Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/Mh7Ubv4TG1QUUBFaB5RVDOF2OyY.roa
File:                     Mh7Ubv4TG1QUUBFaB5RVDOF2OyY.roa (raw, json)
Hash identifier:          liTy7H6hxigynvVKMro1wPYlgw2CTXBkGs+yyr0G5aw=
Subject key identifier:   32:1E:D4:6E:FE:13:1B:54:14:50:11:5A:07:94:55:0C:E1:76:3B:26
Certificate issuer:       /CN=b80633fe79a6296109fdbf6475d4c2a65e2d4f1c
Certificate serial:       018CC2DB30FE62EEB0B3B7C9C945CFEBD827
Authority key identifier: B8:06:33:FE:79:A6:29:61:09:FD:BF:64:75:D4:C2:A6:5E:2D:4F:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAYz_nmmKWEJ_b9kddTCpl4tTxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/Mh7Ubv4TG1QUUBFaB5RVDOF2OyY.roa
Signing time:             Mon 01 Jan 2024 02:29:53 +0000
ROA not before:           Mon 01 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59673
IP address blocks:        185.79.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/uAYz_nmmKWEJ_b9kddTCpl4tTxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/uAYz_nmmKWEJ_b9kddTCpl4tTxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAYz_nmmKWEJ_b9kddTCpl4tTxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:30:fe:62:ee:b0:b3:b7:c9:c9:45:cf:eb:d8:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b80633fe79a6296109fdbf6475d4c2a65e2d4f1c
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=321ed46efe131b541450115a0794550ce1763b26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:58:a2:e7:e4:0b:d0:7b:bb:be:99:77:da:8d:
                    ee:ac:33:94:77:22:e0:23:9c:13:07:84:7e:8b:2a:
                    d7:e5:55:4b:da:f1:a8:25:f2:55:61:a3:3b:3e:e8:
                    b2:83:62:bc:96:45:db:b5:43:cd:7b:cf:eb:14:50:
                    29:17:8f:fa:5c:67:3e:7c:a4:0b:82:3e:0a:f4:6d:
                    89:5f:0e:50:53:4b:f4:07:a6:fb:93:45:e7:d9:d6:
                    f5:85:f3:60:e8:d9:d8:9c:3f:92:d5:8a:35:77:0d:
                    c4:58:7d:65:2b:b8:42:46:48:83:e5:5f:83:60:4e:
                    bf:b1:81:82:0b:32:f9:42:98:a0:c6:01:4e:58:99:
                    dd:2e:94:48:3b:a3:6a:f3:8c:20:d2:d0:16:bf:e0:
                    34:9a:78:16:31:19:0a:c4:3b:cf:8d:0c:df:80:81:
                    7d:7f:cb:e0:8a:69:04:3e:6f:e6:c0:08:bb:a6:7d:
                    57:b3:89:b9:4d:fb:1b:a2:22:b2:d2:cc:0f:12:51:
                    78:29:04:04:a9:46:cb:22:c6:e8:fd:42:d2:06:38:
                    21:fd:ad:47:d4:0f:71:be:3d:89:6e:87:3b:20:d7:
                    c6:e6:db:43:75:0b:cd:13:a7:76:7a:a6:1a:c1:48:
                    3b:eb:47:8f:16:6f:2d:e0:b7:05:67:a4:19:52:c5:
                    af:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1E:D4:6E:FE:13:1B:54:14:50:11:5A:07:94:55:0C:E1:76:3B:26
            X509v3 Authority Key Identifier:
