Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/y8ZQfErteaop1KHDtYOKb6615b8.roa
File:                     y8ZQfErteaop1KHDtYOKb6615b8.roa (raw, json)
Hash identifier:          mfhiDUxnsvM/GbAyXvNB9GiQpZG+IbY9ynO0eWWG0zE=
Subject key identifier:   CB:C6:50:7C:4A:ED:79:AA:29:D4:A1:C3:B5:83:8A:6F:AE:B5:E5:BF
Certificate issuer:       /CN=bafd79b6dd85290fef6169a44e426107d274651a
Certificate serial:       018EC3295E2CD1AF73572B54EC9FE768AB32
Authority key identifier: BA:FD:79:B6:DD:85:29:0F:EF:61:69:A4:4E:42:61:07:D2:74:65:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/y8ZQfErteaop1KHDtYOKb6615b8.roa
Signing time:             Tue 09 Apr 2024 14:00:51 +0000
ROA not before:           Tue 09 Apr 2024 14:00:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198362
IP address blocks:        176.117.78.0/24 maxlen: 24
                          176.117.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:29:5e:2c:d1:af:73:57:2b:54:ec:9f:e7:68:ab:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bafd79b6dd85290fef6169a44e426107d274651a
        Validity
            Not Before: Apr  9 14:00:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbc6507c4aed79aa29d4a1c3b5838a6faeb5e5bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:06:69:29:f9:59:08:c0:1b:c9:6c:ff:ca:b1:
                    f2:97:f6:86:2e:ec:a8:20:1c:31:c6:35:b0:5a:54:
                    8b:8a:ed:4b:d5:a5:1d:7b:2e:7b:ec:15:81:cc:0e:
                    9e:3c:bd:ee:26:33:0c:f0:01:4c:6d:aa:5e:26:31:
                    68:dd:d9:df:ef:0d:3b:74:46:a6:ab:13:80:9f:01:
                    ee:31:c3:e7:ff:86:84:1d:7d:7f:e4:98:ab:59:38:
                    74:68:dd:ab:5b:6b:93:7d:ca:53:09:49:22:a2:29:
                    7e:90:b3:e3:07:60:04:85:6f:b7:a5:14:c7:94:1c:
                    ae:55:11:99:87:36:bf:cb:12:2b:0d:12:01:e9:68:
                    99:0a:21:90:7e:52:19:f6:06:c0:02:77:c1:c7:ba:
                    d9:c2:1b:0f:29:d8:45:00:96:a5:ac:76:52:af:69:
                    1d:37:ac:ec:84:4b:25:14:62:37:2c:12:13:e1:79:
                    39:b4:b6:29:83:c5:63:ba:e8:49:bb:55:b5:ec:52:
                    b5:d5:cc:e2:24:30:fe:b7:09:15:71:d5:29:0b:1d:
                    d5:8f:00:fe:9b:93:9c:80:97:4b:1a:79:2a:2e:27:
                    4e:bc:ae:e4:32:cd:50:89:2d:9f:b9:e2:95:6a:81:
                    a4:03:7a:a6:53:46:cf:62:e3:2b:c5:ac:9c:0d:cf:
                    93:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C6:50:7C:4A:ED:79:AA:29:D4:A1:C3:B5:83:8A:6F:AE:B5:E5:BF
            X509v3 Authority Key Identifier:
