Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/5737b0-bb24-4e92-b19d-5e65c7d61b9e/1/sGNVx8ovtosfXKFdGydSNLxpY0o.roa
File:                     sGNVx8ovtosfXKFdGydSNLxpY0o.roa (raw, json)
Hash identifier:          3cQB+nAAPj77zyUlCjVJNbPOCWd5gVzUB24qnwmNEII=
Subject key identifier:   B0:63:55:C7:CA:2F:B6:8B:1F:5C:A1:5D:1B:27:52:34:BC:69:63:4A
Certificate issuer:       /CN=dbcacaaf8ac13a964ab3d461935841c8e1c93b80
Certificate serial:       018CC64AE5EC846A2255610F402FBDD64C72
Authority key identifier: DB:CA:CA:AF:8A:C1:3A:96:4A:B3:D4:61:93:58:41:C8:E1:C9:3B:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28rKr4rBOpZKs9Rhk1hByOHJO4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/5737b0-bb24-4e92-b19d-5e65c7d61b9e/1/sGNVx8ovtosfXKFdGydSNLxpY0o.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        141.79.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/5737b0-bb24-4e92-b19d-5e65c7d61b9e/1/28rKr4rBOpZKs9Rhk1hByOHJO4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/5737b0-bb24-4e92-b19d-5e65c7d61b9e/1/28rKr4rBOpZKs9Rhk1hByOHJO4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28rKr4rBOpZKs9Rhk1hByOHJO4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e5:ec:84:6a:22:55:61:0f:40:2f:bd:d6:4c:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbcacaaf8ac13a964ab3d461935841c8e1c93b80
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b06355c7ca2fb68b1f5ca15d1b275234bc69634a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:bf:92:6f:c3:c3:8e:8d:c5:c2:6f:23:eb:7f:
                    4f:46:eb:dd:c6:81:ad:c0:9d:59:14:e2:6f:58:b4:
                    35:58:bd:e0:b1:5d:4f:e1:76:22:33:09:9a:d9:b5:
                    67:06:ea:40:8e:2f:aa:de:6a:2b:d0:73:3f:ce:fa:
                    65:44:86:ac:71:6f:81:30:fe:aa:ed:a9:2f:4d:3a:
                    81:02:bc:00:fd:ce:5a:44:ce:96:54:a6:94:77:ef:
                    d1:d2:9d:3c:eb:2f:f3:4a:af:ed:6b:81:69:29:c0:
                    66:72:1f:b0:a0:a2:16:4f:2c:7a:a3:fc:40:a0:cb:
                    5f:b7:7d:51:15:10:c5:4c:6c:bf:09:67:ce:1f:67:
                    5f:a2:19:83:b8:74:9c:ad:33:60:0a:1e:f4:06:fb:
                    97:c5:dc:37:01:0f:02:4b:8a:76:ad:2f:cd:67:b5:
                    22:d7:7a:db:05:e5:08:29:7f:fc:66:74:80:ac:18:
                    26:de:0b:85:c1:06:96:db:2e:93:7f:06:d8:67:ae:
                    42:cd:1e:0a:a4:ea:7b:36:d4:2e:4c:01:d1:75:ed:
                    1e:fa:f6:12:d6:4f:03:56:0e:50:4c:1d:76:fb:e8:
                    f1:8d:17:f1:07:c2:a7:50:9b:f1:46:9a:03:1b:a3:
                    55:46:4a:8f:15:94:36:a1:c8:ba:80:4f:36:5f:67:
                    f2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:63:55:C7:CA:2F:B6:8B:1F:5C:A1:5D:1B:27:52:34:BC:69:63:4A
            X509v3 Authority Key Identifier:
