Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/DGensIxGf8XhnTgA6Zh5Xccheuo.roa
File:                     DGensIxGf8XhnTgA6Zh5Xccheuo.roa (raw, json)
Hash identifier:          n4LQZKgjWlJtsj9XBGINrSrdTHtIqF5pfsMkVasokpI=
Subject key identifier:   0C:67:A7:B0:8C:46:7F:C5:E1:9D:38:00:E9:98:79:5D:C7:21:7A:EA
Certificate issuer:       /CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
Certificate serial:       018E8B8A11BDB2F90FDF4B83BACB05F24B16
Authority key identifier: B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/DGensIxGf8XhnTgA6Zh5Xccheuo.roa
Signing time:             Fri 29 Mar 2024 18:47:45 +0000
ROA not before:           Fri 29 Mar 2024 18:47:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        79.110.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8b:8a:11:bd:b2:f9:0f:df:4b:83:ba:cb:05:f2:4b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
        Validity
            Not Before: Mar 29 18:47:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c67a7b08c467fc5e19d3800e998795dc7217aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ff:4a:42:f5:ae:5d:b4:89:22:f9:81:b4:f3:
                    23:a1:95:72:3e:22:1b:84:84:3f:71:a1:6a:2c:36:
                    d7:e0:66:af:62:6c:25:d7:8a:18:87:34:a7:62:82:
                    cf:6a:74:49:cf:ab:b4:a1:22:35:9e:f8:1c:93:5f:
                    29:54:47:ba:a1:a5:87:7f:77:42:32:5c:c0:c4:c9:
                    fd:59:12:0a:5e:bd:f1:03:c8:26:6f:98:a3:21:5b:
                    31:06:eb:6c:76:ac:55:f8:9b:c4:44:b4:84:e7:65:
                    74:e1:b1:43:f1:8e:ce:30:1a:04:7e:0b:de:cd:a3:
                    c1:24:97:df:e5:7a:93:87:1b:b6:72:02:ee:28:30:
                    b0:90:10:3c:88:71:6c:d3:0a:80:16:2d:93:3c:fd:
                    01:79:d7:d2:f1:6d:37:43:f1:4f:ab:0e:64:b7:13:
                    9e:92:23:de:26:21:6a:bf:62:81:aa:03:f9:23:72:
                    e2:d3:b2:69:38:37:c9:aa:d5:cd:53:5e:e8:7c:cc:
                    bd:cb:0c:c0:d1:ab:32:a1:27:39:3a:f8:d1:2e:12:
                    db:90:58:45:e8:8e:3a:6d:76:d0:8e:63:b2:0f:a8:
                    b7:4e:29:70:2e:a9:e2:78:e8:d8:a7:54:4d:8c:ee:
                    6d:2a:6a:65:ad:ac:22:81:94:8d:4f:3c:c5:78:41:
                    b5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:67:A7:B0:8C:46:7F:C5:E1:9D:38:00:E9:98:79:5D:C7:21:7A:EA
            X509v3 Authority Key Identifier:
                keyid:B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/DGensIxGf8XhnTgA6Zh5Xccheuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:59:f8:cf:58:cf:17:e1:0d:57:4d:53:be:f9:a2:c0:1a:e5:
         50:23:5b:b6:5d:2d:52:f8:c2:f7:56:35:91:fc:77:d5:c4:2f:
         6a:e1:18:ad:7f:91:42:4f:c7:2b:0f:e6:d0:ce:61:86:6e:11:
         02:f3:e8:0c:06:64:85:7e:28:ef:f9:70:cc:8a:90:41:92:e3:
         76:fb:81:64:2e:fc:46:b0:79:a5:67:7f:ea:16:3c:18:82:05:
         f8:1a:59:5b:b8:26:c2:30:98:87:61:0b:3a:49:a2:b8:cc:cb:
         a6:65:7d:23:b1:9c:a5:ac:84:35:21:dc:a8:d2:17:9d:28:4b:
         5a:9c:2c:a6:4e:65:1c:c0:8d:31:e2:e9:4c:96:34:9c:81:48:
         e3:1a:60:c2:21:5e:71:d5:d9:3f:1b:4a:50:f0:25:fa:15:86:
         c7:ca:28:fd:47:ac:77:a0:10:56:be:c5:e8:92:41:6f:6e:db:
         67:77:34:3e:dd:5b:81:50:0b:10:ce:a2:9b:c6:18:5a:f3:7d:
         8e:78:7f:3b:f0:98:1c:2b:21:59:fc:c0:c6:96:f1:af:2e:56:
         14:af:75:06:94:b4:c2:b4:04:19:31:d8:5c:ea:91:ac:49:c5:
         47:37:c8:50:51:a4:2b:1e:39:3d:ec:90:98:4c:9a:0b:0e:12:
         0c:10:ca:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6LihG9svkP30uDussF8ksWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNjc0ZTgyMmYzODc2ZDI3ZGVhZWQ1ZjY2ZGJlOWMxYTQy
MmViMTYwHhcNMjQwMzI5MTg0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzY3YTdiMDhjNDY3ZmM1ZTE5ZDM4MDBlOTk4Nzk1ZGM3MjE3YWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf9KQvWuXbSJIvmBtPMjoZVyPiIb
hIQ/caFqLDbX4GavYmwl14oYhzSnYoLPanRJz6u0oSI1nvgck18pVEe6oaWHf3dC
MlzAxMn9WRIKXr3xA8gmb5ijIVsxButsdqxV+JvERLSE52V04bFD8Y7OMBoEfgve
zaPBJJff5XqThxu2cgLuKDCwkBA8iHFs0wqAFi2TPP0BedfS8W03Q/FPqw5ktxOe
kiPeJiFqv2KBqgP5I3Li07JpODfJqtXNU17ofMy9ywzA0asyoSc5OvjRLhLbkFhF
6I46bXbQjmOyD6i3TilwLqnieOjYp1RNjO5tKmplrawigZSNTzzFeEG1rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxnp7CMRn/F4Z04AOmYeV3HIXrqMB8GA1UdIwQY
MBaAFLNnToIvOHbSfertX2bb6cGkIusWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzkt
ZjhmMDhmZTY0ODM4LzEvREdlbnNJeEdmOFhoblRnQTZaaDVYY2NoZXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzktZjhmMDhmZTY0ODM4
LzEvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT27uMA0G
CSqGSIb3DQEBCwUAA4IBAQA7WfjPWM8X4Q1XTVO++aLAGuVQI1u2XS1S+ML3VjWR
/HfVxC9q4Ritf5FCT8crD+bQzmGGbhEC8+gMBmSFfijv+XDMipBBkuN2+4FkLvxG
sHmlZ3/qFjwYggX4GllbuCbCMJiHYQs6SaK4zMumZX0jsZylrIQ1Idyo0hedKEta
nCymTmUcwI0x4ulMljScgUjjGmDCIV5x1dk/G0pQ8CX6FYbHyij9R6x3oBBWvsXo
kkFvbttndzQ+3VuBUAsQzqKbxhha832OeH878JgcKyFZ/MDGlvGvLlYUr3UGlLTC
tAQZMdhc6pGsScVHN8hQUaQrHjk97JCYTJoLDhIMEMpo
-----END CERTIFICATE-----