Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/nJzYieTbgieqMc8WKD2qAGo3yTI.roa
File:                     nJzYieTbgieqMc8WKD2qAGo3yTI.roa (raw, json)
Hash identifier:          RILWbBILVUrL9jEVQjaketReijK2z8WG00dK7TaSGXw=
Subject key identifier:   9C:9C:D8:89:E4:DB:82:27:AA:31:CF:16:28:3D:AA:00:6A:37:C9:32
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B5257D5C34CB92497682B87468294
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/nJzYieTbgieqMc8WKD2qAGo3yTI.roa
Signing time:             Tue 02 Jan 2024 12:34:45 +0000
ROA not before:           Tue 02 Jan 2024 12:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61209
IP address blocks:        79.127.64.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:52:57:d5:c3:4c:b9:24:97:68:2b:87:46:82:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c9cd889e4db8227aa31cf16283daa006a37c932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:65:a4:0f:56:92:2b:e4:e3:80:6e:a0:9f:d2:
                    58:e4:98:64:1d:5a:ea:89:a3:3b:02:54:69:34:88:
                    53:35:89:d3:47:28:64:18:ba:38:e2:a0:33:0c:d0:
                    9c:42:cd:b3:58:cc:15:cb:23:95:ef:a5:7a:c0:d3:
                    fe:21:24:37:98:ed:df:b0:f8:17:29:0e:4e:de:a7:
                    c1:84:4d:0d:d7:c4:01:10:6f:aa:fb:73:21:8e:0f:
                    aa:79:fb:c0:7d:21:18:7b:b2:ec:68:17:57:11:18:
                    42:4e:86:f4:76:60:13:36:8b:d3:c9:f0:69:2d:5e:
                    fa:ec:b8:ca:0e:b7:1a:fc:29:91:7f:62:a0:6f:b5:
                    fd:22:a3:17:e8:0e:c8:47:48:14:3a:29:2e:c1:29:
                    42:b2:ec:18:29:47:e3:83:6b:d1:6a:6e:22:4f:52:
                    3f:df:29:09:d9:de:f5:e1:62:95:d1:35:c0:11:61:
                    d5:6c:65:94:a2:78:c6:80:7a:50:d4:9e:91:21:20:
                    2c:ce:85:b4:1a:4f:b9:db:c5:64:59:71:d2:f7:4d:
                    f4:f2:8b:a6:10:74:ac:92:2f:92:b8:47:34:49:e5:
                    37:e3:e8:c4:80:68:36:c2:59:e4:80:c8:85:bc:1a:
                    84:3b:69:a3:c1:71:9a:6f:86:91:5c:08:c7:43:f1:
                    2a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:9C:D8:89:E4:DB:82:27:AA:31:CF:16:28:3D:AA:00:6A:37:C9:32
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/nJzYieTbgieqMc8WKD2qAGo3yTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.127.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:13:0b:44:cf:f0:55:a0:5f:d9:3f:ad:6b:3d:80:69:59:d7:
         48:51:5d:31:e9:df:31:4b:3f:35:48:56:97:28:00:42:1b:44:
         0a:4f:c6:75:a2:c3:d6:9f:b4:9e:b4:19:bb:62:bc:55:e7:ca:
         24:0e:70:98:7c:4a:77:9a:3a:8a:b4:c3:82:4d:54:0a:27:d8:
         03:5e:44:c7:9e:e2:c3:f1:7c:3a:87:e6:e2:46:27:1c:d4:7a:
         f8:f8:b4:24:62:a0:87:e0:6f:dc:79:f4:76:39:7f:d5:85:6f:
         d9:a6:a0:a6:6c:42:ce:bd:7c:13:64:02:26:26:cf:9f:6f:ad:
         c4:5a:11:1b:00:86:d8:fe:99:d9:1c:c6:61:e6:a4:90:f5:df:
         b1:1d:f5:28:ba:45:e6:80:4e:58:aa:60:a3:24:2b:7f:87:f4:
         31:8d:12:26:47:e9:78:2b:67:40:16:79:78:3a:ca:29:38:d1:
         98:cf:96:e2:42:54:d0:23:cc:6f:25:fc:29:23:fc:51:8d:05:
         c3:00:8b:10:35:94:8d:5e:66:46:0f:56:6a:88:82:1c:e7:e0:
         66:fe:71:38:25:3d:3b:7b:10:da:4f:06:8f:c7:82:dc:3d:c2:
         14:ed:c6:bd:44:19:da:c5:02:ca:7f:99:0e:f6:18:7d:55:7d:
         d2:0f:ff:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1JX1cNMuSSXaCuHRoKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzljZDg4OWU0ZGI4MjI3YWEzMWNmMTYyODNkYWEwMDZhMzdjOTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWWkD1aSK+TjgG6gn9JY5JhkHVrq
iaM7AlRpNIhTNYnTRyhkGLo44qAzDNCcQs2zWMwVyyOV76V6wNP+ISQ3mO3fsPgX
KQ5O3qfBhE0N18QBEG+q+3Mhjg+qefvAfSEYe7LsaBdXERhCTob0dmATNovTyfBp
LV767LjKDrca/CmRf2Kgb7X9IqMX6A7IR0gUOikuwSlCsuwYKUfjg2vRam4iT1I/
3ykJ2d714WKV0TXAEWHVbGWUonjGgHpQ1J6RISAszoW0Gk+528VkWXHS90308oum
EHSski+SuEc0SeU34+jEgGg2wlnkgMiFvBqEO2mjwXGab4aRXAjHQ/EqhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyc2Ink24InqjHPFig9qgBqN8kyMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvbkp6WWllVGJnaWVxTWM4V0tEMnFBR28zeVRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT39AMA0G
CSqGSIb3DQEBCwUAA4IBAQAnEwtEz/BVoF/ZP61rPYBpWddIUV0x6d8xSz81SFaX
KABCG0QKT8Z1osPWn7SetBm7YrxV58okDnCYfEp3mjqKtMOCTVQKJ9gDXkTHnuLD
8Xw6h+biRicc1Hr4+LQkYqCH4G/cefR2OX/VhW/ZpqCmbELOvXwTZAImJs+fb63E
WhEbAIbY/pnZHMZh5qSQ9d+xHfUoukXmgE5YqmCjJCt/h/QxjRImR+l4K2dAFnl4
OsopONGYz5biQlTQI8xvJfwpI/xRjQXDAIsQNZSNXmZGD1ZqiIIc5+Bm/nE4JT07
exDaTwaPx4LcPcIU7ca9RBnaxQLKf5kO9hh9VX3SD/9V
-----END CERTIFICATE-----