Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/h7gGlbhHcjrXpXUHOsO_66HfbZA.roa
File:                     h7gGlbhHcjrXpXUHOsO_66HfbZA.roa (raw, json)
Hash identifier:          g1ywaUFZUS42++K+EblLdyocn+TbEjm+QiN1mq9O8HU=
Subject key identifier:   87:B8:06:95:B8:47:72:3A:D7:A5:75:07:3A:C3:BF:EB:A1:DF:6D:90
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0190F33F36E7E7B748F0707A055381D1F449
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/h7gGlbhHcjrXpXUHOsO_66HfbZA.roa
Signing time:             Sat 27 Jul 2024 08:12:04 +0000
ROA not before:           Sat 27 Jul 2024 08:12:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202349
IP address blocks:        80.66.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f3:3f:36:e7:e7:b7:48:f0:70:7a:05:53:81:d1:f4:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jul 27 08:12:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87b80695b847723ad7a575073ac3bfeba1df6d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fe:5c:dd:04:46:9c:25:86:62:8e:7b:4a:18:
                    dc:2b:90:b5:92:17:71:2f:38:66:5d:f9:ed:3a:5e:
                    37:2f:67:4a:d9:86:92:2d:c8:1e:0b:ff:67:da:4b:
                    9a:9c:53:f8:b5:ec:25:d0:3c:48:70:59:83:49:73:
                    4d:c5:92:19:f2:46:37:ee:e5:d0:8b:ad:a1:b7:fb:
                    11:67:e6:51:8c:70:42:b1:54:44:d1:5e:ed:57:e9:
                    08:bb:16:8b:38:47:3a:b2:2f:86:2c:a4:4f:59:12:
                    ad:d2:41:2b:bb:7c:57:77:d7:a1:10:0a:d2:40:98:
                    59:a6:90:5c:19:64:d9:7b:b5:a5:96:7d:ec:2e:cb:
                    4d:70:68:d2:f0:6b:81:d8:69:89:14:e7:74:5d:1d:
                    69:78:c2:78:7a:cd:0b:2f:eb:6a:05:60:54:6e:98:
                    57:16:a0:34:49:42:40:4e:18:bc:c4:34:be:8f:6f:
                    d6:0a:72:18:21:c9:55:85:9a:bf:97:33:17:01:bd:
                    1f:05:4a:86:0e:61:59:56:34:02:92:45:0e:cb:b4:
                    88:59:47:71:70:6f:a3:59:13:83:78:7c:c3:45:42:
                    9f:83:f8:29:5a:98:f0:66:9d:6c:66:b0:0d:62:b5:
                    03:f5:70:84:f3:c0:38:61:07:cd:9f:87:02:91:f5:
                    42:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B8:06:95:B8:47:72:3A:D7:A5:75:07:3A:C3:BF:EB:A1:DF:6D:90
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/h7gGlbhHcjrXpXUHOsO_66HfbZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:9b:78:e0:3b:cf:86:f6:1b:3b:69:74:2b:83:d2:45:2e:34:
         e8:e8:41:cf:70:d2:ba:76:44:f8:c4:32:89:bd:e5:59:fc:21:
         16:b0:65:d7:61:91:1a:ac:3b:28:dd:b1:29:10:fd:8e:8d:d0:
         c4:ca:a3:3f:d0:fc:09:a5:bf:30:98:a2:56:5f:2a:33:eb:e0:
         cb:4e:cc:28:29:bf:1c:51:c6:1d:01:ac:19:00:f1:5f:48:e4:
         ba:c3:fe:54:56:95:e4:6a:18:4b:6c:28:7e:e7:97:ae:b2:9a:
         32:52:af:8a:17:07:d8:38:71:d6:de:c4:c9:46:a0:0c:f7:d6:
         04:8f:53:c4:e4:bf:af:23:95:06:db:fe:53:c6:b2:21:fb:85:
         30:e3:94:97:54:2c:43:72:2e:b1:cf:a2:d6:6b:ec:97:92:83:
         17:52:5c:a6:99:da:95:9c:fc:4f:ed:25:34:43:4d:88:e4:93:
         5b:35:3d:cd:b2:25:c5:dc:6d:c9:5c:b2:45:fc:40:4b:3c:b3:
         d0:d1:ac:3a:7b:d7:4c:ad:eb:7a:bb:79:f6:39:51:1b:a4:5f:
         71:56:84:bf:6b:bc:e1:17:f1:79:8c:06:98:e0:eb:85:9d:27:
         ca:06:ed:0f:5c:9f:bf:88:4a:74:a8:12:06:31:98:1a:c6:d7:
         46:df:4d:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDzPzbn57dI8HB6BVOB0fRJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNzI3MDgxMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2I4MDY5NWI4NDc3MjNhZDdhNTc1MDczYWMzYmZlYmExZGY2ZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/5c3QRGnCWGYo57ShjcK5C1khdx
LzhmXfntOl43L2dK2YaSLcgeC/9n2kuanFP4tewl0DxIcFmDSXNNxZIZ8kY37uXQ
i62ht/sRZ+ZRjHBCsVRE0V7tV+kIuxaLOEc6si+GLKRPWRKt0kEru3xXd9ehEArS
QJhZppBcGWTZe7Wlln3sLstNcGjS8GuB2GmJFOd0XR1peMJ4es0LL+tqBWBUbphX
FqA0SUJAThi8xDS+j2/WCnIYIclVhZq/lzMXAb0fBUqGDmFZVjQCkkUOy7SIWUdx
cG+jWRODeHzDRUKfg/gpWpjwZp1sZrANYrUD9XCE88A4YQfNn4cCkfVCvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIe4BpW4R3I616V1BzrDv+uh322QMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvaDdnR2xiaEhjanJYcFhVSE9zT182NkhmYlpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJ/MA0G
CSqGSIb3DQEBCwUAA4IBAQCCm3jgO8+G9hs7aXQrg9JFLjTo6EHPcNK6dkT4xDKJ
veVZ/CEWsGXXYZEarDso3bEpEP2OjdDEyqM/0PwJpb8wmKJWXyoz6+DLTswoKb8c
UcYdAawZAPFfSOS6w/5UVpXkahhLbCh+55euspoyUq+KFwfYOHHW3sTJRqAM99YE
j1PE5L+vI5UG2/5TxrIh+4Uw45SXVCxDci6xz6LWa+yXkoMXUlymmdqVnPxP7SU0
Q02I5JNbNT3NsiXF3G3JXLJF/EBLPLPQ0aw6e9dMret6u3n2OVEbpF9xVoS/a7zh
F/F5jAaY4OuFnSfKBu0PXJ+/iEp0qBIGMZgaxtdG303e
-----END CERTIFICATE-----