Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OdQViNXeBuqWudg2QQRq7Y93sFA.roa
File:                     OdQViNXeBuqWudg2QQRq7Y93sFA.roa (raw, json)
Hash identifier:          rf02zL7xYxLc16wbrx7JPSqCbvSpgrmv2dD3gYI2pPI=
Subject key identifier:   39:D4:15:88:D5:DE:06:EA:96:B9:D8:36:41:04:6A:ED:8F:77:B0:50
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       01929DB635F8D794A797B102841C72F3F9C4
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OdQViNXeBuqWudg2QQRq7Y93sFA.roa
Signing time:             Fri 18 Oct 2024 03:40:17 +0000
ROA not before:           Fri 18 Oct 2024 03:40:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206505
IP address blocks:        79.110.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9d:b6:35:f8:d7:94:a7:97:b1:02:84:1c:72:f3:f9:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Oct 18 03:40:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39d41588d5de06ea96b9d83641046aed8f77b050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:7e:81:96:c1:9c:91:ef:31:3a:c5:fb:46:95:
                    54:31:1f:d2:0d:ca:54:a2:73:29:5c:e7:dd:41:e8:
                    6e:46:b6:27:c7:64:91:c8:23:54:4c:dc:91:87:36:
                    93:30:90:a7:42:95:52:b9:7e:ba:76:d9:6d:bf:db:
                    f8:d2:7f:c7:ee:d6:bc:3c:d5:64:0d:37:c5:cc:11:
                    35:44:a4:9e:3c:d5:83:0a:cb:9b:2f:e7:af:3a:b9:
                    9a:f8:75:b6:dd:4a:27:5d:08:db:48:c1:76:a7:d9:
                    c9:bb:f3:bb:08:8a:1a:dc:86:47:13:19:4f:ca:62:
                    57:76:4f:c0:e4:05:00:0e:c9:ae:13:2c:95:6c:9b:
                    98:e4:20:bd:10:25:15:8b:ec:0b:cb:f7:86:5b:bb:
                    b1:25:c4:f1:8f:e1:f6:c7:db:62:45:1b:80:d6:de:
                    28:2c:11:89:3b:14:8b:d4:be:5b:98:25:ea:3f:e1:
                    31:d9:46:0f:fd:8a:39:0e:ec:5c:f6:78:c1:76:56:
                    89:1e:eb:3f:4f:5d:01:b4:10:c3:3a:26:f6:22:e4:
                    1f:c7:f6:86:61:f2:78:79:7f:80:7e:43:a6:79:6f:
                    2b:cc:10:70:27:2f:b1:6b:40:bf:09:94:22:49:09:
                    45:6d:64:79:24:96:0a:f5:07:5b:5e:56:82:1b:a1:
                    2d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D4:15:88:D5:DE:06:EA:96:B9:D8:36:41:04:6A:ED:8F:77:B0:50
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OdQViNXeBuqWudg2QQRq7Y93sFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:aa:70:89:e3:06:90:a1:ff:eb:6f:91:25:9e:f6:b2:04:fc:
         0d:7b:e6:60:e2:cb:57:b4:19:0b:cc:ed:b1:df:92:46:d7:24:
         63:43:d5:03:14:4e:44:0f:0d:de:b3:16:8f:9f:c6:13:bb:e5:
         54:6a:bf:7b:b9:23:cc:8d:59:7f:e7:45:8b:96:9d:03:1b:ed:
         b2:22:83:20:18:7f:28:3d:28:37:ab:85:44:60:fa:53:eb:43:
         d9:7f:bd:23:5f:ba:c2:51:b5:ff:01:33:57:1e:38:ec:53:fa:
         bc:be:46:30:82:ac:71:73:29:9e:1c:96:bc:9e:89:fb:3b:44:
         97:09:63:bd:53:ec:e6:7c:bb:52:bc:6c:00:0f:fe:33:89:80:
         d2:ba:88:de:ac:36:8e:e5:dc:ba:f4:39:cc:5f:9a:17:d8:fb:
         cc:31:f3:45:c7:f6:e3:de:24:34:ac:87:ca:56:e4:7e:8b:a7:
         03:fe:85:d9:0d:a2:04:dc:cd:fc:3b:87:0a:29:10:3f:1f:bb:
         7f:6a:42:e6:5d:bf:7b:a9:95:78:b4:23:7b:9d:12:fe:8a:c0:
         e0:87:34:9b:61:ad:4b:a4:0b:97:44:f1:92:a8:11:8b:b6:e6:
         be:78:9d:d8:66:22:d1:83:33:57:e5:f8:ea:b6:81:71:7e:e9:
         20:ff:f3:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKdtjX415Snl7EChBxy8/nEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQxMDE4MDM0MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ0MTU4OGQ1ZGUwNmVhOTZiOWQ4MzY0MTA0NmFlZDhmNzdiMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA036BlsGcke8xOsX7RpVUMR/SDcpU
onMpXOfdQehuRrYnx2SRyCNUTNyRhzaTMJCnQpVSuX66dtltv9v40n/H7ta8PNVk
DTfFzBE1RKSePNWDCsubL+evOrma+HW23UonXQjbSMF2p9nJu/O7CIoa3IZHExlP
ymJXdk/A5AUADsmuEyyVbJuY5CC9ECUVi+wLy/eGW7uxJcTxj+H2x9tiRRuA1t4o
LBGJOxSL1L5bmCXqP+Ex2UYP/Yo5Duxc9njBdlaJHus/T10BtBDDOib2IuQfx/aG
YfJ4eX+AfkOmeW8rzBBwJy+xa0C/CZQiSQlFbWR5JJYK9QdbXlaCG6Et/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnUFYjV3gbqlrnYNkEEau2Pd7BQMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvT2RRVmlOWGVCdXFXdWRnMlFRUnE3WTkzc0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT27oMA0G
CSqGSIb3DQEBCwUAA4IBAQBVqnCJ4waQof/rb5ElnvayBPwNe+Zg4stXtBkLzO2x
35JG1yRjQ9UDFE5EDw3esxaPn8YTu+VUar97uSPMjVl/50WLlp0DG+2yIoMgGH8o
PSg3q4VEYPpT60PZf70jX7rCUbX/ATNXHjjsU/q8vkYwgqxxcymeHJa8non7O0SX
CWO9U+zmfLtSvGwAD/4ziYDSuojerDaO5dy69DnMX5oX2PvMMfNFx/bj3iQ0rIfK
VuR+i6cD/oXZDaIE3M38O4cKKRA/H7t/akLmXb97qZV4tCN7nRL+isDghzSbYa1L
pAuXRPGSqBGLtua+eJ3YZiLRgzNX5fjqtoFxfukg//Pg
-----END CERTIFICATE-----