Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/C2MVZRzQKhx-SBWm2JUzVTppq58.roa
File:                     C2MVZRzQKhx-SBWm2JUzVTppq58.roa (raw, json)
Hash identifier:          9Y69d1lu/c3zSr8iJWrOXOZwUPGr7f9EiazBTSJOgww=
Subject key identifier:   0B:63:15:65:1C:D0:2A:1C:7E:48:15:A6:D8:95:33:55:3A:69:AB:9F
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BB571FB73E7B69BE960C0165D7805
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/C2MVZRzQKhx-SBWm2JUzVTppq58.roa
Signing time:             Tue 02 Jan 2024 12:35:11 +0000
ROA not before:           Tue 02 Jan 2024 12:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24748
IP address blocks:        193.111.36.0/24 maxlen: 24
                          77.79.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b5:71:fb:73:e7:b6:9b:e9:60:c0:16:5d:78:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b6315651cd02a1c7e4815a6d89533553a69ab9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2f:14:d1:d4:cd:3b:68:37:6f:84:bf:4f:77:
                    7b:88:c9:00:98:2c:8d:49:55:8b:32:ea:2d:9e:98:
                    13:44:25:21:5b:2c:7e:d2:48:e9:83:3c:d2:82:0b:
                    de:12:75:31:7c:e0:d2:90:21:4e:ea:56:36:c6:1b:
                    7f:79:36:42:6d:74:4b:37:d5:34:ff:9f:f1:e1:c4:
                    5e:73:15:61:38:98:3d:0e:92:19:cc:e1:5e:7f:48:
                    86:7e:e9:13:23:7b:98:0b:b8:70:ec:f3:01:2e:c3:
                    aa:7c:22:50:24:58:3d:66:f2:e4:f7:73:49:eb:e4:
                    39:ef:8d:b7:ea:1f:52:38:e9:05:e4:38:c9:7c:29:
                    c1:2b:5c:e0:ed:b9:48:f5:a6:41:02:cc:84:80:8e:
                    23:d1:c6:72:1d:f5:29:bb:c7:74:1d:14:8d:25:a3:
                    a5:02:a8:d9:56:ae:e8:51:13:0f:ac:b3:cb:9b:7c:
                    b1:de:39:fc:58:bb:e8:c9:d6:16:8e:e1:fe:f4:d9:
                    4f:76:9e:e2:47:a9:87:06:25:ad:4b:d7:77:34:69:
                    96:4d:83:39:d2:94:f1:c7:85:50:82:98:9f:b2:f7:
                    bd:90:ba:6e:2b:b0:da:5e:ea:dd:7e:9d:e3:cd:27:
                    c4:5f:62:87:1e:d5:16:1b:93:2a:ac:69:e1:9c:01:
                    d1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:63:15:65:1C:D0:2A:1C:7E:48:15:A6:D8:95:33:55:3A:69:AB:9F
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/C2MVZRzQKhx-SBWm2JUzVTppq58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.192.0/24
                  193.111.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:7c:80:ca:eb:0d:b2:cd:ad:d0:91:e7:a5:c1:80:a4:56:f6:
         20:16:b4:30:75:ae:d7:ff:90:f1:48:50:68:7e:e0:e8:32:7f:
         8c:9e:d6:3f:09:2b:37:24:ae:c3:f0:64:46:e2:50:f8:f7:81:
         81:3f:b0:7a:f6:5d:84:da:90:64:ec:9c:f3:06:6e:98:1d:ce:
         e1:32:4f:86:8a:3c:ed:98:fa:a2:a1:22:c7:47:1d:3d:be:55:
         e6:ad:b4:15:b0:14:63:05:bb:19:25:ca:1c:b9:96:c5:9e:d2:
         02:1f:56:98:cf:ee:8a:89:48:bc:52:3f:f0:7b:34:b4:f0:e3:
         19:1b:49:06:d5:d5:26:77:99:77:3b:79:8e:b5:fa:1b:72:80:
         0e:2d:68:9f:29:a0:45:33:fe:1a:cb:a0:56:2c:32:b8:6c:05:
         34:9e:c8:2c:68:65:48:84:6f:2f:5d:a8:9e:f8:36:c1:60:d5:
         db:21:12:66:7a:b0:ae:60:39:02:ce:3b:b0:94:de:c2:43:29:
         db:f1:b2:b6:30:37:fa:5d:fa:d6:5c:49:1f:65:47:e2:80:16:
         1b:1a:db:d5:9f:eb:28:df:bb:2f:1c:11:a2:20:fc:2f:ee:53:
         eb:27:10:b4:10:85:28:df:a9:45:1e:5e:3c:3e:0d:73:48:f7:
         71:f5:a2:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK7Vx+3PntpvpYMAWXXgFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjYzMTU2NTFjZDAyYTFjN2U0ODE1YTZkODk1MzM1NTNhNjlhYjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlS8U0dTNO2g3b4S/T3d7iMkAmCyN
SVWLMuotnpgTRCUhWyx+0kjpgzzSggveEnUxfODSkCFO6lY2xht/eTZCbXRLN9U0
/5/x4cRecxVhOJg9DpIZzOFef0iGfukTI3uYC7hw7PMBLsOqfCJQJFg9ZvLk93NJ
6+Q574236h9SOOkF5DjJfCnBK1zg7blI9aZBAsyEgI4j0cZyHfUpu8d0HRSNJaOl
AqjZVq7oURMPrLPLm3yx3jn8WLvoydYWjuH+9NlPdp7iR6mHBiWtS9d3NGmWTYM5
0pTxx4VQgpifsve9kLpuK7DaXurdfp3jzSfEX2KHHtUWG5MqrGnhnAHRvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAtjFWUc0CocfkgVptiVM1U6aaufMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvQzJNVlpSelFLaHgtU0JXbTJKVXpWVHBwcTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATU/AAwQA
wW8kMA0GCSqGSIb3DQEBCwUAA4IBAQBkfIDK6w2yza3QkeelwYCkVvYgFrQwda7X
/5DxSFBofuDoMn+MntY/CSs3JK7D8GRG4lD494GBP7B69l2E2pBk7JzzBm6YHc7h
Mk+GijztmPqioSLHRx09vlXmrbQVsBRjBbsZJcocuZbFntICH1aYz+6KiUi8Uj/w
ezS08OMZG0kG1dUmd5l3O3mOtfobcoAOLWifKaBFM/4ay6BWLDK4bAU0nsgsaGVI
hG8vXaie+DbBYNXbIRJmerCuYDkCzjuwlN7CQynb8bK2MDf6XfrWXEkfZUfigBYb
GtvVn+so37svHBGiIPwv7lPrJxC0EIUo36lFHl48Pg1zSPdx9aK3
-----END CERTIFICATE-----