Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/5juket39A8eQ1T-HjP1cZUhDhnQ.roa
File:                     5juket39A8eQ1T-HjP1cZUhDhnQ.roa (raw, json)
Hash identifier:          LIbt4Yk3vjw9LvKTChHkDyvmzKFGzprVGW4hTScVukU=
Subject key identifier:   E6:3B:A4:7A:DD:FD:03:C7:90:D5:3F:87:8C:FD:5C:65:48:43:86:74
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       0191C695A917141694737E4B8B5141BC4DFC
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/5juket39A8eQ1T-HjP1cZUhDhnQ.roa
Signing time:             Fri 06 Sep 2024 09:06:22 +0000
ROA not before:           Fri 06 Sep 2024 09:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21344
IP address blocks:        77.79.193.0/24 maxlen: 24
                          217.149.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c6:95:a9:17:14:16:94:73:7e:4b:8b:51:41:bc:4d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Sep  6 09:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e63ba47addfd03c790d53f878cfd5c6548438674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:68:28:93:99:5c:41:f4:6a:87:9a:a0:cb:85:
                    e0:f6:98:3c:4b:a7:77:ea:86:95:98:1e:41:dc:64:
                    e7:08:b7:8b:a5:fe:4f:32:2a:b8:4b:76:29:da:a2:
                    50:a5:3e:6c:81:67:a7:9f:45:a3:70:05:5f:66:93:
                    fa:e2:3d:4d:d8:2d:03:00:20:2b:29:a1:dc:e8:9d:
                    b4:81:f1:84:5d:76:b0:1b:4f:97:5f:81:e3:27:b4:
                    d1:d7:dc:84:3e:5a:05:eb:a6:16:b9:75:38:df:75:
                    f3:0b:47:f6:ae:a0:9a:36:ac:90:cc:77:86:41:34:
                    9c:40:12:d6:d7:4e:ee:c9:82:d1:46:c8:ef:64:c2:
                    46:04:88:44:71:aa:7c:07:ac:93:e4:91:c3:20:8d:
                    c0:2f:fb:61:6f:93:6f:bc:50:62:f6:e0:33:9d:48:
                    f8:9e:4c:1d:01:70:0c:36:1b:b1:9b:ff:d3:67:69:
                    15:30:31:bf:74:d8:2a:91:15:ad:d2:bb:ff:16:17:
                    49:01:b4:66:8c:d5:c4:5b:0f:c7:87:7b:29:7c:ce:
                    11:f0:0e:0c:d0:d3:be:36:89:09:e3:2a:99:e0:12:
                    1a:09:2b:3b:50:ba:25:fe:12:24:88:d1:e4:d3:de:
                    11:e4:2a:43:69:d2:0d:bf:5a:28:4f:bd:ed:5a:88:
                    55:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:3B:A4:7A:DD:FD:03:C7:90:D5:3F:87:8C:FD:5C:65:48:43:86:74
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/5juket39A8eQ1T-HjP1cZUhDhnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.193.0/24
                  217.149.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:1c:de:d2:24:d2:e7:51:d5:6d:5e:31:d0:c0:60:74:5b:ea:
         54:5d:ab:90:4b:4b:f8:83:af:71:b5:43:ff:8b:b3:12:c7:3e:
         66:62:8f:2a:bc:05:97:d0:d5:22:e4:b4:35:7f:8b:84:f7:66:
         0a:12:c3:e0:af:be:71:86:03:68:a3:24:52:65:d8:a0:d3:4c:
         99:df:e4:12:57:38:d4:2f:81:a0:79:67:e2:0c:44:25:c4:39:
         25:75:e4:8f:7c:c6:03:76:7e:ca:63:b0:79:7e:4d:27:b3:65:
         30:70:04:dd:d3:df:08:5a:26:8f:a6:00:63:be:74:f6:ab:79:
         89:1c:fc:7a:99:8f:c8:7a:97:ab:e9:7f:6c:87:93:96:7f:07:
         7d:76:2c:1f:7e:7a:6d:6a:e4:37:57:87:ad:27:43:fb:8b:b4:
         13:e6:57:ac:04:37:80:a2:68:2f:cc:b1:fd:a6:16:a6:68:22:
         67:07:96:18:a5:6c:89:51:03:e5:2d:4e:2d:ab:a7:5f:0e:91:
         af:0d:5a:52:ef:20:59:29:8d:05:90:a4:97:db:bf:92:8d:56:
         45:02:81:5e:20:19:4b:f5:af:7b:41:3f:c0:73:91:31:b5:cf:
         0b:73:ce:87:f7:74:c4:f0:fa:74:cc:0f:1d:19:00:22:c8:f5:
         41:af:da:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHGlakXFBaUc35Li1FBvE38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwOTA2MDkwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjNiYTQ3YWRkZmQwM2M3OTBkNTNmODc4Y2ZkNWM2NTQ4NDM4Njc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimgok5lcQfRqh5qgy4Xg9pg8S6d3
6oaVmB5B3GTnCLeLpf5PMiq4S3Yp2qJQpT5sgWenn0WjcAVfZpP64j1N2C0DACAr
KaHc6J20gfGEXXawG0+XX4HjJ7TR19yEPloF66YWuXU433XzC0f2rqCaNqyQzHeG
QTScQBLW107uyYLRRsjvZMJGBIhEcap8B6yT5JHDII3AL/thb5NvvFBi9uAznUj4
nkwdAXAMNhuxm//TZ2kVMDG/dNgqkRWt0rv/FhdJAbRmjNXEWw/Hh3spfM4R8A4M
0NO+NokJ4yqZ4BIaCSs7ULol/hIkiNHk094R5CpDadINv1ooT73tWohVIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOY7pHrd/QPHkNU/h4z9XGVIQ4Z0MB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvNWp1a2V0MzlBOGVRMVQtSGpQMWNaVWhEaG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATU/BAwQA
2ZX3MA0GCSqGSIb3DQEBCwUAA4IBAQBcHN7SJNLnUdVtXjHQwGB0W+pUXauQS0v4
g69xtUP/i7MSxz5mYo8qvAWX0NUi5LQ1f4uE92YKEsPgr75xhgNooyRSZdig00yZ
3+QSVzjUL4GgeWfiDEQlxDkldeSPfMYDdn7KY7B5fk0ns2UwcATd098IWiaPpgBj
vnT2q3mJHPx6mY/Ieper6X9sh5OWfwd9diwffnptauQ3V4etJ0P7i7QT5lesBDeA
omgvzLH9phamaCJnB5YYpWyJUQPlLU4tq6dfDpGvDVpS7yBZKY0FkKSX27+SjVZF
AoFeIBlL9a97QT/Ac5Extc8Lc86H93TE8Pp0zA8dGQAiyPVBr9re
-----END CERTIFICATE-----