Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fcfd8c-8871-4d6a-b4a5-d65b654c99c5/1/79qTwnz2yeBUBqubVsOoSx5pHlI.roa
File:                     79qTwnz2yeBUBqubVsOoSx5pHlI.roa (raw, json)
Hash identifier:          oOBAomoC/pwkyK+ofnnlAxv2acPgBR/qxK9aLpi9e30=
Subject key identifier:   EF:DA:93:C2:7C:F6:C9:E0:54:06:AB:9B:56:C3:A8:4B:1E:69:1E:52
Certificate issuer:       /CN=2e7d6f55a13b001e7401f40eaaaeb82f67bd422e
Certificate serial:       018CC9BB99EABEDF7FD99E6A61809427C54A
Authority key identifier: 2E:7D:6F:55:A1:3B:00:1E:74:01:F4:0E:AA:AE:B8:2F:67:BD:42:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ln1vVaE7AB50AfQOqq64L2e9Qi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fcfd8c-8871-4d6a-b4a5-d65b654c99c5/1/79qTwnz2yeBUBqubVsOoSx5pHlI.roa
Signing time:             Tue 02 Jan 2024 10:32:44 +0000
ROA not before:           Tue 02 Jan 2024 10:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207564
IP address blocks:        185.115.247.0/24 maxlen: 24
                          2001:4da8:c010::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fcfd8c-8871-4d6a-b4a5-d65b654c99c5/1/Ln1vVaE7AB50AfQOqq64L2e9Qi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fcfd8c-8871-4d6a-b4a5-d65b654c99c5/1/Ln1vVaE7AB50AfQOqq64L2e9Qi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ln1vVaE7AB50AfQOqq64L2e9Qi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:99:ea:be:df:7f:d9:9e:6a:61:80:94:27:c5:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e7d6f55a13b001e7401f40eaaaeb82f67bd422e
        Validity
            Not Before: Jan  2 10:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efda93c27cf6c9e05406ab9b56c3a84b1e691e52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:36:03:5b:bd:b7:65:ff:04:2b:ba:22:0c:36:
                    c7:bf:d2:70:33:66:80:c2:3f:7e:bf:ed:d4:7f:6b:
                    ed:5b:5a:7d:bc:1b:87:0a:c8:5d:53:06:8b:4b:98:
                    b3:a0:3b:12:eb:cf:df:2b:21:54:a0:6c:e9:99:07:
                    93:31:8a:70:7b:f8:00:67:1e:ee:58:f7:0f:db:2d:
                    b8:98:02:a9:c8:bf:8b:ac:1a:90:7f:af:12:bf:d9:
                    fc:ed:d1:36:cd:e2:f3:32:a9:55:9e:16:e6:66:9c:
                    cd:bd:13:ce:1b:73:34:9f:26:d4:11:29:fb:9b:d6:
                    1e:e2:12:3e:ae:44:13:6f:f0:09:af:19:cf:1a:56:
                    8c:2d:08:dc:11:0c:0c:cb:c8:c6:3f:a1:ff:07:24:
                    47:ff:eb:39:a3:79:f6:98:8e:2b:b8:ac:21:63:ec:
                    32:2b:66:56:e4:77:91:ce:e7:10:9d:92:98:7b:b0:
                    23:e6:8c:a3:01:9f:c6:8a:b7:e6:0d:9b:7a:0b:ed:
                    f2:97:2c:d7:3a:ec:34:c2:d7:32:44:2b:63:33:31:
                    a4:14:43:e3:19:77:f2:e5:54:d6:b3:91:5c:7b:f3:
                    03:36:d1:f0:54:8a:b9:12:ac:f8:b7:21:d9:bf:19:
                    ea:ee:c9:35:6e:d2:6a:02:db:46:0b:01:96:59:0a:
                    e2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:DA:93:C2:7C:F6:C9:E0:54:06:AB:9B:56:C3:A8:4B:1E:69:1E:52
            X509v3 Authority Key Identifier:
                keyid:2E:7D:6F:55:A1:3B:00:1E:74:01:F4:0E:AA:AE:B8:2F:67:BD:42:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ln1vVaE7AB50AfQOqq64L2e9Qi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fcfd8c-8871-4d6a-b4a5-d65b654c99c5/1/79qTwnz2yeBUBqubVsOoSx5pHlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fcfd8c-8871-4d6a-b4a5-d65b654c99c5/1/Ln1vVaE7AB50AfQOqq64L2e9Qi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.247.0/24
                IPv6:
                  2001:4da8:c010::/44

    Signature Algorithm: sha256WithRSAEncryption
         56:77:b8:01:88:a4:9b:18:86:47:75:a7:83:76:1e:63:ad:1d:
         44:10:56:7e:bd:af:50:bf:c6:32:fd:25:bc:e1:33:db:20:a2:
         fc:3d:71:73:8f:e2:87:ff:fe:c7:73:e1:16:71:1f:3f:7b:95:
         96:0d:ee:2d:c6:e2:49:db:9f:23:d9:28:0c:2f:f6:08:dc:08:
         fb:00:13:1b:57:84:31:d4:82:ae:29:6d:d7:40:c8:c2:d7:a6:
         4c:4c:a7:6b:22:be:dd:88:82:5b:b9:58:1f:12:3b:78:46:14:
         c5:aa:f1:29:3b:f3:55:a0:d9:38:bc:0f:93:67:0a:e9:a5:2a:
         b2:90:05:ce:8d:8f:8b:48:a2:d4:77:d5:6e:33:48:81:0d:e7:
         a1:ae:af:10:65:b4:26:d1:9a:33:93:7c:e4:38:e2:9d:ae:8a:
         ac:7d:5e:d5:6b:75:c8:9e:95:8e:fc:5e:9f:98:fe:45:5f:61:
         3e:73:17:cf:40:eb:0f:2e:07:e4:14:f2:64:23:03:ac:dd:75:
         40:9b:46:b3:6c:af:2a:05:74:16:17:c5:5e:3e:68:e8:7b:48:
         98:ee:59:17:db:d9:4e:2b:ae:17:ee:d0:1f:18:95:5f:3e:9b:
         40:3e:1d:45:eb:09:34:90:05:16:c1:c0:0e:4d:1a:fd:6b:cc:
         43:d1:96:57
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJu5nqvt9/2Z5qYYCUJ8VKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlN2Q2ZjU1YTEzYjAwMWU3NDAxZjQwZWFhYWViODJmNjdi
ZDQyMmUwHhcNMjQwMTAyMTAzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmRhOTNjMjdjZjZjOWUwNTQwNmFiOWI1NmMzYTg0YjFlNjkxZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DYDW723Zf8EK7oiDDbHv9JwM2aA
wj9+v+3Uf2vtW1p9vBuHCshdUwaLS5izoDsS68/fKyFUoGzpmQeTMYpwe/gAZx7u
WPcP2y24mAKpyL+LrBqQf68Sv9n87dE2zeLzMqlVnhbmZpzNvRPOG3M0nybUESn7
m9Ye4hI+rkQTb/AJrxnPGlaMLQjcEQwMy8jGP6H/ByRH/+s5o3n2mI4ruKwhY+wy
K2ZW5HeRzucQnZKYe7Aj5oyjAZ/GirfmDZt6C+3ylyzXOuw0wtcyRCtjMzGkFEPj
GXfy5VTWs5Fce/MDNtHwVIq5Eqz4tyHZvxnq7sk1btJqAttGCwGWWQrihwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO/ak8J89sngVAarm1bDqEseaR5SMB8GA1UdIwQY
MBaAFC59b1WhOwAedAH0DqquuC9nvUIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG4xdlZhRTdBQjUwQWZRT3FxNjRMMmU5UWk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mY2ZkOGMtODg3MS00ZDZhLWI0YTUt
ZDY1YjY1NGM5OWM1LzEvNzlxVHduejJ5ZUJVQnF1YlZzT29TeDVwSGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mY2ZkOGMtODg3MS00ZDZhLWI0YTUtZDY1YjY1NGM5OWM1
LzEvTG4xdlZhRTdBQjUwQWZRT3FxNjRMMmU5UWk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuXP3MA8E
AgACMAkDBwQgAU2owBAwDQYJKoZIhvcNAQELBQADggEBAFZ3uAGIpJsYhkd1p4N2
HmOtHUQQVn69r1C/xjL9JbzhM9sgovw9cXOP4of//sdz4RZxHz97lZYN7i3G4knb
nyPZKAwv9gjcCPsAExtXhDHUgq4pbddAyMLXpkxMp2sivt2Iglu5WB8SO3hGFMWq
8Sk781Wg2Ti8D5NnCumlKrKQBc6Nj4tIotR31W4zSIEN56GurxBltCbRmjOTfOQ4
4p2uiqx9XtVrdcielY78Xp+Y/kVfYT5zF89A6w8uB+QU8mQjA6zddUCbRrNsryoF
dBYXxV4+aOh7SJjuWRfb2U4rrhfu0B8YlV8+m0A+HUXrCTSQBRbBwA5NGv1rzEPR
llc=
-----END CERTIFICATE-----