Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/Cy2yi2Wg6gvWxvWinD0y8B7maJU.roa
File:                     Cy2yi2Wg6gvWxvWinD0y8B7maJU.roa (raw, json)
Hash identifier:          laRvHoonwa7hd1lB+fKdzsT5OUPZnliZygBXvaoT5kA=
Subject key identifier:   0B:2D:B2:8B:65:A0:EA:0B:D6:C6:F5:A2:9C:3D:32:F0:1E:E6:68:95
Certificate issuer:       /CN=04268ae40737536a464c28493eaf503db9a18f20
Certificate serial:       018CC3B68FFA5BAD7E55C291A08205BDAF26
Authority key identifier: 04:26:8A:E4:07:37:53:6A:46:4C:28:49:3E:AF:50:3D:B9:A1:8F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BCaK5Ac3U2pGTChJPq9QPbmhjyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/Cy2yi2Wg6gvWxvWinD0y8B7maJU.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.134.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/BCaK5Ac3U2pGTChJPq9QPbmhjyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/BCaK5Ac3U2pGTChJPq9QPbmhjyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BCaK5Ac3U2pGTChJPq9QPbmhjyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8f:fa:5b:ad:7e:55:c2:91:a0:82:05:bd:af:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04268ae40737536a464c28493eaf503db9a18f20
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b2db28b65a0ea0bd6c6f5a29c3d32f01ee66895
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6c:b7:25:6c:b2:8b:38:9c:d0:f2:8d:cf:75:
                    aa:81:db:56:86:70:ba:3b:62:25:75:2e:9c:3e:29:
                    7a:3f:58:99:40:51:02:e6:11:74:42:94:c5:8f:c8:
                    56:28:70:69:3a:a6:da:f6:2a:4d:50:42:50:86:75:
                    31:4a:d2:0c:ab:01:ac:94:8f:69:1f:62:da:97:61:
                    01:5d:7f:21:c6:7d:eb:cf:00:0a:0d:c0:ca:bd:6e:
                    ec:b5:07:65:1a:49:75:72:22:61:1d:b2:ab:93:59:
                    ab:44:77:4b:ad:ab:7c:55:13:34:70:8f:4a:a2:aa:
                    bc:ee:d1:d0:4f:58:1e:bb:f7:e2:6e:77:17:a5:4f:
                    98:d4:e9:f4:c1:da:1d:b3:50:5c:ac:4d:d1:96:bc:
                    ff:cb:b6:fb:35:4f:eb:26:69:2e:01:8e:fe:73:24:
                    3d:e5:75:93:0d:d8:e8:82:12:58:0e:45:0b:f6:cd:
                    29:c9:92:7f:9a:44:0d:c7:19:42:0f:66:e4:9d:54:
                    12:78:e3:71:28:e1:24:67:76:90:59:93:4f:ed:c6:
                    27:31:64:2f:ca:7d:13:5b:07:57:61:6a:7c:96:8e:
                    a1:b0:f5:2b:ce:ef:44:61:76:8a:51:e2:e8:8f:1a:
                    08:a1:3e:e0:dd:e4:f4:dd:f7:07:4a:8c:be:e8:29:
                    e2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2D:B2:8B:65:A0:EA:0B:D6:C6:F5:A2:9C:3D:32:F0:1E:E6:68:95
            X509v3 Authority Key Identifier:
                keyid:04:26:8A:E4:07:37:53:6A:46:4C:28:49:3E:AF:50:3D:B9:A1:8F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BCaK5Ac3U2pGTChJPq9QPbmhjyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/Cy2yi2Wg6gvWxvWinD0y8B7maJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/BCaK5Ac3U2pGTChJPq9QPbmhjyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:f4:df:b3:24:89:0f:b0:09:b6:2a:d6:d5:dc:bd:ca:76:03:
         0c:aa:bd:1d:48:97:7f:46:1e:b5:90:fd:1a:cc:30:f4:75:b1:
         e8:a5:4b:87:02:2c:b7:6e:3d:5c:53:73:cd:eb:e9:f0:b8:45:
         0a:5e:ef:f0:fc:90:f3:f7:80:4d:e7:c0:53:6a:95:52:07:a4:
         f6:9a:04:2a:f2:3e:3e:3f:87:81:16:4b:c8:ba:61:aa:88:50:
         53:02:c7:1b:5d:66:20:f0:79:18:3b:2e:98:96:1c:25:89:bd:
         6d:15:af:23:a7:f5:11:b2:6e:18:a4:f0:d7:21:7f:10:41:52:
         0d:fd:80:bd:18:6b:d3:a4:3f:97:14:2d:32:c8:bb:c2:7b:2b:
         5f:95:a4:17:c5:bb:e1:11:f3:c2:b2:81:e9:c6:86:ce:85:72:
         88:c5:e9:36:e9:c5:b1:f1:c7:d8:71:a1:b8:e0:70:5a:da:59:
         07:9e:43:b7:d7:83:30:2c:6a:d1:c2:29:6d:17:01:eb:0c:6a:
         ea:33:e6:04:71:54:83:45:f1:d0:f0:cb:4b:c2:6c:40:fb:c6:
         1c:da:e7:f0:10:d7:dc:77:70:42:0f:e2:f1:08:fc:c9:7d:72:
         e2:03:70:92:ba:b4:89:b9:a1:f5:2d:e9:a4:88:75:d3:a5:ea:
         03:a5:e3:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDto/6W61+VcKRoIIFva8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MjY4YWU0MDczNzUzNmE0NjRjMjg0OTNlYWY1MDNkYjlh
MThmMjAwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjJkYjI4YjY1YTBlYTBiZDZjNmY1YTI5YzNkMzJmMDFlZTY2ODk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWy3JWyyizic0PKNz3WqgdtWhnC6
O2IldS6cPil6P1iZQFEC5hF0QpTFj8hWKHBpOqba9ipNUEJQhnUxStIMqwGslI9p
H2Lal2EBXX8hxn3rzwAKDcDKvW7stQdlGkl1ciJhHbKrk1mrRHdLrat8VRM0cI9K
oqq87tHQT1geu/fibncXpU+Y1On0wdods1BcrE3Rlrz/y7b7NU/rJmkuAY7+cyQ9
5XWTDdjoghJYDkUL9s0pyZJ/mkQNxxlCD2bknVQSeONxKOEkZ3aQWZNP7cYnMWQv
yn0TWwdXYWp8lo6hsPUrzu9EYXaKUeLojxoIoT7g3eT03fcHSoy+6CnihwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAstsotloOoL1sb1opw9MvAe5miVMB8GA1UdIwQY
MBaAFAQmiuQHN1NqRkwoST6vUD25oY8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkNhSzVBYzNVMnBHVENoSlBxOVFQYm1oanlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83OTY4MjMtNmQ4MS00ZDkxLWI2NjQt
ZTBhYmQ0ZDg0NTcxLzEvQ3kyeWkyV2c2Z3ZXeHZXaW5EMHk4QjdtYUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83OTY4MjMtNmQ4MS00ZDkxLWI2NjQtZTBhYmQ0ZDg0NTcx
LzEvQkNhSzVBYzNVMnBHVENoSlBxOVFQYm1oanlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYZPMA0G
CSqGSIb3DQEBCwUAA4IBAQCr9N+zJIkPsAm2KtbV3L3KdgMMqr0dSJd/Rh61kP0a
zDD0dbHopUuHAiy3bj1cU3PN6+nwuEUKXu/w/JDz94BN58BTapVSB6T2mgQq8j4+
P4eBFkvIumGqiFBTAscbXWYg8HkYOy6Ylhwlib1tFa8jp/URsm4YpPDXIX8QQVIN
/YC9GGvTpD+XFC0yyLvCeytflaQXxbvhEfPCsoHpxobOhXKIxek26cWx8cfYcaG4
4HBa2lkHnkO314MwLGrRwiltFwHrDGrqM+YEcVSDRfHQ8MtLwmxA+8Yc2ufwENfc
d3BCD+LxCPzJfXLiA3CSurSJuaH1LemkiHXTpeoDpeN2
-----END CERTIFICATE-----