Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/_xL0vZsD3yyrRHjrTaz2pCUVMOc.roa
File:                     _xL0vZsD3yyrRHjrTaz2pCUVMOc.roa (raw, json)
Hash identifier:          FJeSrQxxGNrlCjurn2s8LZUcYd3GUKAKpL8wjfsUiEs=
Subject key identifier:   FF:12:F4:BD:9B:03:DF:2C:AB:44:78:EB:4D:AC:F6:A4:25:15:30:E7
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BB8B97EE5B2575463BB5001D06D15
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/_xL0vZsD3yyrRHjrTaz2pCUVMOc.roa
Signing time:             Tue 02 Jan 2024 12:35:12 +0000
ROA not before:           Tue 02 Jan 2024 12:35:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41097
IP address blocks:        77.79.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b8:b9:7e:e5:b2:57:54:63:bb:50:01:d0:6d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff12f4bd9b03df2cab4478eb4dacf6a4251530e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0c:dc:58:71:f6:5e:e4:81:36:bf:e5:ea:bc:
                    e4:8b:41:ee:fa:9d:3d:92:a6:43:25:5b:79:9b:1e:
                    08:26:fc:7b:9b:0d:2a:96:b6:05:56:cc:3e:66:5d:
                    b1:62:bf:ca:88:c2:12:80:d2:aa:56:9e:f0:b6:89:
                    bc:fa:2a:0d:cc:3d:bd:99:21:8a:40:50:e1:64:b0:
                    52:77:da:12:a9:83:d4:16:fe:ab:49:45:d7:82:0e:
                    85:ca:ae:db:6f:7d:90:95:67:ed:28:6c:15:0a:7a:
                    e9:3a:9f:e2:14:40:20:20:e2:99:4d:86:cb:31:f4:
                    63:94:a7:9e:7a:c9:79:76:4d:90:15:9c:42:3b:41:
                    3e:c5:37:1b:57:87:13:6c:45:26:cd:30:70:af:14:
                    0d:74:2a:e5:f7:28:6c:11:b2:09:32:a3:cf:47:52:
                    e8:26:a8:88:0b:c9:f8:75:69:4b:80:ea:87:a0:48:
                    2c:d8:81:f9:14:15:ad:e4:79:d1:c7:72:2a:38:d9:
                    90:4f:5f:c7:51:3c:4b:5f:82:78:5a:e4:d4:37:77:
                    de:4d:65:5c:94:99:7b:b7:e1:1b:ba:c6:7e:94:a1:
                    67:02:2f:df:f9:4a:77:91:08:02:b9:5c:9a:89:c3:
                    74:4b:90:de:77:9f:39:00:43:2a:59:2a:f1:b6:7f:
                    c1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:12:F4:BD:9B:03:DF:2C:AB:44:78:EB:4D:AC:F6:A4:25:15:30:E7
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/_xL0vZsD3yyrRHjrTaz2pCUVMOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:84:87:ee:5a:a7:76:ae:dd:b3:82:63:d5:0b:7e:76:9f:ff:
         8e:91:e1:c7:e3:08:33:ac:f4:90:35:02:5f:73:62:e8:52:6d:
         4f:22:a4:a3:22:14:0a:37:ef:e8:c1:6c:90:b2:c3:5c:55:28:
         b5:56:37:f9:ab:93:5a:8a:67:52:4b:78:a0:8a:1a:43:30:9b:
         f0:90:80:2a:48:5d:ee:16:df:79:42:9e:bc:e0:d4:f1:74:1c:
         9c:5f:64:3c:c9:37:15:95:e8:f6:a2:fe:6d:41:f2:4d:e4:24:
         9c:7f:58:c6:f7:52:3c:50:86:0c:31:e9:dc:36:24:e3:eb:29:
         55:10:65:62:49:f6:9b:83:15:a8:9e:a0:65:e7:36:8d:2d:62:
         b2:fe:85:e5:42:d1:90:91:9f:f8:95:69:df:1e:3e:3e:54:f4:
         53:ab:2d:ea:bb:f1:23:3d:9f:a1:30:32:8a:63:c9:0c:4a:c8:
         eb:52:80:fd:ac:a3:cf:c8:6c:99:e4:c4:f8:37:fa:3b:44:9c:
         98:2c:bc:8d:1c:21:93:2d:69:3e:ce:76:e8:aa:0c:be:d1:ba:
         62:05:ed:75:33:4f:7a:27:e5:5e:47:0c:b3:94:d4:4a:f4:5e:
         f8:fb:12:c2:29:9b:27:ad:d2:2b:53:2b:78:94:d7:9c:9a:13:
         c7:06:82:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7i5fuWyV1Rju1AB0G0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjEyZjRiZDliMDNkZjJjYWI0NDc4ZWI0ZGFjZjZhNDI1MTUzMGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAzcWHH2XuSBNr/l6rzki0Hu+p09
kqZDJVt5mx4IJvx7mw0qlrYFVsw+Zl2xYr/KiMISgNKqVp7wtom8+ioNzD29mSGK
QFDhZLBSd9oSqYPUFv6rSUXXgg6Fyq7bb32QlWftKGwVCnrpOp/iFEAgIOKZTYbL
MfRjlKeeesl5dk2QFZxCO0E+xTcbV4cTbEUmzTBwrxQNdCrl9yhsEbIJMqPPR1Lo
JqiIC8n4dWlLgOqHoEgs2IH5FBWt5HnRx3IqONmQT1/HUTxLX4J4WuTUN3feTWVc
lJl7t+EbusZ+lKFnAi/f+Up3kQgCuVyaicN0S5Ded585AEMqWSrxtn/BVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8S9L2bA98sq0R4602s9qQlFTDnMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvX3hMMHZac0QzeXlyUkhqclRhejJwQ1VWTU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATU/NMA0G
CSqGSIb3DQEBCwUAA4IBAQCDhIfuWqd2rt2zgmPVC352n/+OkeHH4wgzrPSQNQJf
c2LoUm1PIqSjIhQKN+/owWyQssNcVSi1Vjf5q5NaimdSS3igihpDMJvwkIAqSF3u
Ft95Qp684NTxdBycX2Q8yTcVlej2ov5tQfJN5CScf1jG91I8UIYMMencNiTj6ylV
EGViSfabgxWonqBl5zaNLWKy/oXlQtGQkZ/4lWnfHj4+VPRTqy3qu/EjPZ+hMDKK
Y8kMSsjrUoD9rKPPyGyZ5MT4N/o7RJyYLLyNHCGTLWk+znboqgy+0bpiBe11M096
J+VeRwyzlNRK9F74+xLCKZsnrdIrUyt4lNecmhPHBoK1
-----END CERTIFICATE-----