Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/CU1fi2aoW6ctvY3mGLMtLmZFMFo.roa
File:                     CU1fi2aoW6ctvY3mGLMtLmZFMFo.roa (raw, json)
Hash identifier:          ESGp+EZtZYnjlUgyYN5g5Rq1x4sNsC/TjPEmL9Kz0QI=
Subject key identifier:   09:4D:5F:8B:66:A8:5B:A7:2D:BD:8D:E6:18:B3:2D:2E:66:45:30:5A
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01916B58BC1F3F49250757562A7B90ED042B
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/CU1fi2aoW6ctvY3mGLMtLmZFMFo.roa
Signing time:             Mon 19 Aug 2024 15:54:23 +0000
ROA not before:           Mon 19 Aug 2024 15:54:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395374
IP address blocks:        79.98.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:14:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6b:58:bc:1f:3f:49:25:07:57:56:2a:7b:90:ed:04:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Aug 19 15:54:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=094d5f8b66a85ba72dbd8de618b32d2e6645305a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:92:05:de:59:6f:e1:2f:6a:eb:4b:20:80:f4:
                    13:6f:b0:a5:bc:95:f7:92:c8:e2:07:86:d7:52:33:
                    d1:1c:c2:d4:c6:01:b8:9c:4d:81:f4:de:b0:05:80:
                    63:cd:b7:80:57:1b:9b:3e:3a:1c:0a:a5:74:28:df:
                    d3:01:69:af:cc:0b:0a:8b:62:6c:e4:dd:6e:e5:37:
                    bd:cd:6b:44:53:5e:eb:28:7c:f5:70:aa:f4:6b:c5:
                    95:55:67:0e:00:18:25:f6:b9:e4:27:c6:28:91:69:
                    2d:52:d4:4a:0c:85:7b:4e:fb:ab:55:21:4e:25:e0:
                    b1:9b:e6:79:18:e3:97:14:74:78:dd:94:93:46:29:
                    a7:6c:2f:2b:5e:4d:5b:13:e9:4f:30:30:da:62:12:
                    a1:9b:76:38:c5:dd:6b:38:7b:e2:95:65:ff:14:10:
                    b5:28:78:31:c0:09:50:7b:12:04:07:35:a3:44:c2:
                    24:ce:89:fa:ed:61:a3:20:d0:5a:e6:e3:c3:24:e6:
                    20:06:d7:d1:fc:99:e8:25:b8:3e:71:ab:15:38:94:
                    ab:db:4c:94:69:9d:6b:72:46:76:b7:0f:ed:48:c5:
                    50:00:f7:e8:33:63:c4:35:d7:8e:61:a3:e5:93:8b:
                    69:a3:94:2c:a2:e4:9b:5d:4a:5a:3a:a3:16:39:1b:
                    9f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:4D:5F:8B:66:A8:5B:A7:2D:BD:8D:E6:18:B3:2D:2E:66:45:30:5A
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/CU1fi2aoW6ctvY3mGLMtLmZFMFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:44:de:c6:ab:35:7e:ca:e5:e8:11:58:f2:cc:4c:97:f8:ba:
         25:7b:ef:8f:96:5d:38:fd:c9:0c:25:3a:a0:1e:18:3a:0f:ac:
         65:5e:a2:f5:5d:9e:ee:37:1e:d8:24:08:9e:ec:2d:46:ed:67:
         77:7d:c4:ea:e1:4a:ec:bc:f9:9b:58:87:98:22:5c:b9:c3:43:
         1c:3b:9a:da:11:39:99:f4:c8:19:51:66:79:cf:51:b7:b7:e5:
         e5:02:08:57:af:68:8d:8e:c1:4f:1f:04:ff:bc:15:c8:f4:5f:
         81:6c:33:97:50:82:50:19:bb:3f:13:35:4e:5e:a6:ab:8e:45:
         79:76:4e:69:95:b4:bf:97:b1:24:d0:18:90:ea:0a:0d:3f:f0:
         73:3b:e0:31:3e:78:38:a6:64:38:e8:31:85:45:f4:02:c3:6c:
         9c:38:f1:00:89:2d:52:96:f5:a1:ec:84:79:19:71:2e:b0:16:
         af:ad:1b:d5:71:49:fc:87:da:0b:e0:af:d0:d3:f0:e5:8b:fb:
         5b:ca:1b:e0:ea:ce:29:d0:1b:fc:45:c5:2b:51:6c:93:0f:35:
         b2:41:39:f1:71:72:15:bd:17:9c:4c:82:41:ef:46:2d:a3:c4:
         24:fb:d6:34:b1:95:e9:a1:0f:38:10:54:cf:27:88:14:63:83:
         a0:a4:ea:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFrWLwfP0klB1dWKnuQ7QQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwODE5MTU1NDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTRkNWY4YjY2YTg1YmE3MmRiZDhkZTYxOGIzMmQyZTY2NDUzMDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpIF3llv4S9q60sggPQTb7ClvJX3
ksjiB4bXUjPRHMLUxgG4nE2B9N6wBYBjzbeAVxubPjocCqV0KN/TAWmvzAsKi2Js
5N1u5Te9zWtEU17rKHz1cKr0a8WVVWcOABgl9rnkJ8YokWktUtRKDIV7TvurVSFO
JeCxm+Z5GOOXFHR43ZSTRimnbC8rXk1bE+lPMDDaYhKhm3Y4xd1rOHvilWX/FBC1
KHgxwAlQexIEBzWjRMIkzon67WGjINBa5uPDJOYgBtfR/JnoJbg+casVOJSr20yU
aZ1rckZ2tw/tSMVQAPfoM2PENdeOYaPlk4tpo5QsouSbXUpaOqMWORufewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlNX4tmqFunLb2N5hizLS5mRTBaMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvQ1UxZmkyYW9XNmN0dlkzbUdMTXRMbVpGTUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2L2MA0G
CSqGSIb3DQEBCwUAA4IBAQCeRN7GqzV+yuXoEVjyzEyX+Lole++Pll04/ckMJTqg
Hhg6D6xlXqL1XZ7uNx7YJAie7C1G7Wd3fcTq4UrsvPmbWIeYIly5w0McO5raETmZ
9MgZUWZ5z1G3t+XlAghXr2iNjsFPHwT/vBXI9F+BbDOXUIJQGbs/EzVOXqarjkV5
dk5plbS/l7Ek0BiQ6goNP/BzO+AxPng4pmQ46DGFRfQCw2ycOPEAiS1SlvWh7IR5
GXEusBavrRvVcUn8h9oL4K/Q0/Dli/tbyhvg6s4p0Bv8RcUrUWyTDzWyQTnxcXIV
vRecTIJB70Yto8Qk+9Y0sZXpoQ84EFTPJ4gUY4OgpOpz
-----END CERTIFICATE-----