Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/T0WH8YeAKrW3KGWraxOckJxN150.roa
File:                     T0WH8YeAKrW3KGWraxOckJxN150.roa (raw, json)
Hash identifier:          JiRrYzrbnBn8RlI3SkTFSR0zFBy1KhHr47me8hA2Shs=
Subject key identifier:   4F:45:87:F1:87:80:2A:B5:B7:28:65:AB:6B:13:9C:90:9C:4D:D7:9D
Certificate issuer:       /CN=5e79acd4ee40fda43022a2c9642b071da649526c
Certificate serial:       018FC87F626940DE01185A5F191012C313E7
Authority key identifier: 5E:79:AC:D4:EE:40:FD:A4:30:22:A2:C9:64:2B:07:1D:A6:49:52:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xnms1O5A_aQwIqLJZCsHHaZJUmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/T0WH8YeAKrW3KGWraxOckJxN150.roa
Signing time:             Thu 30 May 2024 07:55:42 +0000
ROA not before:           Thu 30 May 2024 07:55:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21000
IP address blocks:        80.78.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/Xnms1O5A_aQwIqLJZCsHHaZJUmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/Xnms1O5A_aQwIqLJZCsHHaZJUmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xnms1O5A_aQwIqLJZCsHHaZJUmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c8:7f:62:69:40:de:01:18:5a:5f:19:10:12:c3:13:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e79acd4ee40fda43022a2c9642b071da649526c
        Validity
            Not Before: May 30 07:55:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f4587f187802ab5b72865ab6b139c909c4dd79d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:18:31:03:b9:26:4f:e0:1a:da:28:c3:6b:59:
                    fa:3b:65:f8:cc:2f:30:c4:f1:9e:66:7f:b1:c2:29:
                    34:f5:da:7d:ef:a1:e6:22:4f:cb:8e:c5:48:ea:a8:
                    0a:63:e3:1c:c7:b4:cb:5d:4a:8a:4e:b5:b7:39:a3:
                    87:a1:0f:ee:73:bf:d1:21:b2:36:63:ef:c1:85:15:
                    e4:c1:00:3c:a9:04:4a:f4:a1:fc:17:ed:09:ce:9c:
                    e3:6a:4f:8d:70:73:47:89:10:ef:7b:db:5b:01:3e:
                    28:82:ad:ec:65:cf:25:bc:f6:c6:de:bd:f9:6c:14:
                    76:50:8b:02:b8:45:d4:cb:be:48:2f:af:03:0e:a7:
                    0c:46:33:ce:d8:75:7b:30:df:c9:84:ae:53:cf:f9:
                    dd:66:9b:8f:68:9f:3d:d5:a0:a0:fa:d2:9c:fb:47:
                    16:43:8a:77:7e:7c:e3:64:c7:c6:36:73:fe:48:7a:
                    e3:00:b4:85:55:17:f8:28:15:59:81:a1:0f:1c:fc:
                    3e:6a:2e:93:2d:93:e8:2a:03:c2:c8:76:ad:5f:f0:
                    30:a9:ef:ed:52:f5:2d:b4:d3:bd:ea:ba:6d:7b:9c:
                    b5:bb:1f:83:d0:fb:61:61:18:ac:75:2a:48:a9:8c:
                    2f:a8:02:df:1f:fe:57:6d:9f:17:5e:5c:86:d3:79:
                    b9:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:45:87:F1:87:80:2A:B5:B7:28:65:AB:6B:13:9C:90:9C:4D:D7:9D
            X509v3 Authority Key Identifier:
                keyid:5E:79:AC:D4:EE:40:FD:A4:30:22:A2:C9:64:2B:07:1D:A6:49:52:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xnms1O5A_aQwIqLJZCsHHaZJUmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/T0WH8YeAKrW3KGWraxOckJxN150.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8bcb30-87e4-43b5-8246-eb8da5954f3b/1/Xnms1O5A_aQwIqLJZCsHHaZJUmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.78.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d1:fc:73:84:4f:8d:ec:5e:46:d8:97:06:29:8e:6e:31:60:
         be:22:eb:bf:ba:f9:09:8f:bd:19:71:ea:9d:64:0c:dd:7f:0a:
         8e:69:ad:32:b6:66:b6:4c:73:aa:60:69:c3:29:33:d9:37:96:
         9b:f7:ce:1b:7d:30:ea:d2:d9:06:1b:e3:1e:f9:76:fb:f8:ca:
         48:1a:79:0e:64:10:10:02:71:e8:49:21:2f:53:7b:ad:5f:42:
         01:37:a0:0b:ec:5e:a3:e0:b5:e9:62:d2:e1:70:6a:4b:2a:33:
         d9:9c:ee:7a:c4:09:9d:fb:be:9a:8f:e0:dd:ed:2d:93:62:a8:
         16:57:3b:18:0b:1a:67:2a:dd:48:03:58:f3:24:01:2d:12:ab:
         63:be:33:cd:0b:14:f6:78:75:32:b7:c6:24:be:e0:f2:ca:ab:
         63:cb:a8:cf:65:6d:cf:5a:64:f2:9c:82:6f:05:2a:a7:8f:5f:
         34:3c:7d:4c:72:b0:8f:79:18:57:35:31:ca:83:c5:c4:79:0e:
         27:42:7c:78:00:a1:fb:69:f0:f1:8d:c4:bf:11:30:93:fe:e4:
         af:fe:ae:c8:f2:52:68:e0:af:dc:bb:fc:05:59:a3:47:1d:cd:
         8f:b5:3a:8d:d6:01:47:27:95:d2:c6:bb:aa:db:c9:43:44:38:
         75:d3:3a:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/If2JpQN4BGFpfGRASwxPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNzlhY2Q0ZWU0MGZkYTQzMDIyYTJjOTY0MmIwNzFkYTY0
OTUyNmMwHhcNMjQwNTMwMDc1NTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjQ1ODdmMTg3ODAyYWI1YjcyODY1YWI2YjEzOWM5MDljNGRkNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hgxA7kmT+Aa2ijDa1n6O2X4zC8w
xPGeZn+xwik09dp976HmIk/LjsVI6qgKY+Mcx7TLXUqKTrW3OaOHoQ/uc7/RIbI2
Y+/BhRXkwQA8qQRK9KH8F+0Jzpzjak+NcHNHiRDve9tbAT4ogq3sZc8lvPbG3r35
bBR2UIsCuEXUy75IL68DDqcMRjPO2HV7MN/JhK5Tz/ndZpuPaJ891aCg+tKc+0cW
Q4p3fnzjZMfGNnP+SHrjALSFVRf4KBVZgaEPHPw+ai6TLZPoKgPCyHatX/Awqe/t
UvUttNO96rpte5y1ux+D0PthYRisdSpIqYwvqALfH/5XbZ8XXlyG03m5bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9Fh/GHgCq1tyhlq2sTnJCcTdedMB8GA1UdIwQY
MBaAFF55rNTuQP2kMCKiyWQrBx2mSVJsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG5tczFPNUFfYVF3SXFMSlpDc0hIYVpKVW13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YmNiMzAtODdlNC00M2I1LTgyNDYt
ZWI4ZGE1OTU0ZjNiLzEvVDBXSDhZZUFLclczS0dXcmF4T2NrSnhOMTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YmNiMzAtODdlNC00M2I1LTgyNDYtZWI4ZGE1OTU0ZjNi
LzEvWG5tczFPNUFfYVF3SXFMSlpDc0hIYVpKVW13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE4NMA0G
CSqGSIb3DQEBCwUAA4IBAQCX0fxzhE+N7F5G2JcGKY5uMWC+Iuu/uvkJj70Zceqd
ZAzdfwqOaa0ytma2THOqYGnDKTPZN5ab984bfTDq0tkGG+Me+Xb7+MpIGnkOZBAQ
AnHoSSEvU3utX0IBN6AL7F6j4LXpYtLhcGpLKjPZnO56xAmd+76aj+Dd7S2TYqgW
VzsYCxpnKt1IA1jzJAEtEqtjvjPNCxT2eHUyt8YkvuDyyqtjy6jPZW3PWmTynIJv
BSqnj180PH1McrCPeRhXNTHKg8XEeQ4nQnx4AKH7afDxjcS/ETCT/uSv/q7I8lJo
4K/cu/wFWaNHHc2PtTqN1gFHJ5XSxruq28lDRDh10zqx
-----END CERTIFICATE-----