Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/1-Po6XIJm_QWihg4vEG_CqNvU92U.roa
File:                     1-Po6XIJm_QWihg4vEG_CqNvU92U.roa (raw, json)
Hash identifier:          7B7wGpVxttRIFEDT2NOExj9G5jjP0m01nLIFY+/f308=
Subject key identifier:   F8:FA:3A:5C:82:66:FD:05:A2:86:0E:2F:10:6F:C2:A8:DB:D4:F7:65
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       018CC64B536AB180600BDCC9CACB8B436DC7
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/1-Po6XIJm_QWihg4vEG_CqNvU92U.roa
Signing time:             Mon 01 Jan 2024 18:31:14 +0000
ROA not before:           Mon 01 Jan 2024 18:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8352
IP address blocks:        78.153.250.0/24 maxlen: 24
                          95.143.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:53:6a:b1:80:60:0b:dc:c9:ca:cb:8b:43:6d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  1 18:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8fa3a5c8266fd05a2860e2f106fc2a8dbd4f765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9b:be:01:60:f9:a5:ec:85:69:39:92:98:2b:
                    88:a9:9c:13:0a:53:12:71:a3:77:9d:30:92:72:1e:
                    b7:5e:30:72:de:80:df:e7:25:c9:e1:db:19:ab:12:
                    49:1e:1b:40:29:2f:30:2e:a7:46:5c:b0:fc:e2:20:
                    ac:6a:5a:f0:94:10:bd:9d:df:6f:ba:c1:bf:7a:d8:
                    0a:1d:b3:5e:55:6a:5c:c9:e9:95:a9:66:fc:0b:90:
                    2a:da:95:4a:3a:a9:8d:ef:3e:7a:5a:00:7b:20:b9:
                    5b:5f:f8:e9:1e:0e:8a:8c:1b:e9:00:14:47:c7:49:
                    90:b9:f3:c4:a0:a7:63:32:e6:8b:17:59:26:26:c6:
                    b5:ff:43:f3:2e:18:62:0b:d5:5d:28:cd:70:a2:60:
                    36:9a:98:e9:91:f9:88:d4:12:e2:e5:e5:79:49:25:
                    b4:39:f4:84:ca:c8:cc:02:39:46:53:ab:96:f6:22:
                    a8:7e:68:ca:69:1b:87:b7:7c:d7:36:85:11:20:a0:
                    ee:40:f3:f8:73:84:05:7c:a5:44:79:c4:65:8a:74:
                    05:3b:70:3f:5e:4b:ca:4d:af:6b:22:d7:ba:77:05:
                    1c:37:9d:c3:d1:54:81:cd:56:f9:ce:fd:54:2c:fa:
                    4b:02:95:6b:c8:01:98:df:fb:52:34:51:5a:35:80:
                    f8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:FA:3A:5C:82:66:FD:05:A2:86:0E:2F:10:6F:C2:A8:DB:D4:F7:65
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/1-Po6XIJm_QWihg4vEG_CqNvU92U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.250.0/24
                  95.143.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:3f:10:25:12:0e:23:01:8b:c6:2f:c4:09:f7:17:b7:f2:41:
         08:16:78:e1:38:28:bb:94:ab:eb:a1:0a:66:31:db:dd:50:0c:
         84:a7:92:72:83:68:11:e1:16:b3:17:54:f6:1d:c2:f4:d8:fc:
         0f:13:88:e2:00:e0:9a:8b:13:68:10:12:d1:d6:2c:1d:8f:59:
         e3:7e:2f:a2:a0:e3:47:9c:5f:25:e7:78:63:63:3e:c6:f5:ae:
         45:a3:bb:85:69:57:e3:79:73:5e:7b:6c:d7:da:fe:93:69:4d:
         fe:b6:d6:86:60:4e:90:10:08:31:03:71:17:66:74:ea:b1:bd:
         5f:6c:fa:4b:25:3f:74:1f:2d:f0:10:f5:5e:ae:ad:47:96:f7:
         6d:3a:15:56:1c:71:3e:2b:4c:d3:ea:60:12:aa:7d:60:2f:a1:
         9a:07:03:2b:c8:09:1d:f3:60:fd:da:d9:0d:84:7c:26:03:5d:
         43:63:62:13:3b:75:82:26:9a:6d:49:9c:aa:d3:74:cf:c8:19:
         0b:c7:61:e9:0f:b0:e0:2e:f8:82:ee:1d:d1:92:11:73:74:0f:
         f6:1b:7d:71:98:ca:eb:29:2d:79:ab:9b:fb:6f:54:d9:6e:4a:
         d9:53:09:06:cc:1c:b3:72:d7:e9:7a:f2:c5:8c:6e:39:75:fd:
         90:89:60:e4
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzGS1NqsYBgC9zJysuLQ23HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjQwMTAxMTgzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGZhM2E1YzgyNjZmZDA1YTI4NjBlMmYxMDZmYzJhOGRiZDRmNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZu+AWD5peyFaTmSmCuIqZwTClMS
caN3nTCSch63XjBy3oDf5yXJ4dsZqxJJHhtAKS8wLqdGXLD84iCsalrwlBC9nd9v
usG/etgKHbNeVWpcyemVqWb8C5Aq2pVKOqmN7z56WgB7ILlbX/jpHg6KjBvpABRH
x0mQufPEoKdjMuaLF1kmJsa1/0PzLhhiC9VdKM1womA2mpjpkfmI1BLi5eV5SSW0
OfSEysjMAjlGU6uW9iKofmjKaRuHt3zXNoURIKDuQPP4c4QFfKVEecRlinQFO3A/
XkvKTa9rIte6dwUcN53D0VSBzVb5zv1ULPpLApVryAGY3/tSNFFaNYD4MQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPj6OlyCZv0FooYOLxBvwqjb1PdlMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvMS1QbzZYSUptX1FXaWhnNHZFR19DcU52VTkyVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWUvMmI1ZjVmLWJiOTYtNGIzMS04YTZhLWRkMTE1ZjllMzMw
MS8xLzZRbnVQV0dKZE5vTXZZQmFMYWdFRUtTWW1JRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAE6Z+gME
AF+PSzANBgkqhkiG9w0BAQsFAAOCAQEAij8QJRIOIwGLxi/ECfcXt/JBCBZ44Tgo
u5Sr66EKZjHb3VAMhKeScoNoEeEWsxdU9h3C9Nj8DxOI4gDgmosTaBAS0dYsHY9Z
434voqDjR5xfJed4Y2M+xvWuRaO7hWlX43lzXnts19r+k2lN/rbWhmBOkBAIMQNx
F2Z06rG9X2z6SyU/dB8t8BD1Xq6tR5b3bToVVhxxPitM0+pgEqp9YC+hmgcDK8gJ
HfNg/drZDYR8JgNdQ2NiEzt1giaabUmcqtN0z8gZC8dh6Q+w4C74gu4d0ZIRc3QP
9ht9cZjK6ykteaub+29U2W5K2VMJBswcs3LX6XryxYxuOXX9kIlg5A==
-----END CERTIFICATE-----