Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/CiX47d8LIXx71rlmm5jvh8X7si4.roa
File:                     CiX47d8LIXx71rlmm5jvh8X7si4.roa (raw, json)
Hash identifier:          0/bnUCT6RHLlNOF37dBuejd/bQMLzFAVhM/iNJDSLHU=
Subject key identifier:   0A:25:F8:ED:DF:0B:21:7C:7B:D6:B9:66:9B:98:EF:87:C5:FB:B2:2E
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       018CE983D75682E71BC174C31F70D91C86B7
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/CiX47d8LIXx71rlmm5jvh8X7si4.roa
Signing time:             Mon 08 Jan 2024 14:39:40 +0000
ROA not before:           Mon 08 Jan 2024 14:39:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30723
IP address blocks:        79.172.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:83:d7:56:82:e7:1b:c1:74:c3:1f:70:d9:1c:86:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  8 14:39:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a25f8eddf0b217c7bd6b9669b98ef87c5fbb22e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d4:30:09:b2:71:53:f7:78:60:ba:90:d7:ea:
                    dc:eb:9f:64:34:28:ee:34:7c:8d:e8:48:37:98:c1:
                    9d:27:8c:f8:9f:02:ad:c9:8b:53:03:74:cc:c6:43:
                    46:82:02:fd:b6:08:0e:cf:85:fc:ca:17:60:98:d4:
                    dc:21:ea:f0:cb:f9:d7:7f:d5:13:9a:02:49:97:af:
                    52:26:c4:c8:f9:15:80:21:0f:e4:6c:0d:7e:5b:43:
                    c2:6c:72:0d:7b:bd:a3:82:9f:ee:17:b1:82:62:f2:
                    4e:0a:c8:65:71:3b:c1:cc:85:92:ff:14:e6:71:e0:
                    89:dd:0c:a1:ee:50:b6:af:60:30:de:54:01:cb:29:
                    62:f7:8e:af:53:6e:f2:f0:f0:04:4a:29:5b:83:b0:
                    a6:e6:2a:ef:92:4d:50:ca:3b:16:d3:36:f3:a5:cd:
                    d9:05:9b:8f:16:1b:08:f1:25:8c:89:5d:f0:69:ea:
                    49:d2:aa:29:91:1e:a1:13:73:9a:1d:19:aa:60:db:
                    63:81:52:86:e7:8b:b5:c8:c3:2f:96:75:38:88:a0:
                    1f:88:39:48:a4:b9:4e:cb:21:2e:4f:57:d5:03:99:
                    ae:aa:a4:c1:1e:d8:91:40:c5:55:59:39:d3:91:82:
                    ef:e0:b0:f9:3d:f1:03:d4:4c:08:0a:86:93:15:03:
                    93:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:25:F8:ED:DF:0B:21:7C:7B:D6:B9:66:9B:98:EF:87:C5:FB:B2:2E
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/CiX47d8LIXx71rlmm5jvh8X7si4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:af:83:48:a8:ce:47:63:f2:d5:ff:3e:e8:59:67:4c:05:9b:
         37:16:7e:62:b7:93:34:7d:8e:84:cb:f8:5f:15:94:b9:e4:87:
         7f:59:a6:27:20:07:76:a5:24:6c:5f:27:82:5f:31:d0:4d:bf:
         45:7a:29:29:af:67:8f:f3:96:10:05:4f:d5:f8:ba:c7:e7:65:
         de:ed:e0:e0:e7:5a:d6:d2:ca:60:0b:4a:07:8e:ff:b2:25:76:
         13:92:b4:46:92:af:aa:b9:0a:9d:a7:24:68:4e:40:20:fe:12:
         91:6d:50:fe:88:fb:16:4a:61:89:d0:99:75:f8:1e:57:be:1f:
         89:2a:c2:5b:66:56:7f:4b:cd:52:dc:d4:98:ed:47:2f:7e:fd:
         04:67:3e:b0:26:b8:40:37:42:b9:ee:e6:53:eb:43:db:e6:d7:
         6f:2a:b1:a3:46:8d:0a:10:16:6c:3a:05:74:97:55:02:aa:bc:
         03:7b:aa:34:7e:40:6e:15:a0:a9:27:1b:48:62:e3:f6:e1:90:
         16:6e:40:bc:21:39:db:e5:14:1f:ad:38:0d:e1:c5:b4:4c:e0:
         14:82:a2:c9:a4:21:66:35:52:5e:ab:45:ac:41:46:a7:02:74:
         db:b0:d2:67:da:80:36:1a:9e:a7:e5:cb:d2:a8:10:d3:6f:fe:
         07:bc:40:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzpg9dWgucbwXTDH3DZHIa3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjQwMTA4MTQzOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTI1ZjhlZGRmMGIyMTdjN2JkNmI5NjY5Yjk4ZWY4N2M1ZmJiMjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotQwCbJxU/d4YLqQ1+rc659kNCju
NHyN6Eg3mMGdJ4z4nwKtyYtTA3TMxkNGggL9tggOz4X8yhdgmNTcIerwy/nXf9UT
mgJJl69SJsTI+RWAIQ/kbA1+W0PCbHINe72jgp/uF7GCYvJOCshlcTvBzIWS/xTm
ceCJ3Qyh7lC2r2Aw3lQByyli946vU27y8PAESilbg7Cm5irvkk1QyjsW0zbzpc3Z
BZuPFhsI8SWMiV3waepJ0qopkR6hE3OaHRmqYNtjgVKG54u1yMMvlnU4iKAfiDlI
pLlOyyEuT1fVA5muqqTBHtiRQMVVWTnTkYLv4LD5PfED1EwICoaTFQOTYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAol+O3fCyF8e9a5ZpuY74fF+7IuMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvQ2lYNDdkOExJWHg3MXJsbW01anZoOFg3c2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zGMA0G
CSqGSIb3DQEBCwUAA4IBAQCOr4NIqM5HY/LV/z7oWWdMBZs3Fn5it5M0fY6Ey/hf
FZS55Id/WaYnIAd2pSRsXyeCXzHQTb9Feikpr2eP85YQBU/V+LrH52Xe7eDg51rW
0spgC0oHjv+yJXYTkrRGkq+quQqdpyRoTkAg/hKRbVD+iPsWSmGJ0Jl1+B5Xvh+J
KsJbZlZ/S81S3NSY7Ucvfv0EZz6wJrhAN0K57uZT60Pb5tdvKrGjRo0KEBZsOgV0
l1UCqrwDe6o0fkBuFaCpJxtIYuP24ZAWbkC8ITnb5RQfrTgN4cW0TOAUgqLJpCFm
NVJeq0WsQUanAnTbsNJn2oA2Gp6n5cvSqBDTb/4HvEBG
-----END CERTIFICATE-----