Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/D8RtogzfsB_kP_gRk_gvTPM_aNk.roa
File:                     D8RtogzfsB_kP_gRk_gvTPM_aNk.roa (raw, json)
Hash identifier:          UM6ufl/pzfW+mbY+58k2eg+dPIl66tHtZoY6C4PYT1M=
Subject key identifier:   0F:C4:6D:A2:0C:DF:B0:1F:E4:3F:F8:11:93:F8:2F:4C:F3:3F:68:D9
Certificate issuer:       /CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
Certificate serial:       018CC3B741AD3E05DCD7498FCC6A3045F456
Authority key identifier: DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/D8RtogzfsB_kP_gRk_gvTPM_aNk.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15652
IP address blocks:        79.133.196.96/27 maxlen: 27

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:41:ad:3e:05:dc:d7:49:8f:cc:6a:30:45:f4:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fc46da20cdfb01fe43ff81193f82f4cf33f68d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:aa:54:19:15:02:48:78:ab:05:a2:f9:b6:a5:
                    ed:6c:21:18:33:2b:29:57:b0:bc:df:73:71:1e:89:
                    b3:73:0a:aa:4c:7f:a1:4f:0f:03:81:6b:1d:2b:02:
                    8b:6d:1c:bf:e1:73:1e:e5:2d:f4:cf:5a:eb:1d:97:
                    5a:3e:9d:88:e3:fd:e8:a3:43:c1:ae:71:72:bb:f3:
                    64:c6:dd:1a:e8:e7:b7:ed:20:3e:a5:af:a8:09:30:
                    f4:7c:bd:58:ea:50:29:b4:54:9f:17:ab:52:da:74:
                    3d:4f:93:e2:09:7d:8f:73:d4:8d:bb:53:18:f4:98:
                    8e:a3:b6:dd:9b:fc:b5:a9:c1:14:c6:56:94:19:b3:
                    9d:61:13:2e:73:f3:5f:00:18:d2:f5:dd:f5:cb:8b:
                    20:94:e6:c2:f0:9f:5b:d9:42:e7:f8:8a:3f:48:1a:
                    3e:e5:1a:b5:04:da:17:a8:e9:ee:32:61:f2:a7:26:
                    27:07:93:a7:c1:fb:fc:27:25:0d:b2:1b:f6:cb:68:
                    37:7e:bb:31:8a:66:f4:93:22:c0:d2:e1:3d:74:68:
                    29:be:79:f8:9a:2c:f5:0b:14:50:75:c0:5f:09:33:
                    a9:b1:5c:18:07:19:17:97:22:26:aa:e4:ca:fd:cb:
                    bf:b8:b6:24:8f:b4:8f:ad:f3:47:2b:fe:f3:1a:20:
                    ee:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C4:6D:A2:0C:DF:B0:1F:E4:3F:F8:11:93:F8:2F:4C:F3:3F:68:D9
            X509v3 Authority Key Identifier:
                keyid:DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/D8RtogzfsB_kP_gRk_gvTPM_aNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.196.96/27

    Signature Algorithm: sha256WithRSAEncryption
         78:eb:63:1d:27:4e:f9:39:05:47:3d:f3:17:cb:aa:0a:be:1c:
         e4:3b:3f:3e:24:83:4a:7d:27:51:ea:73:fd:2d:1b:dd:82:55:
         4c:d4:00:2f:26:ea:97:6b:ea:ee:76:75:3c:67:aa:75:b8:a0:
         62:31:3e:ad:bc:ec:51:20:4a:85:33:fc:17:d7:5a:00:b5:ec:
         a3:0d:f9:e3:5a:d1:e2:b9:db:ce:d9:e5:14:f8:7d:d8:ab:d9:
         02:eb:f7:f5:c5:00:c6:48:92:d1:fc:c2:ba:04:69:1a:24:bd:
         41:d0:95:98:d3:83:4b:f9:ce:91:3f:b8:fa:da:16:1c:89:93:
         aa:7a:a1:41:f3:a6:97:00:d4:bd:17:b1:19:87:af:f5:3e:37:
         1a:27:11:47:e3:01:b6:1e:af:b6:2e:0d:63:c1:25:94:0e:ad:
         8c:e5:bc:8c:4d:a4:55:cd:c6:9f:c3:d7:2c:4d:60:e7:a4:cd:
         38:14:ab:da:f6:ef:b6:1c:e3:0b:b8:fd:af:cb:25:10:69:a3:
         8c:f5:5a:23:f5:11:67:0c:bb:24:7f:9d:89:7c:2b:0f:e5:28:
         59:dc:52:04:b5:52:a2:39:56:b1:76:68:26:af:5f:43:7e:42:
         ab:25:7f:6d:d7:d3:ff:a0:b9:6e:b0:30:bb:38:a2:51:86:46:
         d7:98:a5:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDt0GtPgXc10mPzGowRfRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzg4NDAyMWQxYjAyZThjMTZiNTU1NzQzZGZlYjlkYThl
NDhlMzEwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmM0NmRhMjBjZGZiMDFmZTQzZmY4MTE5M2Y4MmY0Y2YzM2Y2OGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzapUGRUCSHirBaL5tqXtbCEYMysp
V7C833NxHomzcwqqTH+hTw8DgWsdKwKLbRy/4XMe5S30z1rrHZdaPp2I4/3oo0PB
rnFyu/Nkxt0a6Oe37SA+pa+oCTD0fL1Y6lAptFSfF6tS2nQ9T5PiCX2Pc9SNu1MY
9JiOo7bdm/y1qcEUxlaUGbOdYRMuc/NfABjS9d31y4sglObC8J9b2ULn+Io/SBo+
5Rq1BNoXqOnuMmHypyYnB5Onwfv8JyUNshv2y2g3frsximb0kyLA0uE9dGgpvnn4
miz1CxRQdcBfCTOpsVwYBxkXlyImquTK/cu/uLYkj7SPrfNHK/7zGiDuJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA/EbaIM37Af5D/4EZP4L0zzP2jZMB8GA1UdIwQY
MBaAFNw4hAIdGwLowWtVV0Pf652o5I4xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEt
ZDhiNGUwZDBkNmQ1LzEvRDhSdG9nemZzQl9rUF9nUmtfZ3ZUUE1fYU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEtZDhiNGUwZDBkNmQ1
LzEvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUFT4XEYDAN
BgkqhkiG9w0BAQsFAAOCAQEAeOtjHSdO+TkFRz3zF8uqCr4c5Ds/PiSDSn0nUepz
/S0b3YJVTNQALybql2vq7nZ1PGeqdbigYjE+rbzsUSBKhTP8F9daALXsow3541rR
4rnbztnlFPh92KvZAuv39cUAxkiS0fzCugRpGiS9QdCVmNODS/nOkT+4+toWHImT
qnqhQfOmlwDUvRexGYev9T43GicRR+MBth6vti4NY8EllA6tjOW8jE2kVc3Gn8PX
LE1g56TNOBSr2vbvthzjC7j9r8slEGmjjPVaI/URZwy7JH+diXwrD+UoWdxSBLVS
ojlWsXZoJq9fQ35CqyV/bdfT/6C5brAwuziiUYZG15ilaA==
-----END CERTIFICATE-----