Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/vjZaS0PnkkcUYwEn2S6mBJYuosw.roa
File:                     vjZaS0PnkkcUYwEn2S6mBJYuosw.roa (raw, json)
Hash identifier:          u/3qXsl0zr5fNEuF2lBb0REyjL3xFkKS0UNkIb/BCP4=
Subject key identifier:   BE:36:5A:4B:43:E7:92:47:14:63:01:27:D9:2E:A6:04:96:2E:A2:CC
Certificate issuer:       /CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
Certificate serial:       018CC8020FBACDF737B03A920E842CC75DC6
Authority key identifier: 29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/vjZaS0PnkkcUYwEn2S6mBJYuosw.roa
Signing time:             Tue 02 Jan 2024 02:30:27 +0000
ROA not before:           Tue 02 Jan 2024 02:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        79.110.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:0f:ba:cd:f7:37:b0:3a:92:0e:84:2c:c7:5d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
        Validity
            Not Before: Jan  2 02:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be365a4b43e7924714630127d92ea604962ea2cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ea:0e:e0:00:b1:df:26:28:b6:31:81:4e:0f:
                    ff:e8:92:c0:b3:b3:3a:0f:05:28:d1:92:ea:c6:79:
                    06:c3:89:a9:50:fc:98:11:c7:fc:ff:45:fc:18:bb:
                    cd:fc:5e:24:1e:82:10:d1:c6:35:7a:ea:8b:c0:c0:
                    b8:85:c7:92:f9:85:0d:c7:25:3b:c8:aa:7f:97:a7:
                    7c:5f:2d:db:86:e2:43:48:6f:69:bf:71:15:35:64:
                    5d:45:59:f1:29:df:da:f3:ea:ea:b2:a9:f3:e2:d1:
                    b4:5f:e0:db:fa:6a:04:5b:7b:8a:89:85:8f:7d:8f:
                    3f:0d:83:b7:87:90:44:a6:32:3a:77:1c:3f:aa:64:
                    ad:97:1b:be:36:d9:58:b0:4c:60:fb:bd:01:09:fc:
                    90:10:a5:63:90:76:f4:f0:c5:f0:5f:03:9b:a7:a6:
                    62:34:b4:f6:52:3e:b9:ff:10:79:ce:d1:ff:18:82:
                    60:e8:86:ad:fb:44:fe:87:ee:68:a8:03:81:73:66:
                    4a:5e:fa:7d:d7:19:d2:2b:5e:13:db:15:37:bc:24:
                    59:c1:36:a6:87:d8:a8:12:76:23:47:b2:e7:64:cb:
                    46:8c:91:f9:28:5d:f0:c9:05:fb:33:1b:17:6d:8e:
                    b0:2c:ad:fb:91:49:a3:d8:ee:ba:04:19:3a:fa:ca:
                    03:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:36:5A:4B:43:E7:92:47:14:63:01:27:D9:2E:A6:04:96:2E:A2:CC
            X509v3 Authority Key Identifier:
                keyid:29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/vjZaS0PnkkcUYwEn2S6mBJYuosw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:5b:9d:42:cb:42:f4:bd:60:2c:e1:cc:95:87:93:e3:f6:69:
         b1:00:c7:78:dd:f2:f0:6f:b7:90:28:e5:8a:a5:c5:3c:e5:87:
         1c:44:52:e6:04:fe:de:e4:10:be:6a:51:73:5e:9d:a1:f2:7b:
         41:df:75:dc:ee:f1:3f:cb:28:68:5c:c4:bc:0a:cc:0f:2f:1b:
         2d:39:b2:e3:d9:a6:c5:9a:24:81:94:71:41:7d:d0:97:11:97:
         13:3e:8d:4b:7e:cb:2f:6b:95:24:e3:70:e4:a0:77:dd:a4:33:
         7d:ca:88:b1:e1:82:00:58:b0:ea:4e:08:7e:15:75:b5:62:15:
         22:88:57:a2:65:8f:82:b0:b8:23:0e:2e:28:1d:b7:d8:36:47:
         35:2f:07:f5:82:54:de:4e:88:7d:b0:19:67:4e:94:2d:e9:fb:
         01:8b:45:f6:fb:09:9a:dc:7f:1c:7f:a3:a7:3d:bd:5d:d8:8e:
         54:e6:3c:ca:f5:b3:bb:bb:55:9b:49:4c:ea:f2:07:7d:4a:02:
         69:48:e9:ca:35:c0:ba:08:ee:dd:fb:22:09:d3:82:75:81:52:
         f8:f2:f5:83:78:1f:3f:1b:09:25:bf:a2:ca:43:78:df:db:83:
         15:eb:73:09:e5:c8:45:f9:c2:4c:0d:f3:3b:4f:95:4d:68:5a:
         cd:ad:30:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAg+6zfc3sDqSDoQsx13GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODM4NDFiYzA5ZjFmZDRmZTNkZTk5MTAxNmMwYjcxMjZm
YmE1MmUwHhcNMjQwMTAyMDIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTM2NWE0YjQzZTc5MjQ3MTQ2MzAxMjdkOTJlYTYwNDk2MmVhMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+oO4ACx3yYotjGBTg//6JLAs7M6
DwUo0ZLqxnkGw4mpUPyYEcf8/0X8GLvN/F4kHoIQ0cY1euqLwMC4hceS+YUNxyU7
yKp/l6d8Xy3bhuJDSG9pv3EVNWRdRVnxKd/a8+rqsqnz4tG0X+Db+moEW3uKiYWP
fY8/DYO3h5BEpjI6dxw/qmStlxu+NtlYsExg+70BCfyQEKVjkHb08MXwXwObp6Zi
NLT2Uj65/xB5ztH/GIJg6Iat+0T+h+5oqAOBc2ZKXvp91xnSK14T2xU3vCRZwTam
h9ioEnYjR7LnZMtGjJH5KF3wyQX7MxsXbY6wLK37kUmj2O66BBk6+soDbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL42WktD55JHFGMBJ9kupgSWLqLMMB8GA1UdIwQY
MBaAFCmDhBvAnx/U/j3pkQFsC3Em+6UuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2It
MWRkNWRhYjM2ZjlmLzEvdmpaYVMwUG5ra2NVWXdFbjJTNm1CSll1b3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2ItMWRkNWRhYjM2Zjlm
LzEvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT26mMA0G
CSqGSIb3DQEBCwUAA4IBAQAgW51Cy0L0vWAs4cyVh5Pj9mmxAMd43fLwb7eQKOWK
pcU85YccRFLmBP7e5BC+alFzXp2h8ntB33Xc7vE/yyhoXMS8CswPLxstObLj2abF
miSBlHFBfdCXEZcTPo1Lfssva5Uk43DkoHfdpDN9yoix4YIAWLDqTgh+FXW1YhUi
iFeiZY+CsLgjDi4oHbfYNkc1Lwf1glTeToh9sBlnTpQt6fsBi0X2+wma3H8cf6On
Pb1d2I5U5jzK9bO7u1WbSUzq8gd9SgJpSOnKNcC6CO7d+yIJ04J1gVL48vWDeB8/
Gwklv6LKQ3jf24MV63MJ5chF+cJMDfM7T5VNaFrNrTBS
-----END CERTIFICATE-----