Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/fHVhusNAY2MR5dWgtPYv6wC0Aww.roa
File:                     fHVhusNAY2MR5dWgtPYv6wC0Aww.roa (raw, json)
Hash identifier:          V5Mhvx0BGUE3n+ECbZIHg2NNqv5+ZbKAU/oHt2DbFCo=
Subject key identifier:   7C:75:61:BA:C3:40:63:63:11:E5:D5:A0:B4:F6:2F:EB:00:B4:03:0C
Certificate issuer:       /CN=ecee470bf5109976934f51e7eaef210779a2c4de
Certificate serial:       018CC425420A7A490863C765E3F9186AEC3A
Authority key identifier: EC:EE:47:0B:F5:10:99:76:93:4F:51:E7:EA:EF:21:07:79:A2:C4:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7O5HC_UQmXaTT1Hn6u8hB3mixN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/fHVhusNAY2MR5dWgtPYv6wC0Aww.roa
Signing time:             Mon 01 Jan 2024 08:30:25 +0000
ROA not before:           Mon 01 Jan 2024 08:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20755
IP address blocks:        80.69.32.0/20 maxlen: 20
                          2a00:1a18::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/7O5HC_UQmXaTT1Hn6u8hB3mixN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/7O5HC_UQmXaTT1Hn6u8hB3mixN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7O5HC_UQmXaTT1Hn6u8hB3mixN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:42:0a:7a:49:08:63:c7:65:e3:f9:18:6a:ec:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecee470bf5109976934f51e7eaef210779a2c4de
        Validity
            Not Before: Jan  1 08:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c7561bac340636311e5d5a0b4f62feb00b4030c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:91:7b:c0:b0:f2:98:05:cf:93:14:d6:54:44:
                    51:0b:d5:be:40:e5:b1:4d:90:66:58:ba:cb:48:89:
                    a3:0e:02:49:d4:ea:36:41:5e:79:af:a7:eb:17:e1:
                    79:f8:1c:6c:33:56:ad:1a:ca:12:35:fe:ea:f4:ed:
                    1b:c1:16:9b:de:b7:15:a6:b0:23:dd:57:fd:28:73:
                    c5:43:c6:87:68:8b:50:05:ad:f3:be:66:9c:f0:e8:
                    92:ee:1d:c9:f1:70:ce:91:1c:90:14:96:6c:5d:7c:
                    d1:13:06:a6:98:20:b1:b0:ab:50:19:b9:37:e9:7b:
                    a8:e1:9c:37:fd:b1:75:d0:b3:1c:ec:c3:71:ad:40:
                    73:8d:74:0b:bd:fd:bb:2f:64:75:2c:96:53:b8:6a:
                    92:40:15:d4:3f:ac:01:23:9b:ee:f0:19:ec:46:9f:
                    a2:8d:d7:87:98:55:07:9e:09:09:ed:81:f8:e9:89:
                    76:f4:e1:c0:93:d9:b9:c6:ec:70:4b:e9:2b:f4:bb:
                    54:81:a7:83:1d:f4:62:e1:ad:e7:63:c2:f9:aa:f8:
                    49:5d:53:b2:d6:22:31:f7:b8:4a:52:05:42:7b:c3:
                    d0:e6:09:e3:01:f6:86:a2:41:d0:96:0d:58:07:36:
                    b7:5c:6d:85:56:73:a5:bf:f5:1b:c5:b7:ad:f9:69:
                    cc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:75:61:BA:C3:40:63:63:11:E5:D5:A0:B4:F6:2F:EB:00:B4:03:0C
            X509v3 Authority Key Identifier:
