Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/PvTD7VM-v6YQVLJyo8GU01fvZec.roa
File:                     PvTD7VM-v6YQVLJyo8GU01fvZec.roa (raw, json)
Hash identifier:          SjPN4ZXJMpEdKazedYL73itOUNBtD6J7c8OaCLK4kcI=
Subject key identifier:   3E:F4:C3:ED:53:3E:BF:A6:10:54:B2:72:A3:C1:94:D3:57:EF:65:E7
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018D65044A16508D3F8FB38DE710C25772F1
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/PvTD7VM-v6YQVLJyo8GU01fvZec.roa
Signing time:             Thu 01 Feb 2024 14:13:16 +0000
ROA not before:           Thu 01 Feb 2024 14:13:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        78.108.216.0/24 maxlen: 24
                          185.234.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:04:4a:16:50:8d:3f:8f:b3:8d:e7:10:c2:57:72:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Feb  1 14:13:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ef4c3ed533ebfa61054b272a3c194d357ef65e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:28:00:13:82:2e:d6:28:2d:da:4f:80:27:f9:
                    e8:fd:9c:94:c9:cf:3d:04:fd:f7:4f:03:d1:03:6c:
                    f8:4b:50:db:31:a9:88:44:b6:f5:b9:45:33:4b:bc:
                    56:47:70:bb:bd:b9:60:da:a5:24:f7:a9:55:6e:10:
                    31:57:7d:5b:5f:64:6e:53:16:bb:b2:cd:96:c2:e0:
                    7b:89:db:41:03:26:ad:71:b6:97:c3:6e:3e:ba:eb:
                    98:d2:6b:d5:92:f9:53:ea:c4:39:81:90:2f:cf:cb:
                    6a:3d:c5:9e:34:94:47:76:ca:c0:48:9e:49:d7:e5:
                    10:02:f7:49:80:75:79:44:69:28:f5:8b:c2:ad:3a:
                    0a:e1:92:a7:a8:79:85:72:51:64:8b:8b:88:fd:b6:
                    a7:90:5b:94:7d:77:71:ad:cf:29:f6:de:a7:41:60:
                    39:fc:5e:54:b6:32:44:33:7c:1e:5f:3c:b9:6f:a7:
                    42:f0:7d:d7:f0:09:79:b8:11:9f:56:9c:d6:8f:38:
                    41:9c:ee:6a:8a:69:80:8b:e2:81:51:47:c3:74:3e:
                    e5:df:22:3b:da:ea:23:d8:b5:e6:fe:a0:7d:0d:88:
                    02:c0:a0:fa:fb:f5:dc:08:03:82:11:73:87:0e:54:
                    73:60:fb:f7:51:59:3f:89:c4:1a:cb:7c:3f:4e:dd:
                    9f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F4:C3:ED:53:3E:BF:A6:10:54:B2:72:A3:C1:94:D3:57:EF:65:E7
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/PvTD7VM-v6YQVLJyo8GU01fvZec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.216.0/24
                  185.234.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:73:e8:73:5e:36:56:b1:46:05:4f:33:ea:0c:46:75:af:b6:
         a1:c7:a9:6b:4b:a6:f9:65:9a:20:22:ad:ee:4a:e8:c3:4f:38:
         73:22:bc:6f:31:da:57:84:f2:b6:99:1b:d1:7c:28:ff:73:ba:
         54:57:1f:31:f8:e9:27:a5:48:70:53:06:e0:76:b2:60:0e:0a:
         30:b1:1c:78:30:5c:1d:24:0f:cf:b0:10:a9:55:e0:08:c8:bb:
         14:02:d1:dd:37:5e:da:18:b9:06:aa:8d:22:c9:7d:18:28:a7:
         b8:7d:35:ae:a1:70:1f:0e:25:81:b2:79:ac:b9:0d:d0:fa:bb:
         ed:d9:b7:7c:e4:4d:9c:88:19:90:58:03:fe:88:78:7d:80:a8:
         0f:47:ce:86:e1:10:24:6f:8b:07:11:a8:55:79:4d:52:1c:ca:
         f1:1c:af:3c:fd:8a:ad:3e:fd:77:54:ea:e0:50:e9:a5:2c:fb:
         5b:90:2a:3d:b7:0c:19:16:c2:c4:3e:4e:22:6e:d2:1a:1e:f5:
         16:c9:77:4c:28:e3:27:6f:ba:21:c5:0d:fb:c0:a0:49:77:64:
         38:c8:65:89:e0:c0:8e:ff:cf:e6:45:16:cd:c9:58:1b:e3:fe:
         8f:4b:73:63:0c:d4:c7:a8:a2:b4:52:14:30:30:ab:75:05:01:
         e6:a7:12:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1lBEoWUI0/j7ON5xDCV3LxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMjAxMTQxMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWY0YzNlZDUzM2ViZmE2MTA1NGIyNzJhM2MxOTRkMzU3ZWY2NWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoigAE4Iu1igt2k+AJ/no/ZyUyc89
BP33TwPRA2z4S1DbMamIRLb1uUUzS7xWR3C7vblg2qUk96lVbhAxV31bX2RuUxa7
ss2WwuB7idtBAyatcbaXw24+uuuY0mvVkvlT6sQ5gZAvz8tqPcWeNJRHdsrASJ5J
1+UQAvdJgHV5RGko9YvCrToK4ZKnqHmFclFki4uI/bankFuUfXdxrc8p9t6nQWA5
/F5UtjJEM3weXzy5b6dC8H3X8Al5uBGfVpzWjzhBnO5qimmAi+KBUUfDdD7l3yI7
2uoj2LXm/qB9DYgCwKD6+/XcCAOCEXOHDlRzYPv3UVk/icQay3w/Tt2feQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD70w+1TPr+mEFSycqPBlNNX72XnMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUHZURDdWTS12NllRVkxKeW84R1UwMWZ2WmVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATmzYAwQA
uepIMA0GCSqGSIb3DQEBCwUAA4IBAQAdc+hzXjZWsUYFTzPqDEZ1r7ahx6lrS6b5
ZZogIq3uSujDTzhzIrxvMdpXhPK2mRvRfCj/c7pUVx8x+OknpUhwUwbgdrJgDgow
sRx4MFwdJA/PsBCpVeAIyLsUAtHdN17aGLkGqo0iyX0YKKe4fTWuoXAfDiWBsnms
uQ3Q+rvt2bd85E2ciBmQWAP+iHh9gKgPR86G4RAkb4sHEahVeU1SHMrxHK88/Yqt
Pv13VOrgUOmlLPtbkCo9twwZFsLEPk4ibtIaHvUWyXdMKOMnb7ohxQ37wKBJd2Q4
yGWJ4MCO/8/mRRbNyVgb4/6PS3NjDNTHqKK0UhQwMKt1BQHmpxJy
-----END CERTIFICATE-----