Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/0C1ANAw7jlwRWHGSMFmAwPCrxfs.roa
File:                     0C1ANAw7jlwRWHGSMFmAwPCrxfs.roa (raw, json)
Hash identifier:          oA3NJaJEde/mmj9opMLIY2+pIsl+CSHoy95IoiczIEs=
Subject key identifier:   D0:2D:40:34:0C:3B:8E:5C:11:58:71:92:30:59:80:C0:F0:AB:C5:FB
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018CC493735B061654FE76A369F730E8AB70
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/0C1ANAw7jlwRWHGSMFmAwPCrxfs.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209241
IP address blocks:        80.78.134.0/24 maxlen: 24
                          2a0d:2146:8050::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 22:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:73:5b:06:16:54:fe:76:a3:69:f7:30:e8:ab:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d02d40340c3b8e5c11587192305980c0f0abc5fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5d:3f:66:e1:16:2b:b2:8f:72:18:2a:a2:12:
                    9c:1d:34:b9:01:f5:cf:0b:76:f6:cb:70:5b:e4:51:
                    04:67:df:af:c4:7f:d6:17:cb:00:eb:85:e8:aa:d8:
                    76:a9:06:1c:9b:a1:24:f6:8c:a3:ba:5a:b5:1f:5f:
                    4b:eb:71:a1:9f:37:be:bf:30:b1:11:f2:07:d5:d7:
                    40:e9:03:37:14:66:86:d2:68:19:66:8d:ad:e2:93:
                    f0:60:a3:ba:50:af:28:3d:9e:e1:17:08:3e:f6:99:
                    f1:53:4d:b3:15:25:b8:07:14:21:c8:70:e1:a3:bf:
                    7d:e8:a3:06:5f:c1:dc:a6:d0:0c:da:7c:0d:a5:10:
                    36:d8:f9:1d:53:f6:f4:c4:e8:d8:6b:64:63:d2:4e:
                    4e:cb:b3:18:72:9e:d2:e8:3d:48:af:fa:d2:2c:c4:
                    02:b0:5d:42:cd:70:e3:eb:96:5a:7f:39:07:0e:b8:
                    7c:71:9f:14:d5:35:d3:d7:12:82:ef:7a:8c:66:d1:
                    1d:79:10:3d:48:55:fb:e3:df:7f:50:bd:33:e9:d8:
                    07:b5:f1:87:8a:ea:a2:cb:12:06:af:a7:64:ba:04:
                    82:79:46:bd:ca:40:f9:23:99:f5:b1:6a:ef:e6:cd:
                    ec:15:be:73:73:42:ef:e5:09:f2:79:0b:ad:9f:27:
                    17:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:2D:40:34:0C:3B:8E:5C:11:58:71:92:30:59:80:C0:F0:AB:C5:FB
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/0C1ANAw7jlwRWHGSMFmAwPCrxfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.78.134.0/24
                IPv6:
                  2a0d:2146:8050::/44

    Signature Algorithm: sha256WithRSAEncryption
         ae:3f:ca:df:dc:cd:90:f5:18:5c:99:02:c6:c5:27:71:37:22:
         bd:73:03:48:65:fe:90:d9:7e:2f:42:72:b6:74:39:61:08:69:
         ae:1d:f0:a2:ff:0d:12:dc:2e:d8:85:1f:f2:e6:85:83:f1:d8:
         94:bb:89:df:f6:cf:47:0b:35:21:4b:08:23:60:2b:36:89:33:
         4b:b4:fd:db:c2:23:45:ab:3c:01:ff:2e:4f:e4:ba:ae:b0:e1:
         eb:c4:77:da:14:bb:54:af:0d:67:eb:6f:4a:3f:c6:db:c5:76:
         ee:bc:e2:9b:16:8e:e0:06:d2:23:2b:12:86:7f:ff:68:a6:42:
         69:aa:20:67:f3:8d:30:36:94:e0:53:6b:65:b3:e2:b0:c7:ae:
         fa:e4:2f:c9:70:3a:65:21:7d:cd:dc:8e:3e:da:48:2e:32:92:
         0f:1a:8a:31:43:8e:4a:64:40:f4:8d:ef:1e:13:4e:23:51:33:
         67:fd:e0:fe:bb:3c:b7:54:73:6b:4b:6f:da:d7:e7:a1:91:b1:
         4f:e5:59:db:5b:75:6f:37:19:75:ed:80:37:34:62:9e:61:15:
         5b:16:f2:81:4e:21:22:50:a0:32:79:24:cb:df:bd:b2:5b:b2:
         1d:0c:af:80:d9:f1:1f:39:12:80:4b:6e:49:d4:b9:a3:3a:87:
         1f:98:2e:25
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk3NbBhZU/najafcw6KtwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDJkNDAzNDBjM2I4ZTVjMTE1ODcxOTIzMDU5ODBjMGYwYWJjNWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqV0/ZuEWK7KPchgqohKcHTS5AfXP
C3b2y3Bb5FEEZ9+vxH/WF8sA64Xoqth2qQYcm6Ek9oyjulq1H19L63Ghnze+vzCx
EfIH1ddA6QM3FGaG0mgZZo2t4pPwYKO6UK8oPZ7hFwg+9pnxU02zFSW4BxQhyHDh
o7996KMGX8HcptAM2nwNpRA22PkdU/b0xOjYa2Rj0k5Oy7MYcp7S6D1Ir/rSLMQC
sF1CzXDj65ZafzkHDrh8cZ8U1TXT1xKC73qMZtEdeRA9SFX7499/UL0z6dgHtfGH
iuqiyxIGr6dkugSCeUa9ykD5I5n1sWrv5s3sFb5zc0Lv5QnyeQutnycXlQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNAtQDQMO45cEVhxkjBZgMDwq8X7MB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvMEMxQU5BdzdqbHdSV0hHU01GbUF3UENyeGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUE6GMA8E
AgACMAkDBwQqDSFGgFAwDQYJKoZIhvcNAQELBQADggEBAK4/yt/czZD1GFyZAsbF
J3E3Ir1zA0hl/pDZfi9CcrZ0OWEIaa4d8KL/DRLcLtiFH/LmhYPx2JS7id/2z0cL
NSFLCCNgKzaJM0u0/dvCI0WrPAH/Lk/kuq6w4evEd9oUu1SvDWfrb0o/xtvFdu68
4psWjuAG0iMrEoZ//2imQmmqIGfzjTA2lOBTa2Wz4rDHrvrkL8lwOmUhfc3cjj7a
SC4ykg8aijFDjkpkQPSN7x4TTiNRM2f94P67PLdUc2tLb9rX56GRsU/lWdtbdW83
GXXtgDc0Yp5hFVsW8oFOISJQoDJ5JMvfvbJbsh0Mr4DZ8R85EoBLbknUuaM6hx+Y
LiU=
-----END CERTIFICATE-----