Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/cptHiSECnmV4CUyPWPu3-nLWXxE.roa
File:                     cptHiSECnmV4CUyPWPu3-nLWXxE.roa (raw, json)
Hash identifier:          1mgTdr/hxZE+b6K0tPnzLOqv2Y6deoJuGI83kin3GwI=
Subject key identifier:   72:9B:47:89:21:02:9E:65:78:09:4C:8F:58:FB:B7:FA:72:D6:5F:11
Certificate issuer:       /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial:       01914780F73D46E0D6079EB719EACBDFEC9E
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/cptHiSECnmV4CUyPWPu3-nLWXxE.roa
Signing time:             Mon 12 Aug 2024 16:51:59 +0000
ROA not before:           Mon 12 Aug 2024 16:51:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202306
IP address blocks:        78.153.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 17:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:47:80:f7:3d:46:e0:d6:07:9e:b7:19:ea:cb:df:ec:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
        Validity
            Not Before: Aug 12 16:51:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=729b478921029e6578094c8f58fbb7fa72d65f11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:14:91:48:8a:e7:b7:f8:a4:dd:2d:bf:5c:df:
                    54:2b:d3:28:dd:82:0b:41:a9:8f:3c:38:90:3f:81:
                    01:e5:b9:ba:c1:fb:49:28:65:3f:2f:90:1c:f1:72:
                    3c:5b:b0:e7:07:de:79:dc:a4:6f:89:81:77:15:97:
                    b5:2a:2e:3c:15:a4:ae:f7:76:f8:e8:4c:cf:a9:ab:
                    19:99:46:77:21:4e:6e:ac:ec:49:2e:2c:f5:db:8a:
                    17:4b:1a:e4:74:a7:20:ea:61:56:09:d2:a9:4e:15:
                    b0:35:77:7a:0c:bd:85:e8:fd:9d:cd:19:b3:d1:24:
                    0c:18:e4:2e:af:1e:85:5f:85:b8:94:39:66:79:03:
                    92:e6:d3:37:6f:5f:a6:3a:a4:83:7c:3d:a7:2e:81:
                    95:b5:ef:5a:57:08:47:f7:b1:1f:41:fd:a1:db:7d:
                    8c:02:a9:50:0f:b2:ea:c3:cf:1c:38:6a:c7:bf:0b:
                    41:2b:dc:2d:4d:2e:fb:51:3c:2d:35:7a:cb:8d:f0:
                    26:5d:50:26:7e:88:f4:f5:bf:e6:75:6f:c0:c5:64:
                    b7:bc:18:3e:93:4a:8f:7c:b1:2b:9f:86:ce:7d:f0:
                    d5:df:63:e3:27:3f:a9:77:8e:66:c4:45:2a:89:e2:
                    fe:80:5a:40:e9:65:27:c0:6c:89:b0:fc:6e:ba:7c:
                    cc:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:9B:47:89:21:02:9E:65:78:09:4C:8F:58:FB:B7:FA:72:D6:5F:11
            X509v3 Authority Key Identifier:
                keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/cptHiSECnmV4CUyPWPu3-nLWXxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:05:87:b6:ac:d5:93:0b:75:f2:6f:59:97:de:8c:c9:47:fa:
         3f:41:78:85:85:dc:da:7f:af:8d:b5:d6:8f:96:ee:4b:b7:a8:
         17:4f:6c:ad:b5:77:51:07:84:89:50:0d:b6:bf:8f:14:8f:69:
         f6:e6:6a:fd:e5:1d:2c:e1:26:28:9f:01:86:89:7a:d6:0b:e2:
         28:6e:53:20:91:72:5e:32:24:47:48:44:d3:ce:de:af:e8:1e:
         89:4e:2b:29:81:eb:1d:24:ac:39:41:b0:ff:c2:96:29:99:31:
         e4:87:e5:70:33:13:ea:81:3d:bd:3c:44:1f:8a:e1:2e:3b:fb:
         48:36:91:f7:91:f6:08:2f:08:0f:70:5e:8b:1f:2e:f7:1b:55:
         5d:99:f4:ea:60:c6:62:d7:07:19:ac:10:8e:d9:ce:f1:be:c6:
         3b:71:1e:74:d1:dc:f8:90:b4:2f:0d:0d:27:99:5f:23:be:48:
         ef:63:57:02:07:cb:37:96:cd:d7:bb:a7:68:56:b8:0b:f6:69:
         46:48:00:a1:4c:0e:d9:79:bc:dc:72:71:eb:27:2f:24:19:a3:
         c1:2a:d7:d3:39:26:9b:20:1a:54:fd:85:a2:65:ec:fc:9c:e5:
         a4:3a:a8:2a:4c:d6:a9:37:78:ab:e6:19:19:87:46:e2:6e:08:
         0f:c2:dc:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFHgPc9RuDWB563GerL3+yeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjQwODEyMTY1MTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjliNDc4OTIxMDI5ZTY1NzgwOTRjOGY1OGZiYjdmYTcyZDY1ZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBSRSIrnt/ik3S2/XN9UK9Mo3YIL
QamPPDiQP4EB5bm6wftJKGU/L5Ac8XI8W7DnB9553KRviYF3FZe1Ki48FaSu93b4
6EzPqasZmUZ3IU5urOxJLiz124oXSxrkdKcg6mFWCdKpThWwNXd6DL2F6P2dzRmz
0SQMGOQurx6FX4W4lDlmeQOS5tM3b1+mOqSDfD2nLoGVte9aVwhH97EfQf2h232M
AqlQD7Lqw88cOGrHvwtBK9wtTS77UTwtNXrLjfAmXVAmfoj09b/mdW/AxWS3vBg+
k0qPfLErn4bOffDV32PjJz+pd45mxEUqieL+gFpA6WUnwGyJsPxuunzMJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKbR4khAp5leAlMj1j7t/py1l8RMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvY3B0SGlTRUNubVY0Q1V5UFdQdTMtbkxXWHhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATpmMMA0G
CSqGSIb3DQEBCwUAA4IBAQB6BYe2rNWTC3Xyb1mX3ozJR/o/QXiFhdzaf6+NtdaP
lu5Lt6gXT2yttXdRB4SJUA22v48Uj2n25mr95R0s4SYonwGGiXrWC+IoblMgkXJe
MiRHSETTzt6v6B6JTispgesdJKw5QbD/wpYpmTHkh+VwMxPqgT29PEQfiuEuO/tI
NpH3kfYILwgPcF6LHy73G1VdmfTqYMZi1wcZrBCO2c7xvsY7cR500dz4kLQvDQ0n
mV8jvkjvY1cCB8s3ls3Xu6doVrgL9mlGSAChTA7ZebzccnHrJy8kGaPBKtfTOSab
IBpU/YWiZez8nOWkOqgqTNapN3ir5hkZh0bibggPwtw5
-----END CERTIFICATE-----