Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/cOUTbbQBSeP0vhsTjxefPRGWBbA.roa
File:                     cOUTbbQBSeP0vhsTjxefPRGWBbA.roa (raw, json)
Hash identifier:          IURGGGeNAXAcJdlkRePBT7syRREFla/PkBNwnP5nohU=
Subject key identifier:   70:E5:13:6D:B4:01:49:E3:F4:BE:1B:13:8F:17:9F:3D:11:96:05:B0
Certificate issuer:       /CN=61fbd8887da84471318d83884ac005f01b44fd49
Certificate serial:       018CC94D94B8C5BD5F6EA8A2623CE5C7FFAD
Authority key identifier: 61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/cOUTbbQBSeP0vhsTjxefPRGWBbA.roa
Signing time:             Tue 02 Jan 2024 08:32:33 +0000
ROA not before:           Tue 02 Jan 2024 08:32:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203412
IP address blocks:        79.142.44.0/22 maxlen: 22
                          185.125.172.0/22 maxlen: 22
                          2a07:f00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:94:b8:c5:bd:5f:6e:a8:a2:62:3c:e5:c7:ff:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61fbd8887da84471318d83884ac005f01b44fd49
        Validity
            Not Before: Jan  2 08:32:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70e5136db40149e3f4be1b138f179f3d119605b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:94:d1:3e:29:20:4a:c0:f5:1a:a2:de:fb:e1:
                    2a:e8:20:9e:7c:2f:28:a3:7c:0e:03:32:4a:66:8f:
                    7f:8f:e1:c2:da:fe:30:74:e5:c2:d5:1a:e9:ff:a8:
                    e9:4b:69:1e:f9:df:7f:fe:99:4c:8b:76:27:9b:a8:
                    25:8c:77:aa:67:bd:ab:1b:3b:43:d9:81:d4:ed:64:
                    eb:1e:6a:c8:a5:2a:2f:5e:49:62:ef:7f:21:0b:31:
                    49:99:c5:20:7e:ff:2a:e7:40:ff:ce:e2:f0:dd:77:
                    a7:8f:3e:f8:b6:f4:a1:e5:a3:ef:b5:94:be:99:4e:
                    84:e4:ba:9a:8e:e7:90:fb:ef:e6:9c:8c:16:4f:ae:
                    47:a4:14:d6:47:cf:e9:cd:18:0f:5e:ab:aa:71:c8:
                    01:91:e3:96:c3:6a:12:b1:db:fa:5a:91:3e:35:24:
                    87:13:8a:3c:11:df:7e:a4:98:ce:50:0d:c3:ec:9b:
                    51:d2:b3:cc:78:4e:2a:ad:28:a6:82:42:cc:ee:68:
                    6b:a8:8c:f0:5b:34:de:22:79:a5:d4:94:63:a6:e0:
                    9b:9e:b3:53:63:c1:81:58:10:a1:c7:13:2b:28:ce:
                    35:07:1a:c8:5d:03:e2:c9:0d:16:f5:8d:22:22:ba:
                    c0:e9:fd:89:df:b9:7c:1a:ac:52:b7:8d:c9:64:3f:
                    87:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E5:13:6D:B4:01:49:E3:F4:BE:1B:13:8F:17:9F:3D:11:96:05:B0
            X509v3 Authority Key Identifier:
                keyid:61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/cOUTbbQBSeP0vhsTjxefPRGWBbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.142.44.0/22
