Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/79rLseMHbXXWH_RxX7XZtITcY2Y.roa
File:                     79rLseMHbXXWH_RxX7XZtITcY2Y.roa (raw, json)
Hash identifier:          dVUdEzyncEAsc/P94gHS77EyfwEBl1zc2koh6ZjYffY=
Subject key identifier:   EF:DA:CB:B1:E3:07:6D:75:D6:1F:F4:71:5F:B5:D9:B4:84:DC:63:66
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018E141060FCD3DD1FB3980177AE64AFC90B
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/79rLseMHbXXWH_RxX7XZtITcY2Y.roa
Signing time:             Wed 06 Mar 2024 14:00:01 +0000
ROA not before:           Wed 06 Mar 2024 14:00:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        62.72.180.0/24 maxlen: 24
                          81.21.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:10:60:fc:d3:dd:1f:b3:98:01:77:ae:64:af:c9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Mar  6 14:00:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efdacbb1e3076d75d61ff4715fb5d9b484dc6366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6a:f2:a5:55:f9:10:42:ed:05:ad:e0:4e:e1:
                    8b:5c:ad:0b:1e:c0:b9:10:22:c5:71:74:9b:59:fa:
                    4b:cb:a0:1c:12:ad:1e:cc:65:f3:b3:96:b0:61:d1:
                    d0:16:96:06:63:53:3a:53:1e:f5:a4:b3:5a:6f:00:
                    56:43:d4:c0:7f:5d:1c:1d:a8:21:24:bb:e6:c1:b4:
                    df:6f:9c:05:28:af:cc:db:f0:6d:85:88:e6:2c:7c:
                    46:cb:14:d6:82:af:8d:df:1e:21:63:88:11:9d:c7:
                    f4:45:00:49:bb:5c:5c:59:af:73:64:fa:e6:9d:60:
                    79:8d:9a:2c:a8:2b:2c:81:e2:9d:8a:b9:5e:81:04:
                    bc:62:c7:ae:83:04:8d:7a:a3:f3:03:32:db:c4:19:
                    1d:f7:d8:f1:93:ea:ea:1c:2b:f0:d3:55:a3:ce:dd:
                    da:fa:21:8b:d9:14:7d:c0:c2:7f:ad:69:f2:65:54:
                    02:b2:fe:cf:1d:95:c3:ce:98:1b:6c:5e:eb:d6:7b:
                    7e:ae:fb:8c:eb:ea:82:ed:58:2c:e5:17:de:86:80:
                    4c:39:29:e1:f2:1f:41:59:d9:cc:58:4a:44:63:e2:
                    88:8a:54:d2:90:1d:1e:d6:65:ca:f4:86:59:90:ff:
                    fc:51:3c:cd:6e:46:bc:05:7c:85:e6:a4:68:eb:f9:
                    83:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:DA:CB:B1:E3:07:6D:75:D6:1F:F4:71:5F:B5:D9:B4:84:DC:63:66
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/79rLseMHbXXWH_RxX7XZtITcY2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.180.0/24
                  81.21.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:06:96:32:73:1b:14:6f:f5:48:ec:2b:60:6f:52:16:28:66:
         fd:09:74:83:3d:bc:3f:5a:68:50:a7:ee:d2:a0:1e:f4:83:58:
         c7:b8:41:19:1c:7c:21:02:c6:53:0d:a4:88:d0:1b:53:c9:ba:
         46:a2:28:7e:7f:06:16:32:80:ea:da:7b:34:24:19:5a:e4:48:
         55:fd:01:79:49:81:08:ba:b9:f9:64:a0:5d:67:df:ca:01:7f:
         fb:6b:be:4d:15:ba:f6:25:67:5e:7e:db:b4:be:34:f5:4d:28:
         0d:aa:63:f5:cb:85:8f:bb:3a:e0:91:b6:6b:e5:a9:37:d8:8a:
         aa:d5:02:34:3d:a5:90:0c:4a:63:c0:7f:47:cb:a1:22:92:8d:
         83:f9:9a:25:fd:15:e8:77:f9:52:01:9b:20:99:bc:a8:e4:cf:
         89:78:e7:85:00:f5:a1:bd:e8:39:92:32:b3:b4:ca:74:f4:c9:
         a2:36:58:84:5a:fb:77:a7:bc:4a:2f:56:6c:15:e1:f4:2e:c9:
         28:87:42:f5:78:29:99:40:d5:64:dc:bb:e4:df:bd:89:67:b6:
         df:d3:b9:72:64:02:01:60:76:5e:f4:5b:f3:0d:1f:2f:cf:56:
         15:30:bb:de:c0:ef:9c:fc:5c:5a:f5:cd:4e:c9:fa:d6:dc:2a:
         e2:a5:a6:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4UEGD8090fs5gBd65kr8kLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMzA2MTQwMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmRhY2JiMWUzMDc2ZDc1ZDYxZmY0NzE1ZmI1ZDliNDg0ZGM2MzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGrypVX5EELtBa3gTuGLXK0LHsC5
ECLFcXSbWfpLy6AcEq0ezGXzs5awYdHQFpYGY1M6Ux71pLNabwBWQ9TAf10cHagh
JLvmwbTfb5wFKK/M2/BthYjmLHxGyxTWgq+N3x4hY4gRncf0RQBJu1xcWa9zZPrm
nWB5jZosqCssgeKdirlegQS8YseugwSNeqPzAzLbxBkd99jxk+rqHCvw01Wjzt3a
+iGL2RR9wMJ/rWnyZVQCsv7PHZXDzpgbbF7r1nt+rvuM6+qC7Vgs5RfehoBMOSnh
8h9BWdnMWEpEY+KIilTSkB0e1mXK9IZZkP/8UTzNbka8BXyF5qRo6/mD0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO/ay7HjB2111h/0cV+12bSE3GNmMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvNzlyTHNlTUhiWFhXSF9SeFg3WFp0SVRjWTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPki0AwQA
URUMMA0GCSqGSIb3DQEBCwUAA4IBAQCKBpYycxsUb/VI7Ctgb1IWKGb9CXSDPbw/
WmhQp+7SoB70g1jHuEEZHHwhAsZTDaSI0BtTybpGoih+fwYWMoDq2ns0JBla5EhV
/QF5SYEIurn5ZKBdZ9/KAX/7a75NFbr2JWdeftu0vjT1TSgNqmP1y4WPuzrgkbZr
5ak32Iqq1QI0PaWQDEpjwH9Hy6Eiko2D+Zol/RXod/lSAZsgmbyo5M+JeOeFAPWh
veg5kjKztMp09MmiNliEWvt3p7xKL1ZsFeH0Lskoh0L1eCmZQNVk3Lvk372JZ7bf
07lyZAIBYHZe9FvzDR8vz1YVMLvewO+c/Fxa9c1OyfrW3CripaYJ
-----END CERTIFICATE-----