Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/22vCrB3xq21gOIxE8_ZP9EhZtEw.roa
File:                     22vCrB3xq21gOIxE8_ZP9EhZtEw.roa (raw, json)
Hash identifier:          6Lny7dAoV+jtS4Q//9kJKn8+fyv7gmCkPc23Vc7+lh4=
Subject key identifier:   DB:6B:C2:AC:1D:F1:AB:6D:60:38:8C:44:F3:F6:4F:F4:48:59:B4:4C
Certificate issuer:       /CN=767eb661936dc95da3ecc4ca3eaf581389c0d855
Certificate serial:       018CC26D7B77EB9717B1FA432B2EACE2A6E8
Authority key identifier: 76:7E:B6:61:93:6D:C9:5D:A3:EC:C4:CA:3E:AF:58:13:89:C0:D8:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn62YZNtyV2j7MTKPq9YE4nA2FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/22vCrB3xq21gOIxE8_ZP9EhZtEw.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        80.73.136.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/dn62YZNtyV2j7MTKPq9YE4nA2FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/dn62YZNtyV2j7MTKPq9YE4nA2FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn62YZNtyV2j7MTKPq9YE4nA2FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7b:77:eb:97:17:b1:fa:43:2b:2e:ac:e2:a6:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767eb661936dc95da3ecc4ca3eaf581389c0d855
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db6bc2ac1df1ab6d60388c44f3f64ff44859b44c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6f:22:14:21:29:23:2a:77:2e:3c:81:73:0a:
                    b3:6a:f7:f0:5e:d0:49:d2:bf:15:3a:8b:8b:c2:18:
                    9a:02:22:85:0b:6b:96:34:0f:e8:fd:45:c5:79:b8:
                    3a:f9:63:52:ac:8b:8b:b5:1e:5d:69:6d:b4:41:ad:
                    3d:83:e2:c9:25:c6:bb:a4:27:a9:c8:45:7b:5e:fb:
                    37:e4:a9:ba:4d:c7:20:3d:cd:8e:63:b7:de:4d:1a:
                    da:b0:dd:40:bb:f7:65:c4:91:de:83:fa:9d:8d:a0:
                    64:5f:96:9b:65:6c:80:39:6c:a3:57:2a:2a:6e:10:
                    e4:a5:2e:06:90:7b:80:b3:b6:07:ef:61:ed:2d:22:
                    8e:41:7d:2d:24:50:44:2f:af:3c:77:37:cd:bd:67:
                    38:d9:47:04:11:29:d2:de:74:fc:d3:39:4a:e1:80:
                    62:fb:1b:2b:d3:4e:2a:07:cc:73:1a:8a:a8:43:af:
                    8c:69:4d:4b:a7:5d:94:44:2b:7a:d6:f3:2e:77:08:
                    3f:ba:17:ea:94:04:b4:c7:1f:bc:6a:ec:f7:a2:7d:
                    24:d8:e5:38:b0:69:cd:57:32:89:e6:57:3f:eb:33:
                    de:33:15:68:d2:3c:94:06:88:3f:37:30:73:6c:35:
                    c2:2d:bf:9c:73:8a:64:51:e4:07:76:af:13:b6:1a:
                    76:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:6B:C2:AC:1D:F1:AB:6D:60:38:8C:44:F3:F6:4F:F4:48:59:B4:4C
            X509v3 Authority Key Identifier:
                keyid:76:7E:B6:61:93:6D:C9:5D:A3:EC:C4:CA:3E:AF:58:13:89:C0:D8:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn62YZNtyV2j7MTKPq9YE4nA2FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/22vCrB3xq21gOIxE8_ZP9EhZtEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2a5a9c-bdf9-4ed0-ad33-f457544363ef/1/dn62YZNtyV2j7MTKPq9YE4nA2FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.73.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6e:7c:a4:12:9f:c7:24:c7:f9:5c:d2:ca:41:c5:1c:f1:5a:66:
         a7:69:6c:ae:da:4b:31:47:b2:0c:ab:49:38:a9:2d:ab:80:a3:
         ca:1e:c1:9f:69:ba:31:23:d9:33:62:c9:0d:01:c9:68:d3:8f:
         a6:08:fa:2a:a8:76:c4:a7:bc:5d:46:1e:52:0f:fe:57:38:94:
         97:2c:43:9c:34:a2:19:4f:11:41:59:a8:5f:15:13:bd:ea:15:
         27:b3:4b:27:8a:4b:d0:99:52:d7:75:66:25:0f:8f:42:c1:71:
         1a:23:8d:5d:39:d6:99:0e:36:53:a5:bf:0e:23:e2:4e:50:d8:
         51:0e:14:f6:aa:b6:0a:3d:c2:f6:49:85:00:14:4c:03:8e:4f:
         3e:88:f5:5a:9f:0d:fe:b8:ff:db:4f:d1:08:07:2e:ff:2b:f9:
         10:ba:96:74:09:69:91:a5:a2:8a:3b:e3:3e:a1:00:26:7f:73:
         fb:9f:3a:09:75:7a:6b:74:65:05:90:ac:78:fc:6b:59:bd:5a:
         66:f9:5d:46:5c:06:52:c1:68:33:9b:b6:07:23:15:67:3b:a7:
         af:f3:fc:39:cc:9c:5e:86:34:fc:9f:6e:69:7c:f9:2c:6b:83:
         11:3b:40:b3:c1:4b:08:bf:a8:c7:8e:41:87:f1:ea:9a:3a:79:
         91:6b:97:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXt365cXsfpDKy6s4qboMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2ViNjYxOTM2ZGM5NWRhM2VjYzRjYTNlYWY1ODEzODlj
MGQ4NTUwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjZiYzJhYzFkZjFhYjZkNjAzODhjNDRmM2Y2NGZmNDQ4NTliNDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW8iFCEpIyp3LjyBcwqzavfwXtBJ
0r8VOouLwhiaAiKFC2uWNA/o/UXFebg6+WNSrIuLtR5daW20Qa09g+LJJca7pCep
yEV7Xvs35Km6TccgPc2OY7feTRrasN1Au/dlxJHeg/qdjaBkX5abZWyAOWyjVyoq
bhDkpS4GkHuAs7YH72HtLSKOQX0tJFBEL688dzfNvWc42UcEESnS3nT80zlK4YBi
+xsr004qB8xzGoqoQ6+MaU1Lp12URCt61vMudwg/uhfqlAS0xx+8auz3on0k2OU4
sGnNVzKJ5lc/6zPeMxVo0jyUBog/NzBzbDXCLb+cc4pkUeQHdq8Tthp2vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtrwqwd8attYDiMRPP2T/RIWbRMMB8GA1UdIwQY
MBaAFHZ+tmGTbcldo+zEyj6vWBOJwNhVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG42MllaTnR5VjJqN01US1BxOVlFNG5BMkZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yYTVhOWMtYmRmOS00ZWQwLWFkMzMt
ZjQ1NzU0NDM2M2VmLzEvMjJ2Q3JCM3hxMjFnT0l4RThfWlA5RWhadEV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yYTVhOWMtYmRmOS00ZWQwLWFkMzMtZjQ1NzU0NDM2M2Vm
LzEvZG42MllaTnR5VjJqN01US1BxOVlFNG5BMkZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUEmIMA0G
CSqGSIb3DQEBCwUAA4IBAQBufKQSn8ckx/lc0spBxRzxWmanaWyu2ksxR7IMq0k4
qS2rgKPKHsGfaboxI9kzYskNAclo04+mCPoqqHbEp7xdRh5SD/5XOJSXLEOcNKIZ
TxFBWahfFRO96hUns0snikvQmVLXdWYlD49CwXEaI41dOdaZDjZTpb8OI+JOUNhR
DhT2qrYKPcL2SYUAFEwDjk8+iPVanw3+uP/bT9EIBy7/K/kQupZ0CWmRpaKKO+M+
oQAmf3P7nzoJdXprdGUFkKx4/GtZvVpm+V1GXAZSwWgzm7YHIxVnO6ev8/w5zJxe
hjT8n25pfPksa4MRO0CzwUsIv6jHjkGH8eqaOnmRa5e4
-----END CERTIFICATE-----