                keyid:EC:EE:47:0B:F5:10:99:76:93:4F:51:E7:EA:EF:21:07:79:A2:C4:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7O5HC_UQmXaTT1Hn6u8hB3mixN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/fHVhusNAY2MR5dWgtPYv6wC0Aww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3f95d5-ae69-43bb-b531-4184ed331b75/1/7O5HC_UQmXaTT1Hn6u8hB3mixN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.69.32.0/20
                IPv6:
                  2a00:1a18::/29

    Signature Algorithm: sha256WithRSAEncryption
         1c:79:46:b0:91:cb:aa:01:a5:d4:d4:4c:87:79:7e:ef:10:04:
         14:e9:1d:dd:1e:54:c9:68:16:29:15:79:20:03:5c:bc:c4:b0:
         5f:1a:4c:f8:73:52:63:43:43:d3:6b:f2:8d:d4:9a:d1:0a:a2:
         37:cb:cc:a1:c1:e8:3e:9e:d4:4a:13:30:ce:18:25:64:e8:66:
         70:75:83:e4:69:eb:89:6c:ee:04:27:58:4a:1b:16:5b:13:66:
         e5:a8:62:f5:b2:07:d2:98:89:6f:a1:41:29:eb:f0:09:1d:25:
         76:91:22:af:3d:cd:be:4a:7c:d6:70:e6:78:07:2f:63:76:8d:
         35:e7:6e:61:07:e4:e2:0c:12:f4:d5:04:f1:e7:2c:3f:5e:a3:
         10:8a:90:44:67:d4:58:9f:f3:e3:ed:3c:4e:72:dc:28:60:58:
         78:2a:89:0e:a3:18:fc:15:36:48:34:ea:7f:ab:b6:dd:52:2c:
         0e:3d:de:1b:18:67:83:9d:c1:93:c9:64:a6:70:fb:64:a7:44:
         25:85:13:84:9a:9c:ce:57:d4:b3:5d:4e:59:c1:9b:8b:13:6b:
         a8:4e:a3:5d:b1:f6:c9:97:a4:27:7e:21:dd:25:bd:5c:22:ea:
         3c:42:03:8d:f6:cf:42:d5:b2:f0:09:9a:eb:fd:0d:f9:b0:d6:
         0d:35:e0:ad
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJUIKekkIY8dl4/kYauw6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZWU0NzBiZjUxMDk5NzY5MzRmNTFlN2VhZWYyMTA3Nzlh
MmM0ZGUwHhcNMjQwMTAxMDgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzc1NjFiYWMzNDA2MzYzMTFlNWQ1YTBiNGY2MmZlYjAwYjQwMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JF7wLDymAXPkxTWVERRC9W+QOWx
TZBmWLrLSImjDgJJ1Oo2QV55r6frF+F5+BxsM1atGsoSNf7q9O0bwRab3rcVprAj
3Vf9KHPFQ8aHaItQBa3zvmac8OiS7h3J8XDOkRyQFJZsXXzREwammCCxsKtQGbk3
6Xuo4Zw3/bF10LMc7MNxrUBzjXQLvf27L2R1LJZTuGqSQBXUP6wBI5vu8BnsRp+i
jdeHmFUHngkJ7YH46Yl29OHAk9m5xuxwS+kr9LtUgaeDHfRi4a3nY8L5qvhJXVOy
1iIx97hKUgVCe8PQ5gnjAfaGokHQlg1YBza3XG2FVnOlv/Ubxbet+WnMpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHx1YbrDQGNjEeXVoLT2L+sAtAMMMB8GA1UdIwQY
MBaAFOzuRwv1EJl2k09R5+rvIQd5osTeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN081SENfVVFtWGFUVDFIbjZ1OGhCM21peE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zZjk1ZDUtYWU2OS00M2JiLWI1MzEt
NDE4NGVkMzMxYjc1LzEvZkhWaHVzTkFZMk1SNWRXZ3RQWXY2d0MwQXd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zZjk1ZDUtYWU2OS00M2JiLWI1MzEtNDE4NGVkMzMxYjc1
LzEvN081SENfVVFtWGFUVDFIbjZ1OGhCM21peE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUEUgMA0E
AgACMAcDBQMqABoYMA0GCSqGSIb3DQEBCwUAA4IBAQAceUawkcuqAaXU1EyHeX7v
EAQU6R3dHlTJaBYpFXkgA1y8xLBfGkz4c1JjQ0PTa/KN1JrRCqI3y8yhweg+ntRK
EzDOGCVk6GZwdYPkaeuJbO4EJ1hKGxZbE2blqGL1sgfSmIlvoUEp6/AJHSV2kSKv
Pc2+SnzWcOZ4By9jdo01525hB+TiDBL01QTx5yw/XqMQipBEZ9RYn/Pj7TxOctwo
YFh4KokOoxj8FTZINOp/q7bdUiwOPd4bGGeDncGTyWSmcPtkp0QlhROEmpzOV9Sz
XU5ZwZuLE2uoTqNdsfbJl6QnfiHdJb1cIuo8QgON9s9C1bLwCZrr/Q35sNYNNeCt
-----END CERTIFICATE-----