Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/_V4EtpOY4VuFJtOHbfZaqbTRckA.roa
File:                     _V4EtpOY4VuFJtOHbfZaqbTRckA.roa (raw, json)
Hash identifier:          O/Jy8ZrPqzyoLRaVVKXm5fm6BNuqIsf9/MfdWhjCUBk=
Subject key identifier:   FD:5E:04:B6:93:98:E1:5B:85:26:D3:87:6D:F6:5A:A9:B4:D1:72:40
Certificate issuer:       /CN=a4e7205f5d41257a6bb95f900eec0a1123e75164
Certificate serial:       018E17F1B8B501FB97E83C473B3A663CB8E0
Authority key identifier: A4:E7:20:5F:5D:41:25:7A:6B:B9:5F:90:0E:EC:0A:11:23:E7:51:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pOcgX11BJXpruV-QDuwKESPnUWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/_V4EtpOY4VuFJtOHbfZaqbTRckA.roa
Signing time:             Thu 07 Mar 2024 08:05:01 +0000
ROA not before:           Thu 07 Mar 2024 08:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43220
IP address blocks:        80.70.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/pOcgX11BJXpruV-QDuwKESPnUWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/pOcgX11BJXpruV-QDuwKESPnUWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pOcgX11BJXpruV-QDuwKESPnUWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:17:f1:b8:b5:01:fb:97:e8:3c:47:3b:3a:66:3c:b8:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4e7205f5d41257a6bb95f900eec0a1123e75164
        Validity
            Not Before: Mar  7 08:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd5e04b69398e15b8526d3876df65aa9b4d17240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e6:67:f8:96:38:50:07:b5:2d:c8:7b:51:cd:
                    4f:aa:56:3d:9c:d8:d8:ee:8d:c5:52:ce:59:c4:ed:
                    95:af:a7:9a:0e:50:3c:cc:40:75:bd:86:e6:f8:4f:
                    17:3f:16:a2:14:75:17:d4:a4:f7:97:59:d8:0a:8e:
                    e7:de:f2:f2:62:6d:ef:48:29:ce:4e:ea:64:03:99:
                    2a:17:78:91:da:69:86:a8:f4:5b:b9:f4:39:a6:1e:
                    cb:cf:52:82:fe:ba:4c:98:15:78:bd:78:20:9d:07:
                    c3:74:c0:7a:7a:0f:1d:dd:0b:ef:34:8b:e7:3c:96:
                    03:e9:9f:60:4b:52:ca:77:ee:ba:74:cb:e7:1f:b3:
                    9e:ef:54:8d:8b:27:23:f5:72:20:f8:66:1e:f0:99:
                    e1:e4:e6:83:e6:03:20:74:47:87:da:5f:51:c2:ab:
                    81:0b:32:cf:94:b9:e6:f1:bf:ff:e0:cb:73:e6:40:
                    ee:4f:80:d8:95:2e:4b:04:11:27:39:8f:5f:02:89:
                    3c:0a:b3:13:81:47:17:65:57:e4:5d:a5:7f:cb:11:
                    0c:1f:cc:1c:56:79:f2:83:74:a1:f2:1f:ea:7e:74:
                    89:62:a9:83:51:6d:3a:b3:cf:95:92:dd:53:13:aa:
                    6f:9e:8c:c4:f1:9a:c6:da:5c:cd:a3:5d:86:36:f9:
                    c0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:5E:04:B6:93:98:E1:5B:85:26:D3:87:6D:F6:5A:A9:B4:D1:72:40
            X509v3 Authority Key Identifier:
