Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/898754-e446-4b51-99a9-e59bd4f4f740/1/aO09A7vpcFh5VQi3APy84yO_zV4.roa
File:                     aO09A7vpcFh5VQi3APy84yO_zV4.roa (raw, json)
Hash identifier:          GOiSxPIpfP+t0FZsN0c+rIl0tgZXl+nlIajTmD+9rWQ=
Subject key identifier:   68:ED:3D:03:BB:E9:70:58:79:55:08:B7:00:FC:BC:E3:23:BF:CD:5E
Certificate issuer:       /CN=abafb42e2e6fd09057fca21b99084dac3b7af2d0
Certificate serial:       018CC8019EFE30CABCFE7EE3C0F160DFE258
Authority key identifier: AB:AF:B4:2E:2E:6F:D0:90:57:FC:A2:1B:99:08:4D:AC:3B:7A:F2:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q6-0Li5v0JBX_KIbmQhNrDt68tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/898754-e446-4b51-99a9-e59bd4f4f740/1/aO09A7vpcFh5VQi3APy84yO_zV4.roa
Signing time:             Tue 02 Jan 2024 02:29:58 +0000
ROA not before:           Tue 02 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200295
IP address blocks:        80.64.208.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/898754-e446-4b51-99a9-e59bd4f4f740/1/q6-0Li5v0JBX_KIbmQhNrDt68tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/898754-e446-4b51-99a9-e59bd4f4f740/1/q6-0Li5v0JBX_KIbmQhNrDt68tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q6-0Li5v0JBX_KIbmQhNrDt68tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:9e:fe:30:ca:bc:fe:7e:e3:c0:f1:60:df:e2:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abafb42e2e6fd09057fca21b99084dac3b7af2d0
        Validity
            Not Before: Jan  2 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68ed3d03bbe97058795508b700fcbce323bfcd5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ae:3b:17:ae:a7:e0:73:23:3a:d2:33:f9:b2:
                    d2:95:71:ff:25:aa:8b:50:3e:43:3f:a1:14:bc:bf:
                    d5:f9:81:7c:07:f6:1c:a7:bf:b1:a7:d2:32:3e:64:
                    44:d0:f3:f9:ed:eb:2f:01:e2:73:23:08:40:45:48:
                    71:be:dd:e4:fa:d9:df:f2:30:55:5b:8a:67:18:3f:
                    4f:d7:a6:ed:5b:db:45:42:fe:38:90:70:7e:27:91:
                    4a:f3:7a:56:c8:d5:9c:2b:37:d7:4a:8c:4d:20:56:
                    6e:64:48:0f:80:ba:20:3d:3d:3b:4d:3a:d8:6b:a9:
                    05:8e:bd:3c:a7:69:c3:2f:c9:43:0b:8a:2b:c7:6a:
                    3d:39:11:af:5e:00:28:98:d2:f1:ce:b1:53:f1:ff:
                    7b:92:86:38:fa:f2:f7:12:8d:e6:44:83:d8:b4:9c:
                    16:3d:ba:4b:67:2b:96:14:a3:e9:c0:79:9a:6c:4b:
                    9e:e3:1d:f2:5c:50:94:9a:ec:98:73:c8:1a:29:c6:
                    86:88:ce:f6:ea:98:9c:e4:84:6c:1b:98:d2:37:df:
                    57:05:9e:fe:1b:4e:70:cc:b2:c4:f2:fe:42:a8:6d:
                    80:54:65:87:1d:ae:2b:5a:e6:96:d8:78:71:71:8d:
                    95:32:80:ce:7a:8a:2a:80:78:9b:0a:fb:71:2d:20:
                    84:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:ED:3D:03:BB:E9:70:58:79:55:08:B7:00:FC:BC:E3:23:BF:CD:5E
            X509v3 Authority Key Identifier:
                keyid:AB:AF:B4:2E:2E:6F:D0:90:57:FC:A2:1B:99:08:4D:AC:3B:7A:F2:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q6-0Li5v0JBX_KIbmQhNrDt68tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/898754-e446-4b51-99a9-e59bd4f4f740/1/aO09A7vpcFh5VQi3APy84yO_zV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/898754-e446-4b51-99a9-e59bd4f4f740/1/q6-0Li5v0JBX_KIbmQhNrDt68tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:9b:d7:0f:6d:29:ea:a4:2c:72:37:28:7a:9f:e6:9d:80:f3:
         6a:05:a4:a8:28:59:09:1e:fe:a9:83:11:b0:b4:68:fc:0b:58:
         92:52:c0:83:f2:69:87:39:6e:0d:d4:21:07:69:b0:da:9a:90:
         48:e2:2f:7a:6f:51:cf:32:f7:04:fb:77:d8:3e:1c:2e:3f:e8:
         98:26:cd:0c:13:4f:c2:8a:9b:07:d6:76:b4:91:d3:b3:4a:a5:
         e6:17:01:2b:b8:06:6b:14:1c:96:8d:d6:60:94:f2:5e:38:b8:
         8d:70:de:ed:42:e7:64:2d:9b:70:b0:36:f6:7f:4a:bb:b8:07:
         1b:6b:04:dd:c6:98:cb:1a:09:ee:46:dc:0b:d1:e6:16:d4:f8:
         c4:b7:e9:da:09:0d:43:14:7e:e8:d0:31:86:21:62:1a:f4:a7:
         6a:31:05:d3:7a:81:b1:93:44:f4:0a:07:63:3e:07:cf:58:b3:
         33:64:c2:65:68:cf:9f:cb:67:20:e1:b6:cf:50:b5:a7:6d:bb:
         e3:01:ee:ef:58:59:d2:48:d6:64:b6:f6:5e:69:50:24:77:d3:
         04:63:db:4c:54:eb:2a:7f:ec:97:a4:c7:7d:58:55:ab:bf:ac:
         2a:ce:d3:26:ba:b4:56:d1:96:39:38:18:47:35:19:6f:56:33:
         46:16:c1:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAZ7+MMq8/n7jwPFg3+JYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYWZiNDJlMmU2ZmQwOTA1N2ZjYTIxYjk5MDg0ZGFjM2I3
YWYyZDAwHhcNMjQwMTAyMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGVkM2QwM2JiZTk3MDU4Nzk1NTA4YjcwMGZjYmNlMzIzYmZjZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh647F66n4HMjOtIz+bLSlXH/JaqL
UD5DP6EUvL/V+YF8B/Ycp7+xp9IyPmRE0PP57esvAeJzIwhARUhxvt3k+tnf8jBV
W4pnGD9P16btW9tFQv44kHB+J5FK83pWyNWcKzfXSoxNIFZuZEgPgLogPT07TTrY
a6kFjr08p2nDL8lDC4orx2o9ORGvXgAomNLxzrFT8f97koY4+vL3Eo3mRIPYtJwW
PbpLZyuWFKPpwHmabEue4x3yXFCUmuyYc8gaKcaGiM726pic5IRsG5jSN99XBZ7+
G05wzLLE8v5CqG2AVGWHHa4rWuaW2HhxcY2VMoDOeooqgHibCvtxLSCEgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjtPQO76XBYeVUItwD8vOMjv81eMB8GA1UdIwQY
MBaAFKuvtC4ub9CQV/yiG5kITaw7evLQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTYtMExpNXYwSkJYX0tJYm1RaE5yRHQ2OHRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi84OTg3NTQtZTQ0Ni00YjUxLTk5YTkt
ZTU5YmQ0ZjRmNzQwLzEvYU8wOUE3dnBjRmg1VlFpM0FQeTg0eU9felY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi84OTg3NTQtZTQ0Ni00YjUxLTk5YTktZTU5YmQ0ZjRmNzQw
LzEvcTYtMExpNXYwSkJYX0tJYm1RaE5yRHQ2OHRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUEDQMA0G
CSqGSIb3DQEBCwUAA4IBAQBjm9cPbSnqpCxyNyh6n+adgPNqBaSoKFkJHv6pgxGw
tGj8C1iSUsCD8mmHOW4N1CEHabDampBI4i96b1HPMvcE+3fYPhwuP+iYJs0ME0/C
ipsH1na0kdOzSqXmFwEruAZrFByWjdZglPJeOLiNcN7tQudkLZtwsDb2f0q7uAcb
awTdxpjLGgnuRtwL0eYW1PjEt+naCQ1DFH7o0DGGIWIa9KdqMQXTeoGxk0T0Cgdj
PgfPWLMzZMJlaM+fy2cg4bbPULWnbbvjAe7vWFnSSNZktvZeaVAkd9MEY9tMVOsq
f+yXpMd9WFWrv6wqztMmurRW0ZY5OBhHNRlvVjNGFsHA
-----END CERTIFICATE-----