Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RCF7eHvLUMV2rrGrW9ncmRUGiZg.roa
File:                     RCF7eHvLUMV2rrGrW9ncmRUGiZg.roa (raw, json)
Hash identifier:          gNGuH0skSTcqMsPZzfpNalK08YIauMV9EZnsZ9Dw97Y=
Subject key identifier:   44:21:7B:78:7B:CB:50:C5:76:AE:B1:AB:5B:D9:DC:99:15:06:89:98
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       018CC26D548CD36B5D8135DB465B4F212C0E
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RCF7eHvLUMV2rrGrW9ncmRUGiZg.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198037
IP address blocks:        80.76.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:54:8c:d3:6b:5d:81:35:db:46:5b:4f:21:2c:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44217b787bcb50c576aeb1ab5bd9dc9915068998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:85:4c:09:d7:f8:0f:c1:fa:8e:e4:8f:64:82:
                    76:d5:31:41:19:90:50:7b:c2:83:70:d8:fb:59:63:
                    bf:fd:b4:82:1c:e3:de:05:e9:1b:54:28:00:47:0b:
                    e0:12:24:ef:44:25:60:2b:c2:3c:ff:fb:6b:6f:ac:
                    71:e1:a0:5b:46:15:b8:45:47:f2:ac:6a:27:1f:5b:
                    ce:3f:73:55:62:7c:50:76:50:ea:e9:08:fa:66:88:
                    57:58:22:66:31:04:f4:da:f8:50:48:11:0c:23:e7:
                    f9:4e:21:10:2b:e4:63:8d:72:f7:2c:c6:7f:42:08:
                    e8:bb:d9:a0:a6:07:c4:c0:a6:3e:1f:2f:c0:82:22:
                    77:5a:e5:43:63:65:3a:f0:5e:b8:3b:56:85:60:87:
                    49:6c:f6:c5:a6:a9:59:71:70:49:32:29:92:db:e2:
                    0d:57:22:b9:ee:70:ce:d6:9c:1a:51:ec:73:fe:be:
                    ad:ee:ad:77:33:d5:c5:fe:21:3e:f8:a0:6b:b3:2e:
                    a6:fa:44:f6:0e:5b:e6:20:27:f7:62:f7:14:d6:6d:
                    d8:52:a2:9e:1e:dc:f0:70:45:d4:bc:3e:a7:93:09:
                    58:12:00:7b:29:88:e4:3c:34:9f:8e:e0:e9:28:29:
                    a0:4f:22:4c:fe:72:b6:ab:0d:3b:bd:41:2b:90:82:
                    70:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:21:7B:78:7B:CB:50:C5:76:AE:B1:AB:5B:D9:DC:99:15:06:89:98
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RCF7eHvLUMV2rrGrW9ncmRUGiZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:a7:0a:06:9e:bb:6c:83:50:ec:d8:18:ce:04:ff:08:74:32:
         74:bf:00:8b:a1:62:d3:51:05:f1:cb:df:cd:e6:16:a2:b4:1a:
         3f:ad:d0:6e:c0:35:79:cc:c9:87:a7:b1:21:25:32:26:5c:58:
         59:65:18:10:d5:94:0b:c6:64:d6:9e:fa:7c:a0:c5:6c:bc:22:
         1f:e2:fc:73:ad:f3:4e:08:8d:fa:1d:69:ed:cc:02:44:aa:a0:
         10:bc:74:a0:23:9f:99:b1:f0:6f:33:30:1e:f4:bc:1a:54:dd:
         7c:32:ca:93:93:86:46:1f:d6:1b:49:3d:c1:21:9d:cc:e2:31:
         25:3d:ca:fa:39:73:24:63:fe:26:4c:5f:b6:10:58:83:4c:f8:
         fd:fa:93:eb:cb:ce:5b:e0:af:4d:03:41:0b:27:07:cb:a4:e0:
         74:2b:ad:4d:7d:61:a7:74:eb:b5:eb:ce:36:ea:ef:e5:9f:f3:
         f3:52:89:5f:03:27:2b:ab:45:96:45:b7:d2:34:82:d5:00:b7:
         e9:29:ea:00:b8:66:20:0f:a5:0c:12:57:be:31:22:ba:ac:c5:
         78:24:58:11:b7:21:2b:4c:79:75:6e:85:7a:6a:2d:e2:82:2f:
         ae:57:8d:84:a3:c3:c1:bc:5e:b8:83:86:16:71:0f:18:be:a0:
         aa:b4:64:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVSM02tdgTXbRltPISwOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDIxN2I3ODdiY2I1MGM1NzZhZWIxYWI1YmQ5ZGM5OTE1MDY4OTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIVMCdf4D8H6juSPZIJ21TFBGZBQ
e8KDcNj7WWO//bSCHOPeBekbVCgARwvgEiTvRCVgK8I8//trb6xx4aBbRhW4RUfy
rGonH1vOP3NVYnxQdlDq6Qj6ZohXWCJmMQT02vhQSBEMI+f5TiEQK+RjjXL3LMZ/
Qgjou9mgpgfEwKY+Hy/AgiJ3WuVDY2U68F64O1aFYIdJbPbFpqlZcXBJMimS2+IN
VyK57nDO1pwaUexz/r6t7q13M9XF/iE++KBrsy6m+kT2DlvmICf3YvcU1m3YUqKe
HtzwcEXUvD6nkwlYEgB7KYjkPDSfjuDpKCmgTyJM/nK2qw07vUErkIJwvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQhe3h7y1DFdq6xq1vZ3JkVBomYMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvUkNGN2VIdkxVTVYycnJHclc5bmNtUlVHaVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEwrMA0G
CSqGSIb3DQEBCwUAA4IBAQATpwoGnrtsg1Ds2BjOBP8IdDJ0vwCLoWLTUQXxy9/N
5haitBo/rdBuwDV5zMmHp7EhJTImXFhZZRgQ1ZQLxmTWnvp8oMVsvCIf4vxzrfNO
CI36HWntzAJEqqAQvHSgI5+ZsfBvMzAe9LwaVN18MsqTk4ZGH9YbST3BIZ3M4jEl
Pcr6OXMkY/4mTF+2EFiDTPj9+pPry85b4K9NA0ELJwfLpOB0K61NfWGndOu16842
6u/ln/PzUolfAycrq0WWRbfSNILVALfpKeoAuGYgD6UMEle+MSK6rMV4JFgRtyEr
THl1boV6ai3igi+uV42Eo8PBvF64g4YWcQ8YvqCqtGSc
-----END CERTIFICATE-----