Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/Vi-ruca-YLe8C9v2dE05efb8JaQ.roa
File:                     Vi-ruca-YLe8C9v2dE05efb8JaQ.roa (raw, json)
Hash identifier:          eZJjhtYEiavq2bBWL7ZHWazML9xOm+6++vNUSu3bjkU=
Subject key identifier:   56:2F:AB:B9:C6:BE:60:B7:BC:0B:DB:F6:74:4D:39:79:F6:FC:25:A4
Certificate issuer:       /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial:       01914780F7CEB00E94AF2705E02FE5F27841
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/Vi-ruca-YLe8C9v2dE05efb8JaQ.roa
Signing time:             Mon 12 Aug 2024 16:51:59 +0000
ROA not before:           Mon 12 Aug 2024 16:51:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209759
IP address blocks:        78.153.146.0/24 maxlen: 24
                          78.153.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 05:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:47:80:f7:ce:b0:0e:94:af:27:05:e0:2f:e5:f2:78:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
        Validity
            Not Before: Aug 12 16:51:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=562fabb9c6be60b7bc0bdbf6744d3979f6fc25a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:37:77:0f:8f:b9:6d:ab:40:f7:22:0d:a8:c5:
                    94:d1:96:df:72:70:0f:b8:d2:e2:cc:9f:db:23:99:
                    ce:e2:e6:82:f5:9f:81:9c:f5:ed:1c:2e:54:89:99:
                    b6:ba:86:17:9c:0d:46:88:78:85:26:24:d4:3e:98:
                    81:6f:d6:35:ba:22:cf:56:ea:23:4e:9e:2c:e7:d4:
                    75:cb:3e:f0:a9:dc:68:87:d6:b1:77:2b:14:7d:5c:
                    44:d3:99:bb:db:74:9e:c2:b9:e9:89:11:c8:7a:ea:
                    ff:21:d4:6c:9b:e1:8b:9f:06:9a:68:69:ec:49:05:
                    b0:b6:29:9d:40:e0:d3:70:be:4a:b8:3c:6e:76:c0:
                    e6:28:55:8f:03:2b:bf:da:99:6c:11:bd:47:2b:3b:
                    63:8a:47:ad:4b:f7:80:be:a7:50:af:9a:ab:6f:be:
                    9a:67:9e:8a:f9:0f:30:ef:93:3a:00:1b:be:b7:84:
                    68:40:54:9b:65:4f:4d:77:fd:09:f2:ba:bd:6a:4b:
                    92:f1:f3:bd:05:97:49:f8:e2:ab:de:fb:94:e5:eb:
                    0a:43:a4:53:8d:14:fc:ce:b0:06:50:30:f6:26:29:
                    38:94:29:99:c3:59:9e:3b:21:8a:83:ad:f7:a8:1b:
                    af:c9:e2:30:ef:e1:cd:bb:33:07:f5:8a:eb:a7:eb:
                    49:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:2F:AB:B9:C6:BE:60:B7:BC:0B:DB:F6:74:4D:39:79:F6:FC:25:A4
            X509v3 Authority Key Identifier:
                keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/Vi-ruca-YLe8C9v2dE05efb8JaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.146.0/24
                  78.153.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:b5:7e:23:2a:bb:16:62:a4:b9:cc:8c:ba:ad:29:6a:5e:74:
         70:70:35:1b:1c:6c:70:81:be:23:a8:27:9a:55:a2:3f:6b:d9:
         72:1b:01:22:02:12:cb:4d:4c:13:f3:52:a6:9b:3f:62:39:1e:
         f7:fc:59:ca:ea:a8:14:30:27:b7:df:a3:84:55:21:47:9a:3a:
         2e:fd:39:2d:1b:c7:9d:aa:65:8e:b1:56:d3:0e:0c:42:79:90:
         56:89:55:0e:38:2d:2b:31:c0:62:94:b1:91:eb:f5:82:f0:3c:
         0a:ab:dd:de:c2:72:75:e0:b9:ac:08:75:e8:74:f6:ff:87:de:
         55:fc:b3:22:e2:a8:68:77:07:35:1f:f3:12:ee:88:2a:41:88:
         95:08:11:f5:56:87:26:28:74:cb:c4:87:2c:7d:42:fc:a0:da:
         ca:cf:56:76:07:99:03:c4:ad:85:df:02:cd:89:a9:fc:24:1a:
         5f:02:5a:0f:50:aa:39:69:ba:01:be:c6:aa:f7:4d:dc:c0:59:
         2a:48:92:a8:5e:46:2a:49:c5:89:2a:7d:e4:75:92:43:e4:52:
         77:fc:9c:2b:9c:35:83:68:49:d5:6b:74:ff:fe:a2:e6:66:99:
         7a:f4:4d:bc:bb:29:2d:43:a0:54:c6:98:70:81:98:dd:ea:64:
         d4:ad:90:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFHgPfOsA6UrycF4C/l8nhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjQwODEyMTY1MTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjJmYWJiOWM2YmU2MGI3YmMwYmRiZjY3NDRkMzk3OWY2ZmMyNWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjd3D4+5batA9yINqMWU0ZbfcnAP
uNLizJ/bI5nO4uaC9Z+BnPXtHC5UiZm2uoYXnA1GiHiFJiTUPpiBb9Y1uiLPVuoj
Tp4s59R1yz7wqdxoh9axdysUfVxE05m723SewrnpiRHIeur/IdRsm+GLnwaaaGns
SQWwtimdQODTcL5KuDxudsDmKFWPAyu/2plsEb1HKztjiketS/eAvqdQr5qrb76a
Z56K+Q8w75M6ABu+t4RoQFSbZU9Nd/0J8rq9akuS8fO9BZdJ+OKr3vuU5esKQ6RT
jRT8zrAGUDD2Jik4lCmZw1meOyGKg633qBuvyeIw7+HNuzMH9Yrrp+tJPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFYvq7nGvmC3vAvb9nRNOXn2/CWkMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvVmktcnVjYS1ZTGU4Qzl2MmRFMDVlZmI4SmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATpmSAwQC
TpmcMA0GCSqGSIb3DQEBCwUAA4IBAQC2tX4jKrsWYqS5zIy6rSlqXnRwcDUbHGxw
gb4jqCeaVaI/a9lyGwEiAhLLTUwT81Kmmz9iOR73/FnK6qgUMCe336OEVSFHmjou
/TktG8edqmWOsVbTDgxCeZBWiVUOOC0rMcBilLGR6/WC8DwKq93ewnJ14LmsCHXo
dPb/h95V/LMi4qhodwc1H/MS7ogqQYiVCBH1VocmKHTLxIcsfUL8oNrKz1Z2B5kD
xK2F3wLNian8JBpfAloPUKo5aboBvsaq903cwFkqSJKoXkYqScWJKn3kdZJD5FJ3
/JwrnDWDaEnVa3T//qLmZpl69E28uyktQ6BUxphwgZjd6mTUrZAh
-----END CERTIFICATE-----