Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/Cjj5wOv_2hSHgkEx89K2aHe4IpE.roa
File:                     Cjj5wOv_2hSHgkEx89K2aHe4IpE.roa (raw, json)
Hash identifier:          qzt3gxeAuxWZKBJkFZhRXS2quuBVG0R4Wfod//zwA50=
Subject key identifier:   0A:38:F9:C0:EB:FF:DA:14:87:82:41:31:F3:D2:B6:68:77:B8:22:91
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018EE13F02B70A067210B37A170A83E57145
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/Cjj5wOv_2hSHgkEx89K2aHe4IpE.roa
Signing time:             Mon 15 Apr 2024 10:13:06 +0000
ROA not before:           Mon 15 Apr 2024 10:13:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35608
IP address blocks:        79.171.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:3f:02:b7:0a:06:72:10:b3:7a:17:0a:83:e5:71:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Apr 15 10:13:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a38f9c0ebffda1487824131f3d2b66877b82291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7d:c3:0f:92:a0:02:31:b9:91:5b:3a:58:fb:
                    29:82:5a:4f:c7:be:98:76:ba:be:27:fe:5f:87:bd:
                    d7:22:d0:28:29:e3:44:0d:d8:2c:30:bb:79:8e:e2:
                    64:a9:21:b2:61:99:62:2a:1c:df:c1:2a:b5:a6:e4:
                    73:e4:4e:08:07:0f:6e:19:4e:26:8d:72:68:6e:2e:
                    be:cd:a3:1b:79:b5:1c:7b:4d:ed:d0:5c:6a:39:52:
                    b9:54:95:73:cc:78:8f:cb:c5:dc:fc:e4:26:93:4b:
                    49:a8:cf:c1:ef:be:09:c4:89:7d:09:d9:a5:50:4f:
                    65:5e:10:c6:43:ca:9c:d9:ce:66:42:71:7b:34:2d:
                    3b:5d:40:f6:0a:1f:11:64:0b:68:e0:de:ff:b5:d6:
                    88:cb:7a:de:d2:d8:7f:a3:a1:f4:92:89:4e:16:00:
                    85:55:7b:20:4a:0a:97:d3:5b:e5:8c:23:c0:66:ca:
                    82:7e:71:12:7f:c1:ad:dc:f2:ca:b8:35:54:01:bc:
                    87:19:75:05:b1:9d:89:f9:a3:79:2f:34:ed:34:1e:
                    02:07:96:5a:be:45:df:16:63:26:81:ed:6b:33:46:
                    9e:d2:8d:24:30:9e:8c:cd:dd:77:28:c1:c9:dd:95:
                    82:74:4b:98:b2:16:10:cf:02:00:52:1b:a9:53:87:
                    8c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:38:F9:C0:EB:FF:DA:14:87:82:41:31:F3:D2:B6:68:77:B8:22:91
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/Cjj5wOv_2hSHgkEx89K2aHe4IpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.171.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:6e:db:09:da:f4:00:5c:8b:78:21:79:bc:ab:8a:2a:bf:87:
         ee:a8:5d:e8:47:85:8d:69:a0:5d:07:c4:a5:46:e6:27:8f:65:
         e4:cc:35:e4:6e:d5:22:ad:67:2f:46:a0:af:36:e5:e1:00:0c:
         c6:b8:11:b6:d9:37:a0:f0:86:8e:01:02:19:c5:7c:b4:b4:1f:
         bd:a4:f8:21:ae:ed:ea:e5:89:8d:98:e3:11:ac:a3:31:d5:ef:
         33:4e:bc:63:4c:e7:0d:d9:f2:18:2d:20:c0:43:9f:65:82:cf:
         7f:96:8d:6e:f3:55:d5:54:1f:33:41:77:2e:59:d1:82:6b:53:
         d0:c1:21:8b:f1:79:f5:c7:af:e9:10:c8:90:9e:1d:78:4c:95:
         b0:29:f7:39:b7:4d:03:6d:9b:7d:67:e2:ed:eb:93:94:4e:f4:
         70:86:1f:07:fc:e3:43:4a:92:b4:0d:9e:79:8f:d9:65:b8:5c:
         ca:fb:7b:6c:27:4f:ff:a1:d3:ef:6e:0f:39:80:4b:7e:86:8a:
         ca:3b:6d:04:ee:5f:64:50:08:39:da:27:3a:d3:2b:0f:f1:47:
         9b:31:ba:b3:8b:4e:b7:01:d7:54:92:8d:a8:f4:73:73:3e:76:
         99:c3:28:70:21:92:f4:cf:1b:a6:2d:4d:a7:45:61:4d:a4:78:
         8c:07:1c:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7hPwK3CgZyELN6FwqD5XFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwNDE1MTAxMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTM4ZjljMGViZmZkYTE0ODc4MjQxMzFmM2QyYjY2ODc3YjgyMjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgH3DD5KgAjG5kVs6WPspglpPx76Y
drq+J/5fh73XItAoKeNEDdgsMLt5juJkqSGyYZliKhzfwSq1puRz5E4IBw9uGU4m
jXJobi6+zaMbebUce03t0FxqOVK5VJVzzHiPy8Xc/OQmk0tJqM/B774JxIl9Cdml
UE9lXhDGQ8qc2c5mQnF7NC07XUD2Ch8RZAto4N7/tdaIy3re0th/o6H0kolOFgCF
VXsgSgqX01vljCPAZsqCfnESf8Gt3PLKuDVUAbyHGXUFsZ2J+aN5LzTtNB4CB5Za
vkXfFmMmge1rM0ae0o0kMJ6Mzd13KMHJ3ZWCdEuYshYQzwIAUhupU4eMuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAo4+cDr/9oUh4JBMfPStmh3uCKRMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvQ2pqNXdPdl8yaFNIZ2tFeDg5SzJhSGU0SXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6t1MA0G
CSqGSIb3DQEBCwUAA4IBAQA4btsJ2vQAXIt4IXm8q4oqv4fuqF3oR4WNaaBdB8Sl
RuYnj2XkzDXkbtUirWcvRqCvNuXhAAzGuBG22Teg8IaOAQIZxXy0tB+9pPghru3q
5YmNmOMRrKMx1e8zTrxjTOcN2fIYLSDAQ59lgs9/lo1u81XVVB8zQXcuWdGCa1PQ
wSGL8Xn1x6/pEMiQnh14TJWwKfc5t00DbZt9Z+Lt65OUTvRwhh8H/ONDSpK0DZ55
j9lluFzK+3tsJ0//odPvbg85gEt+horKO20E7l9kUAg52ic60ysP8UebMbqzi063
AddUko2o9HNzPnaZwyhwIZL0zxumLU2nRWFNpHiMBxyS
-----END CERTIFICATE-----