Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/7aHzCYVq1XaxoMD2lkt2U7D0Qds.roa
File:                     7aHzCYVq1XaxoMD2lkt2U7D0Qds.roa (raw, json)
Hash identifier:          5tV5B06PvDwyxxb2UC9TLNS9YcyfIK+t48AMeH+23Xo=
Subject key identifier:   ED:A1:F3:09:85:6A:D5:76:B1:A0:C0:F6:96:4B:76:53:B0:F4:41:DB
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       018E42D739BA7155495005BE9DB67CE493F9
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/7aHzCYVq1XaxoMD2lkt2U7D0Qds.roa
Signing time:             Fri 15 Mar 2024 15:59:45 +0000
ROA not before:           Fri 15 Mar 2024 15:59:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        78.142.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:42:d7:39:ba:71:55:49:50:05:be:9d:b6:7c:e4:93:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Mar 15 15:59:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eda1f309856ad576b1a0c0f6964b7653b0f441db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:be:83:7a:db:f0:7f:f5:a8:ac:97:56:36:04:
                    b1:d8:97:d6:99:4c:6e:02:ea:7a:a8:c3:82:70:b1:
                    84:68:0e:3b:3a:f1:e1:f2:7d:3f:96:fb:58:01:82:
                    ce:fc:ba:fa:e5:e4:8e:a7:9b:72:bf:26:e2:7d:c0:
                    13:7b:c5:5b:3a:6b:2e:cf:8e:a5:f9:77:74:00:38:
                    6d:69:da:93:60:13:f3:33:21:35:74:a5:94:83:d3:
                    e5:ad:e7:9d:94:98:35:d8:66:1a:b7:42:52:e6:29:
                    da:77:dc:e0:9b:f1:68:47:28:b4:fb:1f:06:47:17:
                    2e:6a:bf:10:0d:a5:28:f0:60:2e:df:82:14:2b:6f:
                    e5:19:a6:72:c0:07:59:61:30:f8:9b:eb:c1:a6:5a:
                    65:8f:58:4a:37:1b:99:3b:cc:5a:c5:82:95:41:b6:
                    c3:24:4a:58:7b:84:32:39:af:97:d3:d7:09:39:3e:
                    68:2e:b5:19:78:94:0f:1e:c3:63:39:ee:e3:32:47:
                    c8:2d:78:e7:83:28:cf:3b:64:d4:4c:55:72:c2:51:
                    4a:47:7d:c6:63:56:73:22:27:0a:04:ac:f5:50:ef:
                    79:1b:c4:5a:b2:55:12:30:1e:92:30:2c:4f:c9:5d:
                    ee:37:84:df:b1:5f:87:40:91:32:5e:36:29:b6:8e:
                    bc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:A1:F3:09:85:6A:D5:76:B1:A0:C0:F6:96:4B:76:53:B0:F4:41:DB
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/7aHzCYVq1XaxoMD2lkt2U7D0Qds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:52:54:02:95:ba:e3:d8:0c:be:b5:3f:d0:6e:3d:a3:ed:85:
         2f:3b:74:da:f5:18:11:fb:7b:b9:bf:f2:50:3d:cc:6d:73:3c:
         fc:fa:d2:7a:65:79:ca:c1:a5:5d:2b:e8:35:f6:de:77:cf:c8:
         4a:35:88:20:6d:de:25:db:e9:f7:42:8e:62:41:fe:a4:96:85:
         0e:c9:99:31:a1:02:63:d2:a5:86:72:21:7d:f8:d1:8a:78:a3:
         69:28:e0:6d:15:ff:bc:3e:67:89:3d:fe:51:6f:52:fb:53:fb:
         95:99:2a:3c:f7:9f:b3:41:88:4d:50:59:ed:34:6f:ac:5d:ff:
         92:82:22:93:f6:22:20:10:ab:4d:db:09:39:c3:90:28:20:a0:
         8e:d4:77:6f:2f:1e:a2:e9:c6:03:ba:e2:57:5b:b9:4e:d6:68:
         99:0d:c5:a6:7d:c3:fa:1d:e6:bc:c4:d7:60:56:06:df:b4:c2:
         ca:d5:97:c4:1e:53:f9:7f:08:77:53:05:b7:cd:02:64:89:91:
         15:31:8b:a8:45:38:89:b2:89:64:cf:69:f6:dd:f7:ca:8f:74:
         d7:50:36:b4:71:ec:bc:10:9e:04:3d:45:3e:a5:ef:bf:54:9a:
         76:07:22:7a:d5:7d:16:0f:3b:b9:99:c6:9f:3a:a0:c3:f7:2b:
         b0:9f:b4:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5C1zm6cVVJUAW+nbZ85JP5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjQwMzE1MTU1OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGExZjMwOTg1NmFkNTc2YjFhMGMwZjY5NjRiNzY1M2IwZjQ0MWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzL6Detvwf/WorJdWNgSx2JfWmUxu
Aup6qMOCcLGEaA47OvHh8n0/lvtYAYLO/Lr65eSOp5tyvybifcATe8VbOmsuz46l
+Xd0ADhtadqTYBPzMyE1dKWUg9PlreedlJg12GYat0JS5inad9zgm/FoRyi0+x8G
Rxcuar8QDaUo8GAu34IUK2/lGaZywAdZYTD4m+vBplplj1hKNxuZO8xaxYKVQbbD
JEpYe4QyOa+X09cJOT5oLrUZeJQPHsNjOe7jMkfILXjngyjPO2TUTFVywlFKR33G
Y1ZzIicKBKz1UO95G8RaslUSMB6SMCxPyV3uN4TfsV+HQJEyXjYpto680wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2h8wmFatV2saDA9pZLdlOw9EHbMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvN2FIekNZVnExWGF4b01EMmxrdDJVN0QwUWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo7YMA0G
CSqGSIb3DQEBCwUAA4IBAQBKUlQClbrj2Ay+tT/Qbj2j7YUvO3Ta9RgR+3u5v/JQ
Pcxtczz8+tJ6ZXnKwaVdK+g19t53z8hKNYggbd4l2+n3Qo5iQf6kloUOyZkxoQJj
0qWGciF9+NGKeKNpKOBtFf+8PmeJPf5Rb1L7U/uVmSo895+zQYhNUFntNG+sXf+S
giKT9iIgEKtN2wk5w5AoIKCO1HdvLx6i6cYDuuJXW7lO1miZDcWmfcP6Hea8xNdg
VgbftMLK1ZfEHlP5fwh3UwW3zQJkiZEVMYuoRTiJsolkz2n23ffKj3TXUDa0cey8
EJ4EPUU+pe+/VJp2ByJ61X0WDzu5mcafOqDD9yuwn7Tr
-----END CERTIFICATE-----