Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/pqQ_ZZcJp-tL1Yx6Vm1Ocy2KlwY.roa
File:                     pqQ_ZZcJp-tL1Yx6Vm1Ocy2KlwY.roa (raw, json)
Hash identifier:          VD8ymAdnkxJ2RRZv2o7OF+tYzACDkVn1lIcU24vdwAU=
Subject key identifier:   A6:A4:3F:65:97:09:A7:EB:4B:D5:8C:7A:56:6D:4E:73:2D:8A:97:06
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DDE300733BD244A483BAA3B646B5E
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/pqQ_ZZcJp-tL1Yx6Vm1Ocy2KlwY.roa
Signing time:             Mon 01 Jan 2024 14:29:20 +0000
ROA not before:           Mon 01 Jan 2024 14:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8441
IP address blocks:        80.253.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:de:30:07:33:bd:24:4a:48:3b:aa:3b:64:6b:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6a43f659709a7eb4bd58c7a566d4e732d8a9706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:f9:d7:fc:e9:18:9e:0d:62:bd:e3:6c:77:d3:
                    54:57:15:13:ad:5f:bb:fe:3d:22:05:4f:71:6d:6b:
                    d4:f2:e7:a8:d2:64:dd:36:f4:98:b0:bf:51:31:cc:
                    74:a0:89:33:05:88:7f:d1:14:d6:28:d8:d2:ba:f0:
                    dc:9c:ea:de:d1:e5:16:17:d0:74:5d:05:f1:78:2e:
                    ef:11:6e:63:18:c3:0f:66:0a:75:ec:7d:0f:47:76:
                    b0:a9:c2:f3:7a:ce:b4:c8:3e:f6:2d:bc:e5:00:3f:
                    b1:08:92:3a:b2:19:28:3d:10:58:c3:03:35:9b:20:
                    34:d1:2a:75:91:d5:7a:8b:a9:43:5d:87:9b:6c:6b:
                    8c:e6:c4:c4:03:ad:0a:e5:73:bd:f1:6b:9f:27:3c:
                    f8:49:f6:c1:04:fe:20:45:05:1c:1e:ed:f7:ec:24:
                    d1:c7:f1:c9:5a:bb:16:03:be:e1:f0:87:7d:35:0e:
                    7b:e6:9c:35:7c:16:fc:c6:f3:3a:1f:0c:9a:12:d8:
                    bd:23:ea:b6:14:b8:c9:8a:c5:2a:5a:a1:29:a5:2f:
                    af:84:2e:98:c0:ab:8d:da:76:13:2b:5b:b9:a9:ae:
                    b6:0e:16:31:52:90:67:1a:3f:ff:4d:f3:9c:a3:7e:
                    8d:0e:80:a3:ed:7b:6a:0c:34:c0:1d:b3:c6:8e:51:
                    33:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:A4:3F:65:97:09:A7:EB:4B:D5:8C:7A:56:6D:4E:73:2D:8A:97:06
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/pqQ_ZZcJp-tL1Yx6Vm1Ocy2KlwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:9f:68:bd:b8:34:fd:eb:66:90:b2:4d:e2:b4:61:0f:0b:95:
         a6:da:58:e6:69:58:b2:f3:37:b9:2c:18:64:56:66:d9:b4:9f:
         50:95:34:77:e8:fb:9a:85:85:06:a5:70:5a:26:e8:a5:32:42:
         6c:23:8c:1c:45:aa:9f:32:98:44:8b:d6:28:7a:13:50:98:b3:
         fd:8c:78:4b:90:9d:ed:11:a6:77:1f:67:b1:47:b7:e5:2c:9c:
         2b:d4:ca:67:e1:1f:61:da:f3:c9:70:5e:2b:ec:cf:e0:cd:3e:
         50:c9:ed:3e:37:82:3e:87:89:21:eb:86:df:76:d5:68:22:79:
         4b:00:73:0e:92:0e:7d:2c:6b:a5:ab:3a:b3:f8:8a:b0:64:b2:
         3a:5b:ce:48:6b:74:6d:ea:63:e6:5e:a4:6e:b9:61:c5:96:72:
         2c:c5:22:fa:2c:13:1f:ae:5f:28:91:47:ec:67:7d:5b:b6:86:
         81:28:1e:6b:3c:cd:8c:13:d5:6f:e3:64:7e:b8:6a:9c:b4:eb:
         8c:c7:6e:20:1c:8c:91:52:70:9e:95:c2:d6:ef:1e:1c:92:73:
         f5:80:07:7d:3c:d9:81:0b:6f:4d:67:a3:de:17:b7:1d:ce:88:
         a8:50:b7:ed:10:ba:bc:d5:a6:a8:2b:e3:38:89:35:24:1c:b9:
         73:c8:bd:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbd4wBzO9JEpIO6o7ZGteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmE0M2Y2NTk3MDlhN2ViNGJkNThjN2E1NjZkNGU3MzJkOGE5NzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6PnX/OkYng1iveNsd9NUVxUTrV+7
/j0iBU9xbWvU8ueo0mTdNvSYsL9RMcx0oIkzBYh/0RTWKNjSuvDcnOre0eUWF9B0
XQXxeC7vEW5jGMMPZgp17H0PR3awqcLzes60yD72LbzlAD+xCJI6shkoPRBYwwM1
myA00Sp1kdV6i6lDXYebbGuM5sTEA60K5XO98WufJzz4SfbBBP4gRQUcHu337CTR
x/HJWrsWA77h8Id9NQ575pw1fBb8xvM6HwyaEti9I+q2FLjJisUqWqEppS+vhC6Y
wKuN2nYTK1u5qa62DhYxUpBnGj//TfOco36NDoCj7XtqDDTAHbPGjlEzUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKakP2WXCafrS9WMelZtTnMtipcGMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvcHFRX1paY0pwLXRMMVl4NlZtMU9jeTJLbHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUP0EMA0G
CSqGSIb3DQEBCwUAA4IBAQApn2i9uDT962aQsk3itGEPC5Wm2ljmaViy8ze5LBhk
VmbZtJ9QlTR36PuahYUGpXBaJuilMkJsI4wcRaqfMphEi9YoehNQmLP9jHhLkJ3t
EaZ3H2exR7flLJwr1Mpn4R9h2vPJcF4r7M/gzT5Qye0+N4I+h4kh64bfdtVoInlL
AHMOkg59LGulqzqz+IqwZLI6W85Ia3Rt6mPmXqRuuWHFlnIsxSL6LBMfrl8okUfs
Z31btoaBKB5rPM2ME9Vv42R+uGqctOuMx24gHIyRUnCelcLW7x4cknP1gAd9PNmB
C29NZ6PeF7cdzoioULftELq81aaoK+M4iTUkHLlzyL2b
-----END CERTIFICATE-----