Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/5841b1-012f-4046-b1d5-099bad03768e/1/l_TAM-m_jd7ThV2zyQA_84DhNHc.roa
File:                     l_TAM-m_jd7ThV2zyQA_84DhNHc.roa (raw, json)
Hash identifier:          1B3+803r/85TFCqV7eIp2JU8GQYE9pl1Zokqhjo92S0=
Subject key identifier:   97:F4:C0:33:E9:BF:8D:DE:D3:85:5D:B3:C9:00:3F:F3:80:E1:34:77
Certificate issuer:       /CN=778e134e4ffb5fb13ac284fe9488276826156632
Certificate serial:       018CEE0F79FE676327FB53F75650541F54A9
Authority key identifier: 77:8E:13:4E:4F:FB:5F:B1:3A:C2:84:FE:94:88:27:68:26:15:66:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d44TTk_7X7E6woT-lIgnaCYVZjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/5841b1-012f-4046-b1d5-099bad03768e/1/l_TAM-m_jd7ThV2zyQA_84DhNHc.roa
Signing time:             Tue 09 Jan 2024 11:50:40 +0000
ROA not before:           Tue 09 Jan 2024 11:50:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        80.75.218.0/24 maxlen: 24
                          2a13:7e80::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/5841b1-012f-4046-b1d5-099bad03768e/1/d44TTk_7X7E6woT-lIgnaCYVZjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/5841b1-012f-4046-b1d5-099bad03768e/1/d44TTk_7X7E6woT-lIgnaCYVZjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d44TTk_7X7E6woT-lIgnaCYVZjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:0f:79:fe:67:63:27:fb:53:f7:56:50:54:1f:54:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=778e134e4ffb5fb13ac284fe9488276826156632
        Validity
            Not Before: Jan  9 11:50:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97f4c033e9bf8dded3855db3c9003ff380e13477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a1:7f:35:99:94:79:6b:81:63:4e:93:7e:6e:
                    5a:b7:9a:46:d4:08:a9:d7:fc:16:c3:b2:fc:16:f8:
                    43:ab:92:16:42:15:8e:b0:e4:7c:51:d7:24:1c:7f:
                    60:e2:fd:24:fd:22:af:b4:f5:8c:b6:d8:49:c7:39:
                    7d:6c:55:e5:31:f6:da:b5:ea:72:3e:2a:a2:e5:1c:
                    b3:61:db:3c:2b:8e:28:20:1f:e8:17:68:6d:3c:08:
                    36:3a:54:d2:23:e8:de:62:04:aa:b6:bc:b9:5d:14:
                    3b:b7:2d:15:78:d8:19:01:0a:b4:d0:76:39:71:e5:
                    82:ae:d8:c8:00:b7:49:28:10:6d:40:93:0c:db:6a:
                    1b:92:21:30:88:e6:8e:7a:4e:56:35:13:b8:2c:b5:
                    f2:0a:2c:77:50:26:38:3e:d9:56:b5:55:ab:4b:04:
                    d6:59:e3:9e:0c:ec:9b:1f:b1:0a:3f:15:f5:11:8b:
                    fa:bf:00:b0:4a:fd:fc:73:0d:27:79:57:2f:25:6f:
                    b8:b0:85:4b:e9:ef:ff:24:7d:1f:f2:fc:3b:e9:96:
                    6e:47:60:43:66:32:c1:d1:f0:bd:2e:b5:71:bf:e7:
                    df:dc:1b:6f:7f:ba:46:a1:41:59:05:ed:ce:64:06:
                    d6:eb:3f:8a:fc:b8:4f:1b:de:e2:d5:20:df:2b:23:
                    b3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F4:C0:33:E9:BF:8D:DE:D3:85:5D:B3:C9:00:3F:F3:80:E1:34:77
            X509v3 Authority Key Identifier:
                keyid:77:8E:13:4E:4F:FB:5F:B1:3A:C2:84:FE:94:88:27:68:26:15:66:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d44TTk_7X7E6woT-lIgnaCYVZjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5841b1-012f-4046-b1d5-099bad03768e/1/l_TAM-m_jd7ThV2zyQA_84DhNHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5841b1-012f-4046-b1d5-099bad03768e/1/d44TTk_7X7E6woT-lIgnaCYVZjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.218.0/24
                IPv6:
                  2a13:7e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:2d:ac:75:2a:37:fd:f7:bd:3b:0b:3e:33:8d:81:ff:28:3d:
         74:db:c9:17:90:66:79:23:d2:e0:50:4d:8a:c6:14:83:6d:93:
         38:2e:ee:b3:77:a8:56:30:1b:51:63:99:0f:db:2d:d5:24:ea:
         16:29:91:e1:ab:7f:49:8d:50:f8:be:d3:1f:b0:1a:9d:03:14:
         47:75:dd:84:b6:8b:33:d3:90:0a:60:1a:77:d7:15:64:7c:ba:
         81:25:10:ac:c7:13:c6:5d:d3:28:4c:06:36:5b:08:2a:73:bd:
         97:19:2e:6c:ad:a7:e8:97:39:47:68:bd:f2:52:b9:a3:7e:c3:
         b4:ee:cd:41:4f:ec:1a:83:f7:5e:ff:ab:fa:e5:73:30:1d:c4:
         16:0d:c6:d4:ee:d7:9c:d8:8f:6f:db:aa:8b:6c:ec:7c:14:34:
         40:20:5c:d3:42:44:db:dd:96:41:14:39:97:0f:68:8c:0a:98:
         00:cb:b4:40:65:b7:a1:25:39:fe:c0:92:80:10:41:2a:10:5b:
         b9:84:a1:11:fd:c3:93:07:c7:ea:3b:29:52:55:ea:e3:3c:42:
         ca:a0:11:0d:49:a2:1e:7d:ec:f2:69:f7:fa:02:b8:b2:ae:e2:
         a0:9f:33:38:22:08:eb:60:8f:08:98:23:82:39:7e:ab:b1:42:
         b5:30:06:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzuD3n+Z2Mn+1P3VlBUH1SpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3OGUxMzRlNGZmYjVmYjEzYWMyODRmZTk0ODgyNzY4MjYx
NTY2MzIwHhcNMjQwMTA5MTE1MDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2Y0YzAzM2U5YmY4ZGRlZDM4NTVkYjNjOTAwM2ZmMzgwZTEzNDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKF/NZmUeWuBY06Tfm5at5pG1Aip
1/wWw7L8FvhDq5IWQhWOsOR8UdckHH9g4v0k/SKvtPWMtthJxzl9bFXlMfbatepy
Piqi5RyzYds8K44oIB/oF2htPAg2OlTSI+jeYgSqtry5XRQ7ty0VeNgZAQq00HY5
ceWCrtjIALdJKBBtQJMM22obkiEwiOaOek5WNRO4LLXyCix3UCY4PtlWtVWrSwTW
WeOeDOybH7EKPxX1EYv6vwCwSv38cw0neVcvJW+4sIVL6e//JH0f8vw76ZZuR2BD
ZjLB0fC9LrVxv+ff3Btvf7pGoUFZBe3OZAbW6z+K/LhPG97i1SDfKyOzGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJf0wDPpv43e04Vds8kAP/OA4TR3MB8GA1UdIwQY
MBaAFHeOE05P+1+xOsKE/pSIJ2gmFWYyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDQ0VFRrXzdYN0U2d29ULWxJZ25hQ1lWWmpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy81ODQxYjEtMDEyZi00MDQ2LWIxZDUt
MDk5YmFkMDM3NjhlLzEvbF9UQU0tbV9qZDdUaFYyenlRQV84NERoTkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy81ODQxYjEtMDEyZi00MDQ2LWIxZDUtMDk5YmFkMDM3Njhl
LzEvZDQ0VFRrXzdYN0U2d29ULWxJZ25hQ1lWWmpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUEvaMA0E
AgACMAcDBQMqE36AMA0GCSqGSIb3DQEBCwUAA4IBAQCYLax1Kjf99707Cz4zjYH/
KD1028kXkGZ5I9LgUE2KxhSDbZM4Lu6zd6hWMBtRY5kP2y3VJOoWKZHhq39JjVD4
vtMfsBqdAxRHdd2Etosz05AKYBp31xVkfLqBJRCsxxPGXdMoTAY2Wwgqc72XGS5s
rafolzlHaL3yUrmjfsO07s1BT+wag/de/6v65XMwHcQWDcbU7tec2I9v26qLbOx8
FDRAIFzTQkTb3ZZBFDmXD2iMCpgAy7RAZbehJTn+wJKAEEEqEFu5hKER/cOTB8fq
OylSVerjPELKoBENSaIefezyaff6AriyruKgnzM4IgjrYI8ImCOCOX6rsUK1MAaf
-----END CERTIFICATE-----