Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/dS8ltYEwMeQauKcHztxVdMkvHtk.roa
File:                     dS8ltYEwMeQauKcHztxVdMkvHtk.roa (raw, json)
Hash identifier:          ZxiHqoRVRiymdIU50sOo7gH/68u999raVi4SnNK1Hhg=
Subject key identifier:   75:2F:25:B5:81:30:31:E4:1A:B8:A7:07:CE:DC:55:74:C9:2F:1E:D9
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       018E85635BDFF4A1FFDC46B08853CAC1DFB4
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/dS8ltYEwMeQauKcHztxVdMkvHtk.roa
Signing time:             Thu 28 Mar 2024 14:07:45 +0000
ROA not before:           Thu 28 Mar 2024 14:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        79.99.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:63:5b:df:f4:a1:ff:dc:46:b0:88:53:ca:c1:df:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Mar 28 14:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=752f25b5813031e41ab8a707cedc5574c92f1ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3d:0e:dc:01:f3:a7:e5:04:3f:3e:33:6b:27:
                    9b:e9:22:46:f0:0c:f7:d6:c7:35:ee:0f:44:76:6c:
                    e8:70:85:8b:ce:dd:07:2b:63:80:04:71:b3:c3:32:
                    dc:0b:be:a3:f6:30:3e:41:df:13:8b:3d:2e:90:22:
                    8c:d6:08:1d:d7:06:25:b7:5c:1e:5c:ca:ad:bc:26:
                    fe:be:99:85:84:fe:f9:0d:11:87:e9:77:03:19:3f:
                    34:7b:ed:8e:6e:d9:25:30:38:11:8a:5b:51:0d:c6:
                    04:da:08:45:bc:48:41:bb:d1:38:d5:2d:59:45:cf:
                    e7:f6:e5:3e:3f:e7:bd:0c:71:27:66:ef:c2:e7:a5:
                    d9:f5:2d:5a:ab:00:f9:58:1c:55:ee:0f:c0:c6:91:
                    60:bd:45:a5:a1:70:a8:0e:4c:76:4d:17:74:dd:08:
                    82:a8:83:3d:34:c4:3e:ca:3a:64:7b:38:f5:85:a6:
                    d7:dd:10:f8:b4:d0:66:7c:6e:c7:9e:72:09:7f:f4:
                    22:bf:31:ec:4a:77:75:f1:61:ca:85:5c:a5:e7:30:
                    f9:46:01:c9:5a:25:2a:51:a2:a5:cc:86:a5:93:6e:
                    f0:83:b7:25:9e:9f:19:77:eb:ef:17:35:d0:53:25:
                    07:75:01:a8:30:fc:6e:50:a6:8b:74:cf:79:46:1e:
                    fb:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:2F:25:B5:81:30:31:E4:1A:B8:A7:07:CE:DC:55:74:C9:2F:1E:D9
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/dS8ltYEwMeQauKcHztxVdMkvHtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:e9:5b:3e:b5:5e:83:d9:df:de:11:7c:f1:ab:03:89:f1:f3:
         ac:6c:22:11:54:27:dd:d8:ef:7b:83:e1:0a:50:76:36:58:f9:
         fa:9d:8d:46:da:94:4c:7b:44:fa:22:1b:42:72:d9:1a:89:82:
         cf:4f:35:c3:3a:78:1e:05:77:2f:92:b8:ad:f4:54:c5:00:78:
         03:8f:10:18:79:73:c3:32:12:93:24:00:d6:ac:ff:90:e6:36:
         3a:a5:f7:f9:12:ce:91:e5:a6:f4:90:48:8e:c0:f7:d2:ab:87:
         71:1f:fc:2e:4f:af:12:89:0a:2f:a1:15:56:25:5d:ce:31:bf:
         0d:bf:22:05:cb:5d:bf:f7:fb:ed:45:2c:b3:e5:41:ca:8e:0e:
         ce:e6:df:2f:28:6a:8a:16:e4:0f:49:39:74:b7:12:b7:fe:f0:
         a5:4b:c5:be:90:da:27:36:59:bc:26:cc:bc:dd:19:d3:a8:08:
         0d:ee:4d:82:b0:82:6e:da:0d:0c:3e:d6:dc:52:cb:ab:83:24:
         c0:85:42:bc:03:67:d5:c3:cd:d1:35:f1:3c:9d:81:2c:38:26:
         c4:7a:be:a9:34:ce:5c:4d:7b:82:b7:63:ac:8f:59:e0:74:7e:
         6e:e4:21:29:ca:86:03:d6:5a:84:ca:42:56:75:fa:b9:64:6c:
         13:49:ea:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6FY1vf9KH/3EawiFPKwd+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwMzI4MTQwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTJmMjViNTgxMzAzMWU0MWFiOGE3MDdjZWRjNTU3NGM5MmYxZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkj0O3AHzp+UEPz4zayeb6SJG8Az3
1sc17g9EdmzocIWLzt0HK2OABHGzwzLcC76j9jA+Qd8Tiz0ukCKM1ggd1wYlt1we
XMqtvCb+vpmFhP75DRGH6XcDGT80e+2ObtklMDgRiltRDcYE2ghFvEhBu9E41S1Z
Rc/n9uU+P+e9DHEnZu/C56XZ9S1aqwD5WBxV7g/AxpFgvUWloXCoDkx2TRd03QiC
qIM9NMQ+yjpkezj1habX3RD4tNBmfG7HnnIJf/QivzHsSnd18WHKhVyl5zD5RgHJ
WiUqUaKlzIalk27wg7clnp8Zd+vvFzXQUyUHdQGoMPxuUKaLdM95Rh778QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUvJbWBMDHkGrinB87cVXTJLx7ZMB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvZFM4bHRZRXdNZVFhdUtjSHp0eFZkTWt2SHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2OVMA0G
CSqGSIb3DQEBCwUAA4IBAQAj6Vs+tV6D2d/eEXzxqwOJ8fOsbCIRVCfd2O97g+EK
UHY2WPn6nY1G2pRMe0T6IhtCctkaiYLPTzXDOngeBXcvkrit9FTFAHgDjxAYeXPD
MhKTJADWrP+Q5jY6pff5Es6R5ab0kEiOwPfSq4dxH/wuT68SiQovoRVWJV3OMb8N
vyIFy12/9/vtRSyz5UHKjg7O5t8vKGqKFuQPSTl0txK3/vClS8W+kNonNlm8Jsy8
3RnTqAgN7k2CsIJu2g0MPtbcUsurgyTAhUK8A2fVw83RNfE8nYEsOCbEer6pNM5c
TXuCt2Osj1ngdH5u5CEpyoYD1lqEykJWdfq5ZGwTSeoB
-----END CERTIFICATE-----