Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/efbUUBu46c4-od44JE3o9u72YMM.roa
File:                     efbUUBu46c4-od44JE3o9u72YMM.roa (raw, json)
Hash identifier:          WsuLJjiAhmY3fhTUiNKoh5AFTjXUw3yxC7gv9+fdBCo=
Subject key identifier:   79:F6:D4:50:1B:B8:E9:CE:3E:A1:DE:38:24:4D:E8:F6:EE:F6:60:C3
Certificate issuer:       /CN=78b04fbafaa36b71fcd36eca50b5fe0e88dd3551
Certificate serial:       018CC49367B5DD80495E4410A8B0FED05480
Authority key identifier: 78:B0:4F:BA:FA:A3:6B:71:FC:D3:6E:CA:50:B5:FE:0E:88:DD:35:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eLBPuvqja3H8027KULX-DojdNVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/efbUUBu46c4-od44JE3o9u72YMM.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50242
IP address blocks:        109.236.112.0/20 maxlen: 24
                          2a02:6ca3::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/eLBPuvqja3H8027KULX-DojdNVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/eLBPuvqja3H8027KULX-DojdNVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eLBPuvqja3H8027KULX-DojdNVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:67:b5:dd:80:49:5e:44:10:a8:b0:fe:d0:54:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78b04fbafaa36b71fcd36eca50b5fe0e88dd3551
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79f6d4501bb8e9ce3ea1de38244de8f6eef660c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b8:81:35:ff:56:84:f2:22:fb:3c:30:c5:1c:
                    ad:77:6f:4f:c4:cb:fb:60:87:25:50:f2:29:df:07:
                    32:76:38:57:fb:5e:81:30:04:20:23:c3:12:e7:13:
                    8b:e5:5c:55:ee:37:f9:43:9e:e5:e7:4c:05:08:1c:
                    17:20:55:bf:a3:22:1c:ea:f4:a6:e2:5f:ce:44:d6:
                    da:55:dd:71:bf:a2:63:8c:43:5e:71:d0:7c:35:af:
                    0d:5c:7b:af:22:bc:a1:9f:7c:dd:27:d5:c0:7f:93:
                    59:b3:d3:0e:30:89:64:e0:e2:c7:6c:28:8c:37:54:
                    f4:30:bd:59:f7:d1:22:8e:4d:09:fa:55:43:0c:7f:
                    da:cf:92:44:ae:6c:ab:6b:23:45:68:29:62:00:13:
                    ed:d6:4a:90:1c:a5:47:c8:8c:12:fb:20:bd:fb:31:
                    68:52:30:f9:0f:ab:db:47:99:1d:6e:d5:2e:fd:3d:
                    9e:dd:78:15:7e:26:0c:78:7a:65:eb:97:fc:5b:89:
                    b4:14:4e:c2:28:1b:62:5d:63:46:d4:08:e5:7e:ff:
                    3b:d4:76:3c:7e:14:a7:ce:d0:32:5b:43:20:41:77:
                    04:e6:b1:8d:69:ed:fa:d3:11:29:30:01:88:47:b0:
                    bf:eb:01:b4:71:0f:c5:c8:b6:e8:8a:68:01:0f:88:
                    76:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:F6:D4:50:1B:B8:E9:CE:3E:A1:DE:38:24:4D:E8:F6:EE:F6:60:C3
            X509v3 Authority Key Identifier:
                keyid:78:B0:4F:BA:FA:A3:6B:71:FC:D3:6E:CA:50:B5:FE:0E:88:DD:35:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eLBPuvqja3H8027KULX-DojdNVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/efbUUBu46c4-od44JE3o9u72YMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/c41c74-0b82-40e7-a0bf-0aae1ccd874b/1/eLBPuvqja3H8027KULX-DojdNVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.112.0/20
                IPv6:
                  2a02:6ca3::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:0c:7e:f0:ce:27:a0:fc:59:58:bf:25:35:c2:12:61:bb:66:
         62:97:b3:6e:25:cc:e0:7e:6c:07:89:cf:94:af:97:78:a9:4f:
         cb:52:9c:7c:b0:04:a7:3b:c8:7a:5d:c2:47:59:ee:d6:0a:5c:
         10:89:a0:ac:89:07:62:7f:c9:06:f5:e4:4e:20:7c:a4:7f:4b:
         c8:5b:c2:b0:08:37:c3:cc:b2:37:31:01:69:51:37:fa:37:d3:
         9d:0e:5d:97:97:24:29:7d:f8:1a:eb:68:d3:3c:38:24:84:ea:
         16:d9:bd:81:aa:dd:bb:fb:f3:a0:25:a8:dd:f3:33:c7:5b:b6:
         00:ea:f6:64:0e:97:fc:fe:7b:5f:b6:32:8e:f2:3c:d5:e4:fb:
         1d:02:84:34:b4:5c:3a:fa:6d:50:4f:b0:0d:a6:7c:54:aa:2a:
         44:4e:25:6a:70:3a:12:a2:b5:ec:5d:cb:8b:fc:d7:d3:d4:69:
         e4:59:b1:02:45:da:b6:b7:ca:39:9a:e4:dd:a6:62:0b:3d:e0:
         33:3d:b1:90:07:d7:2b:d0:00:8c:78:1e:b7:9a:44:86:8a:d0:
         e1:1b:c5:8c:57:50:35:83:23:f3:94:02:ff:da:de:38:50:f5:
         22:db:0d:a9:0c:c0:df:fa:93:c9:9c:12:6b:ea:a0:9f:70:be:
         c2:7b:a8:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk2e13YBJXkQQqLD+0FSAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YjA0ZmJhZmFhMzZiNzFmY2QzNmVjYTUwYjVmZTBlODhk
ZDM1NTEwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWY2ZDQ1MDFiYjhlOWNlM2VhMWRlMzgyNDRkZThmNmVlZjY2MGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLiBNf9WhPIi+zwwxRytd29PxMv7
YIclUPIp3wcydjhX+16BMAQgI8MS5xOL5VxV7jf5Q57l50wFCBwXIFW/oyIc6vSm
4l/ORNbaVd1xv6JjjENecdB8Na8NXHuvIryhn3zdJ9XAf5NZs9MOMIlk4OLHbCiM
N1T0ML1Z99Eijk0J+lVDDH/az5JErmyrayNFaCliABPt1kqQHKVHyIwS+yC9+zFo
UjD5D6vbR5kdbtUu/T2e3XgVfiYMeHpl65f8W4m0FE7CKBtiXWNG1Ajlfv871HY8
fhSnztAyW0MgQXcE5rGNae360xEpMAGIR7C/6wG0cQ/FyLboimgBD4h25wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHn21FAbuOnOPqHeOCRN6Pbu9mDDMB8GA1UdIwQY
MBaAFHiwT7r6o2tx/NNuylC1/g6I3TVRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUxCUHV2cWphM0g4MDI3S1VMWC1Eb2pkTlZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9jNDFjNzQtMGI4Mi00MGU3LWEwYmYt
MGFhZTFjY2Q4NzRiLzEvZWZiVVVCdTQ2YzQtb2Q0NEpFM285dTcyWU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9jNDFjNzQtMGI4Mi00MGU3LWEwYmYtMGFhZTFjY2Q4NzRi
LzEvZUxCUHV2cWphM0g4MDI3S1VMWC1Eb2pkTlZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEbexwMA0E
AgACMAcDBQAqAmyjMA0GCSqGSIb3DQEBCwUAA4IBAQB6DH7wzieg/FlYvyU1whJh
u2Zil7NuJczgfmwHic+Ur5d4qU/LUpx8sASnO8h6XcJHWe7WClwQiaCsiQdif8kG
9eROIHykf0vIW8KwCDfDzLI3MQFpUTf6N9OdDl2XlyQpffga62jTPDgkhOoW2b2B
qt27+/OgJajd8zPHW7YA6vZkDpf8/ntftjKO8jzV5PsdAoQ0tFw6+m1QT7ANpnxU
qipETiVqcDoSorXsXcuL/NfT1GnkWbECRdq2t8o5muTdpmILPeAzPbGQB9cr0ACM
eB63mkSGitDhG8WMV1A1gyPzlAL/2t44UPUi2w2pDMDf+pPJnBJr6qCfcL7Ce6gS
-----END CERTIFICATE-----