Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4zI7dDK3rm3W-R55D-PK1iR7bXE.roa
File:                     4zI7dDK3rm3W-R55D-PK1iR7bXE.roa (raw, json)
Hash identifier:          2zuM78wwPM132vlOwIbTdPoiR13t6HfrLViS6IOZa2M=
Subject key identifier:   E3:32:3B:74:32:B7:AE:6D:D6:F9:1E:79:0F:E3:CA:D6:24:7B:6D:71
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794ED07C6E8708E7BD3350687C8A97C
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4zI7dDK3rm3W-R55D-PK1iR7bXE.roa
Signing time:             Tue 02 Jan 2024 00:31:15 +0000
ROA not before:           Tue 02 Jan 2024 00:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50340
IP address blocks:        185.177.78.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ed:07:c6:e8:70:8e:7b:d3:35:06:87:c8:a9:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3323b7432b7ae6dd6f91e790fe3cad6247b6d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8c:a4:50:17:3e:d1:60:71:c7:ff:4f:32:5d:
                    18:7a:7f:2b:6e:90:8f:35:78:06:fd:dd:e6:cf:ca:
                    f7:f2:ab:07:76:ae:59:25:2f:e6:8c:36:4e:39:7f:
                    63:85:46:dd:77:2a:de:0f:2f:33:7d:8f:64:52:54:
                    9f:c9:09:b4:81:22:ec:20:5f:cc:c3:1e:23:dc:19:
                    9a:3b:3c:ef:9c:4b:83:b3:67:d5:f8:0b:b1:9c:21:
                    cf:7b:f4:ef:2a:cc:f0:97:af:8a:58:18:e4:81:27:
                    30:fc:d6:1e:6c:c4:8a:84:be:df:e9:27:ca:87:09:
                    c7:63:9d:32:cc:69:20:27:ef:54:3f:7b:24:11:05:
                    2b:87:17:83:30:33:4f:fe:ea:a2:4a:31:5d:71:c8:
                    87:34:c9:c7:b2:3a:0b:59:3f:bb:c9:14:fd:e3:3e:
                    36:44:e1:04:fe:11:1e:28:4d:30:66:a4:b6:0f:0d:
                    f3:73:dc:24:bb:78:36:4f:56:14:73:e2:5d:12:af:
                    b9:1d:d1:b1:66:76:59:38:41:1a:b4:82:1c:19:09:
                    81:3a:fd:cc:85:b3:ae:26:70:62:cc:e3:14:58:8d:
                    0c:d4:13:c6:53:db:07:a6:b2:5f:a3:3e:6c:70:31:
                    5c:1d:b0:27:1f:46:9c:97:11:24:50:cf:84:66:2e:
                    d5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:32:3B:74:32:B7:AE:6D:D6:F9:1E:79:0F:E3:CA:D6:24:7B:6D:71
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4zI7dDK3rm3W-R55D-PK1iR7bXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:b6:90:c4:74:69:6a:ee:ec:4c:4c:e0:7a:35:1a:64:66:4b:
         44:b4:0c:5b:e8:5b:26:35:f0:39:a7:b9:a8:48:13:0a:19:6d:
         57:b2:4c:ba:a2:25:aa:bd:41:c1:b5:ab:d5:8a:f5:2c:5f:e2:
         4e:00:8a:da:90:d2:cf:b6:12:d6:3c:21:65:89:df:62:f4:2d:
         67:6a:e4:b7:f6:54:a2:ef:fb:ac:24:58:7f:5f:72:dd:85:b0:
         36:59:c3:95:c9:29:88:53:f3:00:39:49:59:12:cf:d0:b2:56:
         22:8e:7e:ab:a9:9c:53:e8:92:ce:20:21:73:ae:b7:51:7e:e4:
         70:a2:6d:52:cd:eb:bf:e6:5f:f0:f4:7d:80:d4:f6:d5:78:48:
         f1:76:dc:46:6e:41:84:69:ee:00:93:cd:f3:49:f4:9d:e2:ce:
         68:a0:73:88:63:8e:b3:db:3d:be:71:3e:ec:4b:46:b3:b5:11:
         cf:e6:fb:c2:f8:9c:b0:a2:89:63:f2:49:27:b5:a7:a9:e3:47:
         61:0b:2b:f5:75:06:22:47:89:6a:8f:57:39:51:39:9d:4c:41:
         1e:e9:80:be:23:14:c3:ae:12:a3:a7:54:5b:8d:a6:cb:f8:23:
         46:1b:70:96:6e:9e:e8:02:64:4f:79:68:0c:08:80:5c:50:0b:
         33:7b:e5:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlO0HxuhwjnvTNQaHyKl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzMyM2I3NDMyYjdhZTZkZDZmOTFlNzkwZmUzY2FkNjI0N2I2ZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYykUBc+0WBxx/9PMl0Yen8rbpCP
NXgG/d3mz8r38qsHdq5ZJS/mjDZOOX9jhUbddyreDy8zfY9kUlSfyQm0gSLsIF/M
wx4j3BmaOzzvnEuDs2fV+AuxnCHPe/TvKszwl6+KWBjkgScw/NYebMSKhL7f6SfK
hwnHY50yzGkgJ+9UP3skEQUrhxeDMDNP/uqiSjFdcciHNMnHsjoLWT+7yRT94z42
ROEE/hEeKE0wZqS2Dw3zc9wku3g2T1YUc+JdEq+5HdGxZnZZOEEatIIcGQmBOv3M
hbOuJnBizOMUWI0M1BPGU9sHprJfoz5scDFcHbAnH0aclxEkUM+EZi7VOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMyO3Qyt65t1vkeeQ/jytYke21xMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvNHpJN2RESzNybTNXLVI1NUQtUEsxaVI3YlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubFOMA0G
CSqGSIb3DQEBCwUAA4IBAQCjtpDEdGlq7uxMTOB6NRpkZktEtAxb6FsmNfA5p7mo
SBMKGW1Xsky6oiWqvUHBtavVivUsX+JOAIrakNLPthLWPCFlid9i9C1nauS39lSi
7/usJFh/X3LdhbA2WcOVySmIU/MAOUlZEs/QslYijn6rqZxT6JLOICFzrrdRfuRw
om1Szeu/5l/w9H2A1PbVeEjxdtxGbkGEae4Ak83zSfSd4s5ooHOIY46z2z2+cT7s
S0aztRHP5vvC+Jywoolj8kkntaep40dhCyv1dQYiR4lqj1c5UTmdTEEe6YC+IxTD
rhKjp1RbjabL+CNGG3CWbp7oAmRPeWgMCIBcUAsze+VN
-----END CERTIFICATE-----