Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/79JfelMRcTCXmBNIor2H3uJ2Kd0.roa
File:                     79JfelMRcTCXmBNIor2H3uJ2Kd0.roa (raw, json)
Hash identifier:          7UuEitctFimrF0rcrvKSJu6b91LRg3A5frAymixn9EE=
Subject key identifier:   EF:D2:5F:7A:53:11:71:30:97:98:13:48:A2:BD:87:DE:E2:76:29:DD
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       018CC50111B66A136C4CFDBA73728FD7D943
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/79JfelMRcTCXmBNIor2H3uJ2Kd0.roa
Signing time:             Mon 01 Jan 2024 12:30:30 +0000
ROA not before:           Mon 01 Jan 2024 12:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395839
IP address blocks:        185.255.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:11:b6:6a:13:6c:4c:fd:ba:73:72:8f:d7:d9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jan  1 12:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efd25f7a5311713097981348a2bd87dee27629dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ac:0c:23:ad:39:07:11:55:a9:59:7f:4a:2f:
                    ee:3f:a9:38:74:61:57:02:c2:63:03:8b:51:45:4b:
                    ca:fd:c8:a1:ed:df:c1:13:49:d7:3c:90:b5:4b:d0:
                    e9:06:6b:e6:58:57:35:ca:cb:9d:9a:7c:b6:7e:c4:
                    aa:05:41:ff:f5:79:76:23:55:7d:70:80:31:ae:32:
                    92:f6:00:f8:e4:3f:c2:13:d0:91:a3:c7:0f:51:26:
                    ec:0a:10:26:4d:e1:77:b8:07:6d:b7:e9:50:0c:35:
                    b5:0f:97:a0:2d:bb:ff:2a:2f:63:32:d4:a1:58:39:
                    b1:7c:37:3a:e6:5c:49:96:db:7f:c8:26:08:b4:71:
                    56:93:e7:95:b1:96:35:1b:a9:f5:db:1b:ce:f9:73:
                    3c:80:b6:2e:15:f6:36:ad:e3:47:c9:7b:5e:e2:eb:
                    65:00:04:c6:c1:f4:2c:85:85:fb:9d:e8:a4:57:d9:
                    a2:41:15:ed:e8:1a:da:e5:95:36:4b:b2:15:b2:4c:
                    ce:5b:58:cc:cb:8e:e8:60:39:5d:90:2b:43:44:dd:
                    4e:9e:18:94:ad:3d:28:8b:dd:c7:8c:4a:81:b2:ab:
                    1b:69:9c:16:2e:74:75:5e:b3:52:04:de:1c:3a:f4:
                    53:f8:05:e5:ae:a8:fa:0e:f5:da:e4:bb:d8:d0:1a:
                    f1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:D2:5F:7A:53:11:71:30:97:98:13:48:A2:BD:87:DE:E2:76:29:DD
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/79JfelMRcTCXmBNIor2H3uJ2Kd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:88:01:02:3e:fa:ce:b1:a6:03:6f:30:df:ab:12:b7:61:fd:
         8d:54:42:23:59:c9:dd:01:46:60:b3:18:25:98:a8:68:f2:86:
         e5:d5:38:da:b3:1d:ba:2a:21:92:18:c7:2b:b6:a4:7d:52:5b:
         1a:aa:42:5c:14:98:33:09:b5:66:d9:8c:f2:97:34:aa:1a:99:
         62:28:90:58:91:0e:5d:3e:fc:26:9e:d7:40:5e:82:82:04:4a:
         cf:bf:f8:ef:d9:20:c4:59:76:d8:a8:d6:ec:1b:89:29:9f:21:
         ef:5d:a4:ed:22:20:09:78:6e:83:12:74:91:61:6b:53:ae:3c:
         35:ae:4e:ec:a0:73:3b:ab:6c:a9:e0:d3:15:ac:a2:29:d7:74:
         bc:1b:3b:3f:0b:7a:0f:66:2e:f4:33:46:8c:c3:b9:05:a4:03:
         8f:bc:ca:bf:79:04:cb:38:5d:e9:43:9c:21:7c:83:15:90:92:
         36:ed:99:ee:31:eb:61:fb:26:6d:02:1b:9d:a9:a0:f1:e8:a3:
         2f:1b:dd:76:11:f7:1e:34:51:a2:ee:44:1c:99:0f:88:05:bc:
         58:18:77:4d:d1:36:8e:04:cc:42:b7:98:ba:d8:a8:9c:ad:88:
         ff:17:32:20:b0:3b:70:df:ad:5f:d3:7b:c1:9d:fc:da:46:52:
         35:4e:b9:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARG2ahNsTP26c3KP19lDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjQwMTAxMTIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmQyNWY3YTUzMTE3MTMwOTc5ODEzNDhhMmJkODdkZWUyNzYyOWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6wMI605BxFVqVl/Si/uP6k4dGFX
AsJjA4tRRUvK/cih7d/BE0nXPJC1S9DpBmvmWFc1ysudmny2fsSqBUH/9Xl2I1V9
cIAxrjKS9gD45D/CE9CRo8cPUSbsChAmTeF3uAdtt+lQDDW1D5egLbv/Ki9jMtSh
WDmxfDc65lxJltt/yCYItHFWk+eVsZY1G6n12xvO+XM8gLYuFfY2reNHyXte4utl
AATGwfQshYX7neikV9miQRXt6Bra5ZU2S7IVskzOW1jMy47oYDldkCtDRN1OnhiU
rT0oi93HjEqBsqsbaZwWLnR1XrNSBN4cOvRT+AXlrqj6DvXa5LvY0BrxAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/SX3pTEXEwl5gTSKK9h97idindMB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvNzlKZmVsTVJjVENYbUJOSW9yMkgzdUoyS2QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf8HMA0G
CSqGSIb3DQEBCwUAA4IBAQBYiAECPvrOsaYDbzDfqxK3Yf2NVEIjWcndAUZgsxgl
mKho8obl1Tjasx26KiGSGMcrtqR9UlsaqkJcFJgzCbVm2YzylzSqGpliKJBYkQ5d
PvwmntdAXoKCBErPv/jv2SDEWXbYqNbsG4kpnyHvXaTtIiAJeG6DEnSRYWtTrjw1
rk7soHM7q2yp4NMVrKIp13S8Gzs/C3oPZi70M0aMw7kFpAOPvMq/eQTLOF3pQ5wh
fIMVkJI27ZnuMeth+yZtAhudqaDx6KMvG912EfceNFGi7kQcmQ+IBbxYGHdN0TaO
BMxCt5i62KicrYj/FzIgsDtw361f03vBnfzaRlI1Trk8
-----END CERTIFICATE-----