Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/0FdlcGaUuRcf2thRcezoBxnSRd0.roa
File:                     0FdlcGaUuRcf2thRcezoBxnSRd0.roa (raw, json)
Hash identifier:          VKuLct5pGWdsop70amtrbvmvPJUQ8yIua68ahie6XrQ=
Subject key identifier:   D0:57:65:70:66:94:B9:17:1F:DA:D8:51:71:EC:E8:07:19:D2:45:DD
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       018CC86F833071ABED75441ACAA43086CCF6
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/0FdlcGaUuRcf2thRcezoBxnSRd0.roa
Signing time:             Tue 02 Jan 2024 04:30:00 +0000
ROA not before:           Tue 02 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54103
IP address blocks:        79.143.131.0/24 maxlen: 24
                          79.143.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:83:30:71:ab:ed:75:44:1a:ca:a4:30:86:cc:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jan  2 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d05765706694b9171fdad85171ece80719d245dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fb:7e:a5:87:9e:b6:02:53:08:4c:9a:d4:51:
                    4f:34:48:6a:c9:51:33:fe:30:a5:08:b2:0a:4c:6b:
                    b6:68:40:28:6a:bc:6d:21:d4:4d:32:73:12:22:c8:
                    e8:96:bc:3d:76:96:a7:c4:de:53:0f:17:66:95:71:
                    4c:25:4e:9f:18:e2:39:b9:72:7b:73:3e:03:29:b5:
                    80:ef:d2:7d:42:71:24:f6:fb:72:2a:3d:a9:d6:42:
                    6a:9b:ab:59:ff:8a:c1:ae:32:c4:c1:65:f5:36:dc:
                    ac:d6:35:5c:d7:0d:c0:21:f4:48:93:b1:60:84:5f:
                    c0:46:8c:f7:07:c6:d0:1b:23:9c:b4:f2:35:51:4c:
                    70:74:b5:69:b2:eb:65:9a:9b:bc:0f:d1:2d:58:d6:
                    74:5b:32:ed:2b:2d:00:db:f8:24:e0:fe:f7:bb:8a:
                    1f:8e:10:f3:5b:08:7a:5d:41:76:d7:c3:ec:20:4e:
                    cd:2c:e9:8e:9c:f0:a1:3e:23:54:bc:b7:f3:b7:e4:
                    81:53:29:ff:80:38:f0:d6:bd:09:0f:40:e8:37:00:
                    b0:fa:08:69:83:a2:ca:d7:08:11:16:7c:85:21:53:
                    12:db:e5:6c:9f:56:d5:75:44:14:8e:56:f0:6d:8f:
                    ea:cd:27:8d:6f:15:a4:7b:d2:c0:42:c3:15:94:5c:
                    34:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:57:65:70:66:94:B9:17:1F:DA:D8:51:71:EC:E8:07:19:D2:45:DD
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/0FdlcGaUuRcf2thRcezoBxnSRd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.143.129.0/24
                  79.143.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:96:06:f8:a1:25:31:aa:f3:fc:bf:7d:44:67:cc:67:69:e6:
         a4:fe:e8:10:19:19:52:2f:63:a1:e2:7a:c5:91:ce:95:fb:e1:
         ef:a0:6b:19:52:43:3e:11:c6:86:54:85:f5:87:c1:59:84:5a:
         a6:27:ef:d2:22:d0:ff:48:34:d3:f4:e0:ea:9b:4d:1b:2b:52:
         82:56:ff:61:16:3a:09:3f:f4:a1:be:c0:de:5c:9c:ab:25:45:
         fc:e8:51:8f:7f:8a:1a:41:43:22:c9:f8:f4:dc:6a:59:0f:ac:
         db:8a:cd:ec:b2:88:47:11:0d:3c:f4:3a:c0:39:41:5e:a9:21:
         fb:f9:af:3a:da:20:4b:22:16:54:8d:45:bb:09:fa:e3:33:f5:
         53:98:4a:e5:09:0a:b4:36:57:4c:c9:99:d5:3d:e1:b5:f5:de:
         16:a3:ac:e1:6e:f4:62:96:d7:49:76:4e:18:1d:c0:4b:1b:43:
         a4:1a:02:07:dd:f9:7e:65:87:f0:99:86:9d:77:f5:c1:3b:cc:
         17:e0:72:f2:9e:22:6a:fb:54:af:2e:bc:ed:ae:66:d8:99:3d:
         1f:a6:d9:ea:39:dc:49:e5:28:37:c2:78:63:70:6c:89:50:b5:
         27:5e:87:61:c1:95:24:7e:08:fd:bb:2e:e5:d3:a2:98:2c:cb:
         c9:b0:5d:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb4MwcavtdUQayqQwhsz2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjQwMTAyMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDU3NjU3MDY2OTRiOTE3MWZkYWQ4NTE3MWVjZTgwNzE5ZDI0NWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/t+pYeetgJTCEya1FFPNEhqyVEz
/jClCLIKTGu2aEAoarxtIdRNMnMSIsjolrw9dpanxN5TDxdmlXFMJU6fGOI5uXJ7
cz4DKbWA79J9QnEk9vtyKj2p1kJqm6tZ/4rBrjLEwWX1Ntys1jVc1w3AIfRIk7Fg
hF/ARoz3B8bQGyOctPI1UUxwdLVpsutlmpu8D9EtWNZ0WzLtKy0A2/gk4P73u4of
jhDzWwh6XUF218PsIE7NLOmOnPChPiNUvLfzt+SBUyn/gDjw1r0JD0DoNwCw+ghp
g6LK1wgRFnyFIVMS2+Vsn1bVdUQUjlbwbY/qzSeNbxWke9LAQsMVlFw08QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNBXZXBmlLkXH9rYUXHs6AcZ0kXdMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvMEZkbGNHYVV1UmNmMnRoUmNlem9CeG5TUmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT4+BAwQA
T4+DMA0GCSqGSIb3DQEBCwUAA4IBAQBVlgb4oSUxqvP8v31EZ8xnaeak/ugQGRlS
L2Oh4nrFkc6V++HvoGsZUkM+EcaGVIX1h8FZhFqmJ+/SItD/SDTT9ODqm00bK1KC
Vv9hFjoJP/ShvsDeXJyrJUX86FGPf4oaQUMiyfj03GpZD6zbis3ssohHEQ089DrA
OUFeqSH7+a862iBLIhZUjUW7CfrjM/VTmErlCQq0NldMyZnVPeG19d4Wo6zhbvRi
ltdJdk4YHcBLG0OkGgIH3fl+ZYfwmYadd/XBO8wX4HLyniJq+1SvLrztrmbYmT0f
ptnqOdxJ5Sg3wnhjcGyJULUnXodhwZUkfgj9uy7l06KYLMvJsF1C
-----END CERTIFICATE-----