Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/68Kdvq0S1kkfJF90gZdYmcg8aNQ.roa
File:                     68Kdvq0S1kkfJF90gZdYmcg8aNQ.roa (raw, json)
Hash identifier:          ymrF1FjN8h7eIxNUo3eszbdi1bzu3hYN5YHybFiIDCw=
Subject key identifier:   EB:C2:9D:BE:AD:12:D6:49:1F:24:5F:74:81:97:58:99:C8:3C:68:D4
Certificate issuer:       /CN=1d4404c8392e82d4b7029b69cb6ee290b9b42c00
Certificate serial:       018DAD22E5E229A7BCA4DCF2E787C78B08BC
Authority key identifier: 1D:44:04:C8:39:2E:82:D4:B7:02:9B:69:CB:6E:E2:90:B9:B4:2C:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUQEyDkugtS3Aptpy27ikLm0LAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/68Kdvq0S1kkfJF90gZdYmcg8aNQ.roa
Signing time:             Thu 15 Feb 2024 14:19:21 +0000
ROA not before:           Thu 15 Feb 2024 14:19:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212988
IP address blocks:        185.112.78.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/HUQEyDkugtS3Aptpy27ikLm0LAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/HUQEyDkugtS3Aptpy27ikLm0LAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUQEyDkugtS3Aptpy27ikLm0LAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ad:22:e5:e2:29:a7:bc:a4:dc:f2:e7:87:c7:8b:08:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d4404c8392e82d4b7029b69cb6ee290b9b42c00
        Validity
            Not Before: Feb 15 14:19:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebc29dbead12d6491f245f7481975899c83c68d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:70:d6:aa:2d:21:88:49:60:69:f5:30:b5:68:
                    39:1d:be:e3:46:cc:5f:e5:61:88:ff:36:70:72:ba:
                    4d:81:c4:18:d7:a1:56:a8:81:e9:15:fb:5b:bf:1c:
                    c2:d8:94:e7:08:a9:1e:bf:fb:7f:62:2d:20:8a:f3:
                    14:eb:41:24:50:d6:cd:1f:d7:e1:ee:b8:fb:d4:65:
                    c3:8e:d9:46:63:55:c3:82:0f:16:bf:a7:cd:0a:bf:
                    4e:3a:14:fc:7b:2f:22:4d:86:9d:b2:f0:c9:b6:c7:
                    98:da:75:5e:db:d1:e0:d7:16:22:bb:cf:b8:e5:ca:
                    46:b1:d4:a3:a3:8d:c5:0f:fb:86:8c:3a:79:cb:77:
                    e2:b2:8a:a9:19:b0:91:b6:3a:d4:20:de:51:cf:0f:
                    6b:8b:92:b8:2d:32:32:21:eb:1a:d7:4a:53:75:78:
                    c8:55:1e:1e:9d:38:8e:f8:a1:1b:8b:44:b1:e3:b1:
                    e9:e8:62:40:d4:78:3e:1c:64:b5:88:75:51:52:27:
                    98:ee:28:26:f7:d4:4f:04:05:d9:66:cb:2f:42:c1:
                    f3:83:73:dc:7d:48:2e:18:94:1c:82:7a:18:8c:a2:
                    5a:d1:6d:81:c6:ec:fa:dd:a3:a0:be:f8:f7:02:84:
                    cf:3e:88:b9:b8:87:5d:e5:9e:95:25:5b:ce:66:7c:
                    b6:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C2:9D:BE:AD:12:D6:49:1F:24:5F:74:81:97:58:99:C8:3C:68:D4
            X509v3 Authority Key Identifier:
