Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/7ZZGOXbySxIsP2eqkNIGXblY5Uk.roa
File:                     7ZZGOXbySxIsP2eqkNIGXblY5Uk.roa (raw, json)
Hash identifier:          FaJm/DpFybBOAzJxnixKr1dfoYkzm9Xv/BA129TIisQ=
Subject key identifier:   ED:96:46:39:76:F2:4B:12:2C:3F:67:AA:90:D2:06:5D:B9:58:E5:49
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       018CC87102E581511D7CA97A826E77F416AC
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/7ZZGOXbySxIsP2eqkNIGXblY5Uk.roa
Signing time:             Tue 02 Jan 2024 04:31:38 +0000
ROA not before:           Tue 02 Jan 2024 04:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3276
IP address blocks:        80.79.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:02:e5:81:51:1d:7c:a9:7a:82:6e:77:f4:16:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  2 04:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed96463976f24b122c3f67aa90d2065db958e549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1a:dc:b0:25:d9:99:2d:62:57:6b:98:12:fd:
                    58:d6:1e:dc:fe:e0:a7:df:03:34:88:05:1e:4e:1e:
                    1a:0f:87:34:75:2d:96:6c:17:38:71:11:8b:6c:6b:
                    fb:3c:f6:e8:b2:2a:0e:05:25:e1:c0:db:0b:0c:19:
                    2d:c5:90:f7:8f:a7:68:1c:dd:74:99:2b:67:f0:6f:
                    01:7a:fb:b1:a3:a8:79:28:d4:57:bb:d3:ec:00:14:
                    1c:7a:62:06:6b:6c:34:bb:90:15:38:91:c1:ae:fa:
                    aa:88:09:b7:2d:52:23:03:f5:f4:4d:8a:7f:aa:33:
                    e3:df:86:7b:5b:71:b3:97:0f:39:55:73:1f:67:bc:
                    58:fc:ec:f3:15:5c:37:49:97:00:77:6a:98:72:44:
                    7d:3c:11:42:59:44:d5:8d:8a:01:40:53:7f:0e:ae:
                    3f:5b:a3:b0:95:98:c7:2e:2c:67:64:4c:a5:e7:02:
                    84:25:f7:2f:e8:ca:a0:b6:2d:1b:ba:f7:c1:b3:75:
                    a2:18:0f:85:13:a4:16:94:49:58:6b:19:e1:ed:4e:
                    02:27:58:ad:6a:79:66:61:f3:15:bb:18:0a:7f:d9:
                    98:33:36:df:b4:a5:eb:bf:41:7b:31:c4:67:4b:94:
                    71:f2:23:3a:55:83:4f:a2:80:6c:dd:ee:41:a3:66:
                    4b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:96:46:39:76:F2:4B:12:2C:3F:67:AA:90:D2:06:5D:B9:58:E5:49
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/7ZZGOXbySxIsP2eqkNIGXblY5Uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.79.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:ff:58:90:ad:39:c4:a2:1d:35:1f:f9:b9:d2:42:e8:23:86:
         85:c6:e1:87:54:fe:f4:bf:8e:41:0d:78:62:29:78:59:9e:ce:
         9c:14:73:f4:98:fc:9a:93:53:3f:0c:71:35:df:f4:e9:57:1e:
         66:e1:55:72:58:74:9d:c2:f0:79:3c:fd:5b:4c:f3:3a:f5:40:
         f6:75:96:69:0d:4e:8c:5c:48:5c:b6:95:2f:46:0c:bf:c0:1b:
         09:61:25:a4:53:13:84:65:92:04:b5:5f:83:ac:76:e4:55:db:
         5d:cd:a3:24:05:90:b6:ca:73:a5:cf:eb:cd:43:f5:60:23:54:
         33:00:27:2b:ba:cf:46:b9:b1:2f:f3:02:c1:c4:3f:6e:1f:3a:
         4e:2d:ac:13:95:56:da:87:eb:37:7e:5a:6d:bf:aa:ac:62:51:
         1f:e7:3a:67:27:66:90:12:18:bc:6a:33:af:a2:19:db:e5:15:
         61:9e:8f:dd:8f:9b:1a:e7:a0:5e:6c:a3:b6:b3:53:83:b4:3e:
         3f:f5:3c:68:23:78:08:00:a4:ea:4f:53:63:f7:79:c6:b1:60:
         f5:84:51:45:57:01:cd:52:c6:ce:25:fd:9e:9d:f5:6f:59:33:
         42:57:b4:d1:68:cb:01:21:f8:e8:bc:87:bf:c4:60:a1:b3:1f:
         08:8c:7a:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcQLlgVEdfKl6gm539BasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjQwMTAyMDQzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDk2NDYzOTc2ZjI0YjEyMmMzZjY3YWE5MGQyMDY1ZGI5NThlNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhrcsCXZmS1iV2uYEv1Y1h7c/uCn
3wM0iAUeTh4aD4c0dS2WbBc4cRGLbGv7PPbosioOBSXhwNsLDBktxZD3j6doHN10
mStn8G8Bevuxo6h5KNRXu9PsABQcemIGa2w0u5AVOJHBrvqqiAm3LVIjA/X0TYp/
qjPj34Z7W3Gzlw85VXMfZ7xY/OzzFVw3SZcAd2qYckR9PBFCWUTVjYoBQFN/Dq4/
W6OwlZjHLixnZEyl5wKEJfcv6Mqgti0buvfBs3WiGA+FE6QWlElYaxnh7U4CJ1it
anlmYfMVuxgKf9mYMzbftKXrv0F7McRnS5Rx8iM6VYNPooBs3e5Bo2ZLLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2WRjl28ksSLD9nqpDSBl25WOVJMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvN1paR09YYnlTeElzUDJlcWtOSUdYYmxZNVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE9NMA0G
CSqGSIb3DQEBCwUAA4IBAQCf/1iQrTnEoh01H/m50kLoI4aFxuGHVP70v45BDXhi
KXhZns6cFHP0mPyak1M/DHE13/TpVx5m4VVyWHSdwvB5PP1bTPM69UD2dZZpDU6M
XEhctpUvRgy/wBsJYSWkUxOEZZIEtV+DrHbkVdtdzaMkBZC2ynOlz+vNQ/VgI1Qz
ACcrus9GubEv8wLBxD9uHzpOLawTlVbah+s3flptv6qsYlEf5zpnJ2aQEhi8ajOv
ohnb5RVhno/dj5sa56BebKO2s1ODtD4/9TxoI3gIAKTqT1Nj93nGsWD1hFFFVwHN
UsbOJf2enfVvWTNCV7TRaMsBIfjovIe/xGChsx8IjHpl
-----END CERTIFICATE-----