Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/f_Hn5Chp90gAcnNIxknYo8S1rh8.roa
File:                     f_Hn5Chp90gAcnNIxknYo8S1rh8.roa (raw, json)
Hash identifier:          Yn5KmO/foWN5gOePWfTaEc9lW3Qi9T7jvi3/jdaP0eE=
Subject key identifier:   7F:F1:E7:E4:28:69:F7:48:00:72:73:48:C6:49:D8:A3:C4:B5:AE:1F
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018D94F14300C4CF7743933DA413B89037D0
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/f_Hn5Chp90gAcnNIxknYo8S1rh8.roa
Signing time:             Sat 10 Feb 2024 21:34:15 +0000
ROA not before:           Sat 10 Feb 2024 21:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        79.98.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:94:f1:43:00:c4:cf:77:43:93:3d:a4:13:b8:90:37:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Feb 10 21:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ff1e7e42869f74800727348c649d8a3c4b5ae1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f6:7d:23:18:9a:3c:b7:63:be:7d:b2:2d:d0:
                    31:91:2e:b3:78:2b:69:ea:59:af:b2:e7:ed:3a:b6:
                    b5:01:0e:a5:2d:3e:ce:a2:0d:7d:de:52:eb:f8:fe:
                    08:7d:10:eb:7f:d4:a5:c4:46:b5:aa:5e:62:38:ad:
                    56:8f:80:90:5e:5a:17:72:a2:af:86:0e:52:9e:c4:
                    fc:ec:c4:ff:dc:da:ab:5d:81:3b:02:38:ce:2b:5f:
                    6a:4e:ac:62:27:d4:53:14:32:f4:26:40:46:11:d9:
                    d6:ed:60:6d:75:da:64:d4:83:a7:dd:02:85:07:84:
                    b6:20:5f:55:d9:ca:ec:f2:98:25:d0:64:7a:6b:ab:
                    8d:08:93:4e:30:65:b7:85:2f:4a:f7:d6:18:82:88:
                    1d:16:9c:10:9d:00:62:f3:a1:1b:81:c8:dc:24:3c:
                    0c:42:e1:ee:bb:ac:a9:76:9d:8c:e5:4f:cf:0a:df:
                    3a:47:e7:d6:a4:15:6e:ed:46:b2:61:4d:2b:aa:6a:
                    e1:12:cf:8f:a0:bf:7b:5e:a2:6a:10:af:30:fb:a5:
                    82:d6:3c:bf:ac:d9:ee:3e:c0:dd:e6:1d:c3:b6:13:
                    20:a9:43:2e:4d:d4:ef:93:26:f8:8a:a7:7e:9a:0d:
                    47:20:68:51:05:fd:8e:d6:fc:2c:b2:23:b4:2f:04:
                    1c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F1:E7:E4:28:69:F7:48:00:72:73:48:C6:49:D8:A3:C4:B5:AE:1F
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/f_Hn5Chp90gAcnNIxknYo8S1rh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:84:b5:5a:44:a3:3f:d8:4e:7a:96:87:d7:94:5e:95:30:25:
         a4:a9:bb:9b:8e:de:28:24:e8:45:60:04:01:ed:e7:a7:3a:e0:
         84:a6:20:d8:77:dd:6b:fd:91:79:42:76:c8:da:37:6d:eb:9b:
         27:b1:cd:5b:bf:09:79:97:3b:80:44:ef:17:0c:63:e9:7a:ef:
         31:52:96:e4:59:c1:6c:3b:76:20:ca:e4:f6:0b:40:a6:62:53:
         c1:a6:c1:36:e9:e2:0f:b1:04:dd:ab:e3:0d:9a:14:6d:bc:5a:
         c5:81:0e:5e:83:2a:8d:be:bb:7e:8e:89:9d:d5:16:52:11:d5:
         a5:9a:91:64:89:28:ed:3a:76:b2:90:2e:a5:2d:6f:e0:90:c4:
         52:27:9f:75:03:46:ab:47:b6:db:6b:0a:e0:6c:ba:25:58:79:
         fd:0a:ff:8a:88:8a:26:f2:1e:9f:ce:74:fd:69:8c:99:ab:89:
         07:1b:57:07:4d:e4:82:f0:4f:99:22:83:02:25:70:fd:9e:93:
         dc:e8:4d:b9:2f:7c:c1:b8:f7:4b:93:f7:cf:98:99:9e:a8:ce:
         b3:8e:1e:82:98:3d:3f:94:dc:5a:c1:26:24:fc:b1:8e:ec:25:
         b5:a2:61:7f:5b:45:3e:ae:5f:61:4d:fc:a6:4b:7f:96:a5:d3:
         21:b4:33:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2U8UMAxM93Q5M9pBO4kDfQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMjEwMjEzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmYxZTdlNDI4NjlmNzQ4MDA3MjczNDhjNjQ5ZDhhM2M0YjVhZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivZ9IxiaPLdjvn2yLdAxkS6zeCtp
6lmvsuftOra1AQ6lLT7Oog193lLr+P4IfRDrf9SlxEa1ql5iOK1Wj4CQXloXcqKv
hg5SnsT87MT/3NqrXYE7AjjOK19qTqxiJ9RTFDL0JkBGEdnW7WBtddpk1IOn3QKF
B4S2IF9V2crs8pgl0GR6a6uNCJNOMGW3hS9K99YYgogdFpwQnQBi86EbgcjcJDwM
QuHuu6ypdp2M5U/PCt86R+fWpBVu7UayYU0rqmrhEs+PoL97XqJqEK8w+6WC1jy/
rNnuPsDd5h3DthMgqUMuTdTvkyb4iqd+mg1HIGhRBf2O1vwssiO0LwQc8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/x5+QoafdIAHJzSMZJ2KPEta4fMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvZl9IbjVDaHA5MGdBY25OSXhrbllvOFMxcmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2L3MA0G
CSqGSIb3DQEBCwUAA4IBAQAzhLVaRKM/2E56lofXlF6VMCWkqbubjt4oJOhFYAQB
7eenOuCEpiDYd91r/ZF5QnbI2jdt65snsc1bvwl5lzuARO8XDGPpeu8xUpbkWcFs
O3YgyuT2C0CmYlPBpsE26eIPsQTdq+MNmhRtvFrFgQ5egyqNvrt+jomd1RZSEdWl
mpFkiSjtOnaykC6lLW/gkMRSJ591A0arR7bbawrgbLolWHn9Cv+KiIom8h6fznT9
aYyZq4kHG1cHTeSC8E+ZIoMCJXD9npPc6E25L3zBuPdLk/fPmJmeqM6zjh6CmD0/
lNxawSYk/LGO7CW1omF/W0U+rl9hTfymS3+WpdMhtDO4
-----END CERTIFICATE-----