Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/FIzZVaghtxQyyY8nKVKu_NKf0nY.roa
File:                     FIzZVaghtxQyyY8nKVKu_NKf0nY.roa (raw, json)
Hash identifier:          4MM/JijxB7abYcJAGGfiekh/cg+B5rO5MtIYxnM6F98=
Subject key identifier:   14:8C:D9:55:A8:21:B7:14:32:C9:8F:27:29:52:AE:FC:D2:9F:D2:76
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B68DA31637E614AEA45A9A17248035
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/FIzZVaghtxQyyY8nKVKu_NKf0nY.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211716
IP address blocks:        79.133.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8d:a3:16:37:e6:14:ae:a4:5a:9a:17:24:80:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=148cd955a821b71432c98f272952aefcd29fd276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ff:58:33:1c:4f:8d:d2:19:88:dd:1b:4a:6b:
                    b8:89:37:b3:3a:d0:e8:ad:f0:80:77:1d:86:92:22:
                    7d:ca:9d:72:1f:3e:84:3e:cf:13:26:2b:c9:21:04:
                    d6:72:c7:e8:9b:16:c6:55:ff:e8:94:14:00:b2:00:
                    6d:c3:16:a6:33:11:61:5e:4b:a6:ea:f1:93:13:7b:
                    b5:bd:c3:f6:79:8e:72:34:1b:d4:5c:7a:1c:c8:76:
                    5f:05:7e:ac:11:4d:cb:a0:74:ef:79:7d:3e:67:10:
                    df:c7:8a:e7:4b:d7:e7:5d:a1:ed:ee:c3:3b:50:80:
                    41:c4:c9:f4:a1:a9:52:e9:bb:b2:96:f6:a0:f4:c9:
                    f1:71:6b:0c:af:ef:d6:e9:b7:90:1d:d3:53:f4:f4:
                    14:88:69:cb:22:f2:8d:f7:90:a4:0f:25:7e:3a:ae:
                    c6:30:ab:6c:42:61:8a:67:f0:20:3d:ff:3c:05:59:
                    3b:32:5a:8b:88:85:34:18:c1:f0:6e:12:ee:db:64:
                    79:68:4a:dd:71:03:fa:5a:3a:58:2a:df:01:da:4d:
                    19:e2:e8:36:e6:af:f0:75:a2:2e:a4:53:f7:b3:0d:
                    32:91:9b:cf:0b:d0:a5:bc:d9:c0:b3:6c:88:7c:78:
                    5a:cd:5b:34:7f:b3:17:48:c4:eb:e2:11:5a:9b:ec:
                    2b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:8C:D9:55:A8:21:B7:14:32:C9:8F:27:29:52:AE:FC:D2:9F:D2:76
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/FIzZVaghtxQyyY8nKVKu_NKf0nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:ed:b6:f7:af:62:28:82:e6:87:14:6d:44:e5:fd:90:00:87:
         91:41:7f:f9:ef:16:43:12:af:5a:e5:f2:48:7d:75:d5:df:dd:
         69:fa:20:4d:b4:3f:d4:69:0f:f5:4c:ef:6c:0f:8b:fa:c5:9f:
         3b:9b:77:91:1d:5b:42:01:42:8c:52:30:2f:da:a2:3a:e5:6a:
         83:cc:b0:e5:e7:bc:e5:1e:48:f8:d0:b1:af:82:e7:d2:4f:a7:
         1c:0a:56:b4:9e:6b:83:ca:4f:1f:d7:4c:05:cd:5e:44:35:e0:
         8e:1c:de:36:e3:c3:64:78:64:42:3e:29:1e:60:1a:90:e3:ab:
         ca:9d:6b:e5:70:79:7b:7c:bd:92:d3:f9:21:cc:ec:ea:84:de:
         f1:7d:49:4b:38:79:3a:c3:3d:3b:11:35:68:13:eb:e5:54:26:
         4c:24:4d:ea:e7:6e:40:46:90:5b:da:91:ee:75:53:06:dd:5d:
         4b:17:88:55:15:cb:4d:75:a5:a9:87:3a:62:1c:ff:4c:54:45:
         d5:d4:e3:db:a1:f1:5d:f5:5e:c8:47:6a:e6:0f:f8:12:9c:80:
         be:8b:bd:99:36:56:64:12:f2:e3:8c:5e:55:2b:94:8b:21:5c:
         d8:2a:45:c5:1b:be:e2:ab:02:5d:eb:6b:1e:2d:a4:38:97:bb:
         38:06:97:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDto2jFjfmFK6kWpoXJIA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDhjZDk1NWE4MjFiNzE0MzJjOThmMjcyOTUyYWVmY2QyOWZkMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv9YMxxPjdIZiN0bSmu4iTezOtDo
rfCAdx2GkiJ9yp1yHz6EPs8TJivJIQTWcsfomxbGVf/olBQAsgBtwxamMxFhXkum
6vGTE3u1vcP2eY5yNBvUXHocyHZfBX6sEU3LoHTveX0+ZxDfx4rnS9fnXaHt7sM7
UIBBxMn0oalS6buylvag9MnxcWsMr+/W6beQHdNT9PQUiGnLIvKN95CkDyV+Oq7G
MKtsQmGKZ/AgPf88BVk7MlqLiIU0GMHwbhLu22R5aErdcQP6WjpYKt8B2k0Z4ug2
5q/wdaIupFP3sw0ykZvPC9ClvNnAs2yIfHhazVs0f7MXSMTr4hFam+wrxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSM2VWoIbcUMsmPJylSrvzSn9J2MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvRkl6WlZhZ2h0eFF5eVk4bktWS3VfTktmMG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4VgMA0G
CSqGSIb3DQEBCwUAA4IBAQCv7bb3r2IoguaHFG1E5f2QAIeRQX/57xZDEq9a5fJI
fXXV391p+iBNtD/UaQ/1TO9sD4v6xZ87m3eRHVtCAUKMUjAv2qI65WqDzLDl57zl
Hkj40LGvgufST6ccCla0nmuDyk8f10wFzV5ENeCOHN4248NkeGRCPikeYBqQ46vK
nWvlcHl7fL2S0/khzOzqhN7xfUlLOHk6wz07ETVoE+vlVCZMJE3q525ARpBb2pHu
dVMG3V1LF4hVFctNdaWphzpiHP9MVEXV1OPbofFd9V7IR2rmD/gSnIC+i72ZNlZk
EvLjjF5VK5SLIVzYKkXFG77iqwJd62seLaQ4l7s4BpcN
-----END CERTIFICATE-----