Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/Dev76wqFx3e01cvB7tF4t_4UoR8.roa
File:                     Dev76wqFx3e01cvB7tF4t_4UoR8.roa (raw, json)
Hash identifier:          7dATm7/QGlBIvPtlpTxLo/02+ZH05lYpgVFauXVWlRY=
Subject key identifier:   0D:EB:FB:EB:0A:85:C7:77:B4:D5:CB:C1:EE:D1:78:B7:FE:14:A1:1F
Certificate issuer:       /CN=db641fc903d5b4cc971649324a4b34e4f82422c5
Certificate serial:       018CCA29CC87FC4FEE5AF83A5A99AD6DAC3F
Authority key identifier: DB:64:1F:C9:03:D5:B4:CC:97:16:49:32:4A:4B:34:E4:F8:24:22:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/22QfyQPVtMyXFkkySks05PgkIsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/Dev76wqFx3e01cvB7tF4t_4UoR8.roa
Signing time:             Tue 02 Jan 2024 12:33:06 +0000
ROA not before:           Tue 02 Jan 2024 12:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        80.172.222.0/24 maxlen: 24
                          2001:4cc0:8000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/22QfyQPVtMyXFkkySks05PgkIsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/22QfyQPVtMyXFkkySks05PgkIsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/22QfyQPVtMyXFkkySks05PgkIsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:cc:87:fc:4f:ee:5a:f8:3a:5a:99:ad:6d:ac:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db641fc903d5b4cc971649324a4b34e4f82422c5
        Validity
            Not Before: Jan  2 12:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0debfbeb0a85c777b4d5cbc1eed178b7fe14a11f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4f:76:d7:d5:47:85:68:29:52:24:48:f4:65:
                    26:42:c2:c6:f6:1c:42:bd:4a:09:e2:8b:3e:fb:fd:
                    a1:32:8d:c3:3b:5d:6a:2c:d7:4a:6f:de:68:b3:e5:
                    ea:77:d8:98:f1:4c:d2:0a:fb:1f:98:ee:2d:2c:ff:
                    e2:d4:63:b0:ce:01:c2:d8:fe:6c:38:95:17:67:f5:
                    65:95:1c:b3:c7:0b:3a:aa:61:8c:72:89:a2:a1:da:
                    e4:ab:89:aa:f1:65:24:1c:44:af:60:c1:5d:3a:18:
                    cb:9b:75:1e:b4:e5:e5:38:6c:8b:6d:5f:8a:22:35:
                    0f:7b:26:52:e0:d6:6c:1c:e4:0e:47:dd:ff:f7:49:
                    42:5d:44:f7:b9:04:4d:98:ec:72:0e:1a:8a:9c:f8:
                    25:c7:99:0c:93:59:b3:f1:52:1d:92:de:c0:81:c6:
                    f5:20:d7:6a:44:7b:8e:a9:8d:8c:d0:dd:0f:bf:ae:
                    0d:9f:90:ed:93:9a:1c:f9:35:6d:21:fe:dc:b5:97:
                    b9:6b:b0:a0:70:29:d4:34:17:36:23:65:74:55:e9:
                    d4:a1:4b:e9:af:76:6f:3c:cf:41:6c:17:57:22:3e:
                    78:3e:48:e8:12:12:39:f4:6d:66:d0:52:77:5c:b7:
                    ae:38:72:34:dc:10:0d:a0:ec:c2:4e:69:4a:a5:3d:
                    ca:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:EB:FB:EB:0A:85:C7:77:B4:D5:CB:C1:EE:D1:78:B7:FE:14:A1:1F
            X509v3 Authority Key Identifier:
