Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/x2IOH8qJMwYWbdCclDBOmWDGSiY.roa
File:                     x2IOH8qJMwYWbdCclDBOmWDGSiY.roa (raw, json)
Hash identifier:          Z7phgELLyk+3Qv+GikMPSlZI0h2j8HOl6U10ZQeOHAk=
Subject key identifier:   C7:62:0E:1F:CA:89:33:06:16:6D:D0:9C:94:30:4E:99:60:C6:4A:26
Certificate issuer:       /CN=ebbc0d60bd3a90bd5e31509deadf447076b078d8
Certificate serial:       018CC9BC023D270B70D35BD829A543A9D063
Authority key identifier: EB:BC:0D:60:BD:3A:90:BD:5E:31:50:9D:EA:DF:44:70:76:B0:78:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/67wNYL06kL1eMVCd6t9EcHaweNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/x2IOH8qJMwYWbdCclDBOmWDGSiY.roa
Signing time:             Tue 02 Jan 2024 10:33:10 +0000
ROA not before:           Tue 02 Jan 2024 10:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41017
IP address blocks:        79.134.56.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/67wNYL06kL1eMVCd6t9EcHaweNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/67wNYL06kL1eMVCd6t9EcHaweNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/67wNYL06kL1eMVCd6t9EcHaweNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:02:3d:27:0b:70:d3:5b:d8:29:a5:43:a9:d0:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebbc0d60bd3a90bd5e31509deadf447076b078d8
        Validity
            Not Before: Jan  2 10:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7620e1fca893306166dd09c94304e9960c64a26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d4:e6:95:8a:ac:e3:dd:97:fc:c2:cd:0f:db:
                    ee:34:42:5a:a3:3b:c5:33:d9:f3:18:a4:15:33:3e:
                    49:53:d9:fa:8d:25:3d:07:53:e9:d6:8d:78:e9:5c:
                    84:c6:1d:3c:f7:3d:71:a5:a1:ce:ae:5f:7b:4b:c7:
                    6c:d6:07:aa:44:b6:f7:f7:1a:1f:98:f7:25:fc:3c:
                    76:81:9d:89:7d:4f:e1:6d:53:b2:91:21:bb:09:a2:
                    8c:c4:d7:52:3f:d5:c6:d8:d5:9b:85:b6:a3:f8:fc:
                    12:9e:b6:f1:b7:9c:b3:a2:f9:cf:de:50:64:ce:06:
                    e4:cf:0f:a0:0e:08:fe:c8:31:8d:e8:e4:6d:78:c8:
                    07:6a:dc:61:97:f8:d4:bb:5a:04:9b:d5:43:e5:d4:
                    06:68:6a:a1:ae:15:82:45:96:f3:76:46:11:3a:a1:
                    02:0a:9a:f8:04:d2:ff:a3:88:6b:ef:b4:1e:b0:5b:
                    22:98:fd:f4:6b:6a:01:ff:85:10:d0:9b:12:25:e3:
                    e5:3e:98:4e:50:22:0c:8a:62:92:35:b1:c2:87:36:
                    82:46:64:cd:82:59:a3:88:c4:87:0d:9d:c8:83:4d:
                    92:17:55:fd:82:c2:f3:37:f1:1d:28:de:f6:60:02:
                    24:02:06:87:4d:1d:7b:40:07:6c:01:03:5f:e3:35:
                    e1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:62:0E:1F:CA:89:33:06:16:6D:D0:9C:94:30:4E:99:60:C6:4A:26
            X509v3 Authority Key Identifier:
                keyid:EB:BC:0D:60:BD:3A:90:BD:5E:31:50:9D:EA:DF:44:70:76:B0:78:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/67wNYL06kL1eMVCd6t9EcHaweNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/x2IOH8qJMwYWbdCclDBOmWDGSiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/080af6-8dc4-48e6-9c63-a6b95991cd2c/1/67wNYL06kL1eMVCd6t9EcHaweNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.134.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:81:c3:5d:c7:15:15:6c:5e:80:ae:75:2c:a3:65:b4:2d:0e:
         ef:a8:eb:f5:dd:5c:50:74:9c:6f:4a:e8:ba:38:24:26:e5:3e:
         b7:26:7d:05:56:ff:54:28:0e:3c:ea:47:2d:b9:e3:6e:ef:34:
         df:a1:d9:27:d9:f2:e5:78:45:c1:e1:ca:c2:62:25:6c:af:30:
         2d:20:30:13:02:85:e8:8a:77:94:91:18:79:5b:69:49:09:72:
         a2:3c:0f:fb:94:2c:61:c4:ea:ca:34:5b:33:0d:cb:ca:20:53:
         5d:6d:fd:28:d1:05:16:9c:a2:25:e9:53:71:dd:0d:e2:90:15:
         1f:79:e1:82:ba:aa:cb:24:c5:01:07:f5:70:02:58:dd:72:26:
         de:90:c0:0b:1b:67:6d:d0:d6:00:e6:9d:2a:63:20:84:29:1e:
         49:9a:15:bf:d0:38:13:84:8f:a6:97:98:b6:df:87:6a:8a:ca:
         70:ca:2d:bd:b7:2c:1f:69:cf:c7:ca:e5:6d:c8:e9:84:b4:71:
         4e:6c:6d:3a:99:2f:6d:a2:c5:4c:8c:60:e0:fc:0e:96:ed:de:
         7c:5e:7f:ea:fa:d3:dc:2a:5f:5e:68:03:74:86:28:62:d2:e9:
         d8:5b:c1:cb:06:11:12:f8:28:ed:68:b1:19:82:5b:5a:b3:cd:
         f7:9d:aa:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAI9Jwtw01vYKaVDqdBjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYmMwZDYwYmQzYTkwYmQ1ZTMxNTA5ZGVhZGY0NDcwNzZi
MDc4ZDgwHhcNMjQwMTAyMTAzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzYyMGUxZmNhODkzMzA2MTY2ZGQwOWM5NDMwNGU5OTYwYzY0YTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodTmlYqs492X/MLND9vuNEJaozvF
M9nzGKQVMz5JU9n6jSU9B1Pp1o146VyExh089z1xpaHOrl97S8ds1geqRLb39xof
mPcl/Dx2gZ2JfU/hbVOykSG7CaKMxNdSP9XG2NWbhbaj+PwSnrbxt5yzovnP3lBk
zgbkzw+gDgj+yDGN6ORteMgHatxhl/jUu1oEm9VD5dQGaGqhrhWCRZbzdkYROqEC
Cpr4BNL/o4hr77QesFsimP30a2oB/4UQ0JsSJePlPphOUCIMimKSNbHChzaCRmTN
glmjiMSHDZ3Ig02SF1X9gsLzN/EdKN72YAIkAgaHTR17QAdsAQNf4zXh1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdiDh/KiTMGFm3QnJQwTplgxkomMB8GA1UdIwQY
MBaAFOu8DWC9OpC9XjFQnerfRHB2sHjYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjd3TllMMDZrTDFlTVZDZDZ0OUVjSGF3ZU5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8wODBhZjYtOGRjNC00OGU2LTljNjMt
YTZiOTU5OTFjZDJjLzEveDJJT0g4cUpNd1lXYmRDY2xEQk9tV0RHU2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8wODBhZjYtOGRjNC00OGU2LTljNjMtYTZiOTU5OTFjZDJj
LzEvNjd3TllMMDZrTDFlTVZDZDZ0OUVjSGF3ZU5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBT4Y4MA0G
CSqGSIb3DQEBCwUAA4IBAQBHgcNdxxUVbF6ArnUso2W0LQ7vqOv13VxQdJxvSui6
OCQm5T63Jn0FVv9UKA486kctueNu7zTfodkn2fLleEXB4crCYiVsrzAtIDATAoXo
ineUkRh5W2lJCXKiPA/7lCxhxOrKNFszDcvKIFNdbf0o0QUWnKIl6VNx3Q3ikBUf
eeGCuqrLJMUBB/VwAljdcibekMALG2dt0NYA5p0qYyCEKR5JmhW/0DgThI+ml5i2
34dqispwyi29tywfac/HyuVtyOmEtHFObG06mS9tosVMjGDg/A6W7d58Xn/q+tPc
Kl9eaAN0hihi0unYW8HLBhES+CjtaLEZgltas833narW
-----END CERTIFICATE-----