Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/1uT0U-OBMjtzpddsJ6jfsq-SE9M.roa
File:                     1uT0U-OBMjtzpddsJ6jfsq-SE9M.roa (raw, json)
Hash identifier:          /f0vrr808ifIDtJxA5PEwWMeOaFuwEhM/WlsbfyWdpM=
Subject key identifier:   D6:E4:F4:53:E3:81:32:3B:73:A5:D7:6C:27:A8:DF:B2:AF:92:13:D3
Certificate issuer:       /CN=2b678f14f8b2288d49557ca6fb1bdf4793927dce
Certificate serial:       018CC6B9434A2B21C44944D8E7F0C3171120
Authority key identifier: 2B:67:8F:14:F8:B2:28:8D:49:55:7C:A6:FB:1B:DF:47:93:92:7D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K2ePFPiyKI1JVXym-xvfR5OSfc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/1uT0U-OBMjtzpddsJ6jfsq-SE9M.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209007
IP address blocks:        79.110.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/K2ePFPiyKI1JVXym-xvfR5OSfc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/K2ePFPiyKI1JVXym-xvfR5OSfc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K2ePFPiyKI1JVXym-xvfR5OSfc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:43:4a:2b:21:c4:49:44:d8:e7:f0:c3:17:11:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b678f14f8b2288d49557ca6fb1bdf4793927dce
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6e4f453e381323b73a5d76c27a8dfb2af9213d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:bd:99:c7:1b:ac:c2:85:e8:1f:de:a1:fb:bc:
                    1d:7c:ef:4c:d5:56:8d:7b:3d:40:cb:41:7c:ca:50:
                    f6:13:79:1f:ad:3f:77:6a:d0:d6:0a:9e:d9:26:ef:
                    86:36:81:f6:b3:7f:68:cb:e4:ae:15:3e:8c:65:cd:
                    75:4e:2c:56:af:3a:9b:92:34:69:c3:26:c5:0b:be:
                    83:78:dd:fd:d2:03:d6:58:8c:2a:35:5a:26:1e:cb:
                    a2:04:5c:9f:cc:5f:d7:d8:b1:09:58:63:ea:5d:02:
                    cf:58:ef:5e:67:79:71:68:24:56:c1:85:b7:8a:2f:
                    3b:56:01:a6:c2:f8:eb:77:63:55:76:39:e7:30:2a:
                    b9:1d:33:41:a4:07:20:31:74:b5:82:0e:da:fe:e4:
                    ea:81:83:b8:22:23:48:fd:fc:18:79:f9:3c:5d:d5:
                    0e:11:67:82:61:02:9b:4f:34:35:74:c2:d1:c6:44:
                    ce:1b:ce:85:d8:f2:4f:03:17:7b:30:22:1e:d5:5f:
                    b1:05:fb:b9:c1:d5:ad:ec:62:93:b3:92:38:93:a6:
                    c8:a0:99:09:a6:1a:93:41:5c:ff:c3:b1:00:74:92:
                    1e:5c:be:37:8e:4e:87:83:b4:ea:a4:0b:38:68:0d:
                    bb:9d:cd:f2:86:77:ab:4a:6e:49:70:a6:e0:81:e5:
                    83:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:E4:F4:53:E3:81:32:3B:73:A5:D7:6C:27:A8:DF:B2:AF:92:13:D3
            X509v3 Authority Key Identifier:
                keyid:2B:67:8F:14:F8:B2:28:8D:49:55:7C:A6:FB:1B:DF:47:93:92:7D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K2ePFPiyKI1JVXym-xvfR5OSfc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/1uT0U-OBMjtzpddsJ6jfsq-SE9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/K2ePFPiyKI1JVXym-xvfR5OSfc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:58:97:52:24:29:94:f1:6f:d0:83:92:2e:e3:ef:a5:65:16:
         42:6a:4a:10:23:27:db:69:c3:7b:6f:44:91:49:67:ee:c0:59:
         23:48:cc:12:21:c8:fe:09:51:b7:09:c5:d0:c9:07:ed:01:5b:
         99:89:5a:c1:5c:b5:59:77:cb:77:a2:17:66:65:52:0c:46:d4:
         d1:9f:ac:58:65:13:a6:8f:21:e0:16:ff:33:fa:c6:91:27:e7:
         39:26:84:45:7f:67:05:91:4f:7a:a8:9e:06:f4:cb:59:eb:b7:
         be:08:18:74:ea:ca:fb:6f:f6:08:4d:c4:59:cd:96:ee:5b:43:
         09:1f:ab:fd:8b:7a:e8:83:68:07:90:c2:1a:e5:6f:23:e7:8d:
         9e:6b:03:2d:42:6d:d7:a8:b6:fc:62:81:18:a7:2a:1a:99:97:
         42:46:f5:73:b4:e3:60:68:df:ea:78:da:6c:68:b7:15:d1:80:
         8c:04:df:36:3c:86:ea:9c:d3:80:15:88:e4:7f:2b:f5:f2:3b:
         fd:0f:54:07:2a:c7:2b:5a:6c:b0:51:c8:46:cb:e3:cf:47:01:
         1c:b1:e6:51:4a:d4:8f:b5:ab:38:73:4b:f0:3d:27:18:f8:9e:
         96:51:ea:1d:da:65:af:d2:99:f0:63:3e:a7:f8:b5:0c:93:47:
         4f:da:fa:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUNKKyHESUTY5/DDFxEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNjc4ZjE0ZjhiMjI4OGQ0OTU1N2NhNmZiMWJkZjQ3OTM5
MjdkY2UwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmU0ZjQ1M2UzODEzMjNiNzNhNWQ3NmMyN2E4ZGZiMmFmOTIxM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlb2ZxxuswoXoH96h+7wdfO9M1VaN
ez1Ay0F8ylD2E3kfrT93atDWCp7ZJu+GNoH2s39oy+SuFT6MZc11TixWrzqbkjRp
wybFC76DeN390gPWWIwqNVomHsuiBFyfzF/X2LEJWGPqXQLPWO9eZ3lxaCRWwYW3
ii87VgGmwvjrd2NVdjnnMCq5HTNBpAcgMXS1gg7a/uTqgYO4IiNI/fwYefk8XdUO
EWeCYQKbTzQ1dMLRxkTOG86F2PJPAxd7MCIe1V+xBfu5wdWt7GKTs5I4k6bIoJkJ
phqTQVz/w7EAdJIeXL43jk6Hg7TqpAs4aA27nc3yhnerSm5JcKbggeWDLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbk9FPjgTI7c6XXbCeo37KvkhPTMB8GA1UdIwQY
MBaAFCtnjxT4siiNSVV8pvsb30eTkn3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzJlUEZQaXlLSTFKVlh5bS14dmZSNU9TZmM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9iYmE5ZWQtZGEyMS00OTE5LWE4MzEt
ZjFjYzg3M2MyZTI3LzEvMXVUMFUtT0JNanR6cGRkc0o2amZzcS1TRTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9iYmE5ZWQtZGEyMS00OTE5LWE4MzEtZjFjYzg3M2MyZTI3
LzEvSzJlUEZQaXlLSTFKVlh5bS14dmZSNU9TZmM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT27pMA0G
CSqGSIb3DQEBCwUAA4IBAQAkWJdSJCmU8W/Qg5Iu4++lZRZCakoQIyfbacN7b0SR
SWfuwFkjSMwSIcj+CVG3CcXQyQftAVuZiVrBXLVZd8t3ohdmZVIMRtTRn6xYZROm
jyHgFv8z+saRJ+c5JoRFf2cFkU96qJ4G9MtZ67e+CBh06sr7b/YITcRZzZbuW0MJ
H6v9i3rog2gHkMIa5W8j542eawMtQm3XqLb8YoEYpyoamZdCRvVztONgaN/qeNps
aLcV0YCMBN82PIbqnNOAFYjkfyv18jv9D1QHKscrWmywUchGy+PPRwEcseZRStSP
tas4c0vwPScY+J6WUeod2mWv0pnwYz6n+LUMk0dP2vrw
-----END CERTIFICATE-----