Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/j5Mco1xHz6qtNwIYmE9FAyGJ2sg.roa
File:                     j5Mco1xHz6qtNwIYmE9FAyGJ2sg.roa (raw, json)
Hash identifier:          aHB3KTa3F+ld/YvSV49CBfc3UilWds9bdyXuIbmMbjI=
Subject key identifier:   8F:93:1C:A3:5C:47:CF:AA:AD:37:02:18:98:4F:45:03:21:89:DA:C8
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BC239351A9679EBFA85CDC210EEC2
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/j5Mco1xHz6qtNwIYmE9FAyGJ2sg.roa
Signing time:             Tue 02 Jan 2024 12:35:14 +0000
ROA not before:           Tue 02 Jan 2024 12:35:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205308
IP address blocks:        77.79.201.0/24 maxlen: 24
                          206.252.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c2:39:35:1a:96:79:eb:fa:85:cd:c2:10:ee:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f931ca35c47cfaaad370218984f45032189dac8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0e:fb:66:98:73:f2:e0:65:96:0f:89:a4:12:
                    50:aa:94:9c:3c:5c:93:1e:40:37:b8:e6:32:e1:1a:
                    53:5e:d7:6b:ad:a3:b0:ea:d1:c7:88:f4:f0:98:2a:
                    59:e4:33:62:dd:f0:07:96:84:33:67:72:e4:b3:40:
                    22:4d:6f:0b:ce:8f:2e:a5:d2:13:ad:0c:17:4f:f4:
                    2d:8f:9f:5b:bf:f9:c3:3b:83:52:87:1a:40:a0:79:
                    0b:dc:e1:e0:66:27:de:29:51:05:45:25:22:11:e2:
                    9e:2d:b0:9d:54:71:ff:60:b0:17:ec:6c:60:2b:b9:
                    dd:48:20:2b:8a:56:5d:cd:a3:62:12:e6:bd:c3:de:
                    80:e5:da:c8:99:b7:e2:d3:03:09:13:08:2d:da:79:
                    85:d8:9e:e2:f4:71:80:24:c3:07:4a:7c:0b:c7:8f:
                    9e:23:cc:ad:25:9c:07:27:20:f9:e8:83:20:2b:70:
                    7e:5d:e0:5d:3e:37:dd:31:16:3a:1b:6f:a3:1e:4e:
                    94:9a:8a:be:fb:8f:a8:fd:e6:1f:ca:77:ce:31:e6:
                    e9:49:15:8b:d7:66:00:ee:61:87:ae:05:a4:80:5f:
                    d1:fb:b5:19:a2:b7:50:43:01:d8:d4:75:7c:25:fd:
                    4c:e1:b6:a2:f4:11:3a:71:13:90:1f:68:1a:34:45:
                    ca:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:93:1C:A3:5C:47:CF:AA:AD:37:02:18:98:4F:45:03:21:89:DA:C8
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/j5Mco1xHz6qtNwIYmE9FAyGJ2sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.201.0/24
                  206.252.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:65:fa:bd:37:58:4b:f6:33:b7:9f:ad:39:ec:fa:49:37:77:
         87:f3:43:74:4b:16:40:70:12:78:0e:52:24:98:09:9e:94:83:
         03:34:73:fc:84:54:62:bc:d1:4a:3f:98:ac:c5:da:2b:de:4b:
         29:9a:4d:af:2e:85:05:93:e4:ca:a2:8d:bf:af:ba:57:d2:62:
         26:bd:78:47:8b:13:a3:90:38:74:fe:7e:c7:28:62:20:66:02:
         cc:a1:06:71:48:27:9d:07:11:4d:ea:e0:dc:f8:ea:0f:23:de:
         42:e5:5a:82:67:37:c7:00:0f:49:e9:d6:24:4e:73:44:45:89:
         b3:3d:cb:e6:a7:5e:a9:8e:71:10:f0:e7:c1:cb:1a:8c:77:15:
         63:93:97:ab:82:61:22:cc:97:da:d0:28:bc:26:e1:01:5f:69:
         36:c0:8c:77:6b:e8:ab:be:7e:ae:77:65:6d:93:6d:26:83:d9:
         38:a7:8f:32:ab:81:d6:ca:0c:49:26:ac:f3:7b:5d:a9:1b:76:
         44:e7:40:e1:02:de:fa:fc:db:04:9a:70:3b:cb:16:69:21:ed:
         3d:da:fb:11:80:a7:95:27:72:5f:71:33:e4:23:28:d3:9f:07:
         d3:54:1f:31:0e:7c:cc:ec:65:aa:0b:f4:69:f3:27:6c:50:aa:
         0a:aa:1e:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK8I5NRqWeev6hc3CEO7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjkzMWNhMzVjNDdjZmFhYWQzNzAyMTg5ODRmNDUwMzIxODlkYWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog77Zphz8uBllg+JpBJQqpScPFyT
HkA3uOYy4RpTXtdrraOw6tHHiPTwmCpZ5DNi3fAHloQzZ3Lks0AiTW8Lzo8updIT
rQwXT/Qtj59bv/nDO4NShxpAoHkL3OHgZifeKVEFRSUiEeKeLbCdVHH/YLAX7Gxg
K7ndSCArilZdzaNiEua9w96A5drImbfi0wMJEwgt2nmF2J7i9HGAJMMHSnwLx4+e
I8ytJZwHJyD56IMgK3B+XeBdPjfdMRY6G2+jHk6Umoq++4+o/eYfynfOMebpSRWL
12YA7mGHrgWkgF/R+7UZordQQwHY1HV8Jf1M4bai9BE6cROQH2gaNEXKpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI+THKNcR8+qrTcCGJhPRQMhidrIMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvajVNY28xeEh6NnF0TndJWW1FOUZBeUdKMnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATU/JAwQA
zvzgMA0GCSqGSIb3DQEBCwUAA4IBAQCFZfq9N1hL9jO3n6057PpJN3eH80N0SxZA
cBJ4DlIkmAmelIMDNHP8hFRivNFKP5isxdor3kspmk2vLoUFk+TKoo2/r7pX0mIm
vXhHixOjkDh0/n7HKGIgZgLMoQZxSCedBxFN6uDc+OoPI95C5VqCZzfHAA9J6dYk
TnNERYmzPcvmp16pjnEQ8OfByxqMdxVjk5ergmEizJfa0Ci8JuEBX2k2wIx3a+ir
vn6ud2Vtk20mg9k4p48yq4HWygxJJqzze12pG3ZE50DhAt76/NsEmnA7yxZpIe09
2vsRgKeVJ3JfcTPkIyjTnwfTVB8xDnzM7GWqC/Rp8ydsUKoKqh65
-----END CERTIFICATE-----