Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/bdQNgurYpubZ6AUAk-VMC-ilTnQ.roa
File:                     bdQNgurYpubZ6AUAk-VMC-ilTnQ.roa (raw, json)
Hash identifier:          3q5fI71M/kYWMhlKnML3MHYNyTBh+N8dy7XxpJP+15A=
Subject key identifier:   6D:D4:0D:82:EA:D8:A6:E6:D9:E8:05:00:93:E5:4C:0B:E8:A5:4E:74
Certificate issuer:       /CN=808c3a6c5cbff0739e438d05744405b16197b15b
Certificate serial:       018CC3B6D93FD2F533F466403B2500D4CDB5
Authority key identifier: 80:8C:3A:6C:5C:BF:F0:73:9E:43:8D:05:74:44:05:B1:61:97:B1:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gIw6bFy_8HOeQ40FdEQFsWGXsVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/bdQNgurYpubZ6AUAk-VMC-ilTnQ.roa
Signing time:             Mon 01 Jan 2024 06:29:49 +0000
ROA not before:           Mon 01 Jan 2024 06:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213226
IP address blocks:        79.110.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/gIw6bFy_8HOeQ40FdEQFsWGXsVs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/gIw6bFy_8HOeQ40FdEQFsWGXsVs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gIw6bFy_8HOeQ40FdEQFsWGXsVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d9:3f:d2:f5:33:f4:66:40:3b:25:00:d4:cd:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=808c3a6c5cbff0739e438d05744405b16197b15b
        Validity
            Not Before: Jan  1 06:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dd40d82ead8a6e6d9e8050093e54c0be8a54e74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fc:29:06:f0:11:eb:d4:99:ce:6b:a4:c6:99:
                    69:b5:56:5c:ff:2b:60:04:54:34:6a:f8:6b:2d:b8:
                    a7:fd:e7:c4:08:bb:ac:19:5b:89:d1:48:26:48:ad:
                    60:6f:0f:13:b0:f2:cc:2f:c0:5c:4e:69:dc:c6:6e:
                    26:ec:67:82:a9:b4:f6:8f:e7:fc:78:e8:f1:c0:1b:
                    ac:99:6e:98:38:a0:82:31:79:71:e0:88:c5:63:d5:
                    35:ab:fe:02:d5:1f:3a:3f:56:0a:75:e4:c6:88:59:
                    c3:2d:d0:99:04:ad:c4:2b:de:ef:f4:68:f5:fd:d4:
                    62:9b:39:bc:1d:2c:85:72:b3:88:a6:e7:0e:69:25:
                    b1:41:20:7c:63:10:4e:94:76:68:01:2e:2c:47:80:
                    22:34:45:fc:86:fe:8a:c2:a6:d5:fc:69:42:dc:1e:
                    8c:9d:6d:e6:a8:ac:cf:35:f5:72:58:65:5b:ac:38:
                    d0:d4:e8:13:fc:d1:1e:c6:35:77:65:f4:5d:87:44:
                    5d:7a:61:2d:65:a6:6b:05:bb:06:9a:74:a5:c5:1d:
                    1f:9a:79:24:05:53:c4:4c:49:99:2e:ac:ab:f1:e8:
                    8b:28:5d:29:04:f1:f8:ac:1a:bc:c3:00:00:68:05:
                    2f:bb:39:43:6f:59:65:58:9c:03:b3:ad:f0:67:65:
                    f7:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D4:0D:82:EA:D8:A6:E6:D9:E8:05:00:93:E5:4C:0B:E8:A5:4E:74
            X509v3 Authority Key Identifier:
