Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/UnYM-oFSF4aXsQsR4eLAl9H2RuQ.roa
File:                     UnYM-oFSF4aXsQsR4eLAl9H2RuQ.roa (raw, json)
Hash identifier:          y22v4wYizSD8KNQ3ApDlUdbn1uxVwwwSU6Y2eXhb4HE=
Subject key identifier:   52:76:0C:FA:81:52:17:86:97:B1:0B:11:E1:E2:C0:97:D1:F6:46:E4
Certificate issuer:       /CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
Certificate serial:       01931FE52125B3927EA372D9EC32981CD623
Authority key identifier: BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/UnYM-oFSF4aXsQsR4eLAl9H2RuQ.roa
Signing time:             Tue 12 Nov 2024 10:22:10 +0000
ROA not before:           Tue 12 Nov 2024 10:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210805
IP address blocks:        79.135.102.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1f:e5:21:25:b3:92:7e:a3:72:d9:ec:32:98:1c:d6:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
        Validity
            Not Before: Nov 12 10:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52760cfa8152178697b10b11e1e2c097d1f646e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:84:56:de:c9:90:65:b7:73:bc:82:8b:e9:ba:
                    47:c2:09:ed:8f:28:19:e0:3c:9c:d7:ba:2b:99:bc:
                    bf:6b:80:63:f5:dc:b2:62:3a:cd:8d:ae:43:7d:78:
                    9e:3b:ef:8d:a9:06:47:30:eb:64:8b:ad:d1:17:f6:
                    01:ba:85:da:94:5d:e0:32:23:33:57:53:e5:ce:97:
                    2a:62:f3:be:20:f4:3b:49:72:83:7a:63:2c:90:64:
                    d0:d4:46:97:8f:84:af:8e:dd:54:c9:a2:68:81:32:
                    52:e6:45:b4:0a:bc:20:8f:08:55:4e:94:ac:97:b0:
                    89:d4:e7:e5:51:18:6f:cf:53:f8:21:e3:83:2f:d9:
                    d0:f0:9f:57:29:c2:dc:2c:ef:56:18:37:fe:b2:91:
                    87:97:2a:56:c2:8b:17:55:3a:74:da:d9:2c:c9:b3:
                    87:41:df:05:04:07:66:c3:6d:e5:7c:bc:f1:3a:e1:
                    3a:86:de:2b:76:4a:0c:d9:61:8b:26:25:d4:86:07:
                    c5:3c:28:58:7e:74:d3:5e:f9:27:07:ad:e5:f6:05:
                    c0:15:bc:17:8d:b4:75:53:e8:cc:54:1d:28:cd:df:
                    31:ef:45:74:4a:6e:fc:d4:b0:af:a0:a5:94:66:a6:
                    3d:1a:ea:c9:fd:c7:d1:4d:8f:6d:fd:ad:ec:5e:8d:
                    c4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:76:0C:FA:81:52:17:86:97:B1:0B:11:E1:E2:C0:97:D1:F6:46:E4
            X509v3 Authority Key Identifier:
                keyid:BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/UnYM-oFSF4aXsQsR4eLAl9H2RuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.135.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:88:21:cd:c8:15:af:a7:76:6c:a5:45:9d:41:70:2f:d8:fe:
         08:39:c1:1c:9b:a3:63:86:13:55:79:42:b8:f2:b4:4b:fa:ae:
         84:18:9c:55:86:c0:cc:c1:4f:c9:87:ce:e1:ca:bc:3a:c4:b9:
         7e:65:e9:88:48:6e:b5:09:14:67:58:f3:4a:a3:87:24:36:81:
         21:4d:d4:c1:22:3f:ad:dc:d8:51:cd:63:42:ad:84:de:b4:d6:
         d9:7e:5a:31:31:51:33:b0:89:09:d1:ce:58:66:a3:56:f2:79:
         d3:77:f2:18:10:6a:96:cb:72:59:72:f2:d8:dd:ac:09:80:72:
         7e:d9:f9:23:7f:86:2b:2d:c3:0d:c6:77:ae:68:4c:82:50:4d:
         e0:0b:d2:57:65:f8:f6:81:99:7d:ab:58:1b:26:9b:ae:45:60:
         72:69:28:6d:66:2c:5e:50:22:96:2c:69:3e:14:fc:37:26:b7:
         f8:ea:8f:7c:d8:14:5d:be:3e:ee:f3:69:6b:05:61:07:4e:18:
         d8:9e:a3:db:4f:6e:13:4b:6e:04:7b:d6:06:46:e5:79:f4:c2:
         fa:68:f8:45:c7:b2:3d:61:53:ff:98:b0:09:de:69:3f:52:5d:
         41:fc:40:a1:6a:90:a1:92:bd:32:ff:4d:63:b5:88:a5:a2:46:
         1b:b7:d3:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMf5SEls5J+o3LZ7DKYHNYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMGQ0ZTg1OTM3YjdhMGYyNzEwNTRkMjg2MTRmMjkzNGQ0
ZWE1MDAwHhcNMjQxMTEyMTAyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjc2MGNmYTgxNTIxNzg2OTdiMTBiMTFlMWUyYzA5N2QxZjY0NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IRW3smQZbdzvIKL6bpHwgntjygZ
4Dyc17ormby/a4Bj9dyyYjrNja5DfXieO++NqQZHMOtki63RF/YBuoXalF3gMiMz
V1PlzpcqYvO+IPQ7SXKDemMskGTQ1EaXj4Svjt1UyaJogTJS5kW0CrwgjwhVTpSs
l7CJ1OflURhvz1P4IeODL9nQ8J9XKcLcLO9WGDf+spGHlypWwosXVTp02tksybOH
Qd8FBAdmw23lfLzxOuE6ht4rdkoM2WGLJiXUhgfFPChYfnTTXvknB63l9gXAFbwX
jbR1U+jMVB0ozd8x70V0Sm781LCvoKWUZqY9GurJ/cfRTY9t/a3sXo3EnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJ2DPqBUheGl7ELEeHiwJfR9kbkMB8GA1UdIwQY
MBaAFLsNToWTe3oPJxBU0oYU8pNNTqUAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYt
OGU5Yjk4YTk5Y2RiLzEvVW5ZTS1vRlNGNGFYc1FzUjRlTEFsOUgyUnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYtOGU5Yjk4YTk5Y2Ri
LzEvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBT4dmMA0G
CSqGSIb3DQEBCwUAA4IBAQA1iCHNyBWvp3ZspUWdQXAv2P4IOcEcm6NjhhNVeUK4
8rRL+q6EGJxVhsDMwU/Jh87hyrw6xLl+ZemISG61CRRnWPNKo4ckNoEhTdTBIj+t
3NhRzWNCrYTetNbZfloxMVEzsIkJ0c5YZqNW8nnTd/IYEGqWy3JZcvLY3awJgHJ+
2fkjf4YrLcMNxneuaEyCUE3gC9JXZfj2gZl9q1gbJpuuRWByaShtZixeUCKWLGk+
FPw3Jrf46o982BRdvj7u82lrBWEHThjYnqPbT24TS24Ee9YGRuV59ML6aPhFx7I9
YVP/mLAJ3mk/Ul1B/EChapChkr0y/01jtYilokYbt9Mc
-----END CERTIFICATE-----