Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/1-3t0l6vKJ3YJQBoNhsWcts2xk38.roa
File:                     1-3t0l6vKJ3YJQBoNhsWcts2xk38.roa (raw, json)
Hash identifier:          aw10dc5u2WmCUbSCJ/Su/yGmh686bqLSTUaFeKeZvJY=
Subject key identifier:   FB:7B:74:97:AB:CA:27:76:09:40:1A:0D:86:C5:9C:B6:CD:B1:93:7F
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC6376EC60E5F63A485A2EC34FCC50
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/1-3t0l6vKJ3YJQBoNhsWcts2xk38.roa
Signing time:             Tue 02 Jan 2024 10:33:35 +0000
ROA not before:           Tue 02 Jan 2024 10:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209588
IP address blocks:        147.78.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:63:76:ec:60:e5:f6:3a:48:5a:2e:c3:4f:cc:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb7b7497abca277609401a0d86c59cb6cdb1937f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9f:d4:cf:71:c2:23:7f:bc:dd:24:d1:3f:77:
                    d7:a5:20:86:41:22:52:ae:a9:d7:f1:f7:93:55:5a:
                    9b:d2:fe:d0:19:75:e9:e0:f7:7a:8f:0d:20:04:79:
                    e3:03:74:a8:3d:f7:44:d0:0d:da:61:23:ae:c8:b5:
                    c9:e3:3f:b5:7e:53:f1:3b:e9:3c:a2:26:d2:f8:98:
                    d8:96:1d:da:ef:7f:26:ad:96:8f:05:4c:b5:55:e6:
                    a8:a3:73:43:0f:e4:9c:b4:4e:92:37:87:54:b2:b1:
                    4d:ff:90:c3:5f:d7:b5:7e:97:77:91:cc:7f:b9:17:
                    86:a5:45:4e:4b:cc:ba:37:ee:a3:27:10:27:ca:32:
                    dd:14:49:20:02:fa:e6:71:6b:b6:0f:94:a4:4c:01:
                    1e:0d:43:d4:3f:26:9f:c6:ad:31:65:a3:ce:c9:d7:
                    9d:4f:7d:04:7a:cf:f4:a2:05:bf:08:e7:42:36:8e:
                    6a:b7:6e:f2:b8:0c:e3:dd:8a:58:df:2b:d2:8b:a8:
                    3a:10:09:36:b9:0c:d4:a6:62:d3:82:2b:dc:17:da:
                    dd:8f:7e:53:6a:21:97:48:fa:22:5c:8c:53:97:d4:
                    33:91:c2:15:68:a3:ab:90:c9:21:83:d1:fe:83:52:
                    ab:5e:6b:c8:94:b2:a8:38:fe:4d:37:31:b0:cf:9b:
                    7c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:7B:74:97:AB:CA:27:76:09:40:1A:0D:86:C5:9C:B6:CD:B1:93:7F
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/1-3t0l6vKJ3YJQBoNhsWcts2xk38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:92:e9:98:69:9a:5f:26:66:be:0d:06:ef:26:85:d1:b2:7f:
         43:0a:ec:ee:b0:b7:fa:05:0b:76:59:88:b0:a7:9c:45:02:5a:
         ae:70:fb:6b:d8:2c:74:f0:1c:a7:b5:09:b8:e4:22:dd:72:74:
         47:25:ce:d8:5b:61:15:c5:d5:be:7c:53:d7:0b:e3:62:40:c0:
         eb:c8:4c:b7:9d:92:c1:fe:27:b8:4d:da:88:fe:a3:ad:5a:00:
         3a:85:e9:4a:cc:fe:76:5e:57:a6:92:01:bc:b6:51:03:f2:05:
         ab:8a:05:1a:e5:6d:8f:58:1c:4e:9a:43:9f:be:1a:8d:25:bf:
         af:c8:4a:4d:9e:1d:98:33:16:e7:c3:59:c1:e8:76:f2:76:b0:
         d1:5b:cc:7e:ef:aa:62:85:fa:78:13:df:8f:74:6c:93:13:e0:
         03:4b:80:0b:21:08:4b:d6:4f:b5:69:2d:a6:f2:42:ca:0a:f0:
         08:19:1f:3e:ce:33:7e:c9:e4:e4:7d:6b:84:38:f8:5d:72:dc:
         60:04:12:ef:24:24:44:4b:bf:9d:66:e2:4b:93:f7:49:dc:c6:
         b8:31:0e:fc:b2:a0:93:90:8e:2f:7d:f5:0a:d9:83:9c:8a:45:
         c2:8a:e8:9c:ed:2b:20:f5:d9:30:29:c3:7a:67:45:e7:ed:34:
         69:bd:94:9a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvGN27GDl9jpIWi7DT8xQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjdiNzQ5N2FiY2EyNzc2MDk0MDFhMGQ4NmM1OWNiNmNkYjE5MzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnp/Uz3HCI3+83STRP3fXpSCGQSJS
rqnX8feTVVqb0v7QGXXp4Pd6jw0gBHnjA3SoPfdE0A3aYSOuyLXJ4z+1flPxO+k8
oibS+JjYlh3a738mrZaPBUy1Veaoo3NDD+SctE6SN4dUsrFN/5DDX9e1fpd3kcx/
uReGpUVOS8y6N+6jJxAnyjLdFEkgAvrmcWu2D5SkTAEeDUPUPyafxq0xZaPOyded
T30Ees/0ogW/COdCNo5qt27yuAzj3YpY3yvSi6g6EAk2uQzUpmLTgivcF9rdj35T
aiGXSPoiXIxTl9QzkcIVaKOrkMkhg9H+g1KrXmvIlLKoOP5NNzGwz5t8bQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPt7dJeryid2CUAaDYbFnLbNsZN/MB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvMS0zdDBsNnZLSjNZSlFCb05oc1djdHMyeGszOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGMvM2ZmYjc2LTk5MzEtNDk0Mi05ZGExLTFlMDQ2NTUxM2I2
My8xL0pGWFhfdVNrbWV5dkVkTFQybzQ0bmVNalFTOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJNOLzAN
BgkqhkiG9w0BAQsFAAOCAQEAvpLpmGmaXyZmvg0G7yaF0bJ/Qwrs7rC3+gULdlmI
sKecRQJarnD7a9gsdPAcp7UJuOQi3XJ0RyXO2FthFcXVvnxT1wvjYkDA68hMt52S
wf4nuE3aiP6jrVoAOoXpSsz+dl5XppIBvLZRA/IFq4oFGuVtj1gcTppDn74ajSW/
r8hKTZ4dmDMW58NZweh28naw0VvMfu+qYoX6eBPfj3RskxPgA0uACyEIS9ZPtWkt
pvJCygrwCBkfPs4zfsnk5H1rhDj4XXLcYAQS7yQkREu/nWbiS5P3SdzGuDEO/LKg
k5COL331CtmDnIpFworonO0rIPXZMCnDemdF5+00ab2Umg==
-----END CERTIFICATE-----