                keyid:DB:64:1F:C9:03:D5:B4:CC:97:16:49:32:4A:4B:34:E4:F8:24:22:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/22QfyQPVtMyXFkkySks05PgkIsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/Dev76wqFx3e01cvB7tF4t_4UoR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/10095f-fd35-4a06-8f39-7fee591a209c/1/22QfyQPVtMyXFkkySks05PgkIsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.172.222.0/24
                IPv6:
                  2001:4cc0:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:5b:b7:08:c0:f6:ea:d0:41:d9:1f:6a:3b:db:f5:36:21:a0:
         a0:81:c2:32:18:b9:56:f1:3d:a3:6a:14:68:d5:b5:e8:b2:d2:
         2d:a0:6c:d3:f3:f1:02:f7:e7:5e:cb:48:ff:64:e0:bc:2e:c1:
         d8:a9:cd:80:80:74:17:0f:8f:a4:3c:85:c5:65:60:a0:cf:ec:
         a4:ae:d7:30:fc:87:4c:e7:d1:0b:f2:1c:d4:92:a4:5f:e3:df:
         b2:24:04:64:58:07:c8:19:a0:65:68:2a:be:c6:87:71:c3:df:
         1d:1a:50:ea:47:86:be:69:95:4e:83:69:6c:55:08:fd:f9:5a:
         48:c3:bc:a3:ea:0f:3c:98:ed:0d:4e:33:4a:04:09:78:b5:2c:
         c9:ae:14:e8:d4:7b:75:bc:a8:0c:c3:b9:73:6a:79:f4:42:e6:
         c1:be:de:07:4b:47:81:a8:e9:09:01:2f:fc:fa:90:b5:f7:89:
         34:a3:7a:29:cc:ee:10:bb:09:a1:35:7f:c3:1a:08:b7:e2:28:
         a1:0e:bb:a4:05:9b:e9:6a:73:0d:38:5b:49:75:b3:a9:2d:fa:
         e5:42:b3:7d:08:45:f4:72:c6:f8:d1:e2:05:7e:2b:1d:13:b6:
         8a:6a:f3:dc:e2:75:f9:3a:a1:22:4f:d5:9c:ca:f2:b7:d0:e1:
         e1:2f:46:ea
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKcyH/E/uWvg6Wpmtbaw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiNjQxZmM5MDNkNWI0Y2M5NzE2NDkzMjRhNGIzNGU0Zjgy
NDIyYzUwHhcNMjQwMTAyMTIzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGViZmJlYjBhODVjNzc3YjRkNWNiYzFlZWQxNzhiN2ZlMTRhMTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkU9219VHhWgpUiRI9GUmQsLG9hxC
vUoJ4os++/2hMo3DO11qLNdKb95os+Xqd9iY8UzSCvsfmO4tLP/i1GOwzgHC2P5s
OJUXZ/VllRyzxws6qmGMcomiodrkq4mq8WUkHESvYMFdOhjLm3UetOXlOGyLbV+K
IjUPeyZS4NZsHOQOR93/90lCXUT3uQRNmOxyDhqKnPglx5kMk1mz8VIdkt7Agcb1
INdqRHuOqY2M0N0Pv64Nn5Dtk5oc+TVtIf7ctZe5a7CgcCnUNBc2I2V0VenUoUvp
r3ZvPM9BbBdXIj54PkjoEhI59G1m0FJ3XLeuOHI03BANoOzCTmlKpT3KywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA3r++sKhcd3tNXLwe7ReLf+FKEfMB8GA1UdIwQY
MBaAFNtkH8kD1bTMlxZJMkpLNOT4JCLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjJRZnlRUFZ0TXlYRmtreVNrczA1UGdrSXNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xMDA5NWYtZmQzNS00YTA2LThmMzkt
N2ZlZTU5MWEyMDljLzEvRGV2NzZ3cUZ4M2UwMWN2Qjd0RjR0XzRVb1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xMDA5NWYtZmQzNS00YTA2LThmMzktN2ZlZTU5MWEyMDlj
LzEvMjJRZnlRUFZ0TXlYRmtreVNrczA1UGdrSXNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUKzeMA8E
AgACMAkDBwAgAUzAgAAwDQYJKoZIhvcNAQELBQADggEBAGhbtwjA9urQQdkfajvb
9TYhoKCBwjIYuVbxPaNqFGjVteiy0i2gbNPz8QL3517LSP9k4LwuwdipzYCAdBcP
j6Q8hcVlYKDP7KSu1zD8h0zn0QvyHNSSpF/j37IkBGRYB8gZoGVoKr7Gh3HD3x0a
UOpHhr5plU6DaWxVCP35WkjDvKPqDzyY7Q1OM0oECXi1LMmuFOjUe3W8qAzDuXNq
efRC5sG+3gdLR4Go6QkBL/z6kLX3iTSjeinM7hC7CaE1f8MaCLfiKKEOu6QFm+lq
cw04W0l1s6kt+uVCs30IRfRyxvjR4gV+Kx0Ttopq89zidfk6oSJP1ZzK8rfQ4eEv
Ruo=
-----END CERTIFICATE-----