Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/DCPnLNmVUVIC8Virb7CzCbX7bTA.roa
File:                     DCPnLNmVUVIC8Virb7CzCbX7bTA.roa (raw, json)
Hash identifier:          poC0njw2gGFdjJkWV4AUTcCNKFmJRb3ZqUq3Z4DXkzA=
Subject key identifier:   0C:23:E7:2C:D9:95:51:52:02:F1:58:AB:6F:B0:B3:09:B5:FB:6D:30
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B510A7629062E9C9452C0E51E1815
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/DCPnLNmVUVIC8Virb7CzCbX7bTA.roa
Signing time:             Tue 02 Jan 2024 12:34:45 +0000
ROA not before:           Tue 02 Jan 2024 12:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56547
IP address blocks:        79.127.8.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:51:0a:76:29:06:2e:9c:94:52:c0:e5:1e:18:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c23e72cd995515202f158ab6fb0b309b5fb6d30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e0:62:1d:89:23:15:79:dd:75:74:c2:dc:22:
                    65:23:a1:df:2c:b9:eb:92:c5:8c:00:fe:58:9a:92:
                    8f:fd:23:4e:44:7f:8c:98:5b:7f:ac:85:19:7d:7c:
                    66:43:61:9a:a0:06:cb:a8:0e:27:dc:af:4f:df:1b:
                    a7:9c:a1:88:8e:ae:a5:32:f4:04:9e:c8:d5:87:3f:
                    26:25:a3:f1:57:1b:69:93:e7:19:8d:8e:5b:a1:87:
                    d2:b3:4a:fe:bd:62:88:d8:b7:d1:c0:0f:34:8a:e5:
                    e9:8a:74:b0:e1:03:12:ef:32:ea:83:c0:64:4a:e7:
                    f8:0b:45:ec:81:d6:08:f7:02:93:cd:64:11:2e:e6:
                    9f:c9:46:eb:ad:55:7c:9f:6f:1b:d1:44:43:91:ca:
                    1a:83:29:37:66:27:43:94:7f:99:9a:bf:55:48:01:
                    77:d5:ea:1b:a4:79:c7:3c:7b:a0:a0:af:bd:72:d3:
                    19:79:54:76:6b:08:5a:89:f2:b2:df:03:bf:bd:81:
                    91:8a:7d:2e:bf:3c:c6:15:4a:9f:bb:d9:d9:4f:43:
                    db:9e:1a:2d:13:dc:42:b4:d4:3f:86:97:2d:f0:20:
                    fa:e0:93:87:6f:a4:44:0e:a0:48:cd:1b:4b:be:56:
                    2e:61:12:b1:b5:3e:41:35:49:4b:7d:33:2c:5b:dd:
                    99:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:23:E7:2C:D9:95:51:52:02:F1:58:AB:6F:B0:B3:09:B5:FB:6D:30
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/DCPnLNmVUVIC8Virb7CzCbX7bTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.127.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:88:ed:83:1f:7b:63:2e:39:84:36:68:05:07:a7:4e:7f:b5:
         1d:c2:99:69:81:b9:af:f3:65:f0:5e:d8:40:f4:7f:76:d3:7a:
         24:8a:b5:43:03:19:6b:f1:00:48:b8:82:dc:cd:6a:26:e8:81:
         2c:f3:9c:84:b1:0b:ed:0f:8a:49:00:33:53:4f:69:4e:b1:6f:
         6a:d2:08:59:5f:60:5f:b6:43:85:d7:b1:25:f2:29:d9:99:52:
         4d:cc:ae:79:c5:e0:0f:33:93:31:a9:d8:cb:b7:bd:ed:15:81:
         bd:fd:96:21:22:bf:b9:fb:0f:24:04:08:c7:b4:4b:53:15:dd:
         41:6a:7b:94:cf:56:f2:da:6f:ca:f9:bf:fb:5b:8f:b4:9b:60:
         04:b1:a2:e7:b0:84:e9:91:b7:41:dc:f6:ec:c0:b2:35:8d:b1:
         b8:b9:19:cc:60:3f:cf:53:64:20:98:b3:25:2d:63:07:1c:4c:
         f1:11:d0:16:43:89:75:21:52:15:22:6c:23:e0:c4:5e:4b:2d:
         e2:55:26:8f:ef:ab:e5:8e:a5:31:67:a9:07:9e:a1:92:ca:50:
         52:9f:d6:6e:a5:67:d6:e5:d2:e2:6e:43:18:4d:8d:36:c0:ae:
         c2:87:75:e2:ae:6b:d4:01:36:10:b8:a1:ee:fd:6a:6d:4d:a6:
         73:e3:33:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1EKdikGLpyUUsDlHhgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzIzZTcyY2Q5OTU1MTUyMDJmMTU4YWI2ZmIwYjMwOWI1ZmI2ZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieBiHYkjFXnddXTC3CJlI6HfLLnr
ksWMAP5YmpKP/SNORH+MmFt/rIUZfXxmQ2GaoAbLqA4n3K9P3xunnKGIjq6lMvQE
nsjVhz8mJaPxVxtpk+cZjY5boYfSs0r+vWKI2LfRwA80iuXpinSw4QMS7zLqg8Bk
Suf4C0XsgdYI9wKTzWQRLuafyUbrrVV8n28b0URDkcoagyk3ZidDlH+Zmr9VSAF3
1eobpHnHPHugoK+9ctMZeVR2awhaifKy3wO/vYGRin0uvzzGFUqfu9nZT0Pbnhot
E9xCtNQ/hpct8CD64JOHb6REDqBIzRtLvlYuYRKxtT5BNUlLfTMsW92ZRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwj5yzZlVFSAvFYq2+wswm1+20wMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvRENQbkxObVZVVklDOFZpcmI3Q3pDYlg3YlRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT38IMA0G
CSqGSIb3DQEBCwUAA4IBAQCQiO2DH3tjLjmENmgFB6dOf7Udwplpgbmv82XwXthA
9H9203okirVDAxlr8QBIuILczWom6IEs85yEsQvtD4pJADNTT2lOsW9q0ghZX2Bf
tkOF17El8inZmVJNzK55xeAPM5MxqdjLt73tFYG9/ZYhIr+5+w8kBAjHtEtTFd1B
anuUz1by2m/K+b/7W4+0m2AEsaLnsITpkbdB3PbswLI1jbG4uRnMYD/PU2QgmLMl
LWMHHEzxEdAWQ4l1IVIVImwj4MReSy3iVSaP76vljqUxZ6kHnqGSylBSn9ZupWfW
5dLibkMYTY02wK7Ch3XirmvUATYQuKHu/WptTaZz4zPL
-----END CERTIFICATE-----