Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/blii_jHIHB5rN46G9mnYIjOATmc.roa
File:                     blii_jHIHB5rN46G9mnYIjOATmc.roa (raw, json)
Hash identifier:          4WWrUwvEE3v3NtiHnG4wEZd+h7Dhp9j81dcZdCzdYvg=
Subject key identifier:   6E:58:A2:FE:31:C8:1C:1E:6B:37:8E:86:F6:69:D8:22:33:80:4E:67
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB8B366E7A766B919EB942F794661
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/blii_jHIHB5rN46G9mnYIjOATmc.roa
Signing time:             Tue 02 Jan 2024 04:30:14 +0000
ROA not before:           Tue 02 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212962
IP address blocks:        185.78.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b8:b3:66:e7:a7:66:b9:19:eb:94:2f:79:46:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e58a2fe31c81c1e6b378e86f669d82233804e67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0d:98:58:8d:22:1d:5d:74:ed:cc:59:cb:57:
                    3d:91:ab:c2:4d:63:4d:29:39:19:0c:ad:55:46:44:
                    a7:59:34:70:32:3c:c8:31:58:20:b9:7f:10:b7:8a:
                    c4:b0:b8:aa:80:9f:0e:ad:8f:47:c0:77:03:f5:44:
                    b0:6d:6c:2d:f2:cb:db:c5:49:7b:8c:0c:6e:fa:f7:
                    ea:3d:81:a8:71:07:33:13:2e:82:ed:8b:bd:96:17:
                    9f:39:91:a7:a2:6b:be:68:99:35:c3:2d:3a:b8:82:
                    dc:bf:90:90:2f:05:98:75:d3:fa:6f:ef:38:22:39:
                    d2:c0:50:7f:3f:16:91:be:d2:bf:ff:9e:cc:9a:44:
                    ee:bc:f8:c9:5e:24:84:78:f8:5b:10:1d:22:19:33:
                    a9:27:a7:b0:c2:34:cf:3c:ad:3b:8c:9b:11:79:e8:
                    27:e0:00:58:66:0e:9e:43:6b:48:fb:ae:79:cc:e8:
                    f4:67:d4:2e:03:84:64:b3:c5:a6:d6:3b:a7:c5:39:
                    ea:04:8a:78:dc:39:25:2f:34:d6:f8:45:e3:26:6a:
                    15:ca:56:79:65:ab:54:41:3c:d6:89:c7:a2:2a:e5:
                    e4:b8:00:40:3f:08:c7:58:93:6e:3b:ba:74:70:d7:
                    1e:f3:3a:57:fc:27:69:f2:e7:6a:50:9a:a6:29:e5:
                    82:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:58:A2:FE:31:C8:1C:1E:6B:37:8E:86:F6:69:D8:22:33:80:4E:67
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/blii_jHIHB5rN46G9mnYIjOATmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:6f:9a:00:a1:ad:e0:7a:11:86:62:52:27:b2:e1:f2:c3:5c:
         07:be:61:8f:33:aa:9a:ab:db:fe:8d:9d:b7:36:22:49:88:13:
         94:85:49:42:bc:3c:9f:cb:26:c3:42:b1:09:a0:a1:67:1f:be:
         d4:ea:fc:18:28:53:3f:6f:ce:f5:b6:e5:20:69:d1:dc:98:41:
         d7:d2:43:a6:55:4e:1a:7b:b5:5c:86:bc:fb:83:bf:70:f9:31:
         99:02:4b:fa:95:a5:85:2a:97:cc:13:de:63:fc:ed:53:fb:c2:
         6a:22:60:5b:86:5a:f1:d9:bb:53:a1:89:52:00:6a:66:a0:e0:
         23:57:ff:dd:4d:a9:9c:68:9b:bf:d4:64:e8:a4:c3:69:c1:48:
         b6:20:11:6f:d0:ba:3e:72:8e:3b:dc:8b:40:35:28:a1:44:62:
         33:bd:06:5f:0c:35:bc:55:ba:c3:54:99:75:6c:cb:e3:39:c1:
         e4:bd:94:15:48:f1:ce:c5:4b:84:ac:d7:08:8c:b1:6a:7c:bb:
         98:1f:92:5a:5a:ff:a5:9c:0a:42:18:b3:d3:99:6a:7b:93:b9:
         e9:30:ec:42:dd:cf:30:2b:67:c7:20:84:25:d5:80:9a:a9:d1:
         2d:45:23:f1:3f:f8:3e:ed:02:a0:eb:05:ab:f8:cb:2d:31:68:
         64:e9:5a:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7izZuenZrkZ65QveUZhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTU4YTJmZTMxYzgxYzFlNmIzNzhlODZmNjY5ZDgyMjMzODA0ZTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkw2YWI0iHV107cxZy1c9kavCTWNN
KTkZDK1VRkSnWTRwMjzIMVgguX8Qt4rEsLiqgJ8OrY9HwHcD9USwbWwt8svbxUl7
jAxu+vfqPYGocQczEy6C7Yu9lhefOZGnomu+aJk1wy06uILcv5CQLwWYddP6b+84
IjnSwFB/PxaRvtK//57MmkTuvPjJXiSEePhbEB0iGTOpJ6ewwjTPPK07jJsReegn
4ABYZg6eQ2tI+655zOj0Z9QuA4Rks8Wm1junxTnqBIp43DklLzTW+EXjJmoVylZ5
ZatUQTzWiceiKuXkuABAPwjHWJNuO7p0cNce8zpX/Cdp8udqUJqmKeWC6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5Yov4xyBweazeOhvZp2CIzgE5nMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvYmxpaV9qSElIQjVyTjQ2RzltbllJak9BVG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU7rMA0G
CSqGSIb3DQEBCwUAA4IBAQB+b5oAoa3gehGGYlInsuHyw1wHvmGPM6qaq9v+jZ23
NiJJiBOUhUlCvDyfyybDQrEJoKFnH77U6vwYKFM/b871tuUgadHcmEHX0kOmVU4a
e7Vchrz7g79w+TGZAkv6laWFKpfME95j/O1T+8JqImBbhlrx2btToYlSAGpmoOAj
V//dTamcaJu/1GTopMNpwUi2IBFv0Lo+co473ItANSihRGIzvQZfDDW8VbrDVJl1
bMvjOcHkvZQVSPHOxUuErNcIjLFqfLuYH5JaWv+lnApCGLPTmWp7k7npMOxC3c8w
K2fHIIQl1YCaqdEtRSPxP/g+7QKg6wWr+MstMWhk6Vph
-----END CERTIFICATE-----