Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/JtE0Hj13gt0TMOxX-BTDWKThkWA.roa
File:                     JtE0Hj13gt0TMOxX-BTDWKThkWA.roa (raw, json)
Hash identifier:          O7Tp8re7hsKthJ4hzt7OWSmQAXr1RZmuLFa297a/1v8=
Subject key identifier:   26:D1:34:1E:3D:77:82:DD:13:30:EC:57:F8:14:C3:58:A4:E1:91:60
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCB65EAD4D3BBA54A55E2265B5E7BE
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/JtE0Hj13gt0TMOxX-BTDWKThkWA.roa
Signing time:             Thu 02 Jan 2025 07:48:26 +0000
ROA not before:           Thu 02 Jan 2025 07:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202904
IP address blocks:        77.79.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b6:5e:ad:4d:3b:ba:54:a5:5e:22:65:b5:e7:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26d1341e3d7782dd1330ec57f814c358a4e19160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f4:c0:94:c3:0c:1f:68:e3:b9:42:00:5f:89:
                    76:11:b7:81:79:2c:5a:12:ea:4f:d3:e3:ef:64:43:
                    45:da:16:e8:65:cc:95:d9:58:ea:87:b9:e9:f7:18:
                    9f:c2:4b:03:1e:6e:49:8b:24:18:9d:99:d5:e6:af:
                    9d:a0:12:b9:60:2f:23:46:80:39:d2:f7:cc:b7:2a:
                    30:5f:79:c9:af:74:30:1c:9f:5c:bd:86:ba:0e:ac:
                    9f:69:2f:20:e8:db:98:ae:b7:00:9e:77:4f:45:2a:
                    6e:06:b8:e6:e4:88:f5:40:fd:4a:ae:0a:cd:40:ef:
                    ff:c8:78:61:ef:73:d9:80:79:72:93:04:4b:73:b9:
                    be:e2:02:ac:fd:3e:0d:34:3a:1e:b9:ea:6f:2d:78:
                    d8:9b:73:2c:fd:8b:16:f0:35:05:ed:5a:e3:ce:b2:
                    0c:93:5e:d2:78:db:60:b7:ea:f6:2d:fc:41:99:69:
                    68:00:70:1f:22:62:8b:7a:b8:79:b2:b1:5d:f5:68:
                    1b:2e:5e:47:5d:f3:f8:4f:0d:a3:3a:29:5b:bf:65:
                    eb:9a:b3:0e:f9:97:f8:30:73:5f:4e:91:f1:a0:d0:
                    cf:af:1d:32:15:90:64:31:62:79:02:05:dc:80:3f:
                    2c:b4:f8:81:1c:a0:73:92:96:92:77:a8:c9:45:f3:
                    eb:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D1:34:1E:3D:77:82:DD:13:30:EC:57:F8:14:C3:58:A4:E1:91:60
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/JtE0Hj13gt0TMOxX-BTDWKThkWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:ed:4c:08:de:d7:19:77:6c:39:ee:a6:2d:f9:4c:a1:23:ad:
         6c:75:7a:e5:dc:63:4d:46:ae:d0:23:c7:b8:f2:05:ea:82:2d:
         fb:91:0a:f3:b0:e3:05:d7:bd:1f:0b:8c:80:0a:c2:7a:c0:b0:
         e7:cf:c6:32:21:02:70:3a:ea:22:88:16:ea:49:ac:a1:0e:7b:
         c5:bd:3f:52:f9:42:11:63:25:2b:bf:f6:2b:fc:d5:77:af:93:
         b9:f7:a5:0c:df:43:7b:52:70:97:35:a5:53:f2:57:53:56:0a:
         08:0f:c1:8a:2a:bf:f1:92:56:6c:ce:98:e9:91:0d:fa:f3:10:
         f3:a8:8c:db:48:68:a2:d9:2d:71:65:5a:99:ee:f2:ad:fb:b7:
         ba:dc:41:db:e6:30:87:e1:3e:23:f2:cc:7a:ff:85:ef:0e:0e:
         c5:17:31:0f:2b:8d:09:3d:52:48:b5:9c:9b:0b:fc:10:9e:5c:
         5a:c4:d3:2b:9f:bd:cd:db:1c:b7:58:40:4e:22:f8:e9:0c:43:
         68:a6:8a:75:70:fb:58:90:98:4e:81:56:fc:ad:56:ca:bd:c2:
         cb:e4:03:90:d7:a9:15:e7:7e:11:8d:c0:57:30:6e:5e:fe:d3:
         54:7e:26:d9:ef:9b:82:cb:d2:20:ad:f4:1b:b5:a6:f2:5a:7b:
         f7:9c:f5:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/LZerU07ulSlXiJltee+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQxMzQxZTNkNzc4MmRkMTMzMGVjNTdmODE0YzM1OGE0ZTE5MTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPTAlMMMH2jjuUIAX4l2EbeBeSxa
EupP0+PvZENF2hboZcyV2Vjqh7np9xifwksDHm5JiyQYnZnV5q+doBK5YC8jRoA5
0vfMtyowX3nJr3QwHJ9cvYa6DqyfaS8g6NuYrrcAnndPRSpuBrjm5Ij1QP1KrgrN
QO//yHhh73PZgHlykwRLc7m+4gKs/T4NNDoeuepvLXjYm3Ms/YsW8DUF7VrjzrIM
k17SeNtgt+r2LfxBmWloAHAfImKLerh5srFd9WgbLl5HXfP4Tw2jOilbv2XrmrMO
+Zf4MHNfTpHxoNDPrx0yFZBkMWJ5AgXcgD8stPiBHKBzkpaSd6jJRfPrjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbRNB49d4LdEzDsV/gUw1ik4ZFgMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvSnRFMEhqMTNndDBUTU94WC1CVERXS1Roa1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATU/PMA0G
CSqGSIb3DQEBCwUAA4IBAQAF7UwI3tcZd2w57qYt+UyhI61sdXrl3GNNRq7QI8e4
8gXqgi37kQrzsOMF170fC4yACsJ6wLDnz8YyIQJwOuoiiBbqSayhDnvFvT9S+UIR
YyUrv/Yr/NV3r5O596UM30N7UnCXNaVT8ldTVgoID8GKKr/xklZszpjpkQ368xDz
qIzbSGii2S1xZVqZ7vKt+7e63EHb5jCH4T4j8sx6/4XvDg7FFzEPK40JPVJItZyb
C/wQnlxaxNMrn73N2xy3WEBOIvjpDENopop1cPtYkJhOgVb8rVbKvcLL5AOQ16kV
534RjcBXMG5e/tNUfibZ75uCy9IgrfQbtabyWnv3nPUr
-----END CERTIFICATE-----