Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/2eb41a-6fa6-416b-8752-36ef73f2c900/1/9v0pcjqLca1PxwtXAyi2tIbYKB4.roa
File:                     9v0pcjqLca1PxwtXAyi2tIbYKB4.roa (raw, json)
Hash identifier:          0ZyHILMmXFP1SkSvHJkkOZ6S2yOtgKK3MuomUBpLQks=
Subject key identifier:   F6:FD:29:72:3A:8B:71:AD:4F:C7:0B:57:03:28:B6:B4:86:D8:28:1E
Certificate issuer:       /CN=acaec954f476f77ef1a33b619d44a5730bebd7bf
Certificate serial:       018CC8DF3CF9511199B3C48DC3D3FA674AE8
Authority key identifier: AC:AE:C9:54:F4:76:F7:7E:F1:A3:3B:61:9D:44:A5:73:0B:EB:D7:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rK7JVPR2937xozthnUSlcwvr178.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/2eb41a-6fa6-416b-8752-36ef73f2c900/1/9v0pcjqLca1PxwtXAyi2tIbYKB4.roa
Signing time:             Tue 02 Jan 2024 06:32:02 +0000
ROA not before:           Tue 02 Jan 2024 06:32:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50285
IP address blocks:        78.41.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/2eb41a-6fa6-416b-8752-36ef73f2c900/1/rK7JVPR2937xozthnUSlcwvr178.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/2eb41a-6fa6-416b-8752-36ef73f2c900/1/rK7JVPR2937xozthnUSlcwvr178.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rK7JVPR2937xozthnUSlcwvr178.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:3c:f9:51:11:99:b3:c4:8d:c3:d3:fa:67:4a:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acaec954f476f77ef1a33b619d44a5730bebd7bf
        Validity
            Not Before: Jan  2 06:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6fd29723a8b71ad4fc70b570328b6b486d8281e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ea:46:eb:b2:67:61:ff:8c:dc:9e:fb:d7:e0:
                    16:e3:0d:c1:dd:c7:59:29:87:49:fe:6f:0a:dc:93:
                    93:07:e4:ed:27:c1:e1:a4:9e:cc:a2:89:08:3f:01:
                    f0:87:e7:66:5e:17:8b:26:ea:12:a5:42:40:96:9e:
                    73:f1:19:f0:36:e2:74:7d:5e:19:00:53:67:d3:ea:
                    b8:64:6e:07:8d:49:a2:38:2b:31:4c:54:c7:77:85:
                    90:cc:29:6c:c9:76:8a:03:23:b5:64:31:5c:9f:28:
                    1d:73:bb:ae:5a:e7:64:21:25:21:f6:0e:3c:d8:7f:
                    49:7c:d3:23:ff:8c:f4:37:66:d9:de:81:50:2c:37:
                    04:fd:5f:5c:53:f7:5c:ac:fd:25:d8:9a:dd:e4:a3:
                    7e:f3:e7:de:fe:4a:25:dd:b3:36:48:02:28:e3:78:
                    36:c9:82:26:13:a6:b7:61:b8:48:fc:81:29:fe:38:
                    ac:32:5f:b6:49:b6:c2:57:1b:5d:13:79:2b:46:b5:
                    a5:18:3e:4e:24:66:7a:87:a2:9b:ef:8c:e3:07:95:
                    e6:70:bb:91:3a:c9:01:be:12:67:8b:d8:83:ac:45:
                    6f:b0:c2:3a:e6:b8:b5:79:b9:35:af:85:49:d9:30:
                    ea:ef:27:0f:8c:ff:32:2a:f6:bf:86:7d:03:28:02:
                    47:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:FD:29:72:3A:8B:71:AD:4F:C7:0B:57:03:28:B6:B4:86:D8:28:1E
            X509v3 Authority Key Identifier:
                keyid:AC:AE:C9:54:F4:76:F7:7E:F1:A3:3B:61:9D:44:A5:73:0B:EB:D7:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rK7JVPR2937xozthnUSlcwvr178.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/2eb41a-6fa6-416b-8752-36ef73f2c900/1/9v0pcjqLca1PxwtXAyi2tIbYKB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/2eb41a-6fa6-416b-8752-36ef73f2c900/1/rK7JVPR2937xozthnUSlcwvr178.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         38:70:c0:26:32:c5:03:e4:db:fd:c1:c3:d3:5a:6d:ba:37:94:
         d7:21:95:d7:96:60:61:c7:22:f6:4a:78:13:cc:46:47:75:0a:
         21:69:41:6b:67:6f:33:eb:2d:c4:d3:a9:13:3b:87:35:f1:9b:
         f9:b4:62:9e:f3:0e:23:5e:b4:0f:38:31:9d:d5:c9:f9:f4:da:
         dc:10:3e:8a:84:1c:d4:6d:11:41:8d:34:1b:79:df:4d:f6:31:
         f4:af:57:95:32:ae:34:d4:a0:a5:d3:6a:82:80:14:3e:1f:1a:
         66:cf:20:db:9a:35:d4:8c:79:6d:19:9b:41:76:d4:7a:b0:34:
         64:e2:ab:5b:61:42:1e:fb:4c:72:6b:c5:a9:72:fa:96:f2:61:
         a3:2d:a9:59:a8:fe:7d:c0:c0:60:d7:98:6a:b9:3b:52:0e:d7:
         62:b4:3c:16:1e:d3:38:75:0f:8c:62:c1:c1:a2:96:3e:1f:b0:
         5b:0d:6d:f7:9a:ee:b8:bd:63:26:ce:2f:d8:55:e1:03:71:6e:
         69:dd:44:69:49:2a:9f:3b:b0:4c:e5:e8:bd:ca:83:6d:19:79:
         1f:47:8a:25:7a:8a:38:e2:f3:f5:a9:aa:51:8e:90:f2:d3:34:
         fc:04:f8:50:fc:a4:ab:b5:3d:7e:60:f9:4f:c2:e4:32:ab:46:
         85:90:84:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zz5URGZs8SNw9P6Z0roMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYWVjOTU0ZjQ3NmY3N2VmMWEzM2I2MTlkNDRhNTczMGJl
YmQ3YmYwHhcNMjQwMTAyMDYzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmZkMjk3MjNhOGI3MWFkNGZjNzBiNTcwMzI4YjZiNDg2ZDgyODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqupG67JnYf+M3J771+AW4w3B3cdZ
KYdJ/m8K3JOTB+TtJ8HhpJ7MookIPwHwh+dmXheLJuoSpUJAlp5z8RnwNuJ0fV4Z
AFNn0+q4ZG4HjUmiOCsxTFTHd4WQzClsyXaKAyO1ZDFcnygdc7uuWudkISUh9g48
2H9JfNMj/4z0N2bZ3oFQLDcE/V9cU/dcrP0l2Jrd5KN+8+fe/kol3bM2SAIo43g2
yYImE6a3YbhI/IEp/jisMl+2SbbCVxtdE3krRrWlGD5OJGZ6h6Kb74zjB5XmcLuR
OskBvhJni9iDrEVvsMI65ri1ebk1r4VJ2TDq7ycPjP8yKva/hn0DKAJHYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPb9KXI6i3GtT8cLVwMotrSG2CgeMB8GA1UdIwQY
MBaAFKyuyVT0dvd+8aM7YZ1EpXML69e/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcks3SlZQUjI5Mzd4b3p0aG5VU2xjd3ZyMTc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8yZWI0MWEtNmZhNi00MTZiLTg3NTIt
MzZlZjczZjJjOTAwLzEvOXYwcGNqcUxjYTFQeHd0WEF5aTJ0SWJZS0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8yZWI0MWEtNmZhNi00MTZiLTg3NTItMzZlZjczZjJjOTAw
LzEvcks3SlZQUjI5Mzd4b3p0aG5VU2xjd3ZyMTc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTik4MA0G
CSqGSIb3DQEBCwUAA4IBAQA4cMAmMsUD5Nv9wcPTWm26N5TXIZXXlmBhxyL2SngT
zEZHdQohaUFrZ28z6y3E06kTO4c18Zv5tGKe8w4jXrQPODGd1cn59NrcED6KhBzU
bRFBjTQbed9N9jH0r1eVMq401KCl02qCgBQ+HxpmzyDbmjXUjHltGZtBdtR6sDRk
4qtbYUIe+0xya8WpcvqW8mGjLalZqP59wMBg15hquTtSDtditDwWHtM4dQ+MYsHB
opY+H7BbDW33mu64vWMmzi/YVeEDcW5p3URpSSqfO7BM5ei9yoNtGXkfR4oleoo4
4vP1qapRjpDy0zT8BPhQ/KSrtT1+YPlPwuQyq0aFkITh
-----END CERTIFICATE-----