Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/U_5zU548U26mS88-CJEcmKMDH2w.roa
File:                     U_5zU548U26mS88-CJEcmKMDH2w.roa (raw, json)
Hash identifier:          FhA2pvaWQsUxY9S+Yg0LINFnxvOt0M5vKGAndpCuHsg=
Subject key identifier:   53:FE:73:53:9E:3C:53:6E:A6:4B:CF:3E:08:91:1C:98:A3:03:1F:6C
Certificate issuer:       /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial:       01928A28069E9FC0B8D7F583A3D6E2B3D660
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/U_5zU548U26mS88-CJEcmKMDH2w.roa
Signing time:             Mon 14 Oct 2024 08:32:11 +0000
ROA not before:           Mon 14 Oct 2024 08:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        78.153.139.0/24 maxlen: 24
                          78.153.148.0/24 maxlen: 24
                          78.153.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8a:28:06:9e:9f:c0:b8:d7:f5:83:a3:d6:e2:b3:d6:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
        Validity
            Not Before: Oct 14 08:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53fe73539e3c536ea64bcf3e08911c98a3031f6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:24:5e:70:4d:b6:0a:d6:4e:75:90:2b:15:b3:
                    75:92:ca:75:92:05:d4:45:ed:85:d0:84:65:3d:4a:
                    ee:fb:28:41:8a:17:b8:15:3f:2a:5a:91:69:59:bd:
                    ac:15:c6:f3:53:a4:50:78:91:1b:7f:43:35:cf:17:
                    35:84:b7:1b:56:30:b4:13:17:52:20:50:36:59:13:
                    e8:5f:6a:3c:95:6b:d6:7f:22:50:ea:5c:87:8c:78:
                    aa:72:b1:62:6e:83:b1:fb:0e:46:0a:bc:9a:f8:fc:
                    d7:bd:06:b3:0e:66:98:0f:10:81:f7:62:f3:9e:9f:
                    9c:30:e5:8d:e2:56:36:35:8b:f8:47:c5:4e:cd:90:
                    b3:90:a0:7d:a1:fb:29:d4:e8:9f:fb:5d:38:d9:61:
                    f8:cb:e8:2e:96:97:13:af:5b:b2:4c:b4:24:7d:3c:
                    2f:fb:a8:de:1e:36:23:37:99:39:63:b6:b4:49:30:
                    68:f3:ea:16:d8:7a:ce:d5:10:ea:a0:08:96:e4:23:
                    39:42:39:5c:4a:1b:8b:78:55:7d:7b:7a:1d:01:cf:
                    d2:e6:f0:5e:d0:94:ae:4f:3d:60:9d:97:a1:c3:84:
                    fe:b5:e7:39:49:54:0c:bd:d2:17:26:bf:02:c1:98:
                    08:03:0d:e9:1a:5d:3b:eb:ad:de:ae:a0:96:be:12:
                    b2:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FE:73:53:9E:3C:53:6E:A6:4B:CF:3E:08:91:1C:98:A3:03:1F:6C
            X509v3 Authority Key Identifier:
                keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/U_5zU548U26mS88-CJEcmKMDH2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.139.0/24
                  78.153.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:60:34:10:f2:31:36:21:9b:7a:56:55:36:8b:2b:93:52:99:
         20:94:53:b8:26:65:e1:e8:21:31:91:4d:c1:8a:36:3d:9b:5f:
         67:e4:4e:b1:0c:e5:35:83:73:20:74:70:57:a3:23:7f:7e:06:
         5f:60:53:a0:fe:b5:0e:24:80:7a:b5:57:25:a3:08:7f:21:8d:
         1b:ca:0c:ec:3a:19:f0:98:c6:58:af:c5:c8:73:de:20:8e:23:
         90:a7:49:5c:26:a0:bf:a3:1d:ee:e8:38:37:db:ae:ef:6a:6f:
         b7:89:73:43:4a:ae:68:0d:20:05:d2:80:0b:39:77:56:c9:37:
         14:9e:6c:57:d3:bc:2a:2e:b8:cb:c1:ce:3b:b7:a7:bf:d1:58:
         9e:2f:c0:2f:93:2e:e6:6f:fd:c6:ba:ac:28:2a:5f:d3:cd:7e:
         eb:e3:a7:54:2a:49:0f:fb:e4:0d:41:20:f2:b4:a5:22:c7:d5:
         2b:7a:d2:75:76:e6:d5:54:85:f7:63:a9:2b:fe:6d:41:be:58:
         8a:bd:a4:5e:e5:39:3e:73:58:58:55:00:aa:c4:99:87:3b:08:
         5d:14:86:80:ba:62:a5:a0:e8:b3:18:3e:23:ff:d7:5d:b2:3d:
         4d:d5:7a:fc:46:45:ed:e9:71:75:63:f9:42:ec:1a:2b:8c:69:
         4f:66:7d:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKKKAaen8C41/WDo9bis9ZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjQxMDE0MDgzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ZlNzM1MzllM2M1MzZlYTY0YmNmM2UwODkxMWM5OGEzMDMxZjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiRecE22CtZOdZArFbN1ksp1kgXU
Re2F0IRlPUru+yhBihe4FT8qWpFpWb2sFcbzU6RQeJEbf0M1zxc1hLcbVjC0ExdS
IFA2WRPoX2o8lWvWfyJQ6lyHjHiqcrFiboOx+w5GCrya+PzXvQazDmaYDxCB92Lz
np+cMOWN4lY2NYv4R8VOzZCzkKB9ofsp1Oif+1042WH4y+gulpcTr1uyTLQkfTwv
+6jeHjYjN5k5Y7a0STBo8+oW2HrO1RDqoAiW5CM5QjlcShuLeFV9e3odAc/S5vBe
0JSuTz1gnZehw4T+tec5SVQMvdIXJr8CwZgIAw3pGl07663erqCWvhKybwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFP+c1OePFNupkvPPgiRHJijAx9sMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvVV81elU1NDhVMjZtUzg4LUNKRWNtS01ESDJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATpmLAwQB
TpmUMA0GCSqGSIb3DQEBCwUAA4IBAQC7YDQQ8jE2IZt6VlU2iyuTUpkglFO4JmXh
6CExkU3BijY9m19n5E6xDOU1g3MgdHBXoyN/fgZfYFOg/rUOJIB6tVclowh/IY0b
ygzsOhnwmMZYr8XIc94gjiOQp0lcJqC/ox3u6Dg3267vam+3iXNDSq5oDSAF0oAL
OXdWyTcUnmxX07wqLrjLwc47t6e/0VieL8Avky7mb/3GuqwoKl/TzX7r46dUKkkP
++QNQSDytKUix9UretJ1dubVVIX3Y6kr/m1BvliKvaRe5Tk+c1hYVQCqxJmHOwhd
FIaAumKloOizGD4j/9ddsj1N1Xr8RkXt6XF1Y/lC7BorjGlPZn2L
-----END CERTIFICATE-----