Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/RwNWNeP7p9nPRKqggG5Fg-0dg1Y.roa
File:                     RwNWNeP7p9nPRKqggG5Fg-0dg1Y.roa (raw, json)
Hash identifier:          59jBGNzoYGa3BqlojYEKq27Q4+sxpkOeSZT0UVOjspM=
Subject key identifier:   47:03:56:35:E3:FB:A7:D9:CF:44:AA:A0:80:6E:45:83:ED:1D:83:56
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018FC440A861FFE02CACBD7575B20B6D184F
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/RwNWNeP7p9nPRKqggG5Fg-0dg1Y.roa
Signing time:             Wed 29 May 2024 12:08:42 +0000
ROA not before:           Wed 29 May 2024 12:08:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214812
IP address blocks:        79.124.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c4:40:a8:61:ff:e0:2c:ac:bd:75:75:b2:0b:6d:18:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: May 29 12:08:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47035635e3fba7d9cf44aaa0806e4583ed1d8356
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:28:ec:d2:ba:95:5b:67:52:72:d5:bb:da:41:
                    1c:92:9c:c9:64:2a:4f:7b:eb:53:2d:a8:eb:75:fb:
                    14:8c:18:ff:4d:2b:ae:66:ae:cd:a1:3b:dd:84:d9:
                    57:e1:3c:94:92:e5:e6:8c:e0:8f:45:79:68:ad:c7:
                    50:37:63:fc:67:3d:cf:b9:55:e2:e5:37:8d:f4:1b:
                    d8:38:dc:35:db:ab:9a:c8:01:0f:10:13:a4:ba:67:
                    b5:f4:52:1a:41:44:08:b3:9b:6b:35:be:f1:6a:8b:
                    0d:8f:6e:e1:c3:f7:25:36:eb:6e:35:9e:35:40:5e:
                    1a:3d:89:16:ca:c9:4d:16:f3:ba:ba:f9:a4:f4:40:
                    8a:c4:f3:8c:52:63:4d:3d:5e:4a:dd:88:ae:1f:47:
                    f7:74:b8:7a:5f:2f:9d:bb:d7:d0:e6:63:43:59:56:
                    87:d5:3f:62:7a:50:f5:e4:ee:75:49:b5:d3:02:74:
                    e2:b2:da:33:62:c1:18:53:e2:90:58:87:e6:d8:47:
                    c8:41:c4:19:e2:04:63:fb:d3:77:45:c5:5a:e6:28:
                    bb:3c:f9:01:38:2f:d4:8e:e1:da:d8:45:4b:90:e7:
                    6c:78:be:67:6d:a0:81:b1:0e:cc:df:f5:8c:5c:95:
                    52:ae:6b:98:2a:00:e7:f2:6e:44:b5:19:6d:35:c6:
                    75:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:03:56:35:E3:FB:A7:D9:CF:44:AA:A0:80:6E:45:83:ED:1D:83:56
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/RwNWNeP7p9nPRKqggG5Fg-0dg1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.124.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:51:e1:0f:f6:14:36:f3:03:c0:af:6e:6a:59:2f:41:9b:d7:
         8e:49:a5:1c:61:e1:e7:fc:d9:e3:ff:c6:8f:a0:a8:d6:ae:02:
         73:d4:56:dd:98:52:cd:6b:3d:7f:a7:fd:9e:78:b2:e6:17:dd:
         68:11:f0:96:3e:f2:ee:6e:b1:77:8a:56:65:e1:ee:8b:23:df:
         aa:38:a9:eb:dc:7b:5b:b4:c7:13:50:14:d6:11:66:05:f6:05:
         8d:fc:ed:41:08:c6:ed:cb:17:8b:fb:41:8a:22:80:d7:03:47:
         6a:07:59:5a:13:c5:19:f7:f7:cc:c6:e5:e6:24:0f:ac:99:72:
         f2:74:a6:99:78:ab:7e:80:9e:e2:a0:23:55:12:30:08:da:11:
         46:78:54:d6:08:a9:c2:8a:dc:13:15:39:70:0f:67:a0:cc:69:
         c5:61:9e:ff:08:e1:f3:c9:36:df:14:d2:64:8f:2c:10:d2:01:
         ea:f8:9e:cb:76:7d:00:de:b6:dd:09:46:f2:91:df:75:cc:ba:
         17:81:c5:d0:4c:bd:01:4a:28:03:b3:ba:f3:af:59:e2:af:44:
         36:1f:65:92:2b:79:79:4f:ea:82:d3:5a:94:e9:0d:d5:4b:5b:
         0c:c5:91:63:35:27:9c:f2:21:8c:c2:9a:2c:1c:c4:fd:6c:69:
         02:ad:6f:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/EQKhh/+AsrL11dbILbRhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwNTI5MTIwODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzAzNTYzNWUzZmJhN2Q5Y2Y0NGFhYTA4MDZlNDU4M2VkMWQ4MzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyjs0rqVW2dSctW72kEckpzJZCpP
e+tTLajrdfsUjBj/TSuuZq7NoTvdhNlX4TyUkuXmjOCPRXlorcdQN2P8Zz3PuVXi
5TeN9BvYONw126uayAEPEBOkume19FIaQUQIs5trNb7xaosNj27hw/clNutuNZ41
QF4aPYkWyslNFvO6uvmk9ECKxPOMUmNNPV5K3YiuH0f3dLh6Xy+du9fQ5mNDWVaH
1T9ielD15O51SbXTAnTistozYsEYU+KQWIfm2EfIQcQZ4gRj+9N3RcVa5ii7PPkB
OC/UjuHa2EVLkOdseL5nbaCBsQ7M3/WMXJVSrmuYKgDn8m5EtRltNcZ1CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcDVjXj+6fZz0SqoIBuRYPtHYNWMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvUndOV05lUDdwOW5QUktxZ2dHNUZnLTBkZzFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT3xSMA0G
CSqGSIb3DQEBCwUAA4IBAQCGUeEP9hQ28wPAr25qWS9Bm9eOSaUcYeHn/Nnj/8aP
oKjWrgJz1FbdmFLNaz1/p/2eeLLmF91oEfCWPvLubrF3ilZl4e6LI9+qOKnr3Htb
tMcTUBTWEWYF9gWN/O1BCMbtyxeL+0GKIoDXA0dqB1laE8UZ9/fMxuXmJA+smXLy
dKaZeKt+gJ7ioCNVEjAI2hFGeFTWCKnCitwTFTlwD2egzGnFYZ7/COHzyTbfFNJk
jywQ0gHq+J7Ldn0A3rbdCUbykd91zLoXgcXQTL0BSigDs7rzr1nir0Q2H2WSK3l5
T+qC01qU6Q3VS1sMxZFjNSec8iGMwposHMT9bGkCrW+W
-----END CERTIFICATE-----