Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/tzibh-Ay2YFxRWkFrkcM6lguEqg.roa
File:                     tzibh-Ay2YFxRWkFrkcM6lguEqg.roa (raw, json)
Hash identifier:          fgRWBEWsjZexSdEFfch7QJ9Raz8uqwQ32y4uOLUc/gc=
Subject key identifier:   B7:38:9B:87:E0:32:D9:81:71:45:69:05:AE:47:0C:EA:58:2E:12:A8
Certificate issuer:       /CN=c4b1b458abf797dedcc661e54a685f651834b5d1
Certificate serial:       018CC8DED8FFC8859C248D923FA4E0EE3DAA
Authority key identifier: C4:B1:B4:58:AB:F7:97:DE:DC:C6:61:E5:4A:68:5F:65:18:34:B5:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/tzibh-Ay2YFxRWkFrkcM6lguEqg.roa
Signing time:             Tue 02 Jan 2024 06:31:36 +0000
ROA not before:           Tue 02 Jan 2024 06:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41685
IP address blocks:        78.25.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 00:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d8:ff:c8:85:9c:24:8d:92:3f:a4:e0:ee:3d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4b1b458abf797dedcc661e54a685f651834b5d1
        Validity
            Not Before: Jan  2 06:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7389b87e032d98171456905ae470cea582e12a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:35:2e:c2:fe:ce:bb:32:0d:3c:c4:c7:06:51:
                    33:9f:c7:b3:3a:61:64:e0:f9:49:60:72:c1:c3:e7:
                    19:2b:ea:3c:8f:63:75:2b:c6:62:7b:8f:fc:e1:dc:
                    87:47:24:0d:b9:fb:ef:3e:00:50:46:02:cf:da:1b:
                    bc:4d:57:3e:cd:e6:e6:79:ba:50:16:0c:4c:73:aa:
                    49:8f:43:6a:88:f0:c8:29:f0:44:7c:de:3e:a6:11:
                    34:1e:49:31:5a:81:68:13:e2:5b:7e:50:a0:b2:a6:
                    1d:06:9f:f1:c1:bb:8f:ff:78:c5:5c:29:ec:1e:33:
                    87:36:76:cf:dc:26:d0:c3:31:32:b3:50:d1:2c:82:
                    5f:da:60:70:03:ac:ce:04:42:f6:94:2e:c2:16:f3:
                    bc:ec:20:ef:ae:70:89:f5:69:7a:4f:58:0e:b9:f9:
                    f7:8d:66:67:7b:25:66:df:e6:d9:39:47:0f:25:8f:
                    72:93:85:8e:53:dd:42:e8:de:23:1d:bc:f1:0c:47:
                    b4:c2:88:cc:55:31:7f:8d:90:06:fa:f2:8e:a2:0c:
                    93:50:6e:bc:16:7f:aa:90:1b:5b:fa:1e:9f:65:dd:
                    8f:2d:0c:84:17:25:5a:de:b4:84:db:5e:e0:16:92:
                    c7:b8:93:8d:a7:e5:00:6c:fd:af:11:ec:9d:c2:31:
                    85:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:38:9B:87:E0:32:D9:81:71:45:69:05:AE:47:0C:EA:58:2E:12:A8
            X509v3 Authority Key Identifier:
                keyid:C4:B1:B4:58:AB:F7:97:DE:DC:C6:61:E5:4A:68:5F:65:18:34:B5:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/tzibh-Ay2YFxRWkFrkcM6lguEqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.25.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:06:5b:4d:04:b3:8c:68:e8:4c:db:bb:c7:17:c6:5b:47:e9:
         47:9a:de:cd:04:31:f7:b1:25:0e:40:0a:18:ef:da:73:9b:3c:
         3f:71:75:ac:be:10:18:36:9a:8c:1d:27:79:a9:c3:56:80:ef:
         86:a2:f6:cf:44:35:a8:00:1f:90:2a:64:fe:39:45:c9:fb:86:
         22:61:d5:c4:4c:12:3e:96:b9:0d:7d:ed:9f:13:7f:95:71:7d:
         1f:82:bc:d7:ff:d9:35:b6:a1:d2:a5:9b:9c:2c:15:f1:4f:84:
         ea:f8:b9:fc:00:75:db:a8:51:60:55:b8:df:1d:7f:ae:8b:a6:
         18:6a:e8:5e:fe:ed:71:af:36:51:a4:15:5c:93:05:9c:4a:78:
         c0:d6:77:1d:87:49:62:e4:de:03:ad:ee:58:e6:a9:e1:88:3c:
         5d:42:eb:9c:e2:b6:0c:10:30:a6:16:1b:a9:0b:d1:b5:fb:2c:
         28:68:7b:08:d2:59:b0:26:be:19:c1:32:c4:66:43:a2:47:f3:
         4e:eb:c0:28:b4:40:ea:a5:ba:00:5c:86:b9:37:d5:88:cb:5d:
         05:f4:ea:ec:ec:6d:c1:79:17:9c:74:de:e9:94:58:ff:a9:e0:
         22:84:2a:6d:a3:bd:90:56:2e:58:80:bb:c7:f5:b1:c7:4e:be:
         97:e5:64:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tj/yIWcJI2SP6Tg7j2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YjFiNDU4YWJmNzk3ZGVkY2M2NjFlNTRhNjg1ZjY1MTgz
NGI1ZDEwHhcNMjQwMTAyMDYzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzM4OWI4N2UwMzJkOTgxNzE0NTY5MDVhZTQ3MGNlYTU4MmUxMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDUuwv7OuzINPMTHBlEzn8ezOmFk
4PlJYHLBw+cZK+o8j2N1K8Zie4/84dyHRyQNufvvPgBQRgLP2hu8TVc+zebmebpQ
FgxMc6pJj0NqiPDIKfBEfN4+phE0HkkxWoFoE+JbflCgsqYdBp/xwbuP/3jFXCns
HjOHNnbP3CbQwzEys1DRLIJf2mBwA6zOBEL2lC7CFvO87CDvrnCJ9Wl6T1gOufn3
jWZneyVm3+bZOUcPJY9yk4WOU91C6N4jHbzxDEe0wojMVTF/jZAG+vKOogyTUG68
Fn+qkBtb+h6fZd2PLQyEFyVa3rSE217gFpLHuJONp+UAbP2vEeydwjGFEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLc4m4fgMtmBcUVpBa5HDOpYLhKoMB8GA1UdIwQY
MBaAFMSxtFir95fe3MZh5UpoX2UYNLXRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveExHMFdLdjNsOTdjeG1IbFNtaGZaUmcwdGRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8yNjBlMjQtMjA0MC00YTVjLTkyY2Yt
ZWM1OGEzMTI1ZWU1LzEvdHppYmgtQXkyWUZ4UldrRnJrY002bGd1RXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8yNjBlMjQtMjA0MC00YTVjLTkyY2YtZWM1OGEzMTI1ZWU1
LzEveExHMFdLdjNsOTdjeG1IbFNtaGZaUmcwdGRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThkBMA0G
CSqGSIb3DQEBCwUAA4IBAQAvBltNBLOMaOhM27vHF8ZbR+lHmt7NBDH3sSUOQAoY
79pzmzw/cXWsvhAYNpqMHSd5qcNWgO+GovbPRDWoAB+QKmT+OUXJ+4YiYdXETBI+
lrkNfe2fE3+VcX0fgrzX/9k1tqHSpZucLBXxT4Tq+Ln8AHXbqFFgVbjfHX+ui6YY
auhe/u1xrzZRpBVckwWcSnjA1ncdh0li5N4Dre5Y5qnhiDxdQuuc4rYMEDCmFhup
C9G1+ywoaHsI0lmwJr4ZwTLEZkOiR/NO68AotEDqpboAXIa5N9WIy10F9Ors7G3B
eRecdN7plFj/qeAihCpto72QVi5YgLvH9bHHTr6X5WTf
-----END CERTIFICATE-----