Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/cOf26ChQ9Tr--QXjH4BjX7K4fqk.roa
File:                     cOf26ChQ9Tr--QXjH4BjX7K4fqk.roa (raw, json)
Hash identifier:          KclI6iglDq3nm4WzsUE31SVW9GYNuWCAI3bVqCBV8bA=
Subject key identifier:   70:E7:F6:E8:28:50:F5:3A:FE:F9:05:E3:1F:80:63:5F:B2:B8:7E:A9
Certificate issuer:       /CN=844582ca704717eb0c94be4d89413f4bc2d8b8e5
Certificate serial:       018CCA2A89F48070167E6792D0901AFF5875
Authority key identifier: 84:45:82:CA:70:47:17:EB:0C:94:BE:4D:89:41:3F:4B:C2:D8:B8:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEWCynBHF-sMlL5NiUE_S8LYuOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/cOf26ChQ9Tr--QXjH4BjX7K4fqk.roa
Signing time:             Tue 02 Jan 2024 12:33:54 +0000
ROA not before:           Tue 02 Jan 2024 12:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47450
IP address blocks:        147.78.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/hEWCynBHF-sMlL5NiUE_S8LYuOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/hEWCynBHF-sMlL5NiUE_S8LYuOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEWCynBHF-sMlL5NiUE_S8LYuOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:89:f4:80:70:16:7e:67:92:d0:90:1a:ff:58:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844582ca704717eb0c94be4d89413f4bc2d8b8e5
        Validity
            Not Before: Jan  2 12:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70e7f6e82850f53afef905e31f80635fb2b87ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ab:b4:75:6d:23:89:35:7c:65:9a:6c:2f:94:
                    48:d1:3c:b8:ba:df:5d:c9:e6:f9:ad:7a:34:c0:7c:
                    3e:81:55:0b:f1:a7:6a:d7:78:be:a9:52:ea:37:ae:
                    17:86:8e:bb:26:28:2e:b7:8d:c6:b8:08:59:cf:18:
                    08:48:8a:71:e3:0d:38:12:9d:26:84:4e:dc:7c:c1:
                    53:a5:1a:34:af:7f:1a:92:6e:62:f0:21:70:4e:db:
                    4d:c5:01:d8:af:f1:36:76:f0:4e:59:d8:cd:d0:b1:
                    ad:0e:1d:7f:d6:f7:e4:eb:3d:72:0c:75:b1:cf:45:
                    11:04:18:a9:3d:b2:e3:04:75:28:b5:23:ca:d9:dd:
                    bd:23:df:c5:48:6a:48:6d:ba:d9:0a:94:5f:11:ab:
                    34:b3:e6:14:f7:10:f8:02:79:9e:9e:f1:52:87:76:
                    24:c6:be:3a:b9:e6:ba:4f:4f:fb:92:07:1e:98:48:
                    72:bc:37:cd:c5:e6:6c:5c:5d:76:39:13:12:75:ac:
                    6f:0f:44:2c:93:80:7c:05:88:9b:08:6c:82:bd:ed:
                    fb:71:32:79:30:ee:c0:8f:e4:eb:d0:d8:ff:e3:d7:
                    7d:ce:8a:60:c4:58:48:40:1f:37:63:ea:bb:48:34:
                    f2:8b:99:8f:7d:14:27:ae:a2:99:1d:ae:5e:c2:c5:
                    fd:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E7:F6:E8:28:50:F5:3A:FE:F9:05:E3:1F:80:63:5F:B2:B8:7E:A9
            X509v3 Authority Key Identifier:
                keyid:84:45:82:CA:70:47:17:EB:0C:94:BE:4D:89:41:3F:4B:C2:D8:B8:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEWCynBHF-sMlL5NiUE_S8LYuOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/cOf26ChQ9Tr--QXjH4BjX7K4fqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/hEWCynBHF-sMlL5NiUE_S8LYuOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:5a:91:08:9f:ee:d3:eb:83:bd:72:53:f3:f1:93:cf:97:17:
         db:cb:17:8f:ed:41:f3:d9:17:52:b5:29:94:67:dd:99:16:33:
         1f:a8:17:95:16:c5:f9:ff:e0:e7:17:cd:71:32:9a:d4:a4:2c:
         3e:df:82:bb:2f:b5:ad:c3:66:07:b1:c7:9c:b8:07:32:40:6a:
         4a:62:63:bf:f1:34:f6:2f:6e:31:d2:76:f1:80:19:0e:e0:04:
         b6:8a:d8:a0:d9:88:95:bf:cb:84:d5:bd:da:10:f6:2f:76:0d:
         48:03:32:11:d7:bf:b4:19:a3:0d:67:c1:1a:0c:c8:4f:3b:03:
         ae:42:40:0a:f5:eb:62:c9:34:91:d5:78:08:52:42:60:7e:4e:
         5e:9c:f8:0a:a0:b1:54:97:4a:f0:49:b0:1d:3f:a3:60:58:ca:
         af:c5:64:f8:c1:ef:c4:1c:4d:c0:61:af:17:86:75:a4:35:4c:
         00:b1:34:80:18:2b:b6:4d:41:30:13:10:16:d5:1e:9d:71:3e:
         58:73:4d:7f:a0:96:59:1c:8a:50:07:2f:ca:d4:5b:ae:62:3f:
         7e:fc:f8:89:a1:0f:5e:7e:f1:3a:20:48:08:8d:8f:be:03:f3:
         10:85:4f:55:6b:f5:9c:b5:5e:f7:66:d3:3c:b1:81:8c:6d:07:
         6d:f3:1f:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKon0gHAWfmeS0JAa/1h1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDU4MmNhNzA0NzE3ZWIwYzk0YmU0ZDg5NDEzZjRiYzJk
OGI4ZTUwHhcNMjQwMTAyMTIzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGU3ZjZlODI4NTBmNTNhZmVmOTA1ZTMxZjgwNjM1ZmIyYjg3ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhau0dW0jiTV8ZZpsL5RI0Ty4ut9d
yeb5rXo0wHw+gVUL8adq13i+qVLqN64Xho67Jigut43GuAhZzxgISIpx4w04Ep0m
hE7cfMFTpRo0r38akm5i8CFwTttNxQHYr/E2dvBOWdjN0LGtDh1/1vfk6z1yDHWx
z0URBBipPbLjBHUotSPK2d29I9/FSGpIbbrZCpRfEas0s+YU9xD4AnmenvFSh3Yk
xr46uea6T0/7kgcemEhyvDfNxeZsXF12ORMSdaxvD0Qsk4B8BYibCGyCve37cTJ5
MO7Aj+Tr0Nj/49d9zopgxFhIQB83Y+q7SDTyi5mPfRQnrqKZHa5ewsX92wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDn9ugoUPU6/vkF4x+AY1+yuH6pMB8GA1UdIwQY
MBaAFIRFgspwRxfrDJS+TYlBP0vC2LjlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVXQ3luQkhGLXNNbEw1TmlVRV9TOExZdU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83MzVlNDItYzYwOC00NmI2LThmNzAt
ZjIzZjY2ZjhkMjQyLzEvY09mMjZDaFE5VHItLVFYakg0QmpYN0s0ZnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83MzVlNDItYzYwOC00NmI2LThmNzAtZjIzZjY2ZjhkMjQy
LzEvaEVXQ3luQkhGLXNNbEw1TmlVRV9TOExZdU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk04GMA0G
CSqGSIb3DQEBCwUAA4IBAQA/WpEIn+7T64O9clPz8ZPPlxfbyxeP7UHz2RdStSmU
Z92ZFjMfqBeVFsX5/+DnF81xMprUpCw+34K7L7Wtw2YHscecuAcyQGpKYmO/8TT2
L24x0nbxgBkO4AS2itig2YiVv8uE1b3aEPYvdg1IAzIR17+0GaMNZ8EaDMhPOwOu
QkAK9etiyTSR1XgIUkJgfk5enPgKoLFUl0rwSbAdP6NgWMqvxWT4we/EHE3AYa8X
hnWkNUwAsTSAGCu2TUEwExAW1R6dcT5Yc01/oJZZHIpQBy/K1FuuYj9+/PiJoQ9e
fvE6IEgIjY++A/MQhU9Va/WctV73ZtM8sYGMbQdt8x9G
-----END CERTIFICATE-----