Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/zOk6aYMYiG0VDPAylfmxYPtXRTs.roa
File:                     zOk6aYMYiG0VDPAylfmxYPtXRTs.roa (raw, json)
Hash identifier:          IpNQg/uWlNcTPzqOAO4whIYbvQEOIYEH6wLg494joj8=
Subject key identifier:   CC:E9:3A:69:83:18:88:6D:15:0C:F0:32:95:F9:B1:60:FB:57:45:3B
Certificate issuer:       /CN=509bc63e68c90932b4fc28997fc3bf78de3b3743
Certificate serial:       018CC5006A938FAD0F455D9C515E327BF0BA
Authority key identifier: 50:9B:C6:3E:68:C9:09:32:B4:FC:28:99:7F:C3:BF:78:DE:3B:37:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/zOk6aYMYiG0VDPAylfmxYPtXRTs.roa
Signing time:             Mon 01 Jan 2024 12:29:47 +0000
ROA not before:           Mon 01 Jan 2024 12:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198065
IP address blocks:        185.164.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:6a:93:8f:ad:0f:45:5d:9c:51:5e:32:7b:f0:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509bc63e68c90932b4fc28997fc3bf78de3b3743
        Validity
            Not Before: Jan  1 12:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cce93a698318886d150cf03295f9b160fb57453b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e3:87:01:45:67:dc:2f:1e:fc:dd:bd:c6:b3:
                    2b:97:17:33:17:11:f7:61:36:23:8f:c5:4e:7a:11:
                    66:aa:2f:89:f6:68:6a:da:04:75:55:33:02:d3:3b:
                    7e:2b:27:4f:7c:e7:84:c6:76:d5:6b:5d:11:7b:ab:
                    2f:5a:85:32:d2:d7:14:a8:1b:4d:db:c7:b3:a7:ee:
                    ad:bd:24:c9:71:1a:80:5e:cd:ba:87:ab:49:19:ea:
                    79:26:9c:1d:82:e7:04:d0:eb:67:0c:fb:99:8a:4d:
                    2e:aa:08:5a:4d:62:09:af:0d:96:c8:6e:3f:e3:00:
                    ac:ea:d6:59:ac:38:5c:b0:fd:3c:63:28:ba:03:58:
                    75:e0:e8:ee:b4:e0:7e:66:7c:8f:f9:1a:0c:55:98:
                    51:59:41:a5:a2:be:13:3a:d2:e9:1b:70:3e:6e:f1:
                    dd:84:49:79:63:08:b0:56:81:6a:fd:fd:b6:94:01:
                    39:0c:a7:81:64:fa:e7:a7:85:7a:3f:3d:05:e9:47:
                    1e:86:92:99:4a:4d:d8:d2:11:ff:d6:55:f1:83:ca:
                    c2:dc:d3:70:8e:3d:ff:c0:35:c3:38:18:7e:09:17:
                    73:de:04:88:f3:98:20:54:ca:f1:5e:d6:66:0d:c7:
                    f1:23:9b:bd:52:d0:fc:b4:b7:50:87:cf:b5:7a:3a:
                    fd:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E9:3A:69:83:18:88:6D:15:0C:F0:32:95:F9:B1:60:FB:57:45:3B
            X509v3 Authority Key Identifier:
                keyid:50:9B:C6:3E:68:C9:09:32:B4:FC:28:99:7F:C3:BF:78:DE:3B:37:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/zOk6aYMYiG0VDPAylfmxYPtXRTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:7f:ac:86:36:fd:08:fd:2c:00:cd:92:f8:e2:b5:81:08:e1:
         ee:e0:77:5d:87:3e:d3:91:ab:5a:c2:3f:25:85:98:0a:b9:1c:
         54:5c:e0:47:98:8b:05:07:e1:e9:63:dc:04:00:df:f1:52:8e:
         62:7f:8e:e4:72:5f:5d:53:b2:2d:cd:9c:dd:01:4b:e6:19:bd:
         1d:a7:cd:17:b6:64:46:f4:ba:45:be:d0:3d:2d:81:36:8c:a6:
         87:2f:66:16:a6:ed:4b:d4:42:23:43:c5:aa:4d:26:14:16:82:
         f6:6c:b2:1d:d0:21:39:fc:75:c5:71:14:3c:1c:c6:e9:6d:56:
         2f:3d:94:69:8b:fc:59:2d:6f:96:9d:60:93:fd:2c:5b:ca:d6:
         3c:a2:e1:06:4f:eb:11:65:1a:98:05:61:1f:1f:9d:04:ed:ec:
         6c:89:0d:fd:2d:c5:e0:39:04:3b:5f:3b:71:2c:4d:ee:cc:57:
         78:2c:b5:73:de:1e:71:9a:7e:10:a0:d1:80:42:bd:d5:58:4e:
         44:67:87:74:d6:5d:ab:8d:1d:39:83:31:c5:c7:e3:cc:24:0f:
         fe:b2:c0:32:09:8b:f6:74:39:61:d3:87:a1:dd:70:08:92:5c:
         c9:86:30:bb:b4:77:d0:17:c4:9c:d5:32:5c:e8:26:9c:ef:ed:
         12:d4:a7:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAGqTj60PRV2cUV4ye/C6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWJjNjNlNjhjOTA5MzJiNGZjMjg5OTdmYzNiZjc4ZGUz
YjM3NDMwHhcNMjQwMTAxMTIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2U5M2E2OTgzMTg4ODZkMTUwY2YwMzI5NWY5YjE2MGZiNTc0NTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeOHAUVn3C8e/N29xrMrlxczFxH3
YTYjj8VOehFmqi+J9mhq2gR1VTMC0zt+KydPfOeExnbVa10Re6svWoUy0tcUqBtN
28ezp+6tvSTJcRqAXs26h6tJGep5JpwdgucE0OtnDPuZik0uqghaTWIJrw2WyG4/
4wCs6tZZrDhcsP08Yyi6A1h14OjutOB+ZnyP+RoMVZhRWUGlor4TOtLpG3A+bvHd
hEl5YwiwVoFq/f22lAE5DKeBZPrnp4V6Pz0F6UcehpKZSk3Y0hH/1lXxg8rC3NNw
jj3/wDXDOBh+CRdz3gSI85ggVMrxXtZmDcfxI5u9UtD8tLdQh8+1ejr9kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzpOmmDGIhtFQzwMpX5sWD7V0U7MB8GA1UdIwQY
MBaAFFCbxj5oyQkytPwomX/Dv3jeOzdDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUp2R1BtakpDVEswX0NpWmY4T19lTjQ3TjBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zNGM1YjItYjZlMy00YjIzLWE2MDkt
MTZlZDNjZDBjNzJhLzEvek9rNmFZTVlpRzBWRFBBeWxmbXhZUHRYUlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zNGM1YjItYjZlMy00YjIzLWE2MDktMTZlZDNjZDBjNzJh
LzEvVUp2R1BtakpDVEswX0NpWmY4T19lTjQ3TjBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaROMA0G
CSqGSIb3DQEBCwUAA4IBAQA7f6yGNv0I/SwAzZL44rWBCOHu4Hddhz7Tkatawj8l
hZgKuRxUXOBHmIsFB+HpY9wEAN/xUo5if47kcl9dU7ItzZzdAUvmGb0dp80XtmRG
9LpFvtA9LYE2jKaHL2YWpu1L1EIjQ8WqTSYUFoL2bLId0CE5/HXFcRQ8HMbpbVYv
PZRpi/xZLW+WnWCT/SxbytY8ouEGT+sRZRqYBWEfH50E7exsiQ39LcXgOQQ7Xztx
LE3uzFd4LLVz3h5xmn4QoNGAQr3VWE5EZ4d01l2rjR05gzHFx+PMJA/+ssAyCYv2
dDlh04eh3XAIklzJhjC7tHfQF8Sc1TJc6Cac7+0S1Kd7
-----END CERTIFICATE-----