Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/VYmJFPYm-S9GzUo0eLUsKfQsMf4.roa
File:                     VYmJFPYm-S9GzUo0eLUsKfQsMf4.roa (raw, json)
Hash identifier:          JBBDX6ynScvELQNgRI+P/uFrxZH12DuvQ1rlKm5C3Ro=
Subject key identifier:   55:89:89:14:F6:26:F9:2F:46:CD:4A:34:78:B5:2C:29:F4:2C:31:FE
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E1448E1E27A77F960BCA982B79415
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/VYmJFPYm-S9GzUo0eLUsKfQsMf4.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207459
IP address blocks:        79.175.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:14:48:e1:e2:7a:77:f9:60:bc:a9:82:b7:94:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55898914f626f92f46cd4a3478b52c29f42c31fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:cb:ff:a5:da:c2:7b:2c:cb:6c:ac:d8:6b:59:
                    fc:ff:cc:9d:eb:af:66:e6:8e:4e:52:9b:54:1b:2c:
                    b7:d0:00:e0:17:3a:98:00:d3:83:90:c7:b3:f6:b0:
                    84:5c:31:9b:87:38:23:61:03:04:f3:f1:a8:99:b3:
                    e2:c4:3d:f7:c7:c1:e0:30:58:8e:53:13:b6:d1:c2:
                    67:08:7b:79:8e:06:1d:ce:77:32:b6:28:e6:bb:2f:
                    fc:50:2d:02:00:98:6c:d7:e7:98:43:4b:8c:52:6d:
                    09:99:08:b1:4a:13:31:8f:24:91:f6:a7:b7:35:25:
                    1a:b6:21:9d:40:4e:e8:8d:b5:a3:20:25:d4:be:be:
                    23:6d:d8:3a:88:d9:54:4b:2d:cc:87:85:e3:59:21:
                    25:e4:e4:ac:f5:70:8d:af:79:e9:aa:b1:f0:0b:dd:
                    e9:52:0a:19:5a:13:4e:d8:ec:ef:1d:56:b0:82:4a:
                    30:39:2b:21:45:5f:3f:bf:7a:f7:e3:e4:ea:b7:e9:
                    42:17:65:29:aa:58:2f:13:b4:82:3b:3a:e5:63:55:
                    d5:e0:f0:66:8c:be:ba:44:ed:8c:52:1a:15:5e:10:
                    f3:ba:cf:f3:72:45:c2:79:26:dc:df:bc:51:4a:09:
                    d6:7c:e3:4c:4b:65:46:d4:2d:47:e5:12:91:50:9c:
                    cd:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:89:89:14:F6:26:F9:2F:46:CD:4A:34:78:B5:2C:29:F4:2C:31:FE
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/VYmJFPYm-S9GzUo0eLUsKfQsMf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:45:dc:e2:c4:ae:b2:c1:77:5e:d8:e2:6c:aa:4e:15:17:88:
         a2:d7:e9:52:df:77:98:c6:2c:39:0d:26:1d:9a:80:9b:4d:05:
         90:ba:c7:ad:02:90:de:22:0a:4d:9b:dd:ee:8f:7d:d2:62:db:
         8b:ac:84:6f:86:84:04:4a:58:30:27:fe:ab:8d:fd:32:b3:96:
         11:80:1b:7b:3e:8f:3f:e8:a5:83:e7:1a:a8:59:9c:3e:da:9c:
         bd:05:9c:a6:7c:9e:23:ac:dc:fb:76:86:6e:a1:10:cb:53:1c:
         fb:43:97:3a:9a:86:35:ac:09:7f:46:73:c9:04:a6:34:a1:76:
         be:51:c3:eb:34:f1:5c:d4:72:5b:c5:3b:8f:b5:b3:bd:7f:6d:
         5d:54:72:fc:ce:15:d1:b1:0c:46:15:0b:3a:34:bf:4a:bd:f0:
         8d:7c:53:2a:0a:af:a7:e3:17:80:14:df:8f:de:6a:a6:79:cc:
         66:36:11:fb:65:04:61:04:dd:d6:24:c8:17:21:80:26:89:e4:
         99:b2:7c:14:fa:89:aa:78:1c:5d:02:58:5a:a4:39:27:10:7b:
         ff:d8:93:f4:12:90:c2:88:cf:60:0a:7a:e8:29:4f:7f:3a:39:
         29:58:f0:5a:07:8e:91:de:67:86:7b:a8:e8:60:5d:ba:c3:dc:
         51:51:b3:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhRI4eJ6d/lgvKmCt5QVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTg5ODkxNGY2MjZmOTJmNDZjZDRhMzQ3OGI1MmMyOWY0MmMzMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8v/pdrCeyzLbKzYa1n8/8yd669m
5o5OUptUGyy30ADgFzqYANODkMez9rCEXDGbhzgjYQME8/GombPixD33x8HgMFiO
UxO20cJnCHt5jgYdzncytijmuy/8UC0CAJhs1+eYQ0uMUm0JmQixShMxjySR9qe3
NSUatiGdQE7ojbWjICXUvr4jbdg6iNlUSy3Mh4XjWSEl5OSs9XCNr3npqrHwC93p
UgoZWhNO2OzvHVawgkowOSshRV8/v3r34+Tqt+lCF2UpqlgvE7SCOzrlY1XV4PBm
jL66RO2MUhoVXhDzus/zckXCeSbc37xRSgnWfONMS2VG1C1H5RKRUJzNcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWJiRT2JvkvRs1KNHi1LCn0LDH+MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvVlltSkZQWW0tUzlHelVvMGVMVXNLZlFzTWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT69gMA0G
CSqGSIb3DQEBCwUAA4IBAQBMRdzixK6ywXde2OJsqk4VF4ii1+lS33eYxiw5DSYd
moCbTQWQusetApDeIgpNm93uj33SYtuLrIRvhoQESlgwJ/6rjf0ys5YRgBt7Po8/
6KWD5xqoWZw+2py9BZymfJ4jrNz7doZuoRDLUxz7Q5c6moY1rAl/RnPJBKY0oXa+
UcPrNPFc1HJbxTuPtbO9f21dVHL8zhXRsQxGFQs6NL9KvfCNfFMqCq+n4xeAFN+P
3mqmecxmNhH7ZQRhBN3WJMgXIYAmieSZsnwU+omqeBxdAlhapDknEHv/2JP0EpDC
iM9gCnroKU9/OjkpWPBaB46R3meGe6joYF26w9xRUbPK
-----END CERTIFICATE-----