Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/dVES324x-DiXOz7KqmSGNdGctKo.roa
File:                     dVES324x-DiXOz7KqmSGNdGctKo.roa (raw, json)
Hash identifier:          PY5Ib8DbHrPT7SxA7HI0KGeGE9MudENPsunuCyh3xg4=
Subject key identifier:   75:51:12:DF:6E:31:F8:38:97:3B:3E:CA:AA:64:86:35:D1:9C:B4:AA
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       018CC8DEDCB7CEC73A1D2B29EC999573C794
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/dVES324x-DiXOz7KqmSGNdGctKo.roa
Signing time:             Tue 02 Jan 2024 06:31:37 +0000
ROA not before:           Tue 02 Jan 2024 06:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196875
IP address blocks:        79.99.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:dc:b7:ce:c7:3a:1d:2b:29:ec:99:95:73:c7:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Jan  2 06:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=755112df6e31f838973b3ecaaa648635d19cb4aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:85:51:c4:9a:8e:bd:5b:92:05:25:6d:38:26:
                    5e:95:2c:e6:bd:59:c9:36:06:b4:68:26:21:76:95:
                    ab:35:b1:37:a6:6f:a3:dc:24:1c:99:e8:5e:55:8b:
                    d6:6b:96:5c:7b:38:7a:0b:08:51:a1:a1:7a:4b:2c:
                    17:d8:e9:f8:ae:28:7b:ff:9a:ea:73:c2:26:c4:54:
                    90:bd:73:d4:8a:e0:05:1e:49:56:b5:21:9d:09:43:
                    de:58:20:0c:49:23:4b:07:d3:2b:37:d8:37:c9:4f:
                    ff:bb:93:23:82:eb:df:83:3e:bc:3c:1f:f3:09:83:
                    ba:fa:fb:b6:04:8a:9c:f6:a2:74:02:5f:21:33:76:
                    79:eb:5e:99:a6:cc:17:59:aa:2e:d1:38:9b:da:e7:
                    77:48:ce:6d:28:f2:eb:3f:5d:b4:d3:01:90:29:aa:
                    af:3d:62:66:bf:10:18:08:92:c8:67:e4:86:3a:5c:
                    63:3a:93:0f:e5:4b:ed:3e:87:54:b5:f9:71:94:6a:
                    b8:1f:89:85:12:83:84:0a:2b:47:be:6a:cc:ff:22:
                    0f:ae:b2:18:b3:d0:dd:9f:91:86:1f:ee:1f:cf:f5:
                    be:0e:4e:df:0a:e2:2b:40:76:37:cb:6d:4b:e4:51:
                    2e:fe:10:f9:78:09:a2:f6:62:df:3d:d1:17:4e:0d:
                    dd:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:51:12:DF:6E:31:F8:38:97:3B:3E:CA:AA:64:86:35:D1:9C:B4:AA
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/dVES324x-DiXOz7KqmSGNdGctKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:4a:15:cd:bc:c2:4d:55:89:05:55:e2:d3:0f:25:1c:d8:67:
         2a:f9:03:a3:e7:2a:49:55:04:d3:a6:f7:94:3c:52:9a:e7:b9:
         d4:2c:36:31:a6:36:10:75:8b:0f:68:61:e7:9d:16:fe:ad:e5:
         dd:5c:f2:e1:b5:bd:e6:7b:00:a9:10:23:62:c0:50:c4:3a:5d:
         53:d3:23:4a:44:4b:77:ab:a9:76:81:52:42:f9:08:eb:97:c3:
         f3:58:11:a4:db:95:c1:ce:2c:1b:c1:88:ae:f3:4e:e6:08:d4:
         61:76:d5:62:2b:92:21:9c:2f:eb:5e:e4:90:96:ef:b9:ed:77:
         63:ea:1e:80:e8:4a:a7:59:c9:9e:a8:02:80:f6:2e:db:a2:d5:
         74:2a:6e:2f:55:6c:86:a2:5f:2e:75:a9:fd:78:26:ab:03:a2:
         2d:27:99:fb:7e:92:ae:aa:1e:aa:9d:47:f5:c8:55:ad:60:ff:
         16:1e:82:56:f0:04:f4:5b:bb:16:0a:d8:cf:90:27:89:95:de:
         b0:71:b0:7c:9f:90:f0:3b:f0:43:da:1b:f2:5d:5b:f8:a2:28:
         06:b6:1b:28:70:0f:38:59:4b:73:23:16:2b:5d:78:c3:36:b3:
         21:8c:04:a6:7f:0f:fb:81:a9:4e:5f:e1:2d:56:3e:9d:4e:07:
         39:49:f5:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ty3zsc6HSsp7JmVc8eUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwMTAyMDYzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTUxMTJkZjZlMzFmODM4OTczYjNlY2FhYTY0ODYzNWQxOWNiNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9IVRxJqOvVuSBSVtOCZelSzmvVnJ
Nga0aCYhdpWrNbE3pm+j3CQcmeheVYvWa5Zcezh6CwhRoaF6SywX2On4rih7/5rq
c8ImxFSQvXPUiuAFHklWtSGdCUPeWCAMSSNLB9MrN9g3yU//u5Mjguvfgz68PB/z
CYO6+vu2BIqc9qJ0Al8hM3Z5616ZpswXWaou0Tib2ud3SM5tKPLrP1200wGQKaqv
PWJmvxAYCJLIZ+SGOlxjOpMP5UvtPodUtflxlGq4H4mFEoOECitHvmrM/yIPrrIY
s9Ddn5GGH+4fz/W+Dk7fCuIrQHY3y21L5FEu/hD5eAmi9mLfPdEXTg3diwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVREt9uMfg4lzs+yqpkhjXRnLSqMB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvZFZFUzMyNHgtRGlYT3o3S3FtU0dOZEdjdEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2OUMA0G
CSqGSIb3DQEBCwUAA4IBAQBcShXNvMJNVYkFVeLTDyUc2Gcq+QOj5ypJVQTTpveU
PFKa57nULDYxpjYQdYsPaGHnnRb+reXdXPLhtb3mewCpECNiwFDEOl1T0yNKREt3
q6l2gVJC+Qjrl8PzWBGk25XBziwbwYiu807mCNRhdtViK5IhnC/rXuSQlu+57Xdj
6h6A6EqnWcmeqAKA9i7botV0Km4vVWyGol8udan9eCarA6ItJ5n7fpKuqh6qnUf1
yFWtYP8WHoJW8AT0W7sWCtjPkCeJld6wcbB8n5DwO/BD2hvyXVv4oigGthsocA84
WUtzIxYrXXjDNrMhjASmfw/7galOX+EtVj6dTgc5SfUm
-----END CERTIFICATE-----