Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/1-C-YuO6qNqSyxzgvithwScOGN_c.roa
File:                     1-C-YuO6qNqSyxzgvithwScOGN_c.roa (raw, json)
Hash identifier:          43JynL37zJKU0Vw2nQwY3HqV/Qq34HSTJqgwBdc21Ug=
Subject key identifier:   F8:2F:98:B8:EE:AA:36:A4:B2:C7:38:2F:8A:D8:70:49:C3:86:37:F7
Certificate issuer:       /CN=ca707e086640056bc271d5d2b3e24d01440baa04
Certificate serial:       018EF2D234C960E1D209B27895254E744308
Authority key identifier: CA:70:7E:08:66:40:05:6B:C2:71:D5:D2:B3:E2:4D:01:44:0B:AA:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/1-C-YuO6qNqSyxzgvithwScOGN_c.roa
Signing time:             Thu 18 Apr 2024 20:07:26 +0000
ROA not before:           Thu 18 Apr 2024 20:07:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215090
IP address blocks:        80.244.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/ynB-CGZABWvCcdXSs-JNAUQLqgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/ynB-CGZABWvCcdXSs-JNAUQLqgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f2:d2:34:c9:60:e1:d2:09:b2:78:95:25:4e:74:43:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca707e086640056bc271d5d2b3e24d01440baa04
        Validity
            Not Before: Apr 18 20:07:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f82f98b8eeaa36a4b2c7382f8ad87049c38637f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ed:51:9b:0d:62:5f:63:13:a4:e8:04:ee:55:
                    c8:f1:03:b6:87:28:97:64:10:b4:2f:08:4a:6b:75:
                    04:88:73:b1:5f:f9:5d:11:0d:f6:69:e4:5f:b1:82:
                    98:ee:f9:6d:f0:6f:aa:e5:6b:92:3c:5f:4f:d2:67:
                    e7:45:a6:ee:43:33:71:d4:f6:99:59:40:59:1f:3f:
                    7d:e7:86:cf:2c:55:70:cc:aa:c8:36:dc:f8:28:bd:
                    7e:8b:98:67:3d:3c:e4:c1:b5:a7:e8:f5:8f:b8:59:
                    72:d0:14:b7:8b:38:d5:17:2d:38:34:63:0c:1f:86:
                    0b:94:3f:24:6a:67:af:93:8a:98:66:25:73:4e:62:
                    9b:59:87:c3:d8:c1:3a:a9:9b:22:c0:6d:7f:22:31:
                    36:b9:b2:55:24:73:cf:1d:79:e5:fb:a0:8b:98:14:
                    8b:e8:6a:7d:37:46:a1:e8:50:5a:69:00:9f:45:56:
                    5c:7f:51:bb:cd:c5:e1:b8:b9:7a:b9:f6:e4:25:a3:
                    0b:d6:26:94:3a:5e:ed:5e:2a:9f:55:16:57:0a:64:
                    1a:77:c7:b7:f3:9c:f9:e5:52:a4:7b:86:f0:ac:fa:
                    8f:c1:76:ed:42:97:6f:0a:5c:d9:63:7e:ef:25:65:
                    e7:ab:46:62:cf:6c:24:6a:9b:d2:10:ec:2d:d9:a4:
                    b1:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:2F:98:B8:EE:AA:36:A4:B2:C7:38:2F:8A:D8:70:49:C3:86:37:F7
            X509v3 Authority Key Identifier:
                keyid:CA:70:7E:08:66:40:05:6B:C2:71:D5:D2:B3:E2:4D:01:44:0B:AA:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/1-C-YuO6qNqSyxzgvithwScOGN_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/ynB-CGZABWvCcdXSs-JNAUQLqgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:37:f0:a6:f1:98:ce:4b:7b:75:20:18:13:df:7f:70:eb:dc:
         4d:23:bb:c4:45:e8:7a:fb:dc:70:94:e7:98:be:06:a6:c9:d5:
         c2:16:b7:ee:35:94:b8:45:2e:2b:63:af:94:c7:8e:39:45:c1:
         c4:1f:9a:55:2e:fc:db:27:c3:1f:e4:6f:71:d4:74:fc:e0:a2:
         66:81:c5:c1:95:84:73:17:c6:bc:09:65:5e:9b:f9:b8:21:10:
         48:4b:1e:06:95:39:e0:ab:ab:a9:9e:6b:62:cc:89:e2:05:6a:
         b0:26:9f:f3:24:80:ae:1d:cc:fe:c4:01:68:fd:15:cc:73:5f:
         42:dd:3e:b5:d8:d0:f0:c8:b1:03:1a:78:ef:42:7c:27:92:cb:
         85:ea:88:88:9a:e6:d9:13:35:a5:44:51:30:20:08:85:00:6f:
         fd:c7:48:b0:23:1f:e6:f8:13:db:11:f3:0f:cc:bd:08:22:75:
         a9:ac:bb:0f:43:92:a0:d6:03:70:24:60:0c:c6:8b:76:79:64:
         cc:e4:f3:3a:d8:08:12:51:1f:09:f5:84:5b:26:1b:82:1a:a5:
         da:4c:db:31:24:61:c5:2d:16:b1:d6:29:7e:8b:56:fa:16:a8:
         1d:ef:ab:ae:f6:49:4a:ae:9e:ee:07:23:c2:b8:70:c1:72:b4:
         31:2f:de:4c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY7y0jTJYOHSCbJ4lSVOdEMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNzA3ZTA4NjY0MDA1NmJjMjcxZDVkMmIzZTI0ZDAxNDQw
YmFhMDQwHhcNMjQwNDE4MjAwNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODJmOThiOGVlYWEzNmE0YjJjNzM4MmY4YWQ4NzA0OWMzODYzN2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+1Rmw1iX2MTpOgE7lXI8QO2hyiX
ZBC0LwhKa3UEiHOxX/ldEQ32aeRfsYKY7vlt8G+q5WuSPF9P0mfnRabuQzNx1PaZ
WUBZHz9954bPLFVwzKrINtz4KL1+i5hnPTzkwbWn6PWPuFly0BS3izjVFy04NGMM
H4YLlD8kamevk4qYZiVzTmKbWYfD2ME6qZsiwG1/IjE2ubJVJHPPHXnl+6CLmBSL
6Gp9N0ah6FBaaQCfRVZcf1G7zcXhuLl6ufbkJaML1iaUOl7tXiqfVRZXCmQad8e3
85z55VKke4bwrPqPwXbtQpdvClzZY37vJWXnq0Ziz2wkapvSEOwt2aSxLwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgvmLjuqjakssc4L4rYcEnDhjf3MB8GA1UdIwQY
MBaAFMpwfghmQAVrwnHV0rPiTQFEC6oEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW5CLUNHWkFCV3ZDY2RYU3MtSk5BVVFMcWdRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zNzZjY2QtZGVmYS00MDI4LWFmMWMt
Yjk5Y2UzMGQ4MzlmLzEvMS1DLVl1TzZxTnFTeXh6Z3ZpdGh3U2NPR05fYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjcvMzc2Y2NkLWRlZmEtNDAyOC1hZjFjLWI5OWNlMzBkODM5
Zi8xL3luQi1DR1pBQld2Q2NkWFNzLUpOQVVRTHFnUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFD0DjAN
BgkqhkiG9w0BAQsFAAOCAQEAXzfwpvGYzkt7dSAYE99/cOvcTSO7xEXoevvccJTn
mL4GpsnVwha37jWUuEUuK2OvlMeOOUXBxB+aVS782yfDH+RvcdR0/OCiZoHFwZWE
cxfGvAllXpv5uCEQSEseBpU54KurqZ5rYsyJ4gVqsCaf8ySArh3M/sQBaP0VzHNf
Qt0+tdjQ8MixAxp470J8J5LLheqIiJrm2RM1pURRMCAIhQBv/cdIsCMf5vgT2xHz
D8y9CCJ1qay7D0OSoNYDcCRgDMaLdnlkzOTzOtgIElEfCfWEWyYbghql2kzbMSRh
xS0WsdYpfotW+haoHe+rrvZJSq6e7gcjwrhwwXK0MS/eTA==
-----END CERTIFICATE-----