Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/CNWBgERMyYG8nQIpetoFd4LzedI.roa
File:                     CNWBgERMyYG8nQIpetoFd4LzedI.roa (raw, json)
Hash identifier:          NwuRhYdyBW7A3aN0aMjf6KL9ExrHB+ZHJHjcusIK5yk=
Subject key identifier:   08:D5:81:80:44:4C:C9:81:BC:9D:02:29:7A:DA:05:77:82:F3:79:D2
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B6886E0D2569AE616EA06577171006
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/CNWBgERMyYG8nQIpetoFd4LzedI.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60006
IP address blocks:        79.133.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:88:6e:0d:25:69:ae:61:6e:a0:65:77:17:10:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08d58180444cc981bc9d02297ada057782f379d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:47:25:7e:48:03:47:be:a0:38:84:cf:f3:b4:
                    99:f4:04:f7:d1:f3:d4:42:12:bb:2d:f2:ac:50:fd:
                    4a:75:1d:e1:6e:d5:b3:a4:48:4c:10:95:5d:41:e6:
                    9e:e4:3d:5a:dc:53:4d:50:31:34:18:0c:e0:79:14:
                    af:b6:64:63:b1:c0:4b:db:21:c3:c8:99:99:71:db:
                    1b:50:f5:d1:fb:cf:47:ac:d4:20:c4:ae:ca:53:8f:
                    dc:ea:e3:de:c4:15:e9:04:d8:1a:ef:6c:e0:08:5f:
                    8c:98:85:01:6c:0a:7a:f6:17:f7:ca:57:b7:c8:e5:
                    2c:5f:da:dc:7c:90:74:cf:68:42:5e:e0:06:63:b3:
                    1e:a0:d4:4d:48:aa:b8:5d:77:ad:c2:e9:b0:28:07:
                    64:7e:eb:66:a4:ab:3d:e6:5c:35:93:50:0d:ce:b0:
                    35:3d:83:41:da:04:b0:6d:42:c5:84:1e:06:47:fd:
                    37:99:44:9e:86:2f:2e:08:a2:49:2a:9d:af:84:95:
                    d0:52:13:b6:b0:b2:b2:56:08:7b:03:4b:24:9e:a4:
                    67:fb:b2:84:97:eb:34:3f:21:0d:03:08:89:92:36:
                    7d:34:09:90:7d:c4:5e:4c:06:74:31:a3:67:01:2e:
                    91:b5:e6:6c:11:e2:d2:3a:6d:e7:84:bc:6c:a9:37:
                    ea:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D5:81:80:44:4C:C9:81:BC:9D:02:29:7A:DA:05:77:82:F3:79:D2
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/CNWBgERMyYG8nQIpetoFd4LzedI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:f3:d3:d5:f2:fe:cb:1d:89:93:5e:a1:88:f7:e0:1f:7f:65:
         0d:ae:c4:bf:ed:db:7b:51:e6:67:7e:66:8b:cf:aa:7b:bf:de:
         40:37:e8:c2:74:d3:ec:ab:1c:9b:f4:57:28:a9:8f:67:5b:af:
         9c:cf:a0:c7:48:57:e8:f2:79:8d:57:e1:3e:22:b3:a6:7c:f3:
         62:96:1c:55:7a:2e:46:19:b3:55:2a:f6:99:e1:2a:49:81:0c:
         0e:68:e1:33:88:56:89:8b:03:ae:45:c1:8b:34:d8:93:2b:42:
         9e:da:e2:5e:40:12:ae:54:11:76:84:a2:1c:fb:1c:70:07:38:
         5e:b9:30:91:38:f0:7c:0f:3d:f7:c6:2a:c0:7d:c2:ec:16:1b:
         7c:f2:59:b0:8b:9a:1f:50:cd:3f:24:52:19:20:40:97:7e:6e:
         9c:92:4a:e8:37:c9:ab:c2:6d:4f:26:de:e5:28:e6:9a:fd:e1:
         cf:f1:aa:8a:94:05:67:f1:12:c5:dc:d6:33:26:9b:b7:49:54:
         26:50:bf:2e:93:0d:86:53:4e:d0:50:0a:00:c8:2d:19:c0:13:
         3e:50:9c:db:80:93:71:4c:fd:f5:3f:01:b2:94:72:fb:6c:25:
         9c:13:4a:d1:69:56:28:8c:b0:db:11:5e:c7:86:5e:24:9c:ed:
         3d:ae:19:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtohuDSVprmFuoGV3FxAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ1ODE4MDQ0NGNjOTgxYmM5ZDAyMjk3YWRhMDU3NzgyZjM3OWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUclfkgDR76gOITP87SZ9AT30fPU
QhK7LfKsUP1KdR3hbtWzpEhMEJVdQeae5D1a3FNNUDE0GAzgeRSvtmRjscBL2yHD
yJmZcdsbUPXR+89HrNQgxK7KU4/c6uPexBXpBNga72zgCF+MmIUBbAp69hf3yle3
yOUsX9rcfJB0z2hCXuAGY7MeoNRNSKq4XXetwumwKAdkfutmpKs95lw1k1ANzrA1
PYNB2gSwbULFhB4GR/03mUSehi8uCKJJKp2vhJXQUhO2sLKyVgh7A0sknqRn+7KE
l+s0PyENAwiJkjZ9NAmQfcReTAZ0MaNnAS6RteZsEeLSOm3nhLxsqTfqjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjVgYBETMmBvJ0CKXraBXeC83nSMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvQ05XQmdFUk15WUc4blFJcGV0b0ZkNEx6ZWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4VpMA0G
CSqGSIb3DQEBCwUAA4IBAQBN89PV8v7LHYmTXqGI9+Aff2UNrsS/7dt7UeZnfmaL
z6p7v95AN+jCdNPsqxyb9FcoqY9nW6+cz6DHSFfo8nmNV+E+IrOmfPNilhxVei5G
GbNVKvaZ4SpJgQwOaOEziFaJiwOuRcGLNNiTK0Ke2uJeQBKuVBF2hKIc+xxwBzhe
uTCROPB8Dz33xirAfcLsFht88lmwi5ofUM0/JFIZIECXfm6ckkroN8mrwm1PJt7l
KOaa/eHP8aqKlAVn8RLF3NYzJpu3SVQmUL8ukw2GU07QUAoAyC0ZwBM+UJzbgJNx
TP31PwGylHL7bCWcE0rRaVYojLDbEV7Hhl4knO09rhk1
-----END CERTIFICATE-----