Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/ctUWeERR7eF7n1WDEfo9dhUI0e0.roa
File:                     ctUWeERR7eF7n1WDEfo9dhUI0e0.roa (raw, json)
Hash identifier:          +CQ5UhusWKqlAttfTMSYKEVRBQEFey1Epy3cZFFmorM=
Subject key identifier:   72:D5:16:78:44:51:ED:E1:7B:9F:55:83:11:FA:3D:76:15:08:D1:ED
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93A865D5553C0972EDE315BEED3D3
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/ctUWeERR7eF7n1WDEfo9dhUI0e0.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5483
IP address blocks:        79.120.198.0/24 maxlen: 24
                          79.120.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3a:86:5d:55:53:c0:97:2e:de:31:5b:ee:d3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72d516784451ede17b9f558311fa3d761508d1ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1e:f7:de:f4:67:f8:8c:66:85:5a:87:24:b7:
                    a1:d6:31:ab:df:27:f2:a0:8b:6b:39:57:dc:c3:82:
                    3b:8e:cc:07:c6:00:7e:29:93:c1:7e:57:fc:af:c7:
                    c1:3e:f9:31:70:a0:1f:10:3b:ec:ac:5e:4d:4c:55:
                    66:fb:18:a1:89:2c:44:ad:ed:0f:db:21:44:e1:59:
                    18:dc:db:0b:82:e3:bc:e0:c0:7e:cf:22:ca:5f:72:
                    2a:1f:69:16:98:de:cf:03:de:e3:fa:5e:ef:51:42:
                    c7:06:85:74:99:8c:f5:0f:30:20:a0:24:81:80:be:
                    b7:06:7e:28:e8:b4:67:53:62:95:14:44:1d:e7:0e:
                    93:3b:73:ad:e1:a3:9f:36:6d:f7:13:90:c1:06:78:
                    aa:3d:26:27:4b:85:26:0e:17:88:e4:98:a2:76:02:
                    33:9e:20:cc:2b:c2:9e:0e:15:f4:56:4a:91:a1:b8:
                    42:8f:92:d1:b7:d0:51:5f:48:40:b0:9e:2e:44:9c:
                    3f:4b:41:0f:92:7b:fa:ed:3b:48:69:8b:ba:8c:67:
                    cc:bd:95:71:72:ee:a2:80:d0:f0:ba:55:c8:2e:f0:
                    12:fb:45:0f:59:91:82:66:7e:6f:c7:58:ac:5e:52:
                    97:c7:da:a7:df:45:af:19:84:ba:04:86:b3:0b:51:
                    73:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D5:16:78:44:51:ED:E1:7B:9F:55:83:11:FA:3D:76:15:08:D1:ED
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/ctUWeERR7eF7n1WDEfo9dhUI0e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.120.198.0/24
                  79.120.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:22:9b:5f:73:c0:ee:33:dd:8b:e8:a7:10:45:a9:4f:66:9b:
         32:9c:08:b4:4c:5f:c0:48:3d:27:c9:70:64:eb:b8:df:57:d7:
         01:b7:55:f4:e9:54:64:a8:b0:2e:97:9f:99:9c:ce:59:06:78:
         ae:42:52:39:47:b4:be:8e:fa:70:d3:e7:86:35:ef:8f:43:d3:
         63:80:63:fc:a2:72:66:83:5f:76:87:05:d0:c7:f2:c0:4e:c1:
         3f:e1:98:d6:8b:2c:e8:4e:63:8a:3f:d9:9a:86:f9:0e:b1:78:
         cd:d4:f1:cf:18:fa:54:80:84:b8:59:67:7b:d1:98:99:a0:b1:
         19:00:94:b4:6b:ec:87:47:96:64:38:35:4e:28:97:a1:b9:91:
         ed:20:cd:cc:b3:c4:5a:7d:65:f2:b1:40:ed:85:7d:da:f6:62:
         27:1c:02:12:86:48:d6:d0:6e:b9:85:61:04:2e:06:87:19:94:
         c2:14:e8:1f:36:75:14:08:e4:3a:6b:e1:d4:f7:09:74:f0:5d:
         35:76:16:87:0b:f6:89:a2:b2:69:0c:dc:a0:4b:9b:62:d5:2e:
         0e:81:86:27:31:6c:6b:70:9a:44:71:c7:7c:ef:46:45:09:a4:
         34:53:08:78:2a:ac:69:53:ec:83:05:91:64:7c:68:af:dc:35:
         13:d5:0c:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuTqGXVVTwJcu3jFb7tPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmQ1MTY3ODQ0NTFlZGUxN2I5ZjU1ODMxMWZhM2Q3NjE1MDhkMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx733vRn+IxmhVqHJLeh1jGr3yfy
oItrOVfcw4I7jswHxgB+KZPBflf8r8fBPvkxcKAfEDvsrF5NTFVm+xihiSxEre0P
2yFE4VkY3NsLguO84MB+zyLKX3IqH2kWmN7PA97j+l7vUULHBoV0mYz1DzAgoCSB
gL63Bn4o6LRnU2KVFEQd5w6TO3Ot4aOfNm33E5DBBniqPSYnS4UmDheI5JiidgIz
niDMK8KeDhX0VkqRobhCj5LRt9BRX0hAsJ4uRJw/S0EPknv67TtIaYu6jGfMvZVx
cu6igNDwulXILvAS+0UPWZGCZn5vx1isXlKXx9qn30WvGYS6BIazC1FznQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHLVFnhEUe3he59VgxH6PXYVCNHtMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvY3RVV2VFUlI3ZUY3bjFXREVmbzlkaFVJMGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT3jGAwQA
T3jIMA0GCSqGSIb3DQEBCwUAA4IBAQATIptfc8DuM92L6KcQRalPZpsynAi0TF/A
SD0nyXBk67jfV9cBt1X06VRkqLAul5+ZnM5ZBniuQlI5R7S+jvpw0+eGNe+PQ9Nj
gGP8onJmg192hwXQx/LATsE/4ZjWiyzoTmOKP9mahvkOsXjN1PHPGPpUgIS4WWd7
0ZiZoLEZAJS0a+yHR5ZkODVOKJehuZHtIM3Ms8RafWXysUDthX3a9mInHAIShkjW
0G65hWEELgaHGZTCFOgfNnUUCOQ6a+HU9wl08F01dhaHC/aJorJpDNygS5ti1S4O
gYYnMWxrcJpEccd870ZFCaQ0Uwh4KqxpU+yDBZFkfGiv3DUT1Qzd
-----END CERTIFICATE-----