Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/eb3427-3a9e-47af-a8f4-4b81d62c3b53/1/dIZEm9fL49OCExDhgXUwk08Kuc4.roa
File:                     dIZEm9fL49OCExDhgXUwk08Kuc4.roa (raw, json)
Hash identifier:          1Z9lUELPkp5kgiAsyGj7/0xHE8Toh2V0zOpyYvsKItY=
Subject key identifier:   74:86:44:9B:D7:CB:E3:D3:82:13:10:E1:81:75:30:93:4F:0A:B9:CE
Certificate issuer:       /CN=7418c36d041821f86b38d3223d43fe5cdb2011a0
Certificate serial:       018CC5003EDFBE854A751A346C3E1308A826
Authority key identifier: 74:18:C3:6D:04:18:21:F8:6B:38:D3:22:3D:43:FE:5C:DB:20:11:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBjDbQQYIfhrONMiPUP-XNsgEaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/eb3427-3a9e-47af-a8f4-4b81d62c3b53/1/dIZEm9fL49OCExDhgXUwk08Kuc4.roa
Signing time:             Mon 01 Jan 2024 12:29:36 +0000
ROA not before:           Mon 01 Jan 2024 12:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199136
IP address blocks:        78.31.161.0/24 maxlen: 24
                          78.31.160.0/23 maxlen: 23
                          78.31.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/eb3427-3a9e-47af-a8f4-4b81d62c3b53/1/dBjDbQQYIfhrONMiPUP-XNsgEaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/eb3427-3a9e-47af-a8f4-4b81d62c3b53/1/dBjDbQQYIfhrONMiPUP-XNsgEaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBjDbQQYIfhrONMiPUP-XNsgEaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3e:df:be:85:4a:75:1a:34:6c:3e:13:08:a8:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7418c36d041821f86b38d3223d43fe5cdb2011a0
        Validity
            Not Before: Jan  1 12:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7486449bd7cbe3d3821310e1817530934f0ab9ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3d:95:52:c6:64:1d:32:6a:c1:16:a7:81:b5:
                    2c:09:a5:fa:1a:8d:d2:6f:24:ce:fd:e8:22:ec:d3:
                    95:f3:89:f2:d4:1c:c0:ed:26:39:28:a0:7b:74:b6:
                    4a:6d:52:85:19:34:a8:d3:b7:cc:b5:4a:fa:77:dd:
                    7f:1e:ee:bd:e9:63:7f:cf:15:de:d6:f3:f2:53:dc:
                    2f:a4:51:8d:5f:c7:8f:d9:8e:50:29:a6:f2:da:e1:
                    e0:ee:3b:9d:6a:f3:07:2b:52:c5:b8:dd:d6:38:68:
                    d8:63:48:bf:62:5a:6c:ef:87:a7:3d:fb:dd:5e:bd:
                    d4:c0:b4:7d:bb:0d:d9:c6:a0:be:0f:7e:f4:6f:7f:
                    80:ca:15:b2:6c:ea:fd:d7:dd:d2:d8:1a:f8:a3:c1:
                    95:e8:c1:38:c4:b6:60:1d:e0:f8:84:31:e2:86:6e:
                    e3:c6:d2:8d:aa:63:5d:b6:5c:9c:70:54:8f:bc:1e:
                    61:b1:d7:96:55:37:1d:40:de:5f:a5:df:92:97:e4:
                    ba:79:69:84:16:81:f5:03:4e:8b:e0:3d:2c:0a:de:
                    4a:10:0c:fc:fa:87:ee:bf:46:40:6f:72:fb:1d:02:
                    0a:94:d7:38:86:a4:08:5c:f7:9b:3f:62:5d:be:19:
                    f0:b4:f6:f3:05:97:fe:86:d6:21:93:07:fc:ea:5f:
                    28:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:86:44:9B:D7:CB:E3:D3:82:13:10:E1:81:75:30:93:4F:0A:B9:CE
            X509v3 Authority Key Identifier:
                keyid:74:18:C3:6D:04:18:21:F8:6B:38:D3:22:3D:43:FE:5C:DB:20:11:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBjDbQQYIfhrONMiPUP-XNsgEaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/eb3427-3a9e-47af-a8f4-4b81d62c3b53/1/dIZEm9fL49OCExDhgXUwk08Kuc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/eb3427-3a9e-47af-a8f4-4b81d62c3b53/1/dBjDbQQYIfhrONMiPUP-XNsgEaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:db:7a:ad:67:e8:7e:03:00:63:bc:8d:cb:fc:c5:96:27:28:
         53:13:c5:79:9b:a7:a8:0d:51:01:01:18:b3:65:67:d1:cf:22:
         fc:f0:ed:00:5f:24:30:39:e9:28:19:c0:3b:06:3c:38:81:22:
         5a:6d:94:1e:02:6c:89:30:09:c8:d2:68:47:59:cc:0d:01:07:
         89:f3:ba:13:a7:af:c5:5a:28:d5:f2:6f:d1:3e:d8:59:39:3d:
         e1:7c:3e:90:59:c5:4e:d9:b5:11:7d:39:2a:87:cb:89:3d:f1:
         ff:a8:27:14:ad:0d:81:ab:75:3a:6a:32:46:c8:4a:74:fe:b5:
         68:4e:e2:f7:d9:5e:f0:47:54:ba:fa:2a:79:aa:b8:25:24:85:
         b7:95:31:07:68:9e:46:8d:46:59:0e:5c:af:46:ed:e4:18:32:
         aa:9a:7d:40:bd:c4:9b:68:ba:77:00:2a:1e:96:d3:ef:27:0f:
         e6:8c:e3:4a:30:90:85:bc:2d:ff:ff:f1:b0:fb:9e:e2:d7:c8:
         d4:e3:7f:8c:d8:ea:6e:05:e4:28:3f:a9:be:ce:eb:fb:d4:45:
         2c:53:ae:f6:50:1a:64:70:88:4d:eb:e3:6e:e7:8c:a3:03:40:
         4e:b1:f1:e2:37:7a:f9:aa:0a:de:c5:40:b1:ea:32:00:c0:3f:
         80:9b:3f:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAD7fvoVKdRo0bD4TCKgmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MThjMzZkMDQxODIxZjg2YjM4ZDMyMjNkNDNmZTVjZGIy
MDExYTAwHhcNMjQwMTAxMTIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDg2NDQ5YmQ3Y2JlM2QzODIxMzEwZTE4MTc1MzA5MzRmMGFiOWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvz2VUsZkHTJqwRangbUsCaX6Go3S
byTO/egi7NOV84ny1BzA7SY5KKB7dLZKbVKFGTSo07fMtUr6d91/Hu696WN/zxXe
1vPyU9wvpFGNX8eP2Y5QKaby2uHg7judavMHK1LFuN3WOGjYY0i/Ylps74enPfvd
Xr3UwLR9uw3ZxqC+D370b3+AyhWybOr9193S2Br4o8GV6ME4xLZgHeD4hDHihm7j
xtKNqmNdtlyccFSPvB5hsdeWVTcdQN5fpd+Sl+S6eWmEFoH1A06L4D0sCt5KEAz8
+ofuv0ZAb3L7HQIKlNc4hqQIXPebP2JdvhnwtPbzBZf+htYhkwf86l8orQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSGRJvXy+PTghMQ4YF1MJNPCrnOMB8GA1UdIwQY
MBaAFHQYw20EGCH4azjTIj1D/lzbIBGgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJqRGJRUVlJZmhyT05NaVBVUC1YTnNnRWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9lYjM0MjctM2E5ZS00N2FmLWE4ZjQt
NGI4MWQ2MmMzYjUzLzEvZElaRW05Zkw0OU9DRXhEaGdYVXdrMDhLdWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9lYjM0MjctM2E5ZS00N2FmLWE4ZjQtNGI4MWQ2MmMzYjUz
LzEvZEJqRGJRUVlJZmhyT05NaVBVUC1YTnNnRWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTh+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBP23qtZ+h+AwBjvI3L/MWWJyhTE8V5m6eoDVEBARiz
ZWfRzyL88O0AXyQwOekoGcA7Bjw4gSJabZQeAmyJMAnI0mhHWcwNAQeJ87oTp6/F
WijV8m/RPthZOT3hfD6QWcVO2bURfTkqh8uJPfH/qCcUrQ2Bq3U6ajJGyEp0/rVo
TuL32V7wR1S6+ip5qrglJIW3lTEHaJ5GjUZZDlyvRu3kGDKqmn1AvcSbaLp3ACoe
ltPvJw/mjONKMJCFvC3///Gw+57i18jU43+M2OpuBeQoP6m+zuv71EUsU672UBpk
cIhN6+Nu54yjA0BOsfHiN3r5qgrexUCx6jIAwD+Amz9E
-----END CERTIFICATE-----