f:f2:8a:4d:43:1d:a3:91:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c44922c36ee74915c3d185fc9a69a09a43ed027b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4d:50:53:ea:84:48:6d:54:d9:0e:51:78:18:
                    ff:a9:8b:a6:40:8a:4e:ba:01:af:3f:0d:f4:41:14:
                    3e:fa:bb:0f:57:1c:25:5e:40:9f:9d:7a:1b:f7:c9:
                    d3:d9:62:4f:64:e9:62:57:62:f1:b4:57:1e:c1:68:
                    bd:2c:15:df:f8:57:84:4c:10:29:05:38:3e:2d:a8:
                    d6:a0:b6:bd:57:c5:4d:22:9a:d5:7c:4c:51:66:72:
                    2b:57:91:94:9c:88:fb:95:fd:67:8b:6b:be:32:d3:
                    a1:f9:f6:38:b6:b1:51:b5:98:71:74:42:65:d4:5d:
                    c5:b0:fc:fb:88:98:3f:d4:16:70:36:ad:bf:a2:13:
                    b8:8b:95:6e:50:7e:b9:44:91:b0:5a:99:f6:ee:e5:
                    a4:8e:86:8d:ae:1c:7c:57:91:6d:0e:fe:9c:e8:77:
                    29:7b:02:64:b8:e1:4e:c2:86:43:6c:99:93:02:a8:
                    d1:1a:e6:a4:b7:b1:95:b8:63:e2:4b:b9:36:e9:72:
                    a4:f6:9c:89:c9:83:68:eb:37:b3:b8:60:57:44:c6:
                    4f:bf:1d:66:54:99:60:6a:b4:9b:5a:94:7a:87:06:
                    33:7f:a9:67:a8:f2:da:4e:ca:91:2e:a6:ff:cb:30:
                    f5:a8:81:23:46:60:cd:b0:7c:56:9c:3f:4e:5d:b9:
                    c1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:49:22:C3:6E:E7:49:15:C3:D1:85:FC:9A:69:A0:9A:43:ED:02:7B
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/xEkiw27nSRXD0YX8mmmgmkPtAns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.68.0/24
                  87.251.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:c2:5c:87:9c:39:84:57:f5:f1:ce:cb:c9:87:4f:ab:ce:01:
         1c:c6:ad:e8:42:4b:58:84:b3:5c:c1:4a:0d:24:5a:f0:75:c5:
         0a:f4:ff:94:03:16:11:72:3f:38:e6:8b:a2:08:1b:39:64:0d:
         88:20:5f:ab:dd:fd:51:0a:df:23:74:09:34:8a:fe:ff:cd:49:
         aa:f9:f9:10:af:2d:b8:76:7f:b0:f3:80:da:87:47:ff:8d:62:
         95:eb:fd:ac:41:f6:d8:a1:5a:75:8b:38:d8:09:c0:97:ab:81:
         00:dc:04:74:0f:e6:be:10:6c:e4:1b:bc:0e:70:d7:58:9c:96:
         a4:eb:ec:a7:3d:a3:6f:47:1f:5b:6c:ed:9b:0b:4f:94:7e:d9:
         b4:45:ac:5a:b9:cf:b6:53:15:56:de:73:8b:39:5f:53:60:25:
         b7:bd:78:5f:f4:e9:b6:d0:2d:2f:9e:7e:b5:dc:95:6d:3c:e9:
         6b:0e:4e:4c:33:9f:14:dd:f1:5b:9b:76:be:c2:cc:91:81:bf:
         5e:9f:50:32:ae:b5:2a:43:51:77:be:53:bb:86:84:7f:44:25:
         4c:7e:03:d3:ed:94:18:85:39:b0:1c:03:9c:c0:00:3d:00:f0:
         0b:8c:08:33:44:7b:b6:f4:7a:71:19:47:8e:01:5d:73:eb:90:
         56:60:c2:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb1Vd2fHbX/KKTUMdo5EgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjQwMTAyMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDQ5MjJjMzZlZTc0OTE1YzNkMTg1ZmM5YTY5YTA5YTQzZWQwMjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlk1QU+qESG1U2Q5ReBj/qYumQIpO
ugGvPw30QRQ++rsPVxwlXkCfnXob98nT2WJPZOliV2LxtFcewWi9LBXf+FeETBAp
BTg+LajWoLa9V8VNIprVfExRZnIrV5GUnIj7lf1ni2u+MtOh+fY4trFRtZhxdEJl
1F3FsPz7iJg/1BZwNq2/ohO4i5VuUH65RJGwWpn27uWkjoaNrhx8V5FtDv6c6Hcp
ewJkuOFOwoZDbJmTAqjRGuakt7GVuGPiS7k26XKk9pyJyYNo6zezuGBXRMZPvx1m
VJlgarSbWpR6hwYzf6lnqPLaTsqRLqb/yzD1qIEjRmDNsHxWnD9OXbnB2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMRJIsNu50kVw9GF/JppoJpD7QJ7MB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEveEVraXcyN25TUlhEMFlYOG1tbWdta1B0QW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEJEAwQB
V/tGMA0GCSqGSIb3DQEBCwUAA4IBAQBWwlyHnDmEV/XxzsvJh0+rzgEcxq3oQktY
hLNcwUoNJFrwdcUK9P+UAxYRcj845ouiCBs5ZA2IIF+r3f1RCt8jdAk0iv7/zUmq
+fkQry24dn+w84Dah0f/jWKV6/2sQfbYoVp1izjYCcCXq4EA3AR0D+a+EGzkG7wO
cNdYnJak6+ynPaNvRx9bbO2bC0+Uftm0Raxauc+2UxVW3nOLOV9TYCW3vXhf9Om2
0C0vnn613JVtPOlrDk5MM58U3fFbm3a+wsyRgb9en1AyrrUqQ1F3vlO7hoR/RCVM
fgPT7ZQYhTmwHAOcwAA9APALjAgzRHu29HpxGUeOAV1z65BWYMI/
-----END CERTIFICATE-----