Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/a14e1e-ced4-42e9-8338-f2af8001ac78/1/49yziL3K95BvbM6Qvin4RpQx4tA.roa
File:                     49yziL3K95BvbM6Qvin4RpQx4tA.roa (raw, json)
Hash identifier:          jOWqeY1o7X9ISEjspU1wras1z6V/H6waPxFW8BJqOgM=
Subject key identifier:   E3:DC:B3:88:BD:CA:F7:90:6F:6C:CE:90:BE:29:F8:46:94:31:E2:D0
Certificate issuer:       /CN=d44bc0e83e81f57fb4894041dca76c77d33f02e7
Certificate serial:       018CC72736F35CBA481815CBCB02266E7E28
Authority key identifier: D4:4B:C0:E8:3E:81:F5:7F:B4:89:40:41:DC:A7:6C:77:D3:3F:02:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1EvA6D6B9X-0iUBB3Kdsd9M_Auc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/a14e1e-ced4-42e9-8338-f2af8001ac78/1/49yziL3K95BvbM6Qvin4RpQx4tA.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43682
IP address blocks:        78.24.192.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/a14e1e-ced4-42e9-8338-f2af8001ac78/1/1EvA6D6B9X-0iUBB3Kdsd9M_Auc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/a14e1e-ced4-42e9-8338-f2af8001ac78/1/1EvA6D6B9X-0iUBB3Kdsd9M_Auc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1EvA6D6B9X-0iUBB3Kdsd9M_Auc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:36:f3:5c:ba:48:18:15:cb:cb:02:26:6e:7e:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d44bc0e83e81f57fb4894041dca76c77d33f02e7
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3dcb388bdcaf7906f6cce90be29f8469431e2d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:16:0a:83:49:55:38:e7:1e:2c:cc:29:80:21:
                    e1:d3:98:99:77:68:5d:4d:60:78:a3:fe:c5:61:e5:
                    6a:b4:f3:36:33:70:47:a1:b7:7a:5c:82:09:6e:6c:
                    be:56:a7:30:5a:2e:42:f7:2b:46:86:cf:2f:f3:50:
                    ae:38:66:51:90:42:ad:57:a2:49:a7:cb:f3:4e:e4:
                    4b:fc:99:09:10:e9:8e:60:01:3c:66:aa:41:15:b7:
                    92:f7:8d:24:24:9d:ab:63:ed:6a:e3:f3:9f:e6:ce:
                    7e:3f:b3:42:2c:57:8c:46:8d:42:e9:90:c1:56:1f:
                    fb:ef:dc:2b:59:b7:2b:bf:1c:47:6d:d8:b3:cf:df:
                    36:31:48:3d:fa:37:36:c9:c9:f3:30:e1:6c:6d:24:
                    23:2f:4c:f9:68:4b:0f:b7:f4:0c:45:0e:da:d0:79:
                    99:ed:15:ee:b1:53:f8:a9:95:2c:15:8b:99:06:1a:
                    22:61:3a:db:15:41:94:58:e8:4e:70:5e:4a:d4:b7:
                    12:94:d3:49:2e:94:a8:ce:9c:9d:15:98:a3:d2:34:
                    56:05:2e:05:45:56:fe:d8:50:28:c4:b2:3d:f7:1d:
                    81:4d:66:6a:71:72:96:14:0b:4f:99:d8:ad:dd:77:
                    98:3d:2c:66:e8:2d:f1:ba:44:41:16:7e:de:28:b5:
                    d7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:DC:B3:88:BD:CA:F7:90:6F:6C:CE:90:BE:29:F8:46:94:31:E2:D0
            X509v3 Authority Key Identifier:
                keyid:D4:4B:C0:E8:3E:81:F5:7F:B4:89:40:41:DC:A7:6C:77:D3:3F:02:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1EvA6D6B9X-0iUBB3Kdsd9M_Auc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a14e1e-ced4-42e9-8338-f2af8001ac78/1/49yziL3K95BvbM6Qvin4RpQx4tA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a14e1e-ced4-42e9-8338-f2af8001ac78/1/1EvA6D6B9X-0iUBB3Kdsd9M_Auc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         05:1f:f0:13:6a:9c:8f:d3:4d:54:70:50:5c:4e:fd:2d:d8:7d:
         dd:3f:02:b6:93:78:34:d8:bf:89:94:1a:59:ec:70:a2:35:09:
         87:a9:49:44:16:8f:54:f8:07:c6:7f:e0:31:c8:7f:a3:f7:94:
         51:ab:8c:85:ec:f0:70:e4:38:34:ae:e0:23:45:a4:b7:76:6a:
         28:52:54:f6:c2:74:01:f3:5b:2a:b6:08:07:a3:9a:2a:f9:3e:
         73:73:4a:bf:64:0c:99:3e:c9:c0:3a:ab:1e:85:b3:07:4d:9a:
         33:76:cc:0e:b6:ce:ca:54:80:0d:64:3f:d5:d3:97:87:07:b9:
         d2:37:11:67:bc:9d:42:94:85:76:53:45:30:6b:96:3f:0c:31:
         a1:78:e4:f7:d9:fa:53:01:6e:2c:22:03:17:f9:25:74:06:e4:
         5b:e6:5f:30:74:2c:35:d5:79:9a:a6:08:e0:78:e2:94:d9:fd:
         83:8c:de:ad:7d:79:84:8a:31:9e:4f:b6:12:92:76:15:8f:43:
         61:23:0e:4f:78:82:c1:7e:c0:7a:2f:a0:d4:ab:ab:b6:bf:87:
         98:fd:3e:78:ab:b6:50:71:97:04:07:bd:2d:f5:5d:85:b9:8a:
         f8:0b:c6:8e:8b:48:83:ad:f0:66:37:1b:5f:10:e9:9f:fa:49:
         08:62:01:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzbzXLpIGBXLywImbn4oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGJjMGU4M2U4MWY1N2ZiNDg5NDA0MWRjYTc2Yzc3ZDMz
ZjAyZTcwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2RjYjM4OGJkY2FmNzkwNmY2Y2NlOTBiZTI5Zjg0Njk0MzFlMmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRYKg0lVOOceLMwpgCHh05iZd2hd
TWB4o/7FYeVqtPM2M3BHobd6XIIJbmy+VqcwWi5C9ytGhs8v81CuOGZRkEKtV6JJ
p8vzTuRL/JkJEOmOYAE8ZqpBFbeS940kJJ2rY+1q4/Of5s5+P7NCLFeMRo1C6ZDB
Vh/779wrWbcrvxxHbdizz982MUg9+jc2ycnzMOFsbSQjL0z5aEsPt/QMRQ7a0HmZ
7RXusVP4qZUsFYuZBhoiYTrbFUGUWOhOcF5K1LcSlNNJLpSozpydFZij0jRWBS4F
RVb+2FAoxLI99x2BTWZqcXKWFAtPmdit3XeYPSxm6C3xukRBFn7eKLXXNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPcs4i9yveQb2zOkL4p+EaUMeLQMB8GA1UdIwQY
MBaAFNRLwOg+gfV/tIlAQdynbHfTPwLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUV2QTZENkI5WC0waVVCQjNLZHNkOU1fQXVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9hMTRlMWUtY2VkNC00MmU5LTgzMzgt
ZjJhZjgwMDFhYzc4LzEvNDl5emlMM0s5NUJ2Yk02UXZpbjRScFF4NHRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9hMTRlMWUtY2VkNC00MmU5LTgzMzgtZjJhZjgwMDFhYzc4
LzEvMUV2QTZENkI5WC0waVVCQjNLZHNkOU1fQXVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDThjAMA0G
CSqGSIb3DQEBCwUAA4IBAQAFH/ATapyP001UcFBcTv0t2H3dPwK2k3g02L+JlBpZ
7HCiNQmHqUlEFo9U+AfGf+AxyH+j95RRq4yF7PBw5Dg0ruAjRaS3dmooUlT2wnQB
81sqtggHo5oq+T5zc0q/ZAyZPsnAOqsehbMHTZozdswOts7KVIANZD/V05eHB7nS
NxFnvJ1ClIV2U0Uwa5Y/DDGheOT32fpTAW4sIgMX+SV0BuRb5l8wdCw11Xmapgjg
eOKU2f2DjN6tfXmEijGeT7YSknYVj0NhIw5PeILBfsB6L6DUq6u2v4eY/T54q7ZQ
cZcEB70t9V2FuYr4C8aOi0iDrfBmNxtfEOmf+kkIYgGh
-----END CERTIFICATE-----