Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/n_SfCSn85vzjJN30OyRYin2zkog.roa
File:                     n_SfCSn85vzjJN30OyRYin2zkog.roa (raw, json)
Hash identifier:          MPpJrQbun1JSWCIGNzebQh5HpGoD8O8CLt28Ayev8L8=
Subject key identifier:   9F:F4:9F:09:29:FC:E6:FC:E3:24:DD:F4:3B:24:58:8A:7D:B3:92:88
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B4E73CA1DB6E57917FC7059DD7D9D
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/n_SfCSn85vzjJN30OyRYin2zkog.roa
Signing time:             Tue 02 Jan 2024 12:34:44 +0000
ROA not before:           Tue 02 Jan 2024 12:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43415
IP address blocks:        79.127.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:4e:73:ca:1d:b6:e5:79:17:fc:70:59:dd:7d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ff49f0929fce6fce324ddf43b24588a7db39288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:75:c2:98:5d:51:28:dd:fd:ed:72:93:a9:e0:
                    1b:91:f3:9e:d7:80:d2:db:a8:19:33:c8:21:91:c4:
                    6c:55:50:17:16:2c:96:b4:14:82:ae:dd:d6:2d:45:
                    be:ad:35:34:d0:44:ce:d1:04:39:16:85:24:17:7c:
                    fa:cf:ba:7a:4a:3c:c2:5e:75:e5:7b:8a:7c:78:e9:
                    f8:bc:ad:07:1e:87:08:c7:e4:99:9b:18:61:2b:b1:
                    4b:fa:16:81:c0:48:20:e0:72:27:2d:71:7c:24:f5:
                    37:1a:6b:62:97:57:38:02:b9:cf:3c:7b:73:8e:c1:
                    be:b2:11:92:96:5d:7c:0e:a8:95:f6:72:93:1a:88:
                    09:97:d8:b6:1d:5b:72:e4:f9:ce:9c:d7:8b:6f:7f:
                    6e:4e:4b:fb:e8:4c:0e:ad:41:1e:bb:e5:a4:78:f8:
                    a7:6f:df:74:0b:fa:a1:4e:d7:1c:2c:f0:60:62:76:
                    bc:27:24:8f:be:4c:0f:a3:3f:9f:14:7b:42:1b:7d:
                    2d:4a:ef:a9:a3:71:a0:21:04:74:18:ae:3e:8b:bf:
                    38:ef:10:e6:88:03:48:f3:b9:c8:c2:1c:ad:8b:45:
                    f6:e0:82:4d:4e:93:b3:80:23:9a:2c:8e:58:c3:9f:
                    d5:c3:8e:75:c6:a0:08:d2:39:23:31:9e:a2:f5:8d:
                    0b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F4:9F:09:29:FC:E6:FC:E3:24:DD:F4:3B:24:58:8A:7D:B3:92:88
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/n_SfCSn85vzjJN30OyRYin2zkog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.127.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:40:e3:57:84:5f:6f:a8:66:4b:32:02:e1:65:d7:d1:e1:1c:
         29:4f:94:92:72:41:c8:30:13:9c:b7:83:07:9c:b3:4a:97:18:
         54:fd:1d:5a:8d:c5:83:b1:00:0a:cd:b0:f7:9f:1f:57:67:86:
         af:aa:ee:bb:b5:73:b6:c1:f4:16:b5:a6:40:f3:56:04:4f:2c:
         83:a3:8a:2f:b9:d0:2b:54:98:9b:53:ae:d0:99:d3:d5:64:5b:
         e5:58:23:7d:46:10:ff:f5:8c:31:03:0f:6a:cd:39:a4:cf:f4:
         e8:b3:60:d0:1a:55:7a:fc:c3:02:7f:9b:9b:60:2c:f7:c8:9c:
         d5:b9:72:3b:93:61:ff:e6:57:5d:e2:7d:e3:42:a4:06:cb:a0:
         eb:d5:40:60:63:d6:70:10:56:b1:a0:4b:16:54:2b:03:03:9e:
         0a:ed:51:ee:28:ea:b3:cc:99:1f:c5:3c:f1:26:cb:d8:d5:f0:
         7b:50:a0:93:d0:04:67:68:59:52:d1:a5:24:9c:78:c1:e7:e9:
         1d:11:fa:b4:7e:be:1c:ee:08:08:2c:6a:e9:57:1b:2d:be:cf:
         41:b7:fe:0a:67:38:66:06:e0:3f:74:49:b1:85:bf:69:76:b4:
         bd:49:e5:e7:df:9a:ef:79:14:c5:a1:ad:a6:70:ae:64:7c:85:
         63:aa:a2:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK05zyh225XkX/HBZ3X2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmY0OWYwOTI5ZmNlNmZjZTMyNGRkZjQzYjI0NTg4YTdkYjM5Mjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXXCmF1RKN397XKTqeAbkfOe14DS
26gZM8ghkcRsVVAXFiyWtBSCrt3WLUW+rTU00ETO0QQ5FoUkF3z6z7p6SjzCXnXl
e4p8eOn4vK0HHocIx+SZmxhhK7FL+haBwEgg4HInLXF8JPU3Gmtil1c4ArnPPHtz
jsG+shGSll18DqiV9nKTGogJl9i2HVty5PnOnNeLb39uTkv76EwOrUEeu+WkePin
b990C/qhTtccLPBgYna8JySPvkwPoz+fFHtCG30tSu+po3GgIQR0GK4+i7847xDm
iANI87nIwhyti0X24IJNTpOzgCOaLI5Yw5/Vw451xqAI0jkjMZ6i9Y0LLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/0nwkp/Ob84yTd9DskWIp9s5KIMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvbl9TZkNTbjg1dnpqSk4zME95UllpbjJ6a29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT38uMA0G
CSqGSIb3DQEBCwUAA4IBAQAeQONXhF9vqGZLMgLhZdfR4RwpT5SSckHIMBOct4MH
nLNKlxhU/R1ajcWDsQAKzbD3nx9XZ4avqu67tXO2wfQWtaZA81YETyyDo4ovudAr
VJibU67QmdPVZFvlWCN9RhD/9YwxAw9qzTmkz/Tos2DQGlV6/MMCf5ubYCz3yJzV
uXI7k2H/5ldd4n3jQqQGy6Dr1UBgY9ZwEFaxoEsWVCsDA54K7VHuKOqzzJkfxTzx
JsvY1fB7UKCT0ARnaFlS0aUknHjB5+kdEfq0fr4c7ggILGrpVxstvs9Bt/4KZzhm
BuA/dEmxhb9pdrS9SeXn35rveRTFoa2mcK5kfIVjqqLH
-----END CERTIFICATE-----