                keyid:BA:FD:79:B6:DD:85:29:0F:EF:61:69:A4:4E:42:61:07:D2:74:65:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/y8ZQfErteaop1KHDtYOKb6615b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/169a21-f3c1-43b9-ade5-8696a96044f2/1/uv15tt2FKQ_vYWmkTkJhB9J0ZRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:fb:c7:4d:cc:cd:f2:15:3e:55:ce:80:da:b4:d7:11:ed:5f:
         d0:d7:df:85:7d:5d:91:b0:fe:e8:d8:7a:3f:6f:0b:6b:73:8b:
         a9:e6:5a:34:68:65:e2:2e:dc:0f:d7:c5:2f:97:98:d6:d0:90:
         2b:37:d1:91:0a:04:20:e1:4f:c6:f0:d8:8a:fa:8d:5f:ee:8c:
         e0:62:72:33:e1:de:9c:d9:ad:5b:80:eb:ac:f4:9a:53:71:81:
         9f:eb:3d:b5:dc:4b:cd:10:21:dd:c2:f7:f5:db:60:94:83:2c:
         45:25:96:be:82:8f:0f:61:ba:48:71:12:e1:f6:f0:84:13:82:
         b9:b9:2b:a0:e2:a5:53:e8:d8:2b:04:dc:91:09:04:bc:a4:10:
         5e:75:e4:06:d4:09:c0:7a:fc:86:00:15:03:f3:bc:f6:7a:db:
         95:7d:13:73:70:55:c0:22:80:0c:3b:79:44:cc:81:08:b2:01:
         69:71:1b:16:87:62:5b:d6:f4:13:2f:e6:d4:2d:12:20:af:29:
         b2:16:50:33:8e:7a:9d:fc:e2:43:f8:4f:86:fb:96:19:89:f5:
         dc:f9:f2:cf:cc:93:c7:6a:96:88:2a:14:aa:83:1c:7e:99:cc:
         35:0b:2b:8b:21:b6:ca:e4:ea:28:9a:de:a6:d9:a0:78:73:25:
         e5:e2:b8:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7DKV4s0a9zVytU7J/naKsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhZmQ3OWI2ZGQ4NTI5MGZlZjYxNjlhNDRlNDI2MTA3ZDI3
NDY1MWEwHhcNMjQwNDA5MTQwMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmM2NTA3YzRhZWQ3OWFhMjlkNGExYzNiNTgzOGE2ZmFlYjVlNWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQZpKflZCMAbyWz/yrHyl/aGLuyo
IBwxxjWwWlSLiu1L1aUdey577BWBzA6ePL3uJjMM8AFMbapeJjFo3dnf7w07dEam
qxOAnwHuMcPn/4aEHX1/5JirWTh0aN2rW2uTfcpTCUkioil+kLPjB2AEhW+3pRTH
lByuVRGZhza/yxIrDRIB6WiZCiGQflIZ9gbAAnfBx7rZwhsPKdhFAJalrHZSr2kd
N6zshEslFGI3LBIT4Xk5tLYpg8VjuuhJu1W17FK11cziJDD+twkVcdUpCx3VjwD+
m5OcgJdLGnkqLidOvK7kMs1QiS2fueKVaoGkA3qmU0bPYuMrxaycDc+TewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvGUHxK7XmqKdShw7WDim+uteW/MB8GA1UdIwQY
MBaAFLr9ebbdhSkP72FppE5CYQfSdGUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXYxNXR0MkZLUV92WVdta1RrSmhCOUowWlJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8xNjlhMjEtZjNjMS00M2I5LWFkZTUt
ODY5NmE5NjA0NGYyLzEveThaUWZFcnRlYW9wMUtIRHRZT0tiNjYxNWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8xNjlhMjEtZjNjMS00M2I5LWFkZTUtODY5NmE5NjA0NGYy
LzEvdXYxNXR0MkZLUV92WVdta1RrSmhCOUowWlJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHVOMA0G
CSqGSIb3DQEBCwUAA4IBAQAG+8dNzM3yFT5VzoDatNcR7V/Q19+FfV2RsP7o2Ho/
bwtrc4up5lo0aGXiLtwP18Uvl5jW0JArN9GRCgQg4U/G8NiK+o1f7ozgYnIz4d6c
2a1bgOus9JpTcYGf6z213EvNECHdwvf122CUgyxFJZa+go8PYbpIcRLh9vCEE4K5
uSug4qVT6NgrBNyRCQS8pBBedeQG1AnAevyGABUD87z2etuVfRNzcFXAIoAMO3lE
zIEIsgFpcRsWh2Jb1vQTL+bULRIgrymyFlAzjnqd/OJD+E+G+5YZifXc+fLPzJPH
apaIKhSqgxx+mcw1CyuLIbbK5Ooomt6m2aB4cyXl4rh0
-----END CERTIFICATE-----