Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/Zerf8jqI1NRSmt_2sj_ElXtcQyY.roa
File:                     Zerf8jqI1NRSmt_2sj_ElXtcQyY.roa (raw, json)
Hash identifier:          gjumTC1lx9oqEgX0ZAHWSJIZWb+Es4VvnHoSzKC+C70=
Subject key identