Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/444d22-4b05-4b83-b8e7-779820a6c81c/1/TT1-nve7jmG3QJTZS9uFSY1wNZI.roa
File:                     TT1-nve7jmG3QJTZS9uFSY1wNZI.roa (raw, json)
Hash identifier:          dVW8EmZNd7Tw8WmzICdlYffl+AKCpbXQrikN2OqeKzQ=
Subject key identifier:   4D:3D:7E:9E:F7:BB:8E:61:B7:40:94:D9:4B:DB:85:49:8D:70:35:92
Certificate issuer:       /CN=79cf8b7942917e960f17297dc61747bcb0768e11
Certificate serial:       018CC34927D2816AC03863166180384B21B9
Authority key identifier: 79:CF:8B:79:42:91:7E:96:0F:17:29:7D:C6:17:47:BC:B0:76:8E:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ec-LeUKRfpYPFyl9xhdHvLB2jhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/444d22-4b05-4b83-b8e7-779820a6c81c/1/TT1-nve7jmG3QJTZS9uFSY1wNZI.roa
Signing time:             Mon 01 Jan 2024 04:30:00 +0000
ROA not before:           Mon 01 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        217.18.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/444d22-4b05-4b83-b8e7-779820a6c81c/1/ec-LeUKRfpYPFyl9xhdHvLB2jhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/444d22-4b05-4b83-b8e7-779820a6c81c/1/ec-LeUKRfpYPFyl9xhdHvLB2jhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ec-LeUKRfpYPFyl9xhdHvLB2jhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:27:d2:81:6a:c0:38:63:16:61:80:38:4b:21:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79cf8b7942917e960f17297dc61747bcb0768e11
        Validity
            Not Before: Jan  1 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d3d7e9ef7bb8e61b74094d94bdb85498d703592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:98:9f:b8:d5:9b:3f:b3:fb:dc:94:5d:39:41:
                    ce:98:2e:fb:5a:11:e5:1c:c9:56:09:a5:ff:86:57:
                    9a:27:d9:6d:f7:ad:f7:ab:93:ff:91:a9:a0:85:c2:
                    44:99:95:bc:21:2f:c3:a9:5c:8c:41:ab:b7:c7:c1:
                    56:00:d7:36:c6:d4:81:f4:12:e6:dc:8a:33:ee:93:
                    f3:11:2d:3a:d6:84:2c:da:ea:38:d2:a8:05:0e:5b:
                    b8:f6:1d:fa:48:80:11:7d:56:22:15:c2:15:d6:55:
                    41:7d:ce:5f:07:ca:66:ad:bb:c8:68:a6:ab:37:43:
                    e5:bb:d4:a8:b6:91:cf:99:ca:27:4e:73:19:28:c0:
                    ee:25:f1:39:64:30:d7:00:26:d4:1c:59:1c:81:1d:
                    e5:15:b9:82:5a:cb:56:06:5c:0a:56:b1:f0:95:03:
                    98:47:b4:d3:bd:e5:97:84:6f:93:be:2e:eb:1c:34:
                    52:87:2a:cd:90:53:1e:a8:9c:85:82:7f:f1:85:ce:
                    ea:62:e6:bd:6a:31:da:79:a1:b3:cc:22:49:50:e9:
                    2f:79:f3:35:4e:36:f4:9f:b8:01:44:3a:a5:79:43:
                    e8:8c:76:cd:f1:72:c0:50:f8:62:5c:fb:c1:15:40:
                    1c:5e:8d:9b:a1:27:43:e6:65:4f:37:4c:17:49:86:
                    21:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:3D:7E:9E:F7:BB:8E:61:B7:40:94:D9:4B:DB:85:49:8D:70:35:92
            X509v3 Authority Key Identifier:
                keyid:79:CF:8B:79:42:91:7E:96:0F:17:29:7D:C6:17:47:BC:B0:76:8E:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec-LeUKRfpYPFyl9xhdHvLB2jhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/444d22-4b05-4b83-b8e7-779820a6c81c/1/TT1-nve7jmG3QJTZS9uFSY1wNZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/444d22-4b05-4b83-b8e7-779820a6c81c/1/ec-LeUKRfpYPFyl9xhdHvLB2jhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:23:86:8a:29:db:71:c7:bf:29:81:e8:dc:0b:ec:eb:bb:5d:
         69:bc:e6:a7:e2:6a:e4:8e:bd:c3:e3:f1:00:9a:c0:8f:0b:26:
         9e:cc:a5:99:9f:9d:1e:55:fc:44:b6:d9:63:18:0f:b6:2c:cb:
         76:d6:bc:78:8c:b2:64:38:49:8a:87:a7:12:19:9f:a8:a6:a5:
         ca:fe:96:a6:e4:8a:4b:d5:25:fd:28:9a:02:a8:fc:ba:a1:86:
         d5:94:f2:83:08:2f:31:97:dd:90:e2:3b:20:36:a1:0c:4f:bf:
         53:30:5c:3b:67:18:14:9b:1c:88:d8:27:ab:05:30:cb:6d:33:
         24:81:4e:58:f6:1e:9d:f4:17:b7:3b:8c:52:32:b0:1e:79:1a:
         23:1b:17:86:f8:28:60:92:54:3d:07:48:96:b7:fd:c1:53:66:
         d3:48:68:6d:eb:b4:16:dc:f8:22:90:ed:f9:d7:c1:db:a2:0b:
         16:38:54:7a:9c:28:f4:b6:30:c2:e3:fb:7b:c7:bd:be:aa:e0:
         a5:6c:70:37:b3:ef:c6:66:cc:03:fa:da:cc:a6:b4:07:2e:af:
         a3:5c:92:2b:ed:e1:95:7a:7b:9a:5e:b5:d1:13:6c:d1:ee:b1:
         3f:00:4c:0e:cf:e7:ea:fa:8c:7c:40:df:34:83:a3:aa:6a:aa:
         f6:f7:71:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSfSgWrAOGMWYYA4SyG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Y2Y4Yjc5NDI5MTdlOTYwZjE3Mjk3ZGM2MTc0N2JjYjA3
NjhlMTEwHhcNMjQwMTAxMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDNkN2U5ZWY3YmI4ZTYxYjc0MDk0ZDk0YmRiODU0OThkNzAzNTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5ifuNWbP7P73JRdOUHOmC77WhHl
HMlWCaX/hleaJ9lt9633q5P/kamghcJEmZW8IS/DqVyMQau3x8FWANc2xtSB9BLm
3Ioz7pPzES061oQs2uo40qgFDlu49h36SIARfVYiFcIV1lVBfc5fB8pmrbvIaKar
N0Plu9SotpHPmconTnMZKMDuJfE5ZDDXACbUHFkcgR3lFbmCWstWBlwKVrHwlQOY
R7TTveWXhG+Tvi7rHDRShyrNkFMeqJyFgn/xhc7qYua9ajHaeaGzzCJJUOkvefM1
Tjb0n7gBRDqleUPojHbN8XLAUPhiXPvBFUAcXo2boSdD5mVPN0wXSYYhswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE09fp73u45ht0CU2UvbhUmNcDWSMB8GA1UdIwQY
MBaAFHnPi3lCkX6WDxcpfcYXR7ywdo4RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWMtTGVVS1JmcFlQRnlsOXhoZEh2TEIyamhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC80NDRkMjItNGIwNS00YjgzLWI4ZTct
Nzc5ODIwYTZjODFjLzEvVFQxLW52ZTdqbUczUUpUWlM5dUZTWTF3TlpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC80NDRkMjItNGIwNS00YjgzLWI4ZTctNzc5ODIwYTZjODFj
LzEvZWMtTGVVS1JmcFlQRnlsOXhoZEh2TEIyamhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJaMA0G
CSqGSIb3DQEBCwUAA4IBAQCLI4aKKdtxx78pgejcC+zru11pvOan4mrkjr3D4/EA
msCPCyaezKWZn50eVfxEttljGA+2LMt21rx4jLJkOEmKh6cSGZ+opqXK/pam5IpL
1SX9KJoCqPy6oYbVlPKDCC8xl92Q4jsgNqEMT79TMFw7ZxgUmxyI2CerBTDLbTMk
gU5Y9h6d9Be3O4xSMrAeeRojGxeG+ChgklQ9B0iWt/3BU2bTSGht67QW3PgikO35
18HbogsWOFR6nCj0tjDC4/t7x72+quClbHA3s+/GZswD+trMprQHLq+jXJIr7eGV
enuaXrXRE2zR7rE/AEwOz+fq+ox8QN80g6Oqaqr293Ed
-----END CERTIFICATE-----