Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/Syn5pVqduhT5e-dwR9zAK8XggGA.roa
File:                     Syn5pVqduhT5e-dwR9zAK8XggGA.roa (raw, json)
Hash identifier:          rnMViORx13Xlf499/+4Qklu4MMvKyPvWRnzwfGA6b7Y=
Subject key identifier:   4B:29:F9:A5:5A:9D:BA:14:F9:7B:E7:70:47:DC:C0:2B:C5:E0:80:60
Certificate issuer:       /CN=670e60779f3cd4d03d5e507840f5fa2a31a6ab8d
Certificate serial:       019012CE1672134F3D76C705CDB2D324F06D
Authority key identifier: 67:0E:60:77:9F:3C:D4:D0:3D:5E:50:78:40:F5:FA:2A:31:A6:AB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zw5gd5881NA9XlB4QPX6KjGmq40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/Syn5pVqduhT5e-dwR9zAK8XggGA.roa
Signing time:             Thu 13 Jun 2024 18:13:34 +0000
ROA not before:           Thu 13 Jun 2024 18:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32787
IP address blocks:        185.78.246.0/24 maxlen: 24
                          185.78.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/Zw5gd5881NA9XlB4QPX6KjGmq40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/Zw5gd5881NA9XlB4QPX6KjGmq40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zw5gd5881NA9XlB4QPX6KjGmq40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:12:ce:16:72:13:4f:3d:76:c7:05:cd:b2:d3:24:f0:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=670e60779f3cd4d03d5e507840f5fa2a31a6ab8d
        Validity
            Not Before: Jun 13 18:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b29f9a55a9dba14f97be77047dcc02bc5e08060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:76:a7:7a:2f:8c:5e:3c:c3:49:d6:b5:fd:be:
                    a0:c5:94:15:94:88:ae:38:d7:f5:98:42:5b:92:85:
                    cb:c5:cb:3c:03:b5:75:cf:69:52:f7:cb:01:e7:cf:
                    c3:0d:86:b5:68:f3:85:10:2a:dd:5e:3d:81:7d:73:
                    77:f5:fd:22:46:9f:16:a2:7c:30:d8:99:68:c4:b3:
                    e8:2d:bf:af:14:65:ee:8c:ba:1a:2a:11:c8:a2:73:
                    ba:f9:1d:2e:d2:6c:1e:20:1e:a4:89:18:1e:cd:eb:
                    f6:1b:b0:d8:ab:68:35:14:b5:60:f9:23:e4:a7:18:
                    23:ab:4c:2d:62:2a:a1:c0:82:a4:48:d7:cc:5f:84:
                    e0:73:b9:71:f4:f1:4b:0b:e7:4b:2e:ba:e0:4b:fc:
                    dc:cf:14:6c:06:58:a9:3a:68:de:52:d1:84:80:b9:
                    db:0e:f8:9b:c0:b4:cb:c2:7c:6a:39:d7:76:fe:d5:
                    f0:cb:10:54:c7:0a:ba:0f:72:e3:50:18:53:0d:88:
                    20:36:52:97:cf:c6:a7:5f:ad:a8:b0:1b:73:21:84:
                    cf:14:94:b6:72:52:a0:78:7f:0b:4a:d1:65:fc:2b:
                    51:06:24:61:c9:de:b9:5a:72:4a:74:26:9c:ea:b8:
                    a2:fd:cc:e2:e2:33:f1:aa:76:dc:85:c4:19:de:14:
                    7b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:29:F9:A5:5A:9D:BA:14:F9:7B:E7:70:47:DC:C0:2B:C5:E0:80:60
            X509v3 Authority Key Identifier:
