Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/iPahhazYD4dGwrJ5KN_cY_pJkQo.roa
File:                     iPahhazYD4dGwrJ5KN_cY_pJkQo.roa (raw, json)
Hash identifier:          Rpb/ejrMWn0fLOTAz3hfv4/E0JbXCCK1Upfb0C21IxY=
Subject key identifier:   88:F6:A1:85:AC:D8:0F:87:46:C2:B2:79:28:DF:DC:63:FA:49:91:0A
Certificate issuer:       /CN=d03c73b60f2103ee3b2a2c3cbe920e212a92ee65
Certificate serial:       018DE73A67EC086567B534C388DC5AEAB271
Authority key identifier: D0:3C:73:B6:0F:21:03:EE:3B:2A:2C:3C:BE:92:0E:21:2A:92:EE:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Dxztg8hA-47Kiw8vpIOISqS7mU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/iPahhazYD4dGwrJ5KN_cY_pJkQo.roa
Signing time:             Mon 26 Feb 2024 21:03:01 +0000
ROA not before:           Mon 26 Feb 2024 21:03:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        193.200.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/0Dxztg8hA-47Kiw8vpIOISqS7mU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/0Dxztg8hA-47Kiw8vpIOISqS7mU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Dxztg8hA-47Kiw8vpIOISqS7mU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e7:3a:67:ec:08:65:67:b5:34:c3:88:dc:5a:ea:b2:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d03c73b60f2103ee3b2a2c3cbe920e212a92ee65
        Validity
            Not Before: Feb 26 21:03:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88f6a185acd80f8746c2b27928dfdc63fa49910a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:75:16:58:27:54:83:16:ee:4c:ab:b5:bf:7f:
                    3e:48:1e:0b:89:1d:5f:94:13:70:54:e3:c8:6c:cb:
                    27:6e:c7:17:9d:21:f6:23:d3:67:a0:21:2a:41:07:
                    2a:f8:48:ce:3a:62:27:fe:27:db:ba:14:09:d7:4c:
                    10:2b:35:f8:90:a1:24:3b:ea:77:34:26:5f:ae:9a:
                    54:1e:32:06:06:2a:c2:e7:96:00:15:ba:45:6d:c0:
                    21:42:a9:0b:56:14:94:ef:a9:c4:1e:c8:54:9c:3d:
                    d3:73:c9:78:50:85:94:7a:da:71:eb:e3:98:15:15:
                    02:10:60:fd:c6:a6:28:ea:ab:d3:b0:ca:2f:4f:0f:
                    06:be:f6:53:91:c7:e2:8d:c0:11:0b:e6:fa:e5:10:
                    06:d9:c5:37:52:69:18:ba:3c:51:c2:75:23:2b:92:
                    a7:49:47:07:39:a9:ef:b6:5f:00:df:37:1b:c5:45:
                    8c:f0:0f:3e:4a:2f:f3:f5:e8:fc:3b:f8:61:a2:41:
                    d9:3f:11:bb:2f:d8:66:36:70:a5:50:6a:f4:9b:c9:
                    b6:47:4d:0d:34:49:ef:64:20:dd:ef:14:95:d0:b8:
                    e1:8b:eb:30:e9:05:24:81:66:01:d7:8d:3f:08:de:
                    c6:b4:d2:d2:41:6a:08:de:6a:78:e0:5d:5d:96:cf:
                    10:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F6:A1:85:AC:D8:0F:87:46:C2:B2:79:28:DF:DC:63:FA:49:91:0A
            X509v3 Authority Key Identifier:
                keyid:D0:3C:73:B6:0F:21:03:EE:3B:2A:2C:3C:BE:92:0E:21:2A:92:EE:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Dxztg8hA-47Kiw8vpIOISqS7mU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/iPahhazYD4dGwrJ5KN_cY_pJkQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/011132-eae3-4e9d-b6f0-46f004a19591/1/0Dxztg8hA-47Kiw8vpIOISqS7mU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:0b:63:93:7c:87:26:59:91:25:9c:0b:97:6f:32:f2:af:14:
         ed:63:4b:82:1e:7b:89:85:96:b7:d0:94:94:f6:80:0a:e2:5d:
         75:25:e3:35:db:f9:0a:24:4e:33:44:90:a4:b4:de:3a:53:0c:
         d8:78:c4:c0:72:4b:22:9a:d6:0c:3a:86:63:70:a2:d3:6f:d7:
         65:db:89:e6:90:8d:45:a1:de:29:ca:6d:7d:3e:53:67:05:1e:
         fb:0d:34:fe:7c:27:ea:c2:18:de:7a:7b:ff:d8:43:b2:5e:cd:
         21:21:49:93:f3:98:22:1b:dc:e1:19:77:e7:fd:c4:80:2b:28:
         ec:de:51:fd:85:9f:a3:c8:41:a6:ea:fe:f2:69:be:af:bd:2d:
         85:8f:49:2d:b7:f4:24:8d:73:23:86:ba:c8:ec:5f:00:24:7c:
         4b:52:02:b6:b2:c4:1c:21:b6:6b:9c:e3:05:ca:bf:bc:de:ea:
         92:cb:00:fd:4d:cc:23:f0:0d:26:75:ca:e0:8c:1b:3b:cd:35:
         38:5d:88:10:94:4b:9e:95:18:3f:9e:f6:7c:8d:a5:28:ba:3b:
         34:d3:1b:a8:1a:5f:30:ec:6a:7c:4e:b1:9f:09:8a:ae:09:99:
         d7:dd:d0:88:69:ff:20:9e:b5:e2:87:54:f3:42:4f:fb:1c:19:
         c6:34:4c:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3nOmfsCGVntTTDiNxa6rJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwM2M3M2I2MGYyMTAzZWUzYjJhMmMzY2JlOTIwZTIxMmE5
MmVlNjUwHhcNMjQwMjI2MjEwMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGY2YTE4NWFjZDgwZjg3NDZjMmIyNzkyOGRmZGM2M2ZhNDk5MTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3UWWCdUgxbuTKu1v38+SB4LiR1f
lBNwVOPIbMsnbscXnSH2I9NnoCEqQQcq+EjOOmIn/ifbuhQJ10wQKzX4kKEkO+p3
NCZfrppUHjIGBirC55YAFbpFbcAhQqkLVhSU76nEHshUnD3Tc8l4UIWUetpx6+OY
FRUCEGD9xqYo6qvTsMovTw8GvvZTkcfijcARC+b65RAG2cU3UmkYujxRwnUjK5Kn
SUcHOanvtl8A3zcbxUWM8A8+Si/z9ej8O/hhokHZPxG7L9hmNnClUGr0m8m2R00N
NEnvZCDd7xSV0Ljhi+sw6QUkgWYB140/CN7GtNLSQWoI3mp44F1dls8QoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIj2oYWs2A+HRsKyeSjf3GP6SZEKMB8GA1UdIwQY
MBaAFNA8c7YPIQPuOyosPL6SDiEqku5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMER4enRnOGhBLTQ3S2l3OHZwSU9JU3FTN21VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wMTExMzItZWFlMy00ZTlkLWI2ZjAt
NDZmMDA0YTE5NTkxLzEvaVBhaGhhellENGRHd3JKNUtOX2NZX3BKa1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wMTExMzItZWFlMy00ZTlkLWI2ZjAtNDZmMDA0YTE5NTkx
LzEvMER4enRnOGhBLTQ3S2l3OHZwSU9JU3FTN21VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwchOMA0G
CSqGSIb3DQEBCwUAA4IBAQC9C2OTfIcmWZElnAuXbzLyrxTtY0uCHnuJhZa30JSU
9oAK4l11JeM12/kKJE4zRJCktN46UwzYeMTAcksimtYMOoZjcKLTb9dl24nmkI1F
od4pym19PlNnBR77DTT+fCfqwhjeenv/2EOyXs0hIUmT85giG9zhGXfn/cSAKyjs
3lH9hZ+jyEGm6v7yab6vvS2Fj0ktt/QkjXMjhrrI7F8AJHxLUgK2ssQcIbZrnOMF
yr+83uqSywD9Tcwj8A0mdcrgjBs7zTU4XYgQlEuelRg/nvZ8jaUoujs00xuoGl8w
7Gp8TrGfCYquCZnX3dCIaf8gnrXih1TzQk/7HBnGNEyu
-----END CERTIFICATE-----