Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f6b1b9-9ed6-4af2-a73b-f8874a6bad38/1/t6qZqDeZ09MWSDzZVr-GI1Z6wQo.roa
File:                     t6qZqDeZ09MWSDzZVr-GI1Z6wQo.roa (raw, json)
Hash identifier:          ah2Npyzk1rVjwuMIZVDAAzPOq/jKihWbyGuGXoQgmJk=
Subject key identifier:   B7:AA:99:A8:37:99:D3:D3:16:48:3C:D9:56:BF:86:23:56:7A:C1:0A
Certificate issuer:       /CN=87f1cac0de8f66a7076f2810f3f3518aa70643ba
Certificate serial:       018CCA2A73DEDE91C14146FBB8DB02133289
Authority key identifier: 87:F1:CA:C0:DE:8F:66:A7:07:6F:28:10:F3:F3:51:8A:A7:06:43:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h_HKwN6PZqcHbygQ8_NRiqcGQ7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/f6b1b9-9ed6-4af2-a73b-f8874a6bad38/1/t6qZqDeZ09MWSDzZVr-GI1Z6wQo.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210964
IP address blocks:        194.150.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/f6b1b9-9ed6-4af2-a73b-f8874a6bad38/1/h_HKwN6PZqcHbygQ8_NRiqcGQ7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/f6b1b9-9ed6-4af2-a73b-f8874a6bad38/1/h_HKwN6PZqcHbygQ8_NRiqcGQ7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h_HKwN6PZqcHbygQ8_NRiqcGQ7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:73:de:de:91:c1:41:46:fb:b8:db:02:13:32:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87f1cac0de8f66a7076f2810f3f3518aa70643ba
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7aa99a83799d3d316483cd956bf8623567ac10a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ff:86:9b:50:c8:29:08:53:cc:d5:6f:4f:5b:
                    13:88:08:e0:61:39:3c:b6:e5:e2:0f:8f:51:1b:c3:
                    ac:26:0e:d6:32:58:f6:a3:86:b0:91:bf:30:f5:d4:
                    bb:81:c0:75:81:91:7c:86:89:95:7c:02:28:fc:c6:
                    e2:28:99:f9:28:2b:91:fe:5a:08:fa:97:58:15:f6:
                    c9:ff:1c:75:03:62:9b:08:d6:22:77:33:9d:e1:55:
                    e1:46:ed:a8:66:bb:3f:f2:c2:16:67:8d:db:36:79:
                    8c:15:4c:ee:9d:c4:35:81:6e:98:32:d3:91:62:f8:
                    64:18:aa:07:59:fa:ac:2d:7c:bc:21:29:12:c2:d5:
                    15:97:2d:7b:dd:fb:b9:e0:b2:87:14:1e:f9:12:21:
                    39:e0:c3:5c:98:1c:1b:f9:bd:98:be:34:58:4e:28:
                    f0:fd:33:3f:26:49:7b:01:60:13:33:ad:29:84:f1:
                    c1:cf:1f:fe:d3:16:22:2f:d7:de:46:72:30:f1:23:
                    31:ed:cb:c6:0a:e3:d2:60:a5:7a:e9:dc:fa:04:12:
                    73:a5:79:30:4e:fc:94:67:33:03:ea:d7:09:cd:00:
                    cf:f3:2d:71:15:fd:10:25:7b:e6:08:4c:4d:d0:db:
                    a1:37:a1:09:32:e8:70:4e:f5:fb:c0:75:76:a4:cc:
                    90:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:AA:99:A8:37:99:D3:D3:16:48:3C:D9:56:BF:86:23:56:7A:C1:0A
            X509v3 Authority Key Identifier:
                keyid:87:F1:CA:C0:DE:8F:66:A7:07:6F:28:10:F3:F3:51:8A:A7:06:43:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h_HKwN6PZqcHbygQ8_NRiqcGQ7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f6b1b9-9ed6-4af2-a73b-f8874a6bad38/1/t6qZqDeZ09MWSDzZVr-GI1Z6wQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f6b1b9-9ed6-4af2-a73b-f8874a6bad38/1/h_HKwN6PZqcHbygQ8_NRiqcGQ7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:e9:8a:68:42:a8:da:44:c8:fc:50:2d:70:20:34:62:da:b7:
         3c:a3:bc:3d:a3:0f:ad:53:ff:b8:b5:92:37:6d:71:0a:a5:5c:
         53:86:5c:8a:c2:09:17:2f:b3:f0:d9:9d:aa:0c:db:dd:de:7c:
         43:87:77:14:cd:f1:37:d9:1a:52:46:79:1d:a1:27:ad:e0:22:
         f0:5c:96:7a:ef:d7:e1:af:ff:1c:52:b6:b4:77:fc:4d:c1:3b:
         70:96:f1:08:ef:6e:97:6c:08:30:9b:f5:40:84:3e:f9:e8:83:
         11:76:c8:5c:f9:49:d5:c1:28:52:6e:16:0d:fc:7d:4d:42:96:
         ea:e4:c8:79:d2:bc:99:3a:83:ea:87:db:ec:0d:fe:10:39:bc:
         24:c6:75:2e:af:4f:98:b6:30:8a:30:d5:a7:7e:dc:1c:68:2e:
         db:02:5b:ec:a6:f9:14:e1:ce:f5:44:e5:5d:e2:60:35:86:32:
         8d:01:16:71:47:54:d8:4a:36:41:97:24:e9:7a:7d:a6:e8:c9:
         19:b2:82:de:91:5e:d6:ba:11:aa:71:67:1a:c1:38:4f:04:6e:
         e3:ab:69:34:f6:f1:07:66:32:f1:f3:b1:76:70:a6:13:f5:14:
         32:1f:e4:fc:dc:ae:4c:8e:da:58:e8:48:06:64:b1:01:90:3c:
         35:47:ec:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnPe3pHBQUb7uNsCEzKJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZjFjYWMwZGU4ZjY2YTcwNzZmMjgxMGYzZjM1MThhYTcw
NjQzYmEwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2FhOTlhODM3OTlkM2QzMTY0ODNjZDk1NmJmODYyMzU2N2FjMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf+Gm1DIKQhTzNVvT1sTiAjgYTk8
tuXiD49RG8OsJg7WMlj2o4awkb8w9dS7gcB1gZF8homVfAIo/MbiKJn5KCuR/loI
+pdYFfbJ/xx1A2KbCNYidzOd4VXhRu2oZrs/8sIWZ43bNnmMFUzuncQ1gW6YMtOR
YvhkGKoHWfqsLXy8ISkSwtUVly173fu54LKHFB75EiE54MNcmBwb+b2YvjRYTijw
/TM/Jkl7AWATM60phPHBzx/+0xYiL9feRnIw8SMx7cvGCuPSYKV66dz6BBJzpXkw
TvyUZzMD6tcJzQDP8y1xFf0QJXvmCExN0NuhN6EJMuhwTvX7wHV2pMyQBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLeqmag3mdPTFkg82Va/hiNWesEKMB8GA1UdIwQY
MBaAFIfxysDej2anB28oEPPzUYqnBkO6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaF9IS3dONlBacWNIYnlnUThfTlJpcWNHUTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mNmIxYjktOWVkNi00YWYyLWE3M2It
Zjg4NzRhNmJhZDM4LzEvdDZxWnFEZVowOU1XU0R6WlZyLUdJMVo2d1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mNmIxYjktOWVkNi00YWYyLWE3M2ItZjg4NzRhNmJhZDM4
LzEvaF9IS3dONlBacWNIYnlnUThfTlJpcWNHUTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpZOMA0G
CSqGSIb3DQEBCwUAA4IBAQB16YpoQqjaRMj8UC1wIDRi2rc8o7w9ow+tU/+4tZI3
bXEKpVxThlyKwgkXL7Pw2Z2qDNvd3nxDh3cUzfE32RpSRnkdoSet4CLwXJZ679fh
r/8cUra0d/xNwTtwlvEI726XbAgwm/VAhD756IMRdshc+UnVwShSbhYN/H1NQpbq
5Mh50ryZOoPqh9vsDf4QObwkxnUur0+YtjCKMNWnftwcaC7bAlvspvkU4c71ROVd
4mA1hjKNARZxR1TYSjZBlyTpen2m6MkZsoLekV7WuhGqcWcawThPBG7jq2k09vEH
ZjLx87F2cKYT9RQyH+T83K5MjtpY6EgGZLEBkDw1R+yH
-----END CERTIFICATE-----