Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/TMb1ZOX9Urj4BZTEWpxD37fYcVQ.roa
File:                     TMb1ZOX9Urj4BZTEWpxD37fYcVQ.roa (raw, json)
Hash identifier:          sjA5vo28N9uNU80ZwCeY20gbLjmt2ZgWY1v4MXTv3yY=
Subject key identifier:   4C:C6:F5:64:E5:FD:52:B8:F8:05:94:C4:5A:9C:43:DF:B7:D8:71:54
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       018FE23D1F90C8AE90456412AD7838F6180C
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/TMb1ZOX9Urj4BZTEWpxD37fYcVQ.roa
Signing time:             Tue 04 Jun 2024 07:53:27 +0000
ROA not before:           Tue 04 Jun 2024 07:53:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61003
IP address blocks:        80.77.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:3d:1f:90:c8:ae:90:45:64:12:ad:78:38:f6:18:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jun  4 07:53:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cc6f564e5fd52b8f80594c45a9c43dfb7d87154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:b0:15:87:f5:e9:a4:a5:93:15:4f:07:62:63:
                    08:d5:73:2a:12:9e:b7:f1:e2:2e:9e:ac:b9:3c:0b:
                    b4:14:bf:03:ea:07:32:58:15:64:dc:13:3f:02:9a:
                    fd:42:ac:af:17:97:e9:b7:33:53:8c:24:05:69:dd:
                    7c:32:ed:de:c9:ee:37:24:85:b1:b1:e2:30:24:7e:
                    06:3d:82:e7:4c:dd:1c:8f:ce:91:71:ff:1a:a8:f8:
                    f6:e0:a8:e3:3d:2e:b4:fa:b3:1a:fa:91:85:39:1c:
                    48:84:88:f5:30:4a:dd:15:68:de:97:9c:39:1b:bb:
                    af:fa:97:31:45:a9:f3:66:33:08:4f:de:22:64:0b:
                    52:56:f5:42:f7:a3:5e:20:fa:8a:c0:0a:14:6e:79:
                    bc:d3:ed:a0:31:8e:a2:17:ff:4e:62:4e:b5:5f:a8:
                    70:a4:16:24:43:55:20:2a:13:5a:94:14:44:bf:ca:
                    5d:b2:fa:44:ae:71:45:bb:3a:af:ab:48:04:0a:44:
                    31:e5:e5:23:d3:0e:24:59:ea:0f:46:6d:37:d3:53:
                    14:4a:a6:b8:da:ea:f2:0a:f8:22:77:c2:19:8e:b3:
                    75:0f:a3:93:8f:dc:cf:25:8c:e6:a8:88:48:1a:09:
                    81:69:82:ce:59:14:9a:c7:d6:6a:cf:71:db:89:37:
                    fa:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C6:F5:64:E5:FD:52:B8:F8:05:94:C4:5A:9C:43:DF:B7:D8:71:54
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/TMb1ZOX9Urj4BZTEWpxD37fYcVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:3f:ec:1a:67:a0:93:9b:e6:f1:63:6e:70:9c:61:ef:03:cf:
         ab:41:44:bf:85:cc:c0:ca:6f:66:e8:1f:74:79:27:ac:aa:5a:
         d3:3d:90:5b:1e:5a:23:8d:61:f9:34:48:96:b4:68:30:24:ef:
         20:4a:0f:f5:2d:dd:da:d5:df:20:df:fb:c1:ba:5e:15:dd:ae:
         26:68:ad:23:ff:8d:1e:8e:95:a1:c0:eb:3d:b0:32:db:66:12:
         cd:7a:9d:fd:41:51:ab:0b:fc:87:71:e9:8c:33:70:aa:32:e8:
         45:d6:be:53:34:fa:63:b8:fc:a6:2d:f7:46:72:92:53:16:b8:
         97:4b:9e:8a:0f:fd:42:7d:1b:12:ee:f5:33:01:be:58:9b:eb:
         14:f7:6f:3c:cd:ca:95:f3:08:bb:15:fc:74:67:5b:38:8e:89:
         fa:81:a8:bb:95:dd:b9:a4:66:a2:b9:3e:20:cf:5e:db:2d:3b:
         50:18:4f:a0:ff:2a:a4:66:7a:18:6b:13:6b:d6:9a:fe:44:ac:
         6b:3c:ca:a0:48:4c:c3:ea:46:87:63:af:bc:da:77:07:54:f0:
         21:9b:f4:67:22:4c:1c:8a:29:0b:ce:ce:1d:63:64:04:47:ea:
         49:fe:e6:e7:03:be:e9:01:94:b4:e2:52:41:91:9f:f1:fd:5e:
         60:8f:db:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/iPR+QyK6QRWQSrXg49hgMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjQwNjA0MDc1MzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2M2ZjU2NGU1ZmQ1MmI4ZjgwNTk0YzQ1YTljNDNkZmI3ZDg3MTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5bAVh/XppKWTFU8HYmMI1XMqEp63
8eIunqy5PAu0FL8D6gcyWBVk3BM/Apr9QqyvF5fptzNTjCQFad18Mu3eye43JIWx
seIwJH4GPYLnTN0cj86Rcf8aqPj24KjjPS60+rMa+pGFORxIhIj1MErdFWjel5w5
G7uv+pcxRanzZjMIT94iZAtSVvVC96NeIPqKwAoUbnm80+2gMY6iF/9OYk61X6hw
pBYkQ1UgKhNalBREv8pdsvpErnFFuzqvq0gECkQx5eUj0w4kWeoPRm0301MUSqa4
2uryCvgid8IZjrN1D6OTj9zPJYzmqIhIGgmBaYLOWRSax9Zqz3HbiTf6/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzG9WTl/VK4+AWUxFqcQ9+32HFUMB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEvVE1iMVpPWDlVcmo0QlpURVdweEQzN2ZZY1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE2mMA0G
CSqGSIb3DQEBCwUAA4IBAQBeP+waZ6CTm+bxY25wnGHvA8+rQUS/hczAym9m6B90
eSesqlrTPZBbHlojjWH5NEiWtGgwJO8gSg/1Ld3a1d8g3/vBul4V3a4maK0j/40e
jpWhwOs9sDLbZhLNep39QVGrC/yHcemMM3CqMuhF1r5TNPpjuPymLfdGcpJTFriX
S56KD/1CfRsS7vUzAb5Ym+sU9288zcqV8wi7Ffx0Z1s4jon6gai7ld25pGaiuT4g
z17bLTtQGE+g/yqkZnoYaxNr1pr+RKxrPMqgSEzD6kaHY6+82ncHVPAhm/RnIkwc
iikLzs4dY2QER+pJ/ubnA77pAZS04lJBkZ/x/V5gj9tH
-----END CERTIFICATE-----