Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b663df-ac1c-4529-8c8b-712135a6b750/1/S1tCR7VUyMn4HPQ03QVKv7CSMnw.roa
File:                     S1tCR7VUyMn4HPQ03QVKv7CSMnw.roa (raw, json)
Hash identifier:          CS7wx63xv81M/zhNOvUOkSrcJztPcJvt5nGJZyM5UZM=
Subject key identifier:   4B:5B:42:47:B5:54:C8:C9:F8:1C:F4:34:DD:05:4A:BF:B0:92:32:7C
Certificate issuer:       /CN=58dcfb0ff4f28b8ffad6eb0dd29eb2b6af629a68
Certificate serial:       018CC793E7F801A18A142E3DDF7541DF290F
Authority key identifier: 58:DC:FB:0F:F4:F2:8B:8F:FA:D6:EB:0D:D2:9E:B2:B6:AF:62:9A:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WNz7D_Tyi4_61usN0p6ytq9immg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b663df-ac1c-4529-8c8b-712135a6b750/1/S1tCR7VUyMn4HPQ03QVKv7CSMnw.roa
Signing time:             Tue 02 Jan 2024 00:30:08 +0000
ROA not before:           Tue 02 Jan 2024 00:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.222.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b663df-ac1c-4529-8c8b-712135a6b750/1/WNz7D_Tyi4_61usN0p6ytq9immg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b663df-ac1c-4529-8c8b-712135a6b750/1/WNz7D_Tyi4_61usN0p6ytq9immg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WNz7D_Tyi4_61usN0p6ytq9immg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:e7:f8:01:a1:8a:14:2e:3d:df:75:41:df:29:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58dcfb0ff4f28b8ffad6eb0dd29eb2b6af629a68
        Validity
            Not Before: Jan  2 00:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b5b4247b554c8c9f81cf434dd054abfb092327c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ef:e1:d3:e3:22:e5:38:81:cc:0a:06:78:ac:
                    78:da:76:12:a3:95:b9:37:66:36:b0:9b:87:ec:1a:
                    a6:10:93:85:15:af:f4:33:6c:a8:e9:b0:09:80:e6:
                    43:e4:fe:d6:9d:68:f6:85:6d:64:5a:42:c9:a8:5b:
                    c1:ed:e5:fc:8b:2d:6c:84:e5:09:8e:b6:c1:bd:16:
                    87:eb:89:a0:9a:a9:7b:3a:93:cb:f5:de:c6:59:68:
                    c4:3e:91:04:68:e5:c9:ab:e5:3f:4f:d3:ec:1e:72:
                    63:22:93:32:2b:73:ad:ed:60:e1:32:30:7f:3a:43:
                    f2:67:2c:99:01:b6:53:8a:89:be:dc:a4:cf:10:6b:
                    ad:a7:54:b5:ea:c9:bd:d1:87:dd:79:f0:33:e5:18:
                    59:d6:36:3e:c1:9f:9b:e8:76:d9:80:f1:69:6a:9f:
                    3a:07:2e:3f:c5:3e:96:61:4b:6b:67:c6:0b:84:66:
                    b1:f3:dd:18:4b:3f:b7:3e:45:b4:a4:e4:54:89:ea:
                    72:bb:cd:7f:8b:1b:ec:b5:19:34:da:76:73:d7:28:
                    45:91:38:62:5e:1d:44:37:1f:f5:25:9b:3c:2b:23:
                    2f:b1:1c:1d:be:d7:19:1d:2c:fe:10:4c:8e:78:4b:
                    d3:ff:98:90:f2:68:01:c5:bb:02:22:f4:6d:9f:61:
                    57:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:5B:42:47:B5:54:C8:C9:F8:1C:F4:34:DD:05:4A:BF:B0:92:32:7C
            X509v3 Authority Key Identifier:
                keyid:58:DC:FB:0F:F4:F2:8B:8F:FA:D6:EB:0D:D2:9E:B2:B6:AF:62:9A:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WNz7D_Tyi4_61usN0p6ytq9immg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b663df-ac1c-4529-8c8b-712135a6b750/1/S1tCR7VUyMn4HPQ03QVKv7CSMnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b663df-ac1c-4529-8c8b-712135a6b750/1/WNz7D_Tyi4_61usN0p6ytq9immg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:5b:11:1b:4b:a8:e9:2e:db:1b:ac:f2:3c:f0:69:81:95:98:
         73:b9:18:dd:da:8b:a3:fc:28:2d:e8:47:18:fa:d2:b7:7e:10:
         f9:cc:0c:77:27:36:36:19:27:63:b4:27:20:cb:1b:ae:db:00:
         e2:ca:32:6e:33:3c:e1:f2:69:e4:22:f0:98:64:57:0a:66:9f:
         bf:4c:9a:2b:c9:7b:7d:a0:d7:a2:7d:af:7a:41:b2:26:8a:a6:
         1e:96:f1:50:f9:9c:a2:6f:98:11:d6:a8:6d:b2:84:46:cd:6e:
         6b:07:ed:42:ea:3a:f0:db:64:53:a7:89:d1:19:51:8a:29:54:
         15:82:a6:c0:36:ab:03:40:ec:de:5b:71:e0:40:b5:98:76:af:
         d0:fc:72:d2:40:6c:1e:0d:39:55:48:7c:f1:19:aa:ba:6a:b9:
         54:e8:d3:1a:b2:19:b3:54:5f:66:48:af:b2:96:bb:7b:f1:fc:
         ad:9e:6c:79:8b:67:1a:92:85:39:1a:89:8b:76:6b:72:8a:bd:
         aa:68:b4:ae:9c:2c:8b:42:e2:d1:87:56:af:3d:37:4b:e9:b9:
         cc:0b:0c:c0:0f:cf:13:85:75:55:44:bf:93:3a:09:f8:d5:94:
         1e:77:a1:d8:84:ea:19:2d:da:72:42:61:e4:5a:47:dd:48:41:
         f6:71:d6:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk+f4AaGKFC4933VB3ykPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZGNmYjBmZjRmMjhiOGZmYWQ2ZWIwZGQyOWViMmI2YWY2
MjlhNjgwHhcNMjQwMTAyMDAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjViNDI0N2I1NTRjOGM5ZjgxY2Y0MzRkZDA1NGFiZmIwOTIzMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlO/h0+Mi5TiBzAoGeKx42nYSo5W5
N2Y2sJuH7BqmEJOFFa/0M2yo6bAJgOZD5P7WnWj2hW1kWkLJqFvB7eX8iy1shOUJ
jrbBvRaH64mgmql7OpPL9d7GWWjEPpEEaOXJq+U/T9PsHnJjIpMyK3Ot7WDhMjB/
OkPyZyyZAbZTiom+3KTPEGutp1S16sm90YfdefAz5RhZ1jY+wZ+b6HbZgPFpap86
By4/xT6WYUtrZ8YLhGax890YSz+3PkW0pORUiepyu81/ixvstRk02nZz1yhFkThi
Xh1ENx/1JZs8KyMvsRwdvtcZHSz+EEyOeEvT/5iQ8mgBxbsCIvRtn2FXsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtbQke1VMjJ+Bz0NN0FSr+wkjJ8MB8GA1UdIwQY
MBaAFFjc+w/08ouP+tbrDdKesravYppoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV056N0RfVHlpNF82MXVzTjBwNnl0cTlpbW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNjYzZGYtYWMxYy00NTI5LThjOGIt
NzEyMTM1YTZiNzUwLzEvUzF0Q1I3VlV5TW40SFBRMDNRVkt2N0NTTW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNjYzZGYtYWMxYy00NTI5LThjOGItNzEyMTM1YTZiNzUw
LzEvV056N0RfVHlpNF82MXVzTjBwNnl0cTlpbW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud5PMA0G
CSqGSIb3DQEBCwUAA4IBAQBYWxEbS6jpLtsbrPI88GmBlZhzuRjd2ouj/Cgt6EcY
+tK3fhD5zAx3JzY2GSdjtCcgyxuu2wDiyjJuMzzh8mnkIvCYZFcKZp+/TJoryXt9
oNeifa96QbImiqYelvFQ+Zyib5gR1qhtsoRGzW5rB+1C6jrw22RTp4nRGVGKKVQV
gqbANqsDQOzeW3HgQLWYdq/Q/HLSQGweDTlVSHzxGaq6arlU6NMashmzVF9mSK+y
lrt78fytnmx5i2cakoU5GomLdmtyir2qaLSunCyLQuLRh1avPTdL6bnMCwzAD88T
hXVVRL+TOgn41ZQed6HYhOoZLdpyQmHkWkfdSEH2cdbB
-----END CERTIFICATE-----