Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/DUmTyGaQSOBqpR3dxZLvFfTxtLY.roa
File:                     DUmTyGaQSOBqpR3dxZLvFfTxtLY.roa (raw, json)
Hash identifier:          oMF3MI2USN5DZ/Gl+v2K18u2p6bX5ep/i9dlJhTk/dw=
Subject key identifier:   0D:49:93:C8:66:90:48:E0:6A:A5:1D:DD:C5:92:EF:15:F4:F1:B4:B6
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       018CCA2A92AAF5E4989CC5AE833FBCCBA4F8
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/DUmTyGaQSOBqpR3dxZLvFfTxtLY.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395753
IP address blocks:        217.79.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:04:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:92:aa:f5:e4:98:9c:c5:ae:83:3f:bc:cb:a4:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d4993c8669048e06aa51dddc592ef15f4f1b4b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ce:81:c2:db:21:b6:e9:78:b4:ad:00:2b:7d:
                    16:1c:5c:4e:be:f2:f8:e5:67:d7:55:f8:f9:04:c8:
                    02:cb:71:a3:a0:0f:4b:cc:2f:0e:cd:ba:65:a5:d3:
                    39:cf:5e:8d:97:c5:ea:13:56:e0:a4:81:fb:e3:99:
                    2e:8e:6d:52:32:76:8f:f2:94:e7:04:fb:97:9b:50:
                    1f:6b:03:5f:80:76:bf:3e:ea:ff:85:47:af:31:2f:
                    56:14:1e:aa:01:de:a2:76:82:7e:e9:ff:1a:1e:be:
                    74:53:ed:51:72:74:28:20:2a:14:f9:ea:7f:da:16:
                    a8:25:c7:70:46:e6:b5:df:c8:70:b2:f4:cc:4d:23:
                    5f:d0:58:bf:51:f5:8a:7d:10:d2:a2:a9:d1:fd:7d:
                    7c:02:6c:0b:cd:fe:0b:e5:70:86:f7:d7:22:72:7c:
                    42:c7:c6:2c:0f:af:05:7a:0e:9c:4c:3e:b8:9d:05:
                    da:04:3f:19:ac:ce:23:05:27:41:dc:54:aa:bd:7a:
                    39:e7:cf:68:09:c6:00:2d:ee:4c:67:8b:4b:27:54:
                    11:bc:c9:ac:c4:ab:59:ab:e8:63:21:df:c7:45:96:
                    59:cd:98:ef:cd:07:de:3b:4c:86:73:49:10:9f:7a:
                    74:ca:4c:c7:d4:d0:ac:1a:dd:2b:9e:45:58:d5:ac:
                    88:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:49:93:C8:66:90:48:E0:6A:A5:1D:DD:C5:92:EF:15:F4:F1:B4:B6
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/DUmTyGaQSOBqpR3dxZLvFfTxtLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.79.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:cf:56:04:dc:9c:0e:4c:3f:0d:eb:89:b5:be:3f:56:0a:04:
         64:d1:8f:70:7b:21:17:e0:9d:a7:d3:bc:52:b1:26:b0:a7:c5:
         4c:c8:bc:86:fb:f7:6c:95:3d:64:e8:0b:5e:b0:7a:53:79:97:
         2e:a5:54:4e:5d:9e:0a:ec:db:b6:82:3a:2c:ca:89:ae:06:99:
         9d:64:85:cc:19:59:9d:f2:66:e2:ae:f7:d9:6e:83:6f:d6:74:
         17:b2:6c:3b:f3:83:0a:aa:c1:ec:d0:27:7c:fa:ca:70:3e:52:
         29:e4:8c:01:ec:c4:89:8b:cd:f6:0f:87:7c:74:ef:4c:88:1f:
         8b:bf:df:8d:88:0a:51:ff:a3:cc:7b:a1:92:91:e6:e6:47:03:
         35:da:db:4a:45:47:32:1d:a0:a4:a6:9d:51:68:59:aa:32:e4:
         7e:ef:70:69:d6:5d:c6:02:cd:a9:91:fe:12:1a:0e:e5:7e:6f:
         5a:a6:a2:5b:a7:92:30:3a:a7:55:cf:2f:c2:1a:4f:69:6d:65:
         15:67:83:09:97:57:ee:68:37:13:7d:4b:32:7e:60:94:0a:ab:
         47:6c:51:7a:cb:82:58:f5:cd:ab:71:5d:8d:73:98:40:c8:d2:
         b1:8f:18:d1:f3:b4:8c:b5:a2:f1:53:90:ac:5f:c1:ba:db:74:
         ac:0b:87:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpKq9eSYnMWugz+8y6T4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQ5OTNjODY2OTA0OGUwNmFhNTFkZGRjNTkyZWYxNWY0ZjFiNGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiM6Bwtshtul4tK0AK30WHFxOvvL4
5WfXVfj5BMgCy3GjoA9LzC8OzbplpdM5z16Nl8XqE1bgpIH745kujm1SMnaP8pTn
BPuXm1AfawNfgHa/Pur/hUevMS9WFB6qAd6idoJ+6f8aHr50U+1RcnQoICoU+ep/
2haoJcdwRua138hwsvTMTSNf0Fi/UfWKfRDSoqnR/X18AmwLzf4L5XCG99cicnxC
x8YsD68Feg6cTD64nQXaBD8ZrM4jBSdB3FSqvXo5589oCcYALe5MZ4tLJ1QRvMms
xKtZq+hjId/HRZZZzZjvzQfeO0yGc0kQn3p0ykzH1NCsGt0rnkVY1ayIZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1Jk8hmkEjgaqUd3cWS7xX08bS2MB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvRFVtVHlHYVFTT0JxcFIzZHhaTHZGZlR4dExZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2U+iMA0G
CSqGSIb3DQEBCwUAA4IBAQB7z1YE3JwOTD8N64m1vj9WCgRk0Y9weyEX4J2n07xS
sSawp8VMyLyG+/dslT1k6AtesHpTeZcupVROXZ4K7Nu2gjosyomuBpmdZIXMGVmd
8mbirvfZboNv1nQXsmw784MKqsHs0Cd8+spwPlIp5IwB7MSJi832D4d8dO9MiB+L
v9+NiApR/6PMe6GSkebmRwM12ttKRUcyHaCkpp1RaFmqMuR+73Bp1l3GAs2pkf4S
Gg7lfm9apqJbp5IwOqdVzy/CGk9pbWUVZ4MJl1fuaDcTfUsyfmCUCqtHbFF6y4JY
9c2rcV2Nc5hAyNKxjxjR87SMtaLxU5CsX8G623SsC4dz
-----END CERTIFICATE-----