Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/79cVxed4eOs7YD6UHynhzcgNnvk.roa
File:                     79cVxed4eOs7YD6UHynhzcgNnvk.roa (raw, json)
Hash identifier:          ACkWCyaIuFwDaC+rmC+wfbsKsDDPfjxZs7Ij4Lv6oxs=
Subject key identifier:   EF:D7:15:C5:E7:78:78:EB:3B:60:3E:94:1F:29:E1:CD:C8:0D:9E:F9
Certificate issuer:       /CN=c3fb403a241883e58fced52d39d80eabd52bb36f
Certificate serial:       018CC726E99A6D202C146DC02766F162E604
Authority key identifier: C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/79cVxed4eOs7YD6UHynhzcgNnvk.roa
Signing time:             Mon 01 Jan 2024 22:31:05 +0000
ROA not before:           Mon 01 Jan 2024 22:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        194.44.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e9:9a:6d:20:2c:14:6d:c0:27:66:f1:62:e6:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb403a241883e58fced52d39d80eabd52bb36f
        Validity
            Not Before: Jan  1 22:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efd715c5e77878eb3b603e941f29e1cdc80d9ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:94:38:74:69:d2:d2:e1:c1:f2:7f:06:3e:97:
                    95:e3:c6:f8:78:1e:1a:bb:61:70:ef:f6:08:55:85:
                    75:3c:7c:26:fa:fb:d8:29:25:66:16:ce:a7:17:c2:
                    d1:1d:8a:a3:7d:1e:51:56:96:b3:8b:5d:aa:77:65:
                    7c:18:42:c0:44:b3:85:f1:95:05:eb:7a:92:7f:0d:
                    cf:bb:f5:09:1e:56:92:00:7a:78:18:5f:2d:cc:b7:
                    43:75:6c:9f:7c:cb:7a:14:e7:44:01:32:ee:96:d2:
                    79:b3:31:72:6b:f5:af:4f:22:af:1f:5d:4d:e3:d5:
                    01:a9:6b:a0:45:3c:f1:e6:e1:ef:9e:c2:50:38:f7:
                    5b:88:83:74:67:dd:e1:25:9c:0d:38:05:cc:aa:d0:
                    13:60:b4:0a:ca:b0:76:79:a0:fb:32:ca:6c:5a:d7:
                    fd:91:47:a7:10:18:17:c9:dc:7a:c6:42:a7:f9:4f:
                    97:16:68:fd:10:a5:0f:a4:76:a3:a2:fc:4e:7f:d2:
                    4f:bd:5d:88:c4:b0:07:b0:60:a1:9e:c7:4e:3b:b9:
                    fc:3f:45:fc:cd:df:be:1b:b4:a3:72:d4:71:6a:81:
                    0a:43:db:a4:a1:cf:49:00:23:b0:24:94:05:2f:11:
                    66:c1:6e:56:7e:93:94:3f:5f:a6:c5:e2:54:2d:9c:
                    00:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:D7:15:C5:E7:78:78:EB:3B:60:3E:94:1F:29:E1:CD:C8:0D:9E:F9
            X509v3 Authority Key Identifier:
                keyid:C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/79cVxed4eOs7YD6UHynhzcgNnvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:56:a1:93:4a:fd:11:1e:a5:6b:92:d1:97:6a:b2:5b:3d:34:
         aa:11:7f:76:24:9d:c5:af:b7:69:a7:12:e1:18:81:cf:7f:b9:
         86:3a:db:68:c8:d3:02:06:bc:7a:5b:3c:e7:21:72:86:b4:3b:
         f9:42:84:43:8a:9f:1f:ce:a1:05:68:07:ca:e6:e9:24:a1:3b:
         5e:36:ae:9a:a9:2d:74:92:ef:35:92:b7:b4:95:39:9d:cc:37:
         ec:4d:e8:15:16:49:60:f0:a2:6b:b8:e8:86:86:3a:4a:e3:c2:
         be:37:ec:7d:69:a0:28:da:f2:a9:29:da:aa:97:f6:61:2b:fc:
         24:42:2d:41:71:dc:62:05:2d:dc:ce:80:b7:96:18:07:43:7a:
         67:a3:f5:9e:07:3e:81:57:89:81:aa:fa:5f:47:b9:f8:f0:f1:
         f3:39:cc:73:94:d4:a8:bf:16:e7:5b:47:83:1b:12:2c:ba:7b:
         b3:b8:31:c1:cc:6b:12:23:a0:8b:8d:a0:86:c1:90:f3:3c:41:
         5b:21:ff:c7:5b:de:bf:df:6e:3a:ff:73:58:da:1e:d6:5a:23:
         83:81:ba:9f:b1:38:dc:6d:01:48:46:ce:2d:a8:ae:29:4c:1a:
         7f:73:74:e2:25:24:e0:2f:7b:b0:4d:c5:23:a6:2f:63:07:18:
         e2:dd:e9:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJumabSAsFG3AJ2bxYuYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmI0MDNhMjQxODgzZTU4ZmNlZDUyZDM5ZDgwZWFiZDUy
YmIzNmYwHhcNMjQwMTAxMjIzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmQ3MTVjNWU3Nzg3OGViM2I2MDNlOTQxZjI5ZTFjZGM4MGQ5ZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5Q4dGnS0uHB8n8GPpeV48b4eB4a
u2Fw7/YIVYV1PHwm+vvYKSVmFs6nF8LRHYqjfR5RVpazi12qd2V8GELARLOF8ZUF
63qSfw3Pu/UJHlaSAHp4GF8tzLdDdWyffMt6FOdEATLultJ5szFya/WvTyKvH11N
49UBqWugRTzx5uHvnsJQOPdbiIN0Z93hJZwNOAXMqtATYLQKyrB2eaD7MspsWtf9
kUenEBgXydx6xkKn+U+XFmj9EKUPpHajovxOf9JPvV2IxLAHsGChnsdOO7n8P0X8
zd++G7SjctRxaoEKQ9ukoc9JACOwJJQFLxFmwW5WfpOUP1+mxeJULZwA/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/XFcXneHjrO2A+lB8p4c3IDZ75MB8GA1UdIwQY
MBaAFMP7QDokGIPlj87VLTnYDqvVK7NvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUt
YTlhNzc5MDI2ZjBhLzEvNzljVnhlZDRlT3M3WUQ2VUh5bmh6Y2dObnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUtYTlhNzc5MDI2ZjBh
LzEvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwizrMA0G
CSqGSIb3DQEBCwUAA4IBAQBXVqGTSv0RHqVrktGXarJbPTSqEX92JJ3Fr7dppxLh
GIHPf7mGOttoyNMCBrx6WzznIXKGtDv5QoRDip8fzqEFaAfK5ukkoTteNq6aqS10
ku81kre0lTmdzDfsTegVFklg8KJruOiGhjpK48K+N+x9aaAo2vKpKdqql/ZhK/wk
Qi1BcdxiBS3czoC3lhgHQ3pno/WeBz6BV4mBqvpfR7n48PHzOcxzlNSovxbnW0eD
GxIsunuzuDHBzGsSI6CLjaCGwZDzPEFbIf/HW96/3246/3NY2h7WWiODgbqfsTjc
bQFIRs4tqK4pTBp/c3TiJSTgL3uwTcUjpi9jBxji3elM
-----END CERTIFICATE-----