                  185.125.172.0/22
                IPv6:
                  2a07:f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:e3:31:6b:9e:26:ab:c6:36:1f:c3:06:77:2e:f4:84:61:c6:
         55:15:fd:85:b4:76:9f:2c:79:f9:bd:e3:5d:c6:4f:ee:d4:3f:
         56:d2:59:a9:1f:d7:d2:51:7e:7e:40:06:4a:a4:31:2f:c3:4e:
         8b:16:ee:ad:ee:63:41:70:27:cb:99:f2:a3:e1:0a:22:cc:14:
         6f:b8:b8:a5:ad:24:ab:73:cb:9d:5c:6c:3f:8e:39:e8:2b:96:
         30:65:79:61:46:a7:1c:72:91:b4:ba:13:44:6e:b9:c3:68:7e:
         48:b1:cb:0d:ab:4a:4e:c2:d4:4c:a2:ad:f1:d7:95:b5:3b:51:
         d8:be:52:3f:14:a4:fc:90:c7:97:a9:73:09:ea:08:ba:81:02:
         6a:56:fa:33:39:bc:d2:ee:ee:61:d1:33:98:90:f9:c7:fe:74:
         31:01:bc:c0:2e:a8:06:a2:d7:ef:82:49:23:35:df:5b:1c:dc:
         ae:31:ae:a0:f4:bc:f6:92:bf:6b:78:a3:22:78:00:f1:9c:89:
         b3:9c:8c:7c:9f:86:ea:d0:d2:a0:2a:c6:4c:1b:de:e6:a4:71:
         dc:87:ab:36:51:0a:58:4e:dc:df:1c:0b:b2:c9:68:f2:d7:7a:
         48:81:8f:77:69:4d:1d:fe:6a:e1:bc:18:91:bd:32:90:c1:46:
         71:d8:dc:4a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJTZS4xb1fbqiiYjzlx/+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZmJkODg4N2RhODQ0NzEzMThkODM4ODRhYzAwNWYwMWI0
NGZkNDkwHhcNMjQwMTAyMDgzMjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGU1MTM2ZGI0MDE0OWUzZjRiZTFiMTM4ZjE3OWYzZDExOTYwNWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJTRPikgSsD1GqLe++Eq6CCefC8o
o3wOAzJKZo9/j+HC2v4wdOXC1Rrp/6jpS2ke+d9//plMi3Ynm6gljHeqZ72rGztD
2YHU7WTrHmrIpSovXkli738hCzFJmcUgfv8q50D/zuLw3Xenjz74tvSh5aPvtZS+
mU6E5LqajueQ++/mnIwWT65HpBTWR8/pzRgPXquqccgBkeOWw2oSsdv6WpE+NSSH
E4o8Ed9+pJjOUA3D7JtR0rPMeE4qrSimgkLM7mhrqIzwWzTeInml1JRjpuCbnrNT
Y8GBWBChxxMrKM41BxrIXQPiyQ0W9Y0iIrrA6f2J37l8GqxSt43JZD+HewIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHDlE220AUnj9L4bE48Xnz0RlgWwMB8GA1UdIwQY
MBaAFGH72Ih9qERxMY2DiErABfAbRP1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWZ2WWlIMm9SSEV4allPSVNzQUY4QnRFX1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8wY2U1NjktYWI4ZS00NzEyLTk0OWEt
Y2VjOWUxN2Y1MDRiLzEvY09VVGJiUUJTZVAwdmhzVGp4ZWZQUkdXQmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8wY2U1NjktYWI4ZS00NzEyLTk0OWEtY2VjOWUxN2Y1MDRi
LzEvWWZ2WWlIMm9SSEV4allPSVNzQUY4QnRFX1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCT44sAwQC
uX2sMA0EAgACMAcDBQMqBw8AMA0GCSqGSIb3DQEBCwUAA4IBAQBt4zFrniarxjYf
wwZ3LvSEYcZVFf2FtHafLHn5veNdxk/u1D9W0lmpH9fSUX5+QAZKpDEvw06LFu6t
7mNBcCfLmfKj4QoizBRvuLilrSSrc8udXGw/jjnoK5YwZXlhRqcccpG0uhNEbrnD
aH5IscsNq0pOwtRMoq3x15W1O1HYvlI/FKT8kMeXqXMJ6gi6gQJqVvozObzS7u5h
0TOYkPnH/nQxAbzALqgGotfvgkkjNd9bHNyuMa6g9Lz2kr9reKMieADxnImznIx8
n4bq0NKgKsZMG97mpHHch6s2UQpYTtzfHAuyyWjy13pIgY93aU0d/mrhvBiRvTKQ
wUZx2NxK
-----END CERTIFICATE-----