Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/pQFtSfEG9sLpWQ6zzdEulcTXlDA.roa
File:                     pQFtSfEG9sLpWQ6zzdEulcTXlDA.roa (raw, json)
Hash identifier:          5ZAMsihIgROAp+q2lrlw9/Rdr0S5XIkpAvRBWS4S+Lg=
Subject key identifier:   A5:01:6D:49:F1:06:F6:C2:E9:59:0E:B3:CD:D1:2E:95:C4:D7:94:30
Certificate issuer:       /CN=7736a5c85a08d80749041cb9cfa517fb7d589ba8
Certificate serial:       018F7600AA57E1E09EE6D1F3CDDD6F276FC3
Authority key identifier: 77:36:A5:C8:5A:08:D8:07:49:04:1C:B9:CF:A5:17:FB:7D:58:9B:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/pQFtSfEG9sLpWQ6zzdEulcTXlDA.roa
Signing time:             Tue 14 May 2024 07:28:25 +0000
ROA not before:           Tue 14 May 2024 07:28:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209103
IP address blocks:        79.135.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:00:aa:57:e1:e0:9e:e6:d1:f3:cd:dd:6f:27:6f:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7736a5c85a08d80749041cb9cfa517fb7d589ba8
        Validity
            Not Before: May 14 07:28:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5016d49f106f6c2e9590eb3cdd12e95c4d79430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d7:f6:d1:0b:7a:72:35:a9:96:e0:56:83:7d:
                    61:43:24:de:fa:99:58:a1:8f:3a:99:69:57:ef:62:
                    c5:bf:eb:2a:b9:9f:09:fc:a2:28:ea:eb:3a:84:fd:
                    9c:69:f8:90:f9:21:48:ab:25:a9:b0:5f:ae:c9:2c:
                    c9:6b:f0:4d:b3:27:d8:39:2e:44:95:b9:fb:2b:4c:
                    2b:f1:5c:75:12:53:11:53:47:c4:92:f2:40:95:bc:
                    a1:b4:85:4d:48:ae:bd:c8:63:bb:01:7a:61:af:a3:
                    02:4b:97:09:f2:57:24:2f:72:65:ec:e6:f1:3a:1f:
                    6f:eb:71:cd:a9:e4:c9:ce:d8:e9:6a:ee:eb:37:f8:
                    9b:33:b5:f6:ce:79:21:a1:0e:c8:13:81:c7:85:11:
                    7f:38:1a:9a:9b:90:13:21:3a:8a:61:a6:80:f9:c5:
                    dc:9c:93:1d:c3:f6:20:54:40:a9:fd:c3:b6:b8:4c:
                    f2:7a:57:30:73:48:29:77:36:55:fb:f3:dd:07:42:
                    2a:9c:c7:27:50:82:5b:03:97:65:2c:ca:02:41:9a:
                    22:f9:3b:a4:d3:70:4a:42:2f:59:d4:e1:73:58:4c:
                    89:10:af:e7:37:50:37:bf:e1:4a:ac:7d:b0:cd:48:
                    06:d1:ad:48:ae:cb:a9:1b:2a:cd:c8:63:5a:b8:52:
                    5c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:01:6D:49:F1:06:F6:C2:E9:59:0E:B3:CD:D1:2E:95:C4:D7:94:30
            X509v3 Authority Key Identifier:
                keyid:77:36:A5:C8:5A:08:D8:07:49:04:1C:B9:CF:A5:17:FB:7D:58:9B:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/pQFtSfEG9sLpWQ6zzdEulcTXlDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.135.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:2c:f9:2c:bb:2c:f4:c6:c7:92:c5:79:82:a8:f4:83:af:3e:
         1a:df:74:ef:e4:21:35:79:e1:58:8f:b7:c9:00:cf:24:28:ad:
         92:98:ca:a2:4f:c0:e6:ba:35:94:16:c4:0f:ed:19:21:8b:53:
         4d:b2:57:53:37:45:2d:07:2e:12:f2:17:f2:29:6f:34:68:6c:
         43:5a:fb:61:38:a3:20:81:aa:34:71:d0:3d:fa:18:d2:39:71:
         79:f2:70:bf:dc:f0:02:87:ad:13:51:43:97:e8:68:6f:81:81:
         3a:a3:e7:d5:e1:d1:65:c6:78:44:61:09:36:f3:22:14:54:4b:
         c6:f7:0a:58:9b:a6:77:29:cf:55:6d:0a:e4:ed:97:b8:6b:50:
         f9:3a:11:46:2d:15:96:cd:27:74:0e:3f:62:3c:49:39:7f:f1:
         14:e5:0c:54:65:d5:8f:a5:b3:f9:8f:44:a1:e7:db:a8:64:60:
         f0:57:42:27:09:03:da:03:97:4a:7f:c4:06:fc:16:0d:63:2d:
         3d:fe:86:10:6c:c0:5a:18:5b:11:55:8e:f5:c1:3b:8a:e8:81:
         f7:ab:04:dc:43:97:11:20:7f:84:97:89:5d:b7:d2:50:b9:14:
         f8:41:fb:e2:7c:cc:00:7d:ca:b7:5f:b8:fb:6c:9a:d9:c9:6b:
         1d:95:03:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY92AKpX4eCe5tHzzd1vJ2/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MzZhNWM4NWEwOGQ4MDc0OTA0MWNiOWNmYTUxN2ZiN2Q1
ODliYTgwHhcNMjQwNTE0MDcyODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTAxNmQ0OWYxMDZmNmMyZTk1OTBlYjNjZGQxMmU5NWM0ZDc5NDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNf20Qt6cjWpluBWg31hQyTe+plY
oY86mWlX72LFv+squZ8J/KIo6us6hP2cafiQ+SFIqyWpsF+uySzJa/BNsyfYOS5E
lbn7K0wr8Vx1ElMRU0fEkvJAlbyhtIVNSK69yGO7AXphr6MCS5cJ8lckL3Jl7Obx
Oh9v63HNqeTJztjpau7rN/ibM7X2znkhoQ7IE4HHhRF/OBqam5ATITqKYaaA+cXc
nJMdw/YgVECp/cO2uEzyelcwc0gpdzZV+/PdB0IqnMcnUIJbA5dlLMoCQZoi+Tuk
03BKQi9Z1OFzWEyJEK/nN1A3v+FKrH2wzUgG0a1IrsupGyrNyGNauFJc6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUBbUnxBvbC6VkOs83RLpXE15QwMB8GA1UdIwQY
MBaAFHc2pchaCNgHSQQcuc+lF/t9WJuoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHphbHlGb0kyQWRKQkJ5NXo2VVgtMzFZbTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82ZGEyODktYWJlYy00OWY1LWE3NTkt
Y2YxZjRjN2M5MjIyLzEvcFFGdFNmRUc5c0xwV1E2enpkRXVsY1RYbERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82ZGEyODktYWJlYy00OWY1LWE3NTktY2YxZjRjN2M5MjIy
LzEvZHphbHlGb0kyQWRKQkJ5NXo2VVgtMzFZbTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4doMA0G
CSqGSIb3DQEBCwUAA4IBAQALLPksuyz0xseSxXmCqPSDrz4a33Tv5CE1eeFYj7fJ
AM8kKK2SmMqiT8DmujWUFsQP7Rkhi1NNsldTN0UtBy4S8hfyKW80aGxDWvthOKMg
gao0cdA9+hjSOXF58nC/3PACh60TUUOX6GhvgYE6o+fV4dFlxnhEYQk28yIUVEvG
9wpYm6Z3Kc9VbQrk7Ze4a1D5OhFGLRWWzSd0Dj9iPEk5f/EU5QxUZdWPpbP5j0Sh
59uoZGDwV0InCQPaA5dKf8QG/BYNYy09/oYQbMBaGFsRVY71wTuK6IH3qwTcQ5cR
IH+El4ldt9JQuRT4QfvifMwAfcq3X7j7bJrZyWsdlQO5
-----END CERTIFICATE-----