Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/l1fihC7VQFRLdbXYTE9hkt_bquA.roa
File:                     l1fihC7VQFRLdbXYTE9hkt_bquA.roa (raw, json)
Hash identifier:          eY7aCW6uDyl3HyszHyM69IBH22grMYkuOGkAb5n2Yqg=
Subject key identifier:   97:57:E2:84:2E:D5:40:54:4B:75:B5:D8:4C:4F:61:92:DF:DB:AA:E0
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BB59549C3747697F03D013CD5EAEF
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/l1fihC7VQFRLdbXYTE9hkt_bquA.roa
Signing time:             Tue 02 Jan 2024 12:35:11 +0000
ROA not before:           Tue 02 Jan 2024 12:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24929
IP address blocks:        77.79.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b5:95:49:c3:74:76:97:f0:3d:01:3c:d5:ea:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9757e2842ed540544b75b5d84c4f6192dfdbaae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:35:46:19:38:10:ae:c8:e0:9e:ea:f8:18:9f:
                    5b:6a:f3:e5:d2:8b:67:bb:2a:54:6d:18:e9:fb:f2:
                    59:a2:c6:f6:77:bb:4b:b4:cc:1f:f2:9a:f8:14:35:
                    22:42:1b:4e:55:63:25:86:45:3c:0d:c3:fa:ab:b0:
                    3c:9b:aa:35:ca:b0:e1:f9:53:33:c8:9b:da:8e:d1:
                    2b:41:90:29:63:ca:f6:14:05:9b:c2:fb:54:e9:02:
                    8e:61:a2:ee:e5:1f:a2:61:56:03:1e:64:be:da:f9:
                    07:2d:5d:bc:60:70:a3:ad:f5:28:86:ef:62:3f:12:
                    56:50:11:89:48:d9:d5:84:f6:bd:bb:42:24:5f:54:
                    ec:10:06:07:80:da:f1:ad:30:22:92:41:48:ee:3d:
                    81:d9:0e:a0:7d:2f:4a:02:75:f1:d9:30:fe:4d:9d:
                    bb:54:ed:06:99:c3:d3:2c:07:d6:1d:e2:51:5f:e4:
                    4d:d2:9b:02:1f:01:17:d8:c0:00:ed:60:71:1f:a6:
                    22:e9:42:b9:56:4f:ad:d2:b8:ae:0f:bd:cc:c9:1b:
                    b1:e0:29:87:e0:18:a6:ca:2b:24:7f:63:3c:99:f5:
                    4c:50:15:ca:41:97:b9:b0:6d:64:57:90:9e:19:91:
                    8a:5e:00:97:e6:d2:54:02:2c:4f:1d:1a:43:8b:fa:
                    91:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:57:E2:84:2E:D5:40:54:4B:75:B5:D8:4C:4F:61:92:DF:DB:AA:E0
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/l1fihC7VQFRLdbXYTE9hkt_bquA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:ff:44:61:50:91:cb:ea:f0:e2:fa:aa:b3:5b:cc:a9:dd:19:
         ce:c8:76:c3:7b:3a:7f:a5:3c:7e:5b:d8:ab:a8:21:d3:3c:7c:
         73:5f:1b:b3:b5:d8:7a:2f:59:b6:52:34:54:de:66:cb:a7:a6:
         63:b7:e6:25:9a:f9:ab:93:86:53:fb:3f:3c:9d:c6:09:95:c9:
         aa:15:d9:17:ba:06:eb:16:45:9c:7d:ca:5b:24:6a:a4:2c:14:
         7f:03:c7:a9:b9:3f:36:44:74:4f:38:67:12:d8:c9:f6:65:52:
         6a:d2:a1:0a:c3:e0:20:c9:84:75:b3:09:72:03:3e:0a:2d:90:
         78:37:62:36:07:fe:bb:31:8a:82:9c:ea:9c:67:cf:5f:68:74:
         3f:5d:22:2e:5f:ae:54:ee:17:c9:87:58:6a:0e:a8:da:f7:7e:
         73:fe:41:5e:9e:b9:1d:72:38:af:ec:a1:e4:c1:1a:79:47:aa:
         09:d8:54:89:9f:35:c4:aa:61:81:8e:14:15:56:b8:75:d7:a9:
         6d:62:9f:9d:93:4b:a7:46:7c:b5:90:ff:c8:23:a4:08:20:a1:
         0a:c5:0e:23:03:16:33:d6:95:7f:7d:4d:7e:78:fc:57:25:b2:
         2f:d5:af:07:3b:33:49:7f:3a:06:4c:b2:c7:2d:4d:2e:b5:b4:
         93:5e:d1:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7WVScN0dpfwPQE81ervMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzU3ZTI4NDJlZDU0MDU0NGI3NWI1ZDg0YzRmNjE5MmRmZGJhYWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTVGGTgQrsjgnur4GJ9bavPl0otn
uypUbRjp+/JZosb2d7tLtMwf8pr4FDUiQhtOVWMlhkU8DcP6q7A8m6o1yrDh+VMz
yJvajtErQZApY8r2FAWbwvtU6QKOYaLu5R+iYVYDHmS+2vkHLV28YHCjrfUohu9i
PxJWUBGJSNnVhPa9u0IkX1TsEAYHgNrxrTAikkFI7j2B2Q6gfS9KAnXx2TD+TZ27
VO0GmcPTLAfWHeJRX+RN0psCHwEX2MAA7WBxH6Yi6UK5Vk+t0riuD73MyRux4CmH
4Bimyiskf2M8mfVMUBXKQZe5sG1kV5CeGZGKXgCX5tJUAixPHRpDi/qROwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdX4oQu1UBUS3W12ExPYZLf26rgMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvbDFmaWhDN1ZRRlJMZGJYWVRFOWhrdF9icXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATU/tMA0G
CSqGSIb3DQEBCwUAA4IBAQCW/0RhUJHL6vDi+qqzW8yp3RnOyHbDezp/pTx+W9ir
qCHTPHxzXxuztdh6L1m2UjRU3mbLp6Zjt+Ylmvmrk4ZT+z88ncYJlcmqFdkXugbr
FkWcfcpbJGqkLBR/A8epuT82RHRPOGcS2Mn2ZVJq0qEKw+AgyYR1swlyAz4KLZB4
N2I2B/67MYqCnOqcZ89faHQ/XSIuX65U7hfJh1hqDqja935z/kFenrkdcjiv7KHk
wRp5R6oJ2FSJnzXEqmGBjhQVVrh116ltYp+dk0unRny1kP/II6QIIKEKxQ4jAxYz
1pV/fU1+ePxXJbIv1a8HOzNJfzoGTLLHLU0utbSTXtGU
-----END CERTIFICATE-----