Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YOufse4Ll1c_LGFLt5uUPHdab_o.roa
File:                     YOufse4Ll1c_LGFLt5uUPHdab_o.roa (raw, json)
Hash identifier:          HTMMYSQEJJwcudEGO3DiNdLsmBqOabkn/GeS306iWws=
Subject key identifier:   60:EB:9F:B1:EE:0B:97:57:3F:2C:61:4B:B7:9B:94:3C:77:5A:6F:FA
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EEE28DA1571279EDBB9AF3EBF5451
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YOufse4Ll1c_LGFLt5uUPHdab_o.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202309
IP address blocks:        79.124.42.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ee:28:da:15:71:27:9e:db:b9:af:3e:bf:54:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60eb9fb1ee0b97573f2c614bb79b943c775a6ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bd:21:e3:69:26:70:e0:0c:b8:36:8c:7d:81:
                    09:11:9a:50:d1:7b:3a:41:1b:89:37:43:34:ff:22:
                    7d:51:08:e2:f8:ec:ea:5d:53:02:30:de:3e:5d:db:
                    6a:b9:ae:cf:54:21:c2:73:50:62:9a:9b:6c:b4:d8:
                    c4:67:9f:4c:00:12:4d:72:58:d3:ee:82:71:78:91:
                    e4:07:51:de:5a:a8:0b:04:2f:28:d0:86:a2:d5:22:
                    1c:54:d4:4f:22:19:d8:1c:c8:fa:3e:60:49:21:08:
                    4c:20:c7:b8:fe:0a:54:af:6b:68:d5:29:ad:6e:b4:
                    69:5c:c4:cb:62:be:ed:a1:f7:d6:f5:1d:71:0d:38:
                    b9:8f:6f:04:29:22:49:68:59:c0:f7:91:5c:1e:05:
                    c6:6b:5c:e6:01:24:34:22:a1:1e:af:81:3b:88:03:
                    48:ef:05:45:0b:fa:40:9e:8f:af:db:44:14:13:f0:
                    f5:ce:f0:4d:d4:10:03:95:aa:c7:4f:30:a4:34:a7:
                    95:38:d6:97:93:f7:be:1a:7c:96:07:0a:44:04:a7:
                    e6:e4:e1:91:6b:8f:4b:a3:70:9a:24:ab:81:0c:5d:
                    1c:b0:c5:9a:cb:7d:85:c3:d5:26:67:94:a9:f7:2e:
                    ed:7c:c0:ff:99:1d:35:81:bf:96:7f:c3:ae:19:29:
                    83:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:EB:9F:B1:EE:0B:97:57:3F:2C:61:4B:B7:9B:94:3C:77:5A:6F:FA
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YOufse4Ll1c_LGFLt5uUPHdab_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.124.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:4c:5c:e5:cb:52:46:ad:56:75:09:5c:25:67:e7:8f:92:9d:
         93:55:21:13:c0:6f:f2:b9:70:d6:9b:c6:41:96:98:ae:2c:97:
         94:a4:47:9a:fe:3a:f7:9b:b6:da:87:c0:24:37:42:31:d6:ba:
         22:a4:c6:1f:b5:c7:7f:6e:5a:a8:83:5b:7b:ee:8f:07:d1:7e:
         81:64:09:f2:5c:80:9d:2f:61:e3:57:11:36:6b:aa:98:8c:a7:
         06:86:a7:92:5d:19:1b:05:48:02:33:c3:a1:53:0a:84:57:db:
         ec:ba:21:5e:b7:38:3c:f9:20:93:01:b1:aa:8e:06:e2:ab:c4:
         00:f4:ab:14:bd:ac:be:31:ab:d0:7a:50:dc:71:d7:46:67:14:
         3f:15:c0:6f:a7:9f:ea:5c:1f:1f:7c:e3:d0:f6:ac:94:c9:96:
         fa:2d:64:e0:93:21:08:cc:df:b1:9d:ce:f5:53:f1:77:a6:67:
         86:0f:6d:96:d9:de:b6:2d:49:c0:e6:3e:ab:85:f5:fb:13:ce:
         6b:b2:1c:92:d2:ac:85:1b:43:3e:5b:a6:54:04:7f:86:6c:34:
         02:58:d0:be:48:ee:a5:c3:fb:61:28:ac:6a:d5:75:3f:3d:94:
         f7:d9:0c:ec:96:60:2f:5a:cc:47:d7:38:50:bd:5c:fd:81:45:
         ce:8e:0c:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbu4o2hVxJ57bua8+v1RRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGViOWZiMWVlMGI5NzU3M2YyYzYxNGJiNzliOTQzYzc3NWE2ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApL0h42kmcOAMuDaMfYEJEZpQ0Xs6
QRuJN0M0/yJ9UQji+OzqXVMCMN4+Xdtqua7PVCHCc1BimptstNjEZ59MABJNcljT
7oJxeJHkB1HeWqgLBC8o0Iai1SIcVNRPIhnYHMj6PmBJIQhMIMe4/gpUr2to1Smt
brRpXMTLYr7toffW9R1xDTi5j28EKSJJaFnA95FcHgXGa1zmASQ0IqEer4E7iANI
7wVFC/pAno+v20QUE/D1zvBN1BADlarHTzCkNKeVONaXk/e+GnyWBwpEBKfm5OGR
a49Lo3CaJKuBDF0csMWay32Fw9UmZ5Sp9y7tfMD/mR01gb+Wf8OuGSmDfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDrn7HuC5dXPyxhS7eblDx3Wm/6MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvWU91ZnNlNExsMWNfTEdGTHQ1dVVQSGRhYl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBT3wqMA0G
CSqGSIb3DQEBCwUAA4IBAQBnTFzly1JGrVZ1CVwlZ+ePkp2TVSETwG/yuXDWm8ZB
lpiuLJeUpEea/jr3m7bah8AkN0Ix1roipMYftcd/blqog1t77o8H0X6BZAnyXICd
L2HjVxE2a6qYjKcGhqeSXRkbBUgCM8OhUwqEV9vsuiFetzg8+SCTAbGqjgbiq8QA
9KsUvay+MavQelDccddGZxQ/FcBvp5/qXB8ffOPQ9qyUyZb6LWTgkyEIzN+xnc71
U/F3pmeGD22W2d62LUnA5j6rhfX7E85rshyS0qyFG0M+W6ZUBH+GbDQCWNC+SO6l
w/thKKxq1XU/PZT32QzslmAvWsxH1zhQvVz9gUXOjgzl
-----END CERTIFICATE-----