Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/q_7f6nXEMXNlViaOa2_m5rQC_h0.roa
File:                     q_7f6nXEMXNlViaOa2_m5rQC_h0.roa (raw, json)
Hash identifier:          yaw0VH57M8uuGxQEIlVlF2RDPtR+MuVEFMu9oJFmqjE=
Subject key identifier:   AB:FE:DF:EA:75:C4:31:73:65:56:26:8E:6B:6F:E6:E6:B4:02:FE:1D
Certificate issuer:       /CN=568ae803b9ba38855401827b3eece14505a9c0f6
Certificate serial:       018CC56E6FDE21BCE5A32B8F7EEEB8741912
Authority key identifier: 56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/q_7f6nXEMXNlViaOa2_m5rQC_h0.roa
Signing time:             Mon 01 Jan 2024 14:29:58 +0000
ROA not before:           Mon 01 Jan 2024 14:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20525
IP address blocks:        79.141.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:6f:de:21:bc:e5:a3:2b:8f:7e:ee:b8:74:19:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568ae803b9ba38855401827b3eece14505a9c0f6
        Validity
            Not Before: Jan  1 14:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abfedfea75c431736556268e6b6fe6e6b402fe1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1b:3d:ec:72:23:71:af:a2:cf:e6:e7:c2:79:
                    02:c0:a6:5d:34:1c:84:81:8a:16:de:14:ab:40:e3:
                    63:7d:51:9e:7f:9d:71:a9:5f:e1:47:33:64:a2:dc:
                    1b:a4:82:2a:78:9c:4f:ae:31:71:86:6e:55:8d:fd:
                    ca:62:9e:c9:37:4d:44:82:a5:9a:4c:eb:a7:95:ce:
                    d8:2f:fb:4f:80:3d:6c:47:b2:28:77:5b:28:b5:40:
                    5d:8c:54:70:5e:28:76:39:d5:68:36:db:e2:81:d3:
                    69:11:4c:03:5c:a1:de:d3:76:e0:d5:52:81:65:5d:
                    b3:dc:66:f1:73:5c:29:20:1b:ff:3a:56:ae:f3:53:
                    d6:e5:d8:ed:e7:36:6e:b3:19:60:cd:26:1d:91:7c:
                    bb:8e:0a:f2:f4:d4:07:15:d7:24:34:5c:d1:f1:55:
                    e6:30:ff:fb:38:ac:c8:28:8d:a8:82:40:cd:2a:44:
                    1d:4d:02:41:68:e0:96:76:eb:18:f5:ca:6e:a1:c9:
                    33:d1:1b:b7:0a:1e:09:86:78:63:5a:4a:85:08:93:
                    f5:42:ab:0b:df:ba:45:15:05:4f:37:a7:66:da:b6:
                    1a:82:a8:81:0a:9e:01:93:e1:64:83:37:80:24:b4:
                    2d:73:6f:5f:67:ca:88:03:ef:af:83:f7:b5:a7:7d:
                    b8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:FE:DF:EA:75:C4:31:73:65:56:26:8E:6B:6F:E6:E6:B4:02:FE:1D
            X509v3 Authority Key Identifier:
                keyid:56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/q_7f6nXEMXNlViaOa2_m5rQC_h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.141.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:65:fa:0f:7d:14:19:06:e7:c2:57:0f:43:27:cf:ca:40:b1:
         39:1e:83:02:3e:21:af:6d:37:06:c1:8d:49:79:70:6f:97:87:
         a0:d9:e6:4a:d6:77:5b:37:6d:4d:7a:52:94:2d:bf:43:cd:2d:
         32:91:86:37:db:48:00:3a:54:6a:5c:43:d5:94:2a:04:87:de:
         74:90:e0:0c:d9:0c:28:8b:75:f2:a4:75:eb:88:a4:b7:b0:38:
         e6:f7:3b:a9:da:ae:42:e2:1e:6b:6a:2d:77:5d:4d:d0:0b:6c:
         d2:a3:dd:76:e3:52:52:7a:bf:30:4f:51:b6:90:ff:ac:d8:bd:
         eb:ee:d2:c1:75:e2:b1:f8:23:aa:e1:cb:09:b5:97:24:41:8e:
         12:8f:ee:09:63:68:e8:b1:ae:7a:c8:77:3b:f5:e0:e5:61:3a:
         e5:b9:ec:d0:38:53:78:d8:cf:2b:9f:a3:1e:3a:6b:82:c6:4b:
         47:c2:84:a0:c3:d7:6d:e6:a5:64:4b:4b:af:1a:4f:d3:2b:57:
         e3:73:77:02:3d:f8:53:bc:55:41:ab:52:4e:ca:03:3c:b0:27:
         78:71:41:e0:7d:7d:1c:1f:e5:ed:d0:d7:b8:f7:60:1a:fc:85:
         cb:d3:70:fd:74:9f:1d:8d:97:2e:29:de:15:48:6a:0e:93:f7:
         33:33:34:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbm/eIbzloyuPfu64dBkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGFlODAzYjliYTM4ODU1NDAxODI3YjNlZWNlMTQ1MDVh
OWMwZjYwHhcNMjQwMTAxMTQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmZlZGZlYTc1YzQzMTczNjU1NjI2OGU2YjZmZTZlNmI0MDJmZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBs97HIjca+iz+bnwnkCwKZdNByE
gYoW3hSrQONjfVGef51xqV/hRzNkotwbpIIqeJxPrjFxhm5Vjf3KYp7JN01EgqWa
TOunlc7YL/tPgD1sR7Iod1sotUBdjFRwXih2OdVoNtvigdNpEUwDXKHe03bg1VKB
ZV2z3Gbxc1wpIBv/Olau81PW5djt5zZusxlgzSYdkXy7jgry9NQHFdckNFzR8VXm
MP/7OKzIKI2ogkDNKkQdTQJBaOCWdusY9cpuockz0Ru3Ch4JhnhjWkqFCJP1QqsL
37pFFQVPN6dm2rYagqiBCp4Bk+FkgzeAJLQtc29fZ8qIA++vg/e1p3240wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKv+3+p1xDFzZVYmjmtv5ua0Av4dMB8GA1UdIwQY
MBaAFFaK6AO5ujiFVAGCez7s4UUFqcD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAt
OGVhZThiNzVlOWNhLzEvcV83ZjZuWEVNWE5sVmlhT2EyX201clFDX2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAtOGVhZThiNzVlOWNh
LzEvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCT43cMA0G
CSqGSIb3DQEBCwUAA4IBAQBJZfoPfRQZBufCVw9DJ8/KQLE5HoMCPiGvbTcGwY1J
eXBvl4eg2eZK1ndbN21NelKULb9DzS0ykYY320gAOlRqXEPVlCoEh950kOAM2Qwo
i3XypHXriKS3sDjm9zup2q5C4h5rai13XU3QC2zSo91241JSer8wT1G2kP+s2L3r
7tLBdeKx+COq4csJtZckQY4Sj+4JY2josa56yHc79eDlYTrluezQOFN42M8rn6Me
OmuCxktHwoSgw9dt5qVkS0uvGk/TK1fjc3cCPfhTvFVBq1JOygM8sCd4cUHgfX0c
H+Xt0Ne492Aa/IXL03D9dJ8djZcuKd4VSGoOk/czMzTG
-----END CERTIFICATE-----