Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/y3hebOFmKBdTy1SRK_i_3jS8BqU.roa
File:                     y3hebOFmKBdTy1SRK_i_3jS8BqU.roa (raw, json)
Hash identifier:          D7bMR38PUMmvSkeDGZfYKG/OqYVn5nkOsgo80ANP0d0=
Subject key identifier:   CB:78:5E:6C:E1:66:28:17:53:CB:54:91:2B:F8:BF:DE:34:BC:06:A5
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC34890023A47703F02CA5E396FA5F074
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/y3hebOFmKBdTy1SRK_i_3jS8BqU.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     123456
IP address blocks:        87.237.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:02:3a:47:70:3f:02:ca:5e:39:6f:a5:f0:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb785e6ce166281753cb54912bf8bfde34bc06a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:58:c2:86:b5:8b:7a:af:9b:e4:2d:2e:3a:70:
                    1b:d9:91:a1:e1:f5:ef:93:87:d6:c7:74:88:c4:58:
                    e4:d6:c9:54:f6:f7:dd:64:99:c5:c3:19:c9:9b:f4:
                    1c:07:93:e9:01:52:5d:b3:7b:84:92:bd:3e:4b:4c:
                    41:58:1f:5b:a1:ba:f9:af:17:e9:14:04:85:11:db:
                    5a:66:72:5a:a6:df:08:29:c9:bd:08:87:87:a1:8f:
                    36:32:a7:d3:7d:06:f4:b4:f5:d4:c1:14:53:8f:5f:
                    2b:33:06:a6:65:84:b9:74:ea:53:b2:af:30:9c:63:
                    df:44:d8:32:7f:20:87:c2:b9:da:ef:02:ad:50:6c:
                    b1:25:a1:8b:ab:86:b3:4d:28:89:7b:41:3f:1f:01:
                    f7:1f:3c:e0:31:c0:1d:53:d3:34:fc:69:eb:3c:b9:
                    36:dd:22:73:b8:bf:34:71:75:de:96:01:c7:b5:4d:
                    bb:1b:84:76:f1:93:1b:97:da:bb:6a:61:52:92:88:
                    66:8f:74:5c:83:ea:87:ab:dc:b3:af:d6:93:fd:90:
                    34:46:00:d8:e6:1d:46:54:5f:37:54:ce:58:6f:f2:
                    aa:29:b4:e7:19:29:e9:6c:b0:af:5b:44:13:f9:fe:
                    2f:73:87:4f:c7:b4:11:79:6d:a1:42:75:eb:cc:0b:
                    2e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:78:5E:6C:E1:66:28:17:53:CB:54:91:2B:F8:BF:DE:34:BC:06:A5
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/y3hebOFmKBdTy1SRK_i_3jS8BqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:ff:12:c5:80:05:a8:2d:24:8b:79:40:7e:02:8d:76:a3:11:
         65:45:68:39:e2:69:3c:c6:bf:bc:71:04:aa:e6:79:b4:f0:e7:
         19:50:d6:b6:f5:30:e2:d1:86:e4:dd:2b:c6:20:3c:82:af:65:
         c5:d0:cb:d5:66:b2:15:76:26:e8:4f:ac:fd:2b:cd:f9:81:90:
         dc:b0:63:f2:35:8f:2e:a3:5c:6a:46:1a:17:20:4a:a8:04:4a:
         7b:b1:6e:34:4e:61:ed:73:85:c9:5f:0e:2e:90:ec:2c:92:64:
         72:a4:1f:f2:51:e4:53:45:49:ab:74:0c:d0:91:8f:00:12:bd:
         6b:b1:e4:6f:c6:72:9f:40:ca:7b:e3:fa:76:44:7a:6d:64:09:
         fe:fa:03:a5:16:da:be:75:f1:90:6d:b8:a2:a9:4f:62:c6:00:
         f4:22:80:7e:10:a3:54:b1:99:9b:4c:bc:04:bb:c0:94:66:b5:
         14:81:89:5a:d1:4e:ae:cd:25:00:10:29:71:53:69:b4:55:ee:
         a4:0c:72:91:2a:7d:de:d6:29:05:d8:e4:a5:34:e8:25:75:5c:
         ce:25:d3:9a:92:74:45:82:dc:bd:1a:cb:92:5d:ab:f7:27:ab:
         5d:ea:1d:8b:c0:8f:4a:e3:b3:93:65:bf:96:54:f1:24:59:a9:
         3b:2f:c3:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJACOkdwPwLKXjlvpfB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjc4NWU2Y2UxNjYyODE3NTNjYjU0OTEyYmY4YmZkZTM0YmMwNmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlljChrWLeq+b5C0uOnAb2ZGh4fXv
k4fWx3SIxFjk1slU9vfdZJnFwxnJm/QcB5PpAVJds3uEkr0+S0xBWB9bobr5rxfp
FASFEdtaZnJapt8IKcm9CIeHoY82MqfTfQb0tPXUwRRTj18rMwamZYS5dOpTsq8w
nGPfRNgyfyCHwrna7wKtUGyxJaGLq4azTSiJe0E/HwH3HzzgMcAdU9M0/GnrPLk2
3SJzuL80cXXelgHHtU27G4R28ZMbl9q7amFSkohmj3Rcg+qHq9yzr9aT/ZA0RgDY
5h1GVF83VM5Yb/KqKbTnGSnpbLCvW0QT+f4vc4dPx7QReW2hQnXrzAsuEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMt4XmzhZigXU8tUkSv4v940vAalMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEveTNoZWJPRm1LQmRUeTFTUktfaV8zalM4QnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+2lMA0G
CSqGSIb3DQEBCwUAA4IBAQDB/xLFgAWoLSSLeUB+Ao12oxFlRWg54mk8xr+8cQSq
5nm08OcZUNa29TDi0Ybk3SvGIDyCr2XF0MvVZrIVdiboT6z9K835gZDcsGPyNY8u
o1xqRhoXIEqoBEp7sW40TmHtc4XJXw4ukOwskmRypB/yUeRTRUmrdAzQkY8AEr1r
seRvxnKfQMp74/p2RHptZAn++gOlFtq+dfGQbbiiqU9ixgD0IoB+EKNUsZmbTLwE
u8CUZrUUgYla0U6uzSUAEClxU2m0Ve6kDHKRKn3e1ikF2OSlNOgldVzOJdOaknRF
gty9GsuSXav3J6td6h2LwI9K47OTZb+WVPEkWak7L8NH
-----END CERTIFICATE-----