Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/0azY30vUspPcz4JMqBQGWLbKg0Y.roa
File:                     0azY30vUspPcz4JMqBQGWLbKg0Y.roa (raw, json)
Hash identifier:          Zpe3ouLcm2IPF87DWdhdeZ0wp+ZwF3AV6wSWYmLJiZ8=
Subject key identifier:   D1:AC:D8:DF:4B:D4:B2:93:DC:CF:82:4C:A8:14:06:58:B6:CA:83:46
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018CC8DF78C032B49E1816297B96820474EE
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/0azY30vUspPcz4JMqBQGWLbKg0Y.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50693
IP address blocks:        178.20.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:78:c0:32:b4:9e:18:16:29:7b:96:82:04:74:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1acd8df4bd4b293dccf824ca8140658b6ca8346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:50:86:4a:60:6f:31:23:38:23:13:ea:2b:48:
                    46:f5:22:43:9b:98:38:d9:ca:4a:6f:f1:71:8c:ea:
                    9e:02:7d:55:10:b3:d0:f7:78:48:be:24:26:db:67:
                    79:53:be:55:0e:13:cd:fb:2b:b0:37:57:2b:9f:d0:
                    cf:35:ed:66:40:21:5c:bc:c2:0a:b3:8b:7b:ba:54:
                    f9:a9:59:7a:c3:c8:e5:d1:16:98:51:70:41:90:90:
                    3f:90:59:c0:9f:00:1b:6b:78:11:89:ba:bb:f4:97:
                    ae:71:09:27:06:f9:59:96:eb:28:7c:fa:fd:59:2c:
                    93:1b:eb:79:87:62:98:e6:6d:e6:71:64:47:0b:a0:
                    17:12:db:ac:62:81:1e:75:cf:39:62:97:54:f5:1e:
                    a1:71:cd:2e:30:b5:d4:07:cb:24:7b:b7:d1:c1:46:
                    e3:c5:df:3f:a1:29:62:a2:f6:57:71:cd:5b:cd:50:
                    eb:e7:31:f3:6d:8f:d5:a2:cd:50:9b:91:f4:9d:5f:
                    a7:ee:5f:2c:2b:bd:77:46:7d:e5:a7:af:40:a7:9e:
                    7c:68:cd:3c:fb:f9:84:d2:fc:a2:44:31:cd:c2:4c:
                    7f:00:d7:82:4f:e5:92:8b:c9:69:93:f9:86:39:55:
                    e7:cc:2c:41:f7:6b:f7:b9:8b:07:23:9e:ab:61:80:
                    7d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:AC:D8:DF:4B:D4:B2:93:DC:CF:82:4C:A8:14:06:58:B6:CA:83:46
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/0azY30vUspPcz4JMqBQGWLbKg0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:51:61:94:06:5e:8d:2e:39:02:73:71:a9:78:00:89:4e:76:
         98:44:9c:25:42:36:ee:e1:6a:2f:6d:90:37:b7:2d:5e:7c:82:
         45:f2:a3:c8:9e:90:1c:43:30:b3:71:61:03:ca:87:fb:43:97:
         0f:15:80:93:9a:22:34:3f:0f:9c:f1:76:53:e4:d6:0f:19:37:
         d6:fd:b1:44:01:dc:35:c4:b0:68:b7:e0:c6:b0:d7:38:cf:18:
         54:55:3a:8c:5d:d5:03:93:17:98:1d:c5:13:82:d6:bb:44:db:
         08:e2:90:39:ba:25:65:74:22:94:9c:55:de:a2:09:c5:74:97:
         ac:21:20:62:b1:da:49:cc:ad:0f:f8:7c:db:a9:c0:59:f5:22:
         6e:68:44:43:72:97:22:86:47:ef:b7:f8:12:5c:9a:a9:10:58:
         de:01:3a:3f:d9:b7:31:fd:7b:66:e6:08:cd:4c:73:8e:7d:7b:
         37:6f:af:96:51:54:24:8c:b7:02:6f:eb:fe:02:61:8a:23:93:
         34:cf:63:6e:dc:7f:bb:76:83:49:01:c0:57:f4:db:65:3f:da:
         3e:3f:55:37:29:fb:6c:89:8e:95:09:88:cb:5f:81:ed:9f:fb:
         a9:db:61:8e:32:30:5f:eb:4b:e7:bc:13:0b:7c:84:10:8b:87:
         3e:e1:5f:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33jAMrSeGBYpe5aCBHTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWFjZDhkZjRiZDRiMjkzZGNjZjgyNGNhODE0MDY1OGI2Y2E4MzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilCGSmBvMSM4IxPqK0hG9SJDm5g4
2cpKb/FxjOqeAn1VELPQ93hIviQm22d5U75VDhPN+yuwN1crn9DPNe1mQCFcvMIK
s4t7ulT5qVl6w8jl0RaYUXBBkJA/kFnAnwAba3gRibq79JeucQknBvlZlusofPr9
WSyTG+t5h2KY5m3mcWRHC6AXEtusYoEedc85YpdU9R6hcc0uMLXUB8ske7fRwUbj
xd8/oSliovZXcc1bzVDr5zHzbY/Vos1Qm5H0nV+n7l8sK713Rn3lp69Ap558aM08
+/mE0vyiRDHNwkx/ANeCT+WSi8lpk/mGOVXnzCxB92v3uYsHI56rYYB9BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGs2N9L1LKT3M+CTKgUBli2yoNGMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvMGF6WTMwdlVzcFBjejRKTXFCUUdXTGJLZzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshTPMA0G
CSqGSIb3DQEBCwUAA4IBAQBXUWGUBl6NLjkCc3GpeACJTnaYRJwlQjbu4WovbZA3
ty1efIJF8qPInpAcQzCzcWEDyof7Q5cPFYCTmiI0Pw+c8XZT5NYPGTfW/bFEAdw1
xLBot+DGsNc4zxhUVTqMXdUDkxeYHcUTgta7RNsI4pA5uiVldCKUnFXeognFdJes
ISBisdpJzK0P+HzbqcBZ9SJuaERDcpcihkfvt/gSXJqpEFjeATo/2bcx/Xtm5gjN
THOOfXs3b6+WUVQkjLcCb+v+AmGKI5M0z2Nu3H+7doNJAcBX9NtlP9o+P1U3Kfts
iY6VCYjLX4Htn/up22GOMjBf60vnvBMLfIQQi4c+4V8+
-----END CERTIFICATE-----