Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/aAd3eu0aAgou1_tDcCmo2DILPkM.roa
File:                     aAd3eu0aAgou1_tDcCmo2DILPkM.roa (raw, json)
Hash identifier:          09a35DRtLryUI5G+QSL9aQFU0gY/vQQq/WSG80rjUgk=
Subject key identifier:   68:07:77:7A:ED:1A:02:0A:2E:D7:FB:43:70:29:A8:D8:32:0B:3E:43
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018CC9BC5FA5C7F8AD2A2D86BE0E09BCF8F2
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/aAd3eu0aAgou1_tDcCmo2DILPkM.roa
Signing time:             Tue 02 Jan 2024 10:33:34 +0000
ROA not before:           Tue 02 Jan 2024 10:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59580
IP address blocks:        147.78.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:5f:a5:c7:f8:ad:2a:2d:86:be:0e:09:bc:f8:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 10:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6807777aed1a020a2ed7fb437029a8d8320b3e43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:45:4f:9e:a8:7a:7b:2b:0f:77:88:a4:3a:4e:
                    d6:5f:0b:10:ec:0f:b0:d6:b9:94:25:cf:30:e8:9c:
                    cc:19:93:2d:0a:ca:39:d3:56:9d:a6:eb:d2:6c:90:
                    10:a5:ed:e0:cf:b5:00:43:c4:d8:49:87:13:f2:56:
                    7c:dd:80:9c:6d:0c:1f:e1:bd:0a:52:3b:f1:7d:4e:
                    b4:28:9d:92:c4:c6:58:5b:c9:bf:59:f7:65:14:91:
                    3e:3a:c1:64:1e:98:1e:d3:45:2a:15:6c:82:ca:97:
                    d9:d8:24:3c:89:87:f2:31:f3:d8:fa:d9:92:ce:39:
                    89:66:6d:06:ca:73:0f:85:d4:2d:85:f6:91:6d:bd:
                    59:0b:bd:0b:ba:a6:64:4e:f7:c9:30:45:af:b2:cb:
                    4a:3f:41:47:bb:01:e0:89:75:e3:61:b4:a1:2b:9f:
                    c8:f4:86:75:9c:24:16:53:58:8f:29:44:10:0c:f2:
                    e5:c4:25:c3:d6:80:d1:ed:c3:be:6e:18:5d:ab:1c:
                    29:c2:8e:b2:0a:cf:a6:d6:75:de:69:4f:e0:62:5b:
                    8f:18:59:4d:96:e3:27:be:df:cd:69:0c:01:81:cf:
                    1e:5a:d1:69:db:71:d1:4b:09:7d:11:86:5c:b8:cc:
                    7c:f2:af:8e:6e:bb:3e:69:e1:df:3d:43:a4:92:bb:
                    cd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:07:77:7A:ED:1A:02:0A:2E:D7:FB:43:70:29:A8:D8:32:0B:3E:43
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/aAd3eu0aAgou1_tDcCmo2DILPkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:2b:1e:ac:f6:18:df:df:08:b1:68:e4:96:09:79:e7:bd:c2:
         7b:06:89:1e:31:7d:86:e7:98:6c:5c:5a:4a:d9:c8:bc:51:c9:
         61:e9:1e:0c:a4:b4:47:61:a7:a7:2d:a7:3a:b1:02:89:cf:37:
         0c:c8:67:ec:ed:1e:fc:9b:4e:7b:0f:95:d3:14:27:71:db:1b:
         2b:4d:9c:4f:e7:86:00:0d:b6:d7:59:3d:3f:f5:31:7f:08:f4:
         50:30:5d:ff:6d:16:80:e7:f3:86:b3:ad:6f:02:b6:93:c1:41:
         da:56:f7:9b:13:e0:51:1a:9e:55:d3:45:92:b6:38:8a:a1:a6:
         e0:4e:ea:89:50:b6:3a:82:01:ad:4f:55:a1:78:f0:e5:83:1e:
         cd:20:79:f4:f4:4e:83:6e:39:1a:a9:aa:47:c9:c5:32:a7:df:
         4c:b6:08:e5:17:db:81:04:15:e5:fe:02:0e:f6:75:bc:24:d1:
         33:74:6c:80:e1:c2:a1:57:97:00:70:b1:43:9e:54:e0:f5:6d:
         74:20:13:b0:d0:e5:b1:bb:42:14:3d:75:0a:58:d9:e9:cc:c1:
         77:98:1e:84:c3:80:b5:04:1d:40:0c:6f:c6:3f:1e:d8:f2:02:
         4c:51:ee:64:3e:d2:3c:23:e1:95:b4:14:14:00:b5:e2:6b:aa:
         75:a9:b8:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvF+lx/itKi2Gvg4JvPjyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODA3Nzc3YWVkMWEwMjBhMmVkN2ZiNDM3MDI5YThkODMyMGIzZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0VPnqh6eysPd4ikOk7WXwsQ7A+w
1rmUJc8w6JzMGZMtCso501adpuvSbJAQpe3gz7UAQ8TYSYcT8lZ83YCcbQwf4b0K
UjvxfU60KJ2SxMZYW8m/WfdlFJE+OsFkHpge00UqFWyCypfZ2CQ8iYfyMfPY+tmS
zjmJZm0GynMPhdQthfaRbb1ZC70LuqZkTvfJMEWvsstKP0FHuwHgiXXjYbShK5/I
9IZ1nCQWU1iPKUQQDPLlxCXD1oDR7cO+bhhdqxwpwo6yCs+m1nXeaU/gYluPGFlN
luMnvt/NaQwBgc8eWtFp23HRSwl9EYZcuMx88q+Obrs+aeHfPUOkkrvNCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgHd3rtGgIKLtf7Q3ApqNgyCz5DMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvYUFkM2V1MGFBZ291MV90RGNDbW8yRElMUGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk04uMA0G
CSqGSIb3DQEBCwUAA4IBAQBKKx6s9hjf3wixaOSWCXnnvcJ7BokeMX2G55hsXFpK
2ci8Uclh6R4MpLRHYaenLac6sQKJzzcMyGfs7R78m057D5XTFCdx2xsrTZxP54YA
DbbXWT0/9TF/CPRQMF3/bRaA5/OGs61vAraTwUHaVvebE+BRGp5V00WStjiKoabg
TuqJULY6ggGtT1WhePDlgx7NIHn09E6DbjkaqapHycUyp99MtgjlF9uBBBXl/gIO
9nW8JNEzdGyA4cKhV5cAcLFDnlTg9W10IBOw0OWxu0IUPXUKWNnpzMF3mB6Ew4C1
BB1ADG/GPx7Y8gJMUe5kPtI8I+GVtBQUALXia6p1qbjK
-----END CERTIFICATE-----