                keyid:B8:06:33:FE:79:A6:29:61:09:FD:BF:64:75:D4:C2:A6:5E:2D:4F:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAYz_nmmKWEJ_b9kddTCpl4tTxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/Mh7Ubv4TG1QUUBFaB5RVDOF2OyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d16f59-7754-46a7-aa59-2a06ed104553/1/uAYz_nmmKWEJ_b9kddTCpl4tTxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d8:dd:76:2e:dc:e0:7b:9c:55:56:c1:4d:79:25:ee:d5:c7:
         73:41:5a:41:4d:4a:bf:75:63:da:b3:ef:d5:b6:57:d0:1b:a1:
         5a:c5:66:81:7b:21:32:72:08:d0:96:fd:46:f2:65:da:d0:af:
         a5:b9:03:33:7b:19:3f:42:0e:f2:bd:14:6f:ae:6f:23:e6:6f:
         d9:af:9c:56:6d:59:c3:ff:63:90:ce:25:87:eb:3c:38:f8:ab:
         27:69:a0:83:76:d2:8d:47:a8:99:ff:02:7c:96:05:84:1c:2b:
         9b:e2:8d:84:0d:eb:57:3d:1d:06:59:e2:2f:0e:2c:4f:81:55:
         fd:e9:91:4d:3b:3c:73:78:46:00:77:29:6d:e8:53:aa:37:33:
         67:3d:71:e2:26:d3:a2:e5:ff:05:f1:55:3e:17:e5:b3:36:2a:
         35:0c:9a:ab:6e:f3:8a:81:ff:f4:6a:5e:77:57:b1:60:fd:6a:
         95:91:c4:58:2e:06:a3:60:f8:25:b0:c0:12:a6:49:f9:c4:de:
         02:76:88:79:c8:82:55:e6:de:44:93:e0:40:a5:ec:c2:8d:b9:
         15:5c:2f:c8:a2:73:66:17:5d:34:47:3e:a4:e3:54:f4:46:a9:
         c8:02:04:77:e8:83:c3:27:ed:15:db:9c:6b:24:da:87:ad:8a:
         d2:9d:71:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zD+Yu6ws7fJyUXP69gnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDYzM2ZlNzlhNjI5NjEwOWZkYmY2NDc1ZDRjMmE2NWUy
ZDRmMWMwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjFlZDQ2ZWZlMTMxYjU0MTQ1MDExNWEwNzk0NTUwY2UxNzYzYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVii5+QL0Hu7vpl32o3urDOUdyLg
I5wTB4R+iyrX5VVL2vGoJfJVYaM7Puiyg2K8lkXbtUPNe8/rFFApF4/6XGc+fKQL
gj4K9G2JXw5QU0v0B6b7k0Xn2db1hfNg6NnYnD+S1Yo1dw3EWH1lK7hCRkiD5V+D
YE6/sYGCCzL5QpigxgFOWJndLpRIO6Nq84wg0tAWv+A0mngWMRkKxDvPjQzfgIF9
f8vgimkEPm/mwAi7pn1Xs4m5TfsboiKy0swPElF4KQQEqUbLIsbo/ULSBjgh/a1H
1A9xvj2Jboc7INfG5ttDdQvNE6d2eqYawUg760ePFm8t4LcFZ6QZUsWvtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIe1G7+ExtUFFARWgeUVQzhdjsmMB8GA1UdIwQY
MBaAFLgGM/55pilhCf2/ZHXUwqZeLU8cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFZel9ubW1LV0VKX2I5a2RkVENwbDR0VHh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kMTZmNTktNzc1NC00NmE3LWFhNTkt
MmEwNmVkMTA0NTUzLzEvTWg3VWJ2NFRHMVFVVUJGYUI1UlZET0YyT3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kMTZmNTktNzc1NC00NmE3LWFhNTktMmEwNmVkMTA0NTUz
LzEvdUFZel9ubW1LV0VKX2I5a2RkVENwbDR0VHh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU92MA0G
CSqGSIb3DQEBCwUAA4IBAQB82N12Ltzge5xVVsFNeSXu1cdzQVpBTUq/dWPas+/V
tlfQG6FaxWaBeyEycgjQlv1G8mXa0K+luQMzexk/Qg7yvRRvrm8j5m/Zr5xWbVnD
/2OQziWH6zw4+KsnaaCDdtKNR6iZ/wJ8lgWEHCub4o2EDetXPR0GWeIvDixPgVX9
6ZFNOzxzeEYAdylt6FOqNzNnPXHiJtOi5f8F8VU+F+WzNio1DJqrbvOKgf/0al53
V7Fg/WqVkcRYLgajYPglsMASpkn5xN4Cdoh5yIJV5t5Ek+BApezCjbkVXC/IonNm
F100Rz6k41T0RqnIAgR36IPDJ+0V25xrJNqHrYrSnXGR
-----END CERTIFICATE-----