                keyid:A4:E7:20:5F:5D:41:25:7A:6B:B9:5F:90:0E:EC:0A:11:23:E7:51:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pOcgX11BJXpruV-QDuwKESPnUWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/_V4EtpOY4VuFJtOHbfZaqbTRckA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/pOcgX11BJXpruV-QDuwKESPnUWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.70.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:ee:63:82:26:ef:27:64:e4:78:a9:5f:04:4a:4f:8d:ac:b4:
         fd:a1:ae:d6:e4:c6:d1:84:37:ac:9b:1e:c0:ef:8a:47:13:9e:
         c6:05:0d:15:2e:21:9c:99:d4:55:73:f1:22:40:17:d1:28:77:
         a3:47:7d:3d:b4:97:23:39:fc:90:8d:a6:9d:c2:1e:3c:dd:a8:
         d1:f8:01:33:35:ea:f9:f9:67:30:31:c1:e9:6b:12:e7:19:46:
         db:c2:e5:54:6e:5d:4f:3d:21:e0:1f:93:5e:33:26:5e:8c:49:
         7f:5d:78:9b:31:1c:b4:a3:ce:32:f3:69:56:9c:eb:03:63:60:
         f1:65:82:cf:41:47:85:13:0e:ac:b9:78:2a:52:c6:0c:6a:30:
         7d:29:29:52:bb:40:94:22:22:26:88:e4:d0:ba:25:59:24:f3:
         d9:2b:e8:b4:d8:c8:cd:a6:ec:30:5f:8b:65:e2:9a:a5:8f:89:
         ba:62:02:7f:04:e9:53:3b:dd:c9:29:3a:1e:af:c5:26:c4:bd:
         fc:ce:a1:2b:73:56:02:c7:e0:f5:7e:fd:56:82:20:5b:71:2b:
         e8:ac:ef:73:77:60:d9:15:98:88:7a:83:66:55:17:cc:2a:a7:
         72:33:c8:fb:85:62:cd:04:54:0c:82:49:e7:07:39:33:01:5a:
         a4:88:21:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4X8bi1AfuX6DxHOzpmPLjgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZTcyMDVmNWQ0MTI1N2E2YmI5NWY5MDBlZWMwYTExMjNl
NzUxNjQwHhcNMjQwMzA3MDgwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDVlMDRiNjkzOThlMTViODUyNmQzODc2ZGY2NWFhOWI0ZDE3MjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeZn+JY4UAe1Lch7Uc1PqlY9nNjY
7o3FUs5ZxO2Vr6eaDlA8zEB1vYbm+E8XPxaiFHUX1KT3l1nYCo7n3vLyYm3vSCnO
TupkA5kqF3iR2mmGqPRbufQ5ph7Lz1KC/rpMmBV4vXggnQfDdMB6eg8d3QvvNIvn
PJYD6Z9gS1LKd+66dMvnH7Oe71SNiycj9XIg+GYe8Jnh5OaD5gMgdEeH2l9RwquB
CzLPlLnm8b//4Mtz5kDuT4DYlS5LBBEnOY9fAok8CrMTgUcXZVfkXaV/yxEMH8wc
Vnnyg3Sh8h/qfnSJYqmDUW06s8+Vkt1TE6pvnozE8ZrG2lzNo12GNvnA+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1eBLaTmOFbhSbTh232Wqm00XJAMB8GA1UdIwQY
MBaAFKTnIF9dQSV6a7lfkA7sChEj51FkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE9jZ1gxMUJKWHBydVYtUUR1d0tFU1BuVVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9mNzYxYmQtNWMzYS00ZDJmLThjZDkt
M2U1OWNlNDQ1YjFjLzEvX1Y0RXRwT1k0VnVGSnRPSGJmWmFxYlRSY2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9mNzYxYmQtNWMzYS00ZDJmLThjZDktM2U1OWNlNDQ1YjFj
LzEvcE9jZ1gxMUJKWHBydVYtUUR1d0tFU1BuVVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEYHMA0G
CSqGSIb3DQEBCwUAA4IBAQCA7mOCJu8nZOR4qV8ESk+NrLT9oa7W5MbRhDesmx7A
74pHE57GBQ0VLiGcmdRVc/EiQBfRKHejR309tJcjOfyQjaadwh483ajR+AEzNer5
+WcwMcHpaxLnGUbbwuVUbl1PPSHgH5NeMyZejEl/XXibMRy0o84y82lWnOsDY2Dx
ZYLPQUeFEw6suXgqUsYMajB9KSlSu0CUIiImiOTQuiVZJPPZK+i02MjNpuwwX4tl
4pqlj4m6YgJ/BOlTO93JKToer8UmxL38zqErc1YCx+D1fv1WgiBbcSvorO9zd2DZ
FZiIeoNmVRfMKqdyM8j7hWLNBFQMgknnBzkzAVqkiCHq
-----END CERTIFICATE-----