                keyid:67:0E:60:77:9F:3C:D4:D0:3D:5E:50:78:40:F5:FA:2A:31:A6:AB:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zw5gd5881NA9XlB4QPX6KjGmq40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/Syn5pVqduhT5e-dwR9zAK8XggGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/Zw5gd5881NA9XlB4QPX6KjGmq40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:02:bf:45:ed:9c:c8:9a:75:9d:17:82:59:f8:28:aa:fa:c8:
         e6:5b:96:87:a3:ab:d1:26:28:1a:87:df:b6:49:08:0a:96:72:
         0b:4c:c1:e9:36:47:19:c5:31:32:2c:48:56:29:d8:b8:da:cc:
         0e:78:d6:2d:b9:c8:09:c0:86:29:e7:0b:d1:5f:a5:49:18:f7:
         c9:67:5b:3f:3c:f8:62:db:3b:cd:ba:a6:c3:13:5f:e2:aa:92:
         c2:bc:59:f1:2d:c8:be:b7:fa:48:70:ee:08:42:b0:24:d8:3e:
         84:5d:a7:75:1b:5c:77:9c:20:b5:0c:9e:03:b5:55:05:3a:b3:
         1f:47:23:da:73:da:89:5e:96:78:a1:eb:f4:9a:09:bc:55:ed:
         9e:c1:44:61:67:f7:bd:3b:9c:0b:43:b9:5b:fc:1d:e5:92:6e:
         98:8a:c7:d3:21:c6:bf:2f:90:80:9d:bc:55:24:e3:1d:fa:2e:
         79:a9:0a:24:97:94:e5:27:f9:d4:10:19:fe:e9:7a:60:e5:ee:
         64:c4:f7:eb:be:a4:14:f6:2a:fc:f5:ef:c6:da:64:d3:ca:de:
         0e:2c:0c:9f:c8:3a:0a:d4:cb:fa:3c:c4:7b:9f:2a:76:6a:b0:
         eb:c7:ab:7d:9c:e0:ae:2e:e5:9d:a9:2c:d8:c8:5e:60:99:0a:
         eb:f2:e5:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZASzhZyE089dscFzbLTJPBtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MGU2MDc3OWYzY2Q0ZDAzZDVlNTA3ODQwZjVmYTJhMzFh
NmFiOGQwHhcNMjQwNjEzMTgxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjI5ZjlhNTVhOWRiYTE0Zjk3YmU3NzA0N2RjYzAyYmM1ZTA4MDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznanei+MXjzDSda1/b6gxZQVlIiu
ONf1mEJbkoXLxcs8A7V1z2lS98sB58/DDYa1aPOFECrdXj2BfXN39f0iRp8Wonww
2JloxLPoLb+vFGXujLoaKhHIonO6+R0u0mweIB6kiRgezev2G7DYq2g1FLVg+SPk
pxgjq0wtYiqhwIKkSNfMX4Tgc7lx9PFLC+dLLrrgS/zczxRsBlipOmjeUtGEgLnb
DvibwLTLwnxqOdd2/tXwyxBUxwq6D3LjUBhTDYggNlKXz8anX62osBtzIYTPFJS2
clKgeH8LStFl/CtRBiRhyd65WnJKdCac6rii/czi4jPxqnbchcQZ3hR7dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsp+aVanboU+XvncEfcwCvF4IBgMB8GA1UdIwQY
MBaAFGcOYHefPNTQPV5QeED1+ioxpquNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnc1Z2Q1ODgxTkE5WGxCNFFQWDZLakdtcTQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9mNTk1MWEtYjBmZi00YTNjLTg4YWUt
MzUwMDRhNjcxZWIzLzEvU3luNXBWcWR1aFQ1ZS1kd1I5ekFLOFhnZ0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9mNTk1MWEtYjBmZi00YTNjLTg4YWUtMzUwMDRhNjcxZWIz
LzEvWnc1Z2Q1ODgxTkE5WGxCNFFQWDZLakdtcTQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuU72MA0G
CSqGSIb3DQEBCwUAA4IBAQCRAr9F7ZzImnWdF4JZ+Ciq+sjmW5aHo6vRJigah9+2
SQgKlnILTMHpNkcZxTEyLEhWKdi42swOeNYtucgJwIYp5wvRX6VJGPfJZ1s/PPhi
2zvNuqbDE1/iqpLCvFnxLci+t/pIcO4IQrAk2D6EXad1G1x3nCC1DJ4DtVUFOrMf
RyPac9qJXpZ4oev0mgm8Ve2ewURhZ/e9O5wLQ7lb/B3lkm6YisfTIca/L5CAnbxV
JOMd+i55qQokl5TlJ/nUEBn+6Xpg5e5kxPfrvqQU9ir89e/G2mTTyt4OLAyfyDoK
1Mv6PMR7nyp2arDrx6t9nOCuLuWdqSzYyF5gmQrr8uW4
-----END CERTIFICATE-----