Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/56d200-416d-4430-85c8-87d3e181e594/1/dJm3DcgZQ5d5Oh1rhBj_XzA_Kes.roa
File:                     dJm3DcgZQ5d5Oh1rhBj_XzA_Kes.roa (raw, json)
Hash identifier:          xDI20gCOT33dVOcukXVWh7EiXlpSpA6eEaAAxDitWL0=
Subject key identifier:   74:99:B7:0D:C8:19:43:97:79:3A:1D:6B:84:18:FF:5F:30:3F:29:EB
Certificate issuer:       /CN=1e6b3e17f9b9d0c313d053023425275b2745fc83
Certificate serial:       018CC50019886734F88C0F19D6D14F8EE191
Authority key identifier: 1E:6B:3E:17:F9:B9:D0:C3:13:D0:53:02:34:25:27:5B:27:45:FC:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hms-F_m50MMT0FMCNCUnWydF_IM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/56d200-416d-4430-85c8-87d3e181e594/1/dJm3DcgZQ5d5Oh1rhBj_XzA_Kes.roa
Signing time:             Mon 01 Jan 2024 12:29:27 +0000
ROA not before:           Mon 01 Jan 2024 12:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        160.78.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/56d200-416d-4430-85c8-87d3e181e594/1/Hms-F_m50MMT0FMCNCUnWydF_IM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/56d200-416d-4430-85c8-87d3e181e594/1/Hms-F_m50MMT0FMCNCUnWydF_IM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hms-F_m50MMT0FMCNCUnWydF_IM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:19:88:67:34:f8:8c:0f:19:d6:d1:4f:8e:e1:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e6b3e17f9b9d0c313d053023425275b2745fc83
        Validity
            Not Before: Jan  1 12:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7499b70dc8194397793a1d6b8418ff5f303f29eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a1:fd:a6:f3:af:f2:39:5f:db:04:3a:e0:9e:
                    61:79:ed:1d:bf:0d:71:5d:fb:ff:b6:99:25:56:8c:
                    79:67:de:f2:18:b7:1e:fa:88:47:96:00:48:04:60:
                    95:30:c8:3f:98:86:a5:10:38:f7:03:33:5b:8e:e7:
                    ef:07:ff:58:8d:ca:29:b8:b9:60:ba:81:38:51:a8:
                    5a:49:68:0c:99:00:7c:83:3d:30:7c:e8:e1:68:d1:
                    17:43:49:44:dd:d3:d4:dc:c3:82:e4:ef:87:a7:60:
                    d9:a7:7b:dd:49:f9:36:c3:10:fc:c3:86:66:8c:40:
                    13:7c:31:d6:d4:c4:3d:5d:f0:14:ef:6d:9e:3d:a1:
                    30:be:cc:52:28:0b:22:ca:cc:4a:b1:7d:c0:0e:fe:
                    e4:81:93:63:c4:2c:33:d8:1e:63:cc:1d:96:75:8f:
                    17:03:10:04:4d:bc:e0:4e:e1:52:88:69:82:03:b4:
                    40:6f:4f:2d:d3:4e:cd:56:47:e5:30:5d:7b:36:fb:
                    cc:7c:a5:9f:c7:91:30:39:37:b5:28:c3:78:ac:0e:
                    1e:ac:e8:31:0a:af:23:b3:75:10:c5:1c:7c:57:40:
                    49:4b:c5:f6:db:63:56:69:91:ec:54:c7:d1:fc:12:
                    fb:3b:62:6d:5d:56:8a:7c:ab:28:eb:d2:ba:2c:72:
                    c7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:99:B7:0D:C8:19:43:97:79:3A:1D:6B:84:18:FF:5F:30:3F:29:EB
            X509v3 Authority Key Identifier:
                keyid:1E:6B:3E:17:F9:B9:D0:C3:13:D0:53:02:34:25:27:5B:27:45:FC:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hms-F_m50MMT0FMCNCUnWydF_IM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/56d200-416d-4430-85c8-87d3e181e594/1/dJm3DcgZQ5d5Oh1rhBj_XzA_Kes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/56d200-416d-4430-85c8-87d3e181e594/1/Hms-F_m50MMT0FMCNCUnWydF_IM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.78.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:a6:23:ea:f4:92:f8:76:81:e0:b3:3e:88:ab:5f:bd:36:b5:
         4d:0e:54:1a:a9:bf:bc:d3:25:27:24:28:fb:a6:02:4a:0f:43:
         37:1d:68:08:34:68:ee:83:62:71:14:6a:3f:04:8e:7b:50:27:
         ec:60:c8:fd:e7:58:04:6a:72:53:99:d9:3c:c6:67:21:32:c2:
         fa:a1:1b:d6:47:9b:45:55:71:b4:39:ba:fd:9c:23:ba:84:91:
         c1:62:fe:fc:17:86:67:07:34:cd:ca:d4:59:99:46:ce:77:22:
         ff:29:2c:c8:89:34:d2:30:7e:bb:60:e9:ff:0f:d6:16:9e:2c:
         86:aa:9d:b6:d3:c7:b7:31:8e:91:15:3b:a9:4f:b7:c6:20:78:
         3a:f3:4b:71:1a:b4:9d:98:3f:91:28:f6:05:24:36:9b:0d:60:
         0e:3f:d8:37:d6:71:af:d7:f8:d4:9f:28:20:2b:24:a7:45:70:
         e6:b5:f1:d0:4f:70:cd:a3:e3:d7:94:3e:18:ee:0b:f5:66:0c:
         aa:3e:ec:02:ca:54:f4:5c:a2:76:88:aa:60:52:f8:93:de:87:
         7c:16:eb:61:9e:a1:40:cc:51:fc:26:a8:6e:45:46:02:05:f1:
         a5:8c:ac:29:f5:47:8f:f3:55:6f:6a:33:db:5d:16:c7:8e:a5:
         15:75:56:27
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFABmIZzT4jA8Z1tFPjuGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNmIzZTE3ZjliOWQwYzMxM2QwNTMwMjM0MjUyNzViMjc0
NWZjODMwHhcNMjQwMTAxMTIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDk5YjcwZGM4MTk0Mzk3NzkzYTFkNmI4NDE4ZmY1ZjMwM2YyOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraH9pvOv8jlf2wQ64J5hee0dvw1x
Xfv/tpklVox5Z97yGLce+ohHlgBIBGCVMMg/mIalEDj3AzNbjufvB/9YjcopuLlg
uoE4UahaSWgMmQB8gz0wfOjhaNEXQ0lE3dPU3MOC5O+Hp2DZp3vdSfk2wxD8w4Zm
jEATfDHW1MQ9XfAU722ePaEwvsxSKAsiysxKsX3ADv7kgZNjxCwz2B5jzB2WdY8X
AxAETbzgTuFSiGmCA7RAb08t007NVkflMF17NvvMfKWfx5EwOTe1KMN4rA4erOgx
Cq8js3UQxRx8V0BJS8X222NWaZHsVMfR/BL7O2JtXVaKfKso69K6LHLHeQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHSZtw3IGUOXeToda4QY/18wPynrMB8GA1UdIwQY
MBaAFB5rPhf5udDDE9BTAjQlJ1snRfyDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG1zLUZfbTUwTU1UMEZNQ05DVW5XeWRGX0lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy81NmQyMDAtNDE2ZC00NDMwLTg1Yzgt
ODdkM2UxODFlNTk0LzEvZEptM0RjZ1pRNWQ1T2gxcmhCal9YekFfS2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy81NmQyMDAtNDE2ZC00NDMwLTg1YzgtODdkM2UxODFlNTk0
LzEvSG1zLUZfbTUwTU1UMEZNQ05DVW5XeWRGX0lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoE4wDQYJ
KoZIhvcNAQELBQADggEBAKSmI+r0kvh2geCzPoirX702tU0OVBqpv7zTJSckKPum
AkoPQzcdaAg0aO6DYnEUaj8EjntQJ+xgyP3nWARqclOZ2TzGZyEywvqhG9ZHm0VV
cbQ5uv2cI7qEkcFi/vwXhmcHNM3K1FmZRs53Iv8pLMiJNNIwfrtg6f8P1haeLIaq
nbbTx7cxjpEVO6lPt8YgeDrzS3EatJ2YP5Eo9gUkNpsNYA4/2DfWca/X+NSfKCAr
JKdFcOa18dBPcM2j49eUPhjuC/VmDKo+7ALKVPRconaIqmBS+JPeh3wW62GeoUDM
UfwmqG5FRgIF8aWMrCn1R4/zVW9qM9tdFseOpRV1Vic=
-----END CERTIFICATE-----