Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/4NEMpfMbzSM6hJT3-Ok8lXTGCAw.roa
File:                     4NEMpfMbzSM6hJT3-Ok8lXTGCAw.roa (raw, json)
Hash identifier:          3iB0YfQ7r7ECNMYAruHB1kY/a+NorBAu/eVTAPGt+84=
Subject key identifier:   E0:D1:0C:A5:F3:1B:CD:23:3A:84:94:F7:F8:E9:3C:95:74:C6:08:0C
Certificate issuer:       /CN=7736a5c85a08d80749041cb9cfa517fb7d589ba8
Certificate serial:       0191B326B080615D9825605C9C4E3399C683
Authority key identifier: 77:36:A5:C8:5A:08:D8:07:49:04:1C:B9:CF:A5:17:FB:7D:58:9B:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/4NEMpfMbzSM6hJT3-Ok8lXTGCAw.roa
Signing time:             Mon 02 Sep 2024 14:32:22 +0000
ROA not before:           Mon 02 Sep 2024 14:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        79.135.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b3:26:b0:80:61:5d:98:25:60:5c:9c:4e:33:99:c6:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7736a5c85a08d80749041cb9cfa517fb7d589ba8
        Validity
            Not Before: Sep  2 14:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0d10ca5f31bcd233a8494f7f8e93c9574c6080c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ee:17:bd:30:39:43:80:ce:31:0d:d8:5c:bc:
                    97:e2:ab:58:ff:54:69:8c:dc:aa:0e:14:5d:c6:d8:
                    8f:2f:53:82:48:97:c9:af:fd:3a:45:d5:ef:97:b5:
                    73:0c:46:87:f2:42:e4:ab:18:50:9a:aa:ca:89:94:
                    50:9e:f2:5b:f1:44:17:92:8d:2d:c8:80:d8:ca:7d:
                    03:4e:86:4e:e0:6c:d0:29:1e:af:e0:f5:17:e0:fb:
                    03:b0:f8:40:4a:26:af:34:82:11:b5:b8:6b:79:7d:
                    66:2d:f3:d6:db:c0:5a:b1:6d:8d:e4:39:98:de:b2:
                    fe:81:8d:33:e3:25:36:a8:7c:1b:8d:cc:e0:00:f7:
                    b9:8c:4b:77:4a:7a:aa:5d:c0:bb:94:3f:bd:9f:4f:
                    2b:33:a7:e2:87:ab:86:1a:6c:27:52:f0:cd:d6:75:
                    dc:fc:72:44:3a:c5:a7:d2:a6:d9:fe:32:f5:3b:5b:
                    e3:c7:48:55:12:0e:c6:57:aa:74:d9:89:c8:12:d0:
                    73:19:76:22:92:b7:02:e6:6e:25:c1:9a:9f:0c:46:
                    2e:4b:af:86:16:e7:70:8c:7e:2c:26:68:31:f8:46:
                    8d:88:7d:53:02:84:fe:e2:3f:15:5d:fa:7e:f5:2b:
                    46:c5:8c:83:eb:78:78:c7:94:15:a9:a3:90:42:80:
                    0d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D1:0C:A5:F3:1B:CD:23:3A:84:94:F7:F8:E9:3C:95:74:C6:08:0C
            X509v3 Authority Key Identifier:
                keyid:77:36:A5:C8:5A:08:D8:07:49:04:1C:B9:CF:A5:17:FB:7D:58:9B:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/4NEMpfMbzSM6hJT3-Ok8lXTGCAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.135.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:7b:73:82:5d:f8:ce:2f:2a:11:d8:03:7a:58:ba:5a:8d:56:
         7b:db:86:c5:78:5d:db:69:fd:e4:8e:c3:18:8e:5e:29:df:41:
         2e:f0:f0:e1:60:55:fe:3c:46:d6:09:59:f5:19:2f:e0:3e:89:
         04:68:f9:e1:cd:c3:83:60:3a:14:a9:07:16:1d:de:ab:14:84:
         4d:16:c5:08:2d:17:30:05:b5:c9:30:c6:c3:a5:b0:88:0e:14:
         53:72:9c:18:0a:69:de:ec:02:42:ba:b5:f0:0e:87:34:93:ee:
         46:5a:47:65:78:e3:6e:d5:18:61:d6:81:2f:4d:ad:3e:34:ff:
         46:80:b0:d8:de:69:02:56:a5:02:2e:11:1b:79:5b:1e:05:71:
         c2:25:01:8b:ec:ba:08:94:67:3f:03:c7:dc:1b:7a:90:5d:a7:
         66:65:39:90:ed:38:b1:5f:d3:cc:93:56:73:59:ba:1c:d2:b3:
         ce:07:34:0d:96:e3:ff:31:0e:29:42:40:f7:5d:af:97:0c:9d:
         65:dc:b4:f6:cf:e9:5a:7b:74:6a:7c:80:07:c6:3d:64:c3:8e:
         e3:81:b4:a3:9f:89:80:fe:49:41:16:27:cf:bd:81:e5:f7:c6:
         ae:58:ab:c6:0c:58:3f:36:33:ca:33:d5:f0:77:01:07:cc:46:
         31:f2:58:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGzJrCAYV2YJWBcnE4zmcaDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MzZhNWM4NWEwOGQ4MDc0OTA0MWNiOWNmYTUxN2ZiN2Q1
ODliYTgwHhcNMjQwOTAyMTQzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGQxMGNhNWYzMWJjZDIzM2E4NDk0ZjdmOGU5M2M5NTc0YzYwODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+4XvTA5Q4DOMQ3YXLyX4qtY/1Rp
jNyqDhRdxtiPL1OCSJfJr/06RdXvl7VzDEaH8kLkqxhQmqrKiZRQnvJb8UQXko0t
yIDYyn0DToZO4GzQKR6v4PUX4PsDsPhASiavNIIRtbhreX1mLfPW28BasW2N5DmY
3rL+gY0z4yU2qHwbjczgAPe5jEt3SnqqXcC7lD+9n08rM6fih6uGGmwnUvDN1nXc
/HJEOsWn0qbZ/jL1O1vjx0hVEg7GV6p02YnIEtBzGXYikrcC5m4lwZqfDEYuS6+G
FudwjH4sJmgx+EaNiH1TAoT+4j8VXfp+9StGxYyD63h4x5QVqaOQQoANEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODRDKXzG80jOoSU9/jpPJV0xggMMB8GA1UdIwQY
MBaAFHc2pchaCNgHSQQcuc+lF/t9WJuoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHphbHlGb0kyQWRKQkJ5NXo2VVgtMzFZbTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82ZGEyODktYWJlYy00OWY1LWE3NTkt
Y2YxZjRjN2M5MjIyLzEvNE5FTXBmTWJ6U002aEpUMy1PazhsWFRHQ0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82ZGEyODktYWJlYy00OWY1LWE3NTktY2YxZjRjN2M5MjIy
LzEvZHphbHlGb0kyQWRKQkJ5NXo2VVgtMzFZbTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4dpMA0G
CSqGSIb3DQEBCwUAA4IBAQBXe3OCXfjOLyoR2AN6WLpajVZ724bFeF3baf3kjsMY
jl4p30Eu8PDhYFX+PEbWCVn1GS/gPokEaPnhzcODYDoUqQcWHd6rFIRNFsUILRcw
BbXJMMbDpbCIDhRTcpwYCmne7AJCurXwDoc0k+5GWkdleONu1Rhh1oEvTa0+NP9G
gLDY3mkCVqUCLhEbeVseBXHCJQGL7LoIlGc/A8fcG3qQXadmZTmQ7TixX9PMk1Zz
Wboc0rPOBzQNluP/MQ4pQkD3Xa+XDJ1l3LT2z+lae3RqfIAHxj1kw47jgbSjn4mA
/klBFifPvYHl98auWKvGDFg/NjPKM9XwdwEHzEYx8lj8
-----END CERTIFICATE-----