                keyid:80:8C:3A:6C:5C:BF:F0:73:9E:43:8D:05:74:44:05:B1:61:97:B1:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gIw6bFy_8HOeQ40FdEQFsWGXsVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/bdQNgurYpubZ6AUAk-VMC-ilTnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/gIw6bFy_8HOeQ40FdEQFsWGXsVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:83:02:2b:37:6b:dd:56:dd:20:9e:5a:63:94:93:0e:86:0b:
         cc:8c:5f:b0:66:dd:66:cc:64:6e:bd:7b:87:f2:1a:20:98:d9:
         93:38:6d:e2:97:b9:90:b4:85:0e:95:36:42:27:86:da:0a:68:
         1d:1a:3f:cb:71:9d:ad:48:4a:7e:e9:3b:3c:0a:5c:1e:74:76:
         55:05:90:85:05:ca:1a:3b:a0:72:f5:b7:de:26:6a:d6:e0:f3:
         75:9c:c7:c1:b7:bb:83:d9:84:08:bc:bd:7d:c0:65:7a:f4:6a:
         8e:84:3c:f0:8b:cd:98:0b:95:d5:d6:6d:d2:7d:ac:25:9d:b8:
         b8:f8:c1:5c:4c:19:f3:4e:5c:df:91:f2:8f:01:f9:31:3d:fe:
         96:3e:dd:56:4f:09:08:74:97:80:da:e1:4b:6b:c0:50:03:8d:
         94:28:93:61:a4:5b:60:f0:ff:f3:5a:f2:18:63:f5:9e:bc:4d:
         7e:6f:d3:dc:06:3f:41:b3:9f:14:7c:f1:bb:b8:24:c1:62:c3:
         11:f8:11:27:93:47:e2:4c:ca:1b:0d:48:9a:72:c9:08:ae:b4:
         10:89:f8:26:f6:0e:3f:9c:38:cb:12:94:fe:d5:c7:66:a9:5a:
         f3:1f:3a:a1:5f:9d:e1:af:84:6c:4d:98:62:c8:32:6c:4a:de:
         6e:44:20:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttk/0vUz9GZAOyUA1M21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwOGMzYTZjNWNiZmYwNzM5ZTQzOGQwNTc0NDQwNWIxNjE5
N2IxNWIwHhcNMjQwMTAxMDYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQ0MGQ4MmVhZDhhNmU2ZDllODA1MDA5M2U1NGMwYmU4YTU0ZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/wpBvAR69SZzmukxplptVZc/ytg
BFQ0avhrLbin/efECLusGVuJ0UgmSK1gbw8TsPLML8BcTmncxm4m7GeCqbT2j+f8
eOjxwBusmW6YOKCCMXlx4IjFY9U1q/4C1R86P1YKdeTGiFnDLdCZBK3EK97v9Gj1
/dRimzm8HSyFcrOIpucOaSWxQSB8YxBOlHZoAS4sR4AiNEX8hv6KwqbV/GlC3B6M
nW3mqKzPNfVyWGVbrDjQ1OgT/NEexjV3ZfRdh0RdemEtZaZrBbsGmnSlxR0fmnkk
BVPETEmZLqyr8eiLKF0pBPH4rBq8wwAAaAUvuzlDb1llWJwDs63wZ2X38wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3UDYLq2Kbm2egFAJPlTAvopU50MB8GA1UdIwQY
MBaAFICMOmxcv/BznkONBXREBbFhl7FbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0l3NmJGeV84SE9lUTQwRmRFUUZzV0dYc1ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC82OThlNGUtMGEzOS00MTZiLWFmZmUt
NjE4MTljNDgwY2JlLzEvYmRRTmd1cllwdWJaNkFVQWstVk1DLWlsVG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC82OThlNGUtMGEzOS00MTZiLWFmZmUtNjE4MTljNDgwY2Jl
LzEvZ0l3NmJGeV84SE9lUTQwRmRFUUZzV0dYc1ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT26JMA0G
CSqGSIb3DQEBCwUAA4IBAQBBgwIrN2vdVt0gnlpjlJMOhgvMjF+wZt1mzGRuvXuH
8hogmNmTOG3il7mQtIUOlTZCJ4baCmgdGj/LcZ2tSEp+6Ts8ClwedHZVBZCFBcoa
O6By9bfeJmrW4PN1nMfBt7uD2YQIvL19wGV69GqOhDzwi82YC5XV1m3Sfawlnbi4
+MFcTBnzTlzfkfKPAfkxPf6WPt1WTwkIdJeA2uFLa8BQA42UKJNhpFtg8P/zWvIY
Y/WevE1+b9PcBj9Bs58UfPG7uCTBYsMR+BEnk0fiTMobDUiacskIrrQQifgm9g4/
nDjLEpT+1cdmqVrzHzqhX53hr4RsTZhiyDJsSt5uRCBK
-----END CERTIFICATE-----