                keyid:1D:44:04:C8:39:2E:82:D4:B7:02:9B:69:CB:6E:E2:90:B9:B4:2C:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUQEyDkugtS3Aptpy27ikLm0LAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/68Kdvq0S1kkfJF90gZdYmcg8aNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/HUQEyDkugtS3Aptpy27ikLm0LAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:2d:1a:40:03:d7:67:3f:12:49:ff:90:a4:a2:10:9b:7b:9d:
         a7:8c:da:1b:0f:be:be:22:e3:11:46:ab:10:c4:ac:38:73:d0:
         28:05:ef:d9:0c:b5:50:59:9e:95:cc:a7:7c:12:ed:88:4f:4e:
         dc:15:f2:22:12:15:16:89:a0:8f:93:de:58:85:6d:2c:d8:d4:
         06:f4:a6:f1:48:17:38:f8:59:de:c9:12:3a:a0:96:ab:df:ce:
         c8:c1:93:12:f0:2a:d0:d2:39:d2:80:55:ef:d3:85:10:9c:6f:
         10:74:3d:ae:3a:fd:a6:9d:c8:21:d9:8e:f6:c5:b6:1a:60:56:
         81:ad:b9:aa:45:16:ac:81:52:1a:52:af:6f:dc:99:c1:92:b7:
         0d:13:1e:8d:f1:6c:fe:49:4c:e0:2a:08:4f:69:1b:1a:01:3a:
         53:d9:ef:86:23:20:8d:2f:b4:06:fc:55:83:d5:dd:ea:b5:83:
         ee:de:c9:b3:9c:23:9a:fd:02:58:5f:7a:00:59:f9:41:ea:e6:
         49:57:bd:cf:12:69:fb:61:1a:84:b8:5f:2f:14:77:d1:3f:3c:
         6d:00:1d:14:63:cb:e5:f6:43:d6:42:f1:64:10:c1:fc:10:e4:
         45:03:0e:6f:55:3f:70:48:4c:80:2b:1f:91:d1:2d:98:c6:38:
         b9:8f:6a:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2tIuXiKae8pNzy54fHiwi8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDQwNGM4MzkyZTgyZDRiNzAyOWI2OWNiNmVlMjkwYjli
NDJjMDAwHhcNMjQwMjE1MTQxOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmMyOWRiZWFkMTJkNjQ5MWYyNDVmNzQ4MTk3NTg5OWM4M2M2OGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7HDWqi0hiElgafUwtWg5Hb7jRsxf
5WGI/zZwcrpNgcQY16FWqIHpFftbvxzC2JTnCKkev/t/Yi0givMU60EkUNbNH9fh
7rj71GXDjtlGY1XDgg8Wv6fNCr9OOhT8ey8iTYadsvDJtseY2nVe29Hg1xYiu8+4
5cpGsdSjo43FD/uGjDp5y3fisoqpGbCRtjrUIN5Rzw9ri5K4LTIyIesa10pTdXjI
VR4enTiO+KEbi0Sx47Hp6GJA1Hg+HGS1iHVRUieY7igm99RPBAXZZssvQsHzg3Pc
fUguGJQcgnoYjKJa0W2Bxuz63aOgvvj3AoTPPoi5uIdd5Z6VJVvOZny2eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvCnb6tEtZJHyRfdIGXWJnIPGjUMB8GA1UdIwQY
MBaAFB1EBMg5LoLUtwKbactu4pC5tCwAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVRRXlEa3VndFMzQXB0cHkyN2lrTG0wTEFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kNGI4MzUtZjViNS00NzA0LWFlOTct
YzI2MzI4NTYxMDMwLzEvNjhLZHZxMFMxa2tmSkY5MGdaZFltY2c4YU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kNGI4MzUtZjViNS00NzA0LWFlOTctYzI2MzI4NTYxMDMw
LzEvSFVRRXlEa3VndFMzQXB0cHkyN2lrTG0wTEFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXBOMA0G
CSqGSIb3DQEBCwUAA4IBAQBVLRpAA9dnPxJJ/5CkohCbe52njNobD76+IuMRRqsQ
xKw4c9AoBe/ZDLVQWZ6VzKd8Eu2IT07cFfIiEhUWiaCPk95YhW0s2NQG9KbxSBc4
+FneyRI6oJar387IwZMS8CrQ0jnSgFXv04UQnG8QdD2uOv2mncgh2Y72xbYaYFaB
rbmqRRasgVIaUq9v3JnBkrcNEx6N8Wz+SUzgKghPaRsaATpT2e+GIyCNL7QG/FWD
1d3qtYPu3smznCOa/QJYX3oAWflB6uZJV73PEmn7YRqEuF8vFHfRPzxtAB0UY8vl
9kPWQvFkEMH8EORFAw5vVT9wSEyAKx+R0S2Yxji5j2q8
-----END CERTIFICATE-----