Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/CUXHHBd4ZjcVmt5eE1yG8oZXqD0.roa
File:                     CUXHHBd4ZjcVmt5eE1yG8oZXqD0.roa (raw, json)
Hash identifier:          zEl3uGJyd9mVi1Gw9VSv56s6+cmxiMPbZTvTffIDY/8=
Subject key identifier:   09:45:C7:1C:17:78:66:37:15:9A:DE:5E:13:5C:86:F2:86:57:A8:3D
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BC3389C011838A77485F3E816B1B1
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/CUXHHBd4ZjcVmt5eE1yG8oZXqD0.roa
Signing time:             Tue 02 Jan 2024 12:35:14 +0000
ROA not before:           Tue 02 Jan 2024 12:35:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209409
IP address blocks:        77.79.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c3:38:9c:01:18:38:a7:74:85:f3:e8:16:b1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0945c71c17786637159ade5e135c86f28657a83d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:86:ae:37:0e:b0:ac:65:7d:b1:d7:19:c4:53:
                    a4:bc:e8:bf:53:9d:c9:4c:a7:aa:2c:64:2e:b0:e8:
                    36:f7:f3:a4:50:4c:a5:b8:3f:26:36:0f:81:27:b0:
                    eb:28:1d:59:9f:d0:a7:64:cd:64:64:77:f6:33:79:
                    ed:c0:1d:27:6d:90:db:f7:bc:d0:05:3b:62:19:69:
                    1d:56:a4:03:77:7e:c5:6f:37:f7:f7:f6:1e:e2:74:
                    88:38:e8:98:06:55:f6:37:27:74:73:18:1c:79:5e:
                    83:1a:a2:9f:76:7a:8a:57:49:e3:70:3f:23:05:10:
                    b1:3b:1e:b3:1f:5e:87:f2:55:6d:1b:b6:14:1a:0b:
                    93:a8:95:c6:b8:a1:38:ce:50:d1:1c:f7:c6:d9:1a:
                    ac:53:86:39:09:54:7c:4b:7d:ec:07:fa:e2:87:09:
                    90:2a:b1:57:bc:fb:ec:d5:4d:97:51:59:09:a3:c2:
                    a5:28:29:0b:32:31:ef:1b:55:4f:ef:72:20:8b:06:
                    ce:ad:41:6d:a0:d9:91:73:8e:5f:c1:e4:d6:a2:74:
                    49:e7:f4:ac:90:06:63:71:19:21:1d:44:ce:94:14:
                    f0:21:ad:23:eb:c4:61:79:7c:cd:48:e6:8c:bd:e6:
                    07:19:08:f3:71:66:6d:c9:d1:9a:1b:9c:7e:12:05:
                    4c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:45:C7:1C:17:78:66:37:15:9A:DE:5E:13:5C:86:F2:86:57:A8:3D
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/CUXHHBd4ZjcVmt5eE1yG8oZXqD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:24:2a:be:42:99:8b:8b:b4:ef:23:47:26:e0:df:a8:e4:94:
         e1:21:72:77:fd:38:c8:9e:8b:0f:1c:b2:05:4a:74:e2:9a:1c:
         9c:bc:72:92:13:07:5d:2e:0e:c6:f6:ab:31:55:28:73:aa:54:
         d7:a6:07:83:81:62:e8:7d:70:c4:15:73:1e:db:ac:fd:c1:ca:
         b5:8f:69:04:31:56:07:de:9b:9f:c7:eb:8d:bb:2f:55:8c:a9:
         1b:79:75:d0:ed:a0:92:d4:fe:d8:e9:e5:3d:2b:a1:e3:b7:a5:
         71:6f:4a:f0:26:b1:6e:6e:03:46:e1:21:be:03:ce:e9:7d:95:
         48:5f:7f:ba:fc:79:db:9d:71:cd:30:c5:79:6d:c0:ba:b6:f2:
         74:8b:12:c0:c6:2c:5f:bc:1a:d5:b1:e6:80:d3:5f:56:87:9c:
         63:bc:90:c5:aa:0c:1c:67:53:20:c9:17:a8:e7:e0:ea:7e:18:
         51:dd:69:b2:bc:31:1f:21:cc:c2:de:4a:d6:25:b5:87:27:dc:
         7a:57:aa:7d:e0:69:84:f0:65:d0:07:16:0f:f3:11:ff:25:24:
         e5:57:97:31:13:cd:af:a3:46:88:c0:5e:92:c3:18:ba:32:4f:
         bd:52:a7:5e:2c:f4:60:e4:2f:49:3a:32:f3:bc:03:e4:fa:62:
         f1:f6:ac:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK8M4nAEYOKd0hfPoFrGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTQ1YzcxYzE3Nzg2NjM3MTU5YWRlNWUxMzVjODZmMjg2NTdhODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4auNw6wrGV9sdcZxFOkvOi/U53J
TKeqLGQusOg29/OkUEyluD8mNg+BJ7DrKB1Zn9CnZM1kZHf2M3ntwB0nbZDb97zQ
BTtiGWkdVqQDd37Fbzf39/Ye4nSIOOiYBlX2Nyd0cxgceV6DGqKfdnqKV0njcD8j
BRCxOx6zH16H8lVtG7YUGguTqJXGuKE4zlDRHPfG2RqsU4Y5CVR8S33sB/rihwmQ
KrFXvPvs1U2XUVkJo8KlKCkLMjHvG1VP73IgiwbOrUFtoNmRc45fweTWonRJ5/Ss
kAZjcRkhHUTOlBTwIa0j68RheXzNSOaMveYHGQjzcWZtydGaG5x+EgVM2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlFxxwXeGY3FZreXhNchvKGV6g9MB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvQ1VYSEhCZDRaamNWbXQ1ZUUxeUc4b1pYcUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATU/IMA0G
CSqGSIb3DQEBCwUAA4IBAQAzJCq+QpmLi7TvI0cm4N+o5JThIXJ3/TjInosPHLIF
SnTimhycvHKSEwddLg7G9qsxVShzqlTXpgeDgWLofXDEFXMe26z9wcq1j2kEMVYH
3pufx+uNuy9VjKkbeXXQ7aCS1P7Y6eU9K6Hjt6Vxb0rwJrFubgNG4SG+A87pfZVI
X3+6/HnbnXHNMMV5bcC6tvJ0ixLAxixfvBrVseaA019Wh5xjvJDFqgwcZ1MgyReo
5+DqfhhR3WmyvDEfIczC3krWJbWHJ9x6V6p94GmE8GXQBxYP8xH/JSTlV5cxE82v
o0aIwF6Swxi6Mk+9UqdeLPRg5C9JOjLzvAPk+mLx9qwk
-----END CERTIFICATE-----