Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/VlKAYHQUbZsjESP3HmqmaqQ6SWw.roa
File:                     VlKAYHQUbZsjESP3HmqmaqQ6SWw.roa (raw, json)
Hash identifier:          7OVwmsxB5AB76MsTAUcZkOkmtxLDIsZhTmLS3fVez9A=
Subject key identifier:   56:52:80:60:74:14:6D:9B:23:11:23:F7:1E:6A:A6:6A:A4:3A:49:6C
Certificate issuer:       /CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
Certificate serial:       018CC793FCAFA6AC5BE795265E0B98DACEA5
Authority key identifier: 1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/VlKAYHQUbZsjESP3HmqmaqQ6SWw.roa
Signing time:             Tue 02 Jan 2024 00:30:13 +0000
ROA not before:           Tue 02 Jan 2024 00:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212317
IP address blocks:        5.78.0.0/16 maxlen: 24
                          2a01:4ff:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:fc:af:a6:ac:5b:e7:95:26:5e:0b:98:da:ce:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
        Validity
            Not Before: Jan  2 00:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5652806074146d9b231123f71e6aa66aa43a496c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:28:3d:97:1d:99:7d:3d:b8:c3:76:1f:1d:8a:
                    0d:83:4a:99:b4:b1:f0:bc:0b:df:68:68:71:5b:78:
                    97:b8:fc:2b:67:cc:54:5c:75:cb:f2:8b:f5:62:9a:
                    16:83:0f:27:b7:9a:b2:8d:03:99:59:1f:d5:bd:a0:
                    18:17:13:4c:d7:1c:df:50:5c:40:c8:82:52:3e:87:
                    60:f7:ad:87:6a:20:dd:4f:18:ef:92:d5:d8:09:79:
                    e2:1e:df:bb:da:a8:32:90:2c:2b:63:3d:b5:c3:13:
                    c9:63:be:70:30:9d:98:8e:68:75:1f:0c:d1:15:5b:
                    bc:5c:bb:8c:d6:bd:e8:aa:d5:62:b5:9a:4b:9d:b8:
                    ff:a5:c5:ba:b3:03:fc:c7:88:0e:f9:f1:03:49:ed:
                    ac:a4:b3:3b:dd:b2:4b:09:52:23:98:b3:49:c3:95:
                    73:6c:5e:ac:18:97:6b:42:3b:0e:69:b3:7b:3c:e4:
                    0a:f0:7f:05:f8:5f:1f:b8:d9:6c:ca:de:49:29:14:
                    2e:1f:c2:ad:46:46:8c:dd:36:d0:c3:02:13:89:84:
                    bb:28:d8:51:fd:48:0a:98:98:b6:95:09:b4:1d:8a:
                    18:2b:6f:17:82:6c:8f:b8:38:f7:87:25:4e:0c:36:
                    86:da:49:e5:ad:4d:19:50:93:03:ea:7c:90:26:3d:
                    cf:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:52:80:60:74:14:6D:9B:23:11:23:F7:1E:6A:A6:6A:A4:3A:49:6C
            X509v3 Authority Key Identifier:
                keyid:1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/VlKAYHQUbZsjESP3HmqmaqQ6SWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.78.0.0/16
                IPv6:
                  2a01:4ff:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         2d:ce:88:40:03:5f:7c:7d:e4:d8:2d:64:37:2e:7f:aa:99:e7:
         c9:6d:c5:f0:6b:1a:33:dd:c8:bd:94:29:47:71:d6:13:e8:86:
         fd:84:60:28:a6:92:e9:22:45:cc:71:2a:ca:01:0c:b1:cc:b7:
         b3:b2:2a:f7:0b:ee:a7:1a:6a:27:25:1c:e8:2d:6f:6c:b3:2a:
         8a:35:aa:ec:b7:86:86:8e:6b:54:9c:f2:de:fe:0d:be:fa:61:
         96:25:e0:10:53:38:42:98:50:d1:b5:ce:48:e9:82:90:96:80:
         e1:b4:0d:21:ef:79:dc:71:3d:67:22:c0:15:af:2c:b2:13:4e:
         35:f0:b1:9e:44:53:bf:7e:47:43:ce:00:15:70:e9:91:2c:9e:
         59:8e:ec:72:a8:ad:3a:39:98:dd:bb:d6:05:7c:75:53:d8:0d:
         01:d1:2d:68:12:f0:76:cf:91:0c:25:32:32:08:55:4b:b7:a4:
         bf:42:3b:0a:e6:0d:52:e9:01:ab:51:de:b0:2a:8a:eb:aa:7b:
         34:51:5d:f9:e8:0f:98:1b:36:65:3a:28:b6:72:b7:9c:f9:30:
         9b:c0:30:24:c9:bd:ba:19:4a:44:8d:d9:1f:80:aa:c1:0d:6c:
         0c:35:54:5a:36:a6:e8:d1:fa:7d:8d:ad:f8:71:ec:c7:48:0a:
         29:d1:9a:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk/yvpqxb55UmXguY2s6lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDZmNTc3MzVhNGU2M2RiZWY4NDhlZTBkOWQxOTllMjE1
ZjgzMDQwHhcNMjQwMTAyMDAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjUyODA2MDc0MTQ2ZDliMjMxMTIzZjcxZTZhYTY2YWE0M2E0OTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSg9lx2ZfT24w3YfHYoNg0qZtLHw
vAvfaGhxW3iXuPwrZ8xUXHXL8ov1YpoWgw8nt5qyjQOZWR/VvaAYFxNM1xzfUFxA
yIJSPodg962HaiDdTxjvktXYCXniHt+72qgykCwrYz21wxPJY75wMJ2Yjmh1HwzR
FVu8XLuM1r3oqtVitZpLnbj/pcW6swP8x4gO+fEDSe2spLM73bJLCVIjmLNJw5Vz
bF6sGJdrQjsOabN7POQK8H8F+F8fuNlsyt5JKRQuH8KtRkaM3TbQwwITiYS7KNhR
/UgKmJi2lQm0HYoYK28XgmyPuDj3hyVODDaG2knlrU0ZUJMD6nyQJj3P+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFZSgGB0FG2bIxEj9x5qpmqkOklsMB8GA1UdIwQY
MBaAFB9G9Xc1pOY9vvhI7g2dGZ4hX4MEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBiMWR6V2s1ajItLUVqdURaMFpuaUZmZ3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8xMDcyNjYtYWI1MS00NjJiLTlmYzIt
YTdjOTg5OGVlY2JjLzEvVmxLQVlIUVViWnNqRVNQM0htcW1hcVE2U1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8xMDcyNjYtYWI1MS00NjJiLTlmYzItYTdjOTg5OGVlY2Jj
LzEvSDBiMWR6V2s1ajItLUVqdURaMFpuaUZmZ3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTALBAIAATAFAwMABU4wDgQC
AAIwCAMGACoBBP8BMA0GCSqGSIb3DQEBCwUAA4IBAQAtzohAA198feTYLWQ3Ln+q
mefJbcXwaxoz3ci9lClHcdYT6Ib9hGAoppLpIkXMcSrKAQyxzLezsir3C+6nGmon
JRzoLW9ssyqKNarst4aGjmtUnPLe/g2++mGWJeAQUzhCmFDRtc5I6YKQloDhtA0h
73nccT1nIsAVryyyE0418LGeRFO/fkdDzgAVcOmRLJ5ZjuxyqK06OZjdu9YFfHVT
2A0B0S1oEvB2z5EMJTIyCFVLt6S/QjsK5g1S6QGrUd6wKorrqns0UV356A+YGzZl
Oii2crec+TCbwDAkyb26GUpEjdkfgKrBDWwMNVRaNqbo0fp9ja34cezHSAop0ZoF
-----END CERTIFICATE-----