Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/Jg_o77Wkgf0eDRk7GQyovBKyA_M.roa
File:                     Jg_o77Wkgf0eDRk7GQyovBKyA_M.roa (raw, json)
Hash identifier:          2HFwxti9mhd5XNesoQ10OCFzKlSSqRHZSMdDZsUMLKs=
Subject key identifier:   26:0F:E8:EF:B5:A4:81:FD:1E:0D:19:3B:19:0C:A8:BC:12:B2:03:F3
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B4D4A7A2FD9569577A061F2811288
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/Jg_o77Wkgf0eDRk7GQyovBKyA_M.roa
Signing time:             Tue 02 Jan 2024 12:34:44 +0000
ROA not before:           Tue 02 Jan 2024 12:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34837
IP address blocks:        79.127.65.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:4d:4a:7a:2f:d9:56:95:77:a0:61:f2:81:12:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=260fe8efb5a481fd1e0d193b190ca8bc12b203f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6e:3b:79:b2:4b:a4:a1:ed:9e:fc:8b:f4:f6:
                    b9:63:c4:3a:12:90:90:49:44:0a:40:0a:4c:23:42:
                    ab:19:a3:13:ba:0c:5e:1c:5f:8d:d5:e2:b2:fe:64:
                    1d:b3:b3:0f:ad:30:b3:09:50:db:f9:70:f5:80:8e:
                    9c:6d:bf:72:00:81:1c:45:21:60:31:0b:16:42:2b:
                    57:ee:8b:1f:60:5e:d4:a3:e4:40:9f:2e:6b:7a:98:
                    cf:b2:92:4e:20:2f:28:b5:c0:c9:b5:66:48:98:ed:
                    e0:0a:e9:e5:a3:fc:83:4c:c1:b9:de:09:86:fd:52:
                    75:dd:2a:dd:ce:be:d4:77:78:81:29:54:d5:ce:c3:
                    a8:6a:c4:26:9f:65:03:bf:7b:d0:60:d0:98:28:ea:
                    db:41:bd:12:47:88:1c:f3:5d:14:09:f6:cf:43:c8:
                    eb:b0:da:94:2b:ea:c4:2a:74:0b:a1:d6:27:03:18:
                    51:66:39:09:c3:f1:25:72:e8:89:42:7e:24:0a:ee:
                    21:1a:75:fe:21:63:81:ef:ac:10:e4:8a:2a:ec:86:
                    c1:b9:2b:23:ef:87:b9:df:24:7a:29:b0:9a:0b:50:
                    e7:97:21:3d:d8:d1:d1:d5:dd:0d:ea:ca:77:59:ad:
                    58:9c:fe:de:c7:15:78:7b:9c:23:77:c1:e9:20:ec:
                    09:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:0F:E8:EF:B5:A4:81:FD:1E:0D:19:3B:19:0C:A8:BC:12:B2:03:F3
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/Jg_o77Wkgf0eDRk7GQyovBKyA_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.127.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:47:27:cf:c0:42:cd:d3:e0:d8:aa:89:84:7a:18:8c:b7:2e:
         c9:eb:c3:ac:4a:5a:f6:e7:9a:78:8b:89:55:e1:23:28:8b:95:
         c5:8a:52:0b:cc:26:66:39:7f:32:d6:a2:39:dc:33:d0:0d:aa:
         c0:af:c7:19:db:5f:0c:3a:89:d6:05:18:ed:fa:3d:b1:8b:65:
         54:ef:51:79:e8:0e:dc:34:01:d9:93:c0:40:e2:ba:e8:1d:74:
         d6:2e:09:9a:8f:85:8d:52:e7:a9:a4:7a:ba:d4:36:5b:82:31:
         39:49:83:24:a3:ae:81:37:fe:4a:7f:cd:99:a3:45:d9:16:31:
         32:97:94:28:7c:63:bb:c1:2a:d5:90:58:87:28:47:0a:43:7c:
         24:f2:06:2f:86:ab:89:48:56:0d:9d:e8:5c:c3:9e:71:6c:70:
         f7:cb:fc:8a:15:cb:ec:c6:23:a3:b8:6a:6c:61:52:01:8e:51:
         60:56:ab:b7:5a:d4:cd:c8:a3:f4:98:0e:53:b8:ed:3f:77:e3:
         d9:1d:c8:58:d2:98:de:e4:2d:a2:11:fc:1b:0b:1b:37:44:b6:
         e2:9c:32:53:2f:2e:e9:42:5f:3d:dd:94:38:d8:03:25:9c:d4:
         4e:27:b5:f1:b2:87:51:cd:d6:0b:19:0e:f2:28:05:31:71:00:
         37:67:9f:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK01Kei/ZVpV3oGHygRKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjBmZThlZmI1YTQ4MWZkMWUwZDE5M2IxOTBjYThiYzEyYjIwM2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt247ebJLpKHtnvyL9Pa5Y8Q6EpCQ
SUQKQApMI0KrGaMTugxeHF+N1eKy/mQds7MPrTCzCVDb+XD1gI6cbb9yAIEcRSFg
MQsWQitX7osfYF7Uo+RAny5repjPspJOIC8otcDJtWZImO3gCunlo/yDTMG53gmG
/VJ13Srdzr7Ud3iBKVTVzsOoasQmn2UDv3vQYNCYKOrbQb0SR4gc810UCfbPQ8jr
sNqUK+rEKnQLodYnAxhRZjkJw/ElcuiJQn4kCu4hGnX+IWOB76wQ5Ioq7IbBuSsj
74e53yR6KbCaC1DnlyE92NHR1d0N6sp3Wa1YnP7exxV4e5wjd8HpIOwJ6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYP6O+1pIH9Hg0ZOxkMqLwSsgPzMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvSmdfbzc3V2tnZjBlRFJrN0dReW92Qkt5QV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT39BMA0G
CSqGSIb3DQEBCwUAA4IBAQBKRyfPwELN0+DYqomEehiMty7J68OsSlr255p4i4lV
4SMoi5XFilILzCZmOX8y1qI53DPQDarAr8cZ218MOonWBRjt+j2xi2VU71F56A7c
NAHZk8BA4rroHXTWLgmaj4WNUueppHq61DZbgjE5SYMko66BN/5Kf82Zo0XZFjEy
l5QofGO7wSrVkFiHKEcKQ3wk8gYvhquJSFYNnehcw55xbHD3y/yKFcvsxiOjuGps
YVIBjlFgVqu3WtTNyKP0mA5TuO0/d+PZHchY0pje5C2iEfwbCxs3RLbinDJTLy7p
Ql893ZQ42AMlnNROJ7XxsodRzdYLGQ7yKAUxcQA3Z5/J
-----END CERTIFICATE-----