                keyid:DB:CA:CA:AF:8A:C1:3A:96:4A:B3:D4:61:93:58:41:C8:E1:C9:3B:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28rKr4rBOpZKs9Rhk1hByOHJO4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/5737b0-bb24-4e92-b19d-5e65c7d61b9e/1/sGNVx8ovtosfXKFdGydSNLxpY0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/5737b0-bb24-4e92-b19d-5e65c7d61b9e/1/28rKr4rBOpZKs9Rhk1hByOHJO4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.79.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ae:81:d3:2b:64:7a:f9:f3:ac:19:9b:24:f3:a2:f8:ea:eb:b7:
         68:3d:2b:fb:8e:3d:ab:e0:ed:62:c2:f5:4b:43:9a:6d:c9:51:
         87:de:6d:40:f0:be:d7:c3:6e:44:00:fe:3e:98:e3:3d:96:87:
         28:a1:4f:16:2f:d0:cc:1b:1d:72:69:11:22:60:a3:f4:ab:5d:
         87:03:24:49:39:f8:11:64:11:73:e8:23:6d:44:8b:86:6f:db:
         61:b9:4c:84:f0:42:26:b1:de:23:c5:71:f4:d0:b3:35:3c:31:
         8d:ee:61:cd:48:55:5c:12:7d:8b:86:6b:32:66:5f:08:a3:81:
         d9:05:ac:4a:dc:d2:e7:0b:4e:3a:c0:74:e6:54:21:0f:49:38:
         5e:ab:ec:e3:06:25:db:09:38:49:df:d3:06:14:e2:bd:89:92:
         6d:56:7d:e1:2f:83:60:1b:e9:5f:dd:27:4f:ae:6c:b9:dc:a9:
         2b:26:b6:48:15:7f:30:c2:2a:b0:e1:00:cf:9e:26:a8:9a:99:
         58:d4:6d:b9:7b:a3:fc:a8:0c:a5:47:c4:d0:1b:9f:73:5e:93:
         42:86:e1:35:54:7f:e5:a6:33:4a:c0:be:34:d3:0c:61:fb:99:
         1a:ed:88:7d:04:e0:4d:76:7e:3a:39:c2:8a:57:b4:2c:be:f2:
         ea:bd:cf:c6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGSuXshGoiVWEPQC+91kxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiY2FjYWFmOGFjMTNhOTY0YWIzZDQ2MTkzNTg0MWM4ZTFj
OTNiODAwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDYzNTVjN2NhMmZiNjhiMWY1Y2ExNWQxYjI3NTIzNGJjNjk2MzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAib+Sb8PDjo3Fwm8j639PRuvdxoGt
wJ1ZFOJvWLQ1WL3gsV1P4XYiMwma2bVnBupAji+q3mor0HM/zvplRIascW+BMP6q
7akvTTqBArwA/c5aRM6WVKaUd+/R0p086y/zSq/ta4FpKcBmch+woKIWTyx6o/xA
oMtft31RFRDFTGy/CWfOH2dfohmDuHScrTNgCh70BvuXxdw3AQ8CS4p2rS/NZ7Ui
13rbBeUIKX/8ZnSArBgm3guFwQaW2y6TfwbYZ65CzR4KpOp7NtQuTAHRde0e+vYS
1k8DVg5QTB12++jxjRfxB8KnUJvxRpoDG6NVRkqPFZQ2oci6gE82X2fyAQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLBjVcfKL7aLH1yhXRsnUjS8aWNKMB8GA1UdIwQY
MBaAFNvKyq+KwTqWSrPUYZNYQcjhyTuAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhyS3I0ckJPcFpLczlSaGsxaEJ5T0hKTzRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy81NzM3YjAtYmIyNC00ZTkyLWIxOWQt
NWU2NWM3ZDYxYjllLzEvc0dOVng4b3Z0b3NmWEtGZEd5ZFNOTHhwWTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy81NzM3YjAtYmIyNC00ZTkyLWIxOWQtNWU2NWM3ZDYxYjll
LzEvMjhyS3I0ckJPcFpLczlSaGsxaEJ5T0hKTzRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjU8wDQYJ
KoZIhvcNAQELBQADggEBAK6B0ytkevnzrBmbJPOi+Orrt2g9K/uOPavg7WLC9UtD
mm3JUYfebUDwvtfDbkQA/j6Y4z2WhyihTxYv0MwbHXJpESJgo/SrXYcDJEk5+BFk
EXPoI21Ei4Zv22G5TITwQiax3iPFcfTQszU8MY3uYc1IVVwSfYuGazJmXwijgdkF
rErc0ucLTjrAdOZUIQ9JOF6r7OMGJdsJOEnf0wYU4r2Jkm1WfeEvg2Ab6V/dJ0+u
bLncqSsmtkgVfzDCKrDhAM+eJqiamVjUbbl7o/yoDKVHxNAbn3Nek0KG4TVUf+Wm
M0rAvjTTDGH7mRrtiH0E4E12fjo5wopXtCy+8uq9z8Y=
-----END CERTIFICATE-----