Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/reNYiWo9S-NrugOXr_4jFbghS_g.roa
File:                     reNYiWo9S-NrugOXr_4jFbghS_g.roa (raw, json)
Hash identifier:          0z3wlnDlEROtnkWdI8KPfL+waRYLTRMYoibxjUPz4q8=
Subject key identifier:   AD:E3:58:89:6A:3D:4B:E3:6B:BA:03:97:AF:FE:23:15:B8:21:4B:F8
Certificate issuer:       /CN=df904155ee3acfe3fea8bbfee86e97c58c8991f4
Certificate serial:       018CC725EC3D7CE4CF7CCEF05D4AEA9C68D2
Authority key identifier: DF:90:41:55:EE:3A:CF:E3:FE:A8:BB:FE:E8:6E:97:C5:8C:89:91:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35BBVe46z-P-qLv-6G6XxYyJkfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/reNYiWo9S-NrugOXr_4jFbghS_g.roa
Signing time:             Mon 01 Jan 2024 22:30:00 +0000
ROA not before:           Mon 01 Jan 2024 22:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60793
IP address blocks:        79.99.194.192/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/35BBVe46z-P-qLv-6G6XxYyJkfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/35BBVe46z-P-qLv-6G6XxYyJkfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/35BBVe46z-P-qLv-6G6XxYyJkfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:ec:3d:7c:e4:cf:7c:ce:f0:5d:4a:ea:9c:68:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df904155ee3acfe3fea8bbfee86e97c58c8991f4
        Validity
            Not Before: Jan  1 22:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ade358896a3d4be36bba0397affe2315b8214bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bd:d6:69:fa:92:2d:16:57:a5:95:c6:9d:54:
                    2b:18:c4:9e:75:d6:57:12:ce:70:12:86:0a:30:aa:
                    24:e1:93:c4:d3:6d:bb:4b:d6:4a:9c:d6:4e:f5:18:
                    c0:99:6e:cf:19:98:1e:a4:26:e4:3e:11:11:69:3a:
                    50:1c:65:72:02:de:91:e7:63:ca:52:20:85:da:17:
                    9b:96:c2:72:7c:eb:c7:46:8d:6e:a9:f1:da:b2:49:
                    26:04:55:d8:36:14:5b:01:86:22:d7:11:fc:b5:86:
                    b1:3e:60:50:76:bc:53:62:9f:7d:2f:a5:a1:3e:8a:
                    82:ca:98:30:42:f5:6f:37:20:7f:95:d6:eb:94:52:
                    ad:42:61:a8:4c:de:43:ed:e0:91:68:ec:89:1d:ec:
                    c2:40:1b:58:99:42:9a:4f:ba:a1:05:97:f4:25:2e:
                    72:87:43:26:c8:7a:16:4a:39:f3:77:25:77:5e:a9:
                    1a:b7:34:6b:f7:d2:9b:32:eb:4c:e6:3d:75:9d:e2:
                    ec:a6:82:06:25:1a:d9:ec:69:26:83:ef:f9:ab:34:
                    e5:d4:3a:1a:83:51:83:d8:c8:65:ff:ca:b7:c6:0a:
                    7e:0a:a3:94:d0:0e:74:6e:43:bf:1c:60:79:af:ff:
                    d4:ff:ea:f2:58:f8:62:1d:c8:79:92:3f:38:6d:92:
                    ab:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E3:58:89:6A:3D:4B:E3:6B:BA:03:97:AF:FE:23:15:B8:21:4B:F8
            X509v3 Authority Key Identifier:
                keyid:DF:90:41:55:EE:3A:CF:E3:FE:A8:BB:FE:E8:6E:97:C5:8C:89:91:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35BBVe46z-P-qLv-6G6XxYyJkfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/reNYiWo9S-NrugOXr_4jFbghS_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/35BBVe46z-P-qLv-6G6XxYyJkfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.194.192/29

    Signature Algorithm: sha256WithRSAEncryption
         93:46:ea:ea:5d:02:8b:df:6b:5a:44:13:46:0e:7d:57:3a:5d:
         3a:b1:eb:bb:71:74:46:86:ee:32:2b:7e:13:6d:ef:8e:00:22:
         05:73:7a:99:56:04:60:23:9b:53:2c:92:ed:ed:07:56:1e:0d:
         51:87:0c:bb:31:a0:83:9f:f0:09:41:8d:5e:1e:ea:88:48:d8:
         4b:2b:fc:f4:be:f8:1e:1b:c5:8e:dd:9d:d4:0f:04:9b:f3:ea:
         66:23:e9:df:5c:e0:35:cb:6e:ae:26:e3:1d:53:17:87:8c:fb:
         98:4d:1a:2a:eb:50:ec:47:fa:31:f0:d2:f5:58:05:46:5a:72:
         68:2c:1d:e8:a0:87:9a:90:d0:57:b0:51:fa:6a:7a:e3:41:b2:
         40:89:47:62:90:a3:92:9a:c2:d5:2b:72:9c:82:36:f7:7e:3d:
         82:f0:ab:93:16:68:e9:67:d3:80:d4:a4:5e:0c:0a:23:4b:2c:
         62:c4:f6:c4:7a:a1:be:f8:8e:ae:35:04:01:46:42:4a:83:2f:
         1c:f1:c1:03:7f:83:5a:65:16:4d:99:ab:55:59:9b:ee:17:cd:
         51:65:73:7c:bc:7e:eb:98:23:82:a3:d9:c3:b8:d2:bf:41:d6:
         89:8c:d4:bb:63:f4:3b:da:43:4e:b4:48:22:a0:8f:e8:66:c2:
         d4:d4:2c:eb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJew9fOTPfM7wXUrqnGjSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOTA0MTU1ZWUzYWNmZTNmZWE4YmJmZWU4NmU5N2M1OGM4
OTkxZjQwHhcNMjQwMTAxMjIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGUzNTg4OTZhM2Q0YmUzNmJiYTAzOTdhZmZlMjMxNWI4MjE0YmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg73WafqSLRZXpZXGnVQrGMSeddZX
Es5wEoYKMKok4ZPE0227S9ZKnNZO9RjAmW7PGZgepCbkPhERaTpQHGVyAt6R52PK
UiCF2heblsJyfOvHRo1uqfHaskkmBFXYNhRbAYYi1xH8tYaxPmBQdrxTYp99L6Wh
PoqCypgwQvVvNyB/ldbrlFKtQmGoTN5D7eCRaOyJHezCQBtYmUKaT7qhBZf0JS5y
h0MmyHoWSjnzdyV3XqkatzRr99KbMutM5j11neLspoIGJRrZ7Gkmg+/5qzTl1Doa
g1GD2Mhl/8q3xgp+CqOU0A50bkO/HGB5r//U/+ryWPhiHch5kj84bZKrqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK3jWIlqPUvja7oDl6/+IxW4IUv4MB8GA1UdIwQY
MBaAFN+QQVXuOs/j/qi7/uhul8WMiZH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzVCQlZlNDZ6LVAtcUx2LTZHNlh4WXlKa2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS80NDJlMTctNDE5OC00MzViLTk2ZjQt
NjQ2N2Y0NGI0M2JmLzEvcmVOWWlXbzlTLU5ydWdPWHJfNGpGYmdoU19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS80NDJlMTctNDE5OC00MzViLTk2ZjQtNjQ2N2Y0NGI0M2Jm
LzEvMzVCQlZlNDZ6LVAtcUx2LTZHNlh4WXlKa2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUDT2PCwDAN
BgkqhkiG9w0BAQsFAAOCAQEAk0bq6l0Ci99rWkQTRg59VzpdOrHru3F0RobuMit+
E23vjgAiBXN6mVYEYCObUyyS7e0HVh4NUYcMuzGgg5/wCUGNXh7qiEjYSyv89L74
HhvFjt2d1A8Em/PqZiPp31zgNcturibjHVMXh4z7mE0aKutQ7Ef6MfDS9VgFRlpy
aCwd6KCHmpDQV7BR+mp640GyQIlHYpCjkprC1StynII29349gvCrkxZo6WfTgNSk
XgwKI0ssYsT2xHqhvviOrjUEAUZCSoMvHPHBA3+DWmUWTZmrVVmb7hfNUWVzfLx+
65gjgqPZw7jSv0HWiYzUu2P0O9pDTrRIIqCP6GbC1NQs6w==
-----END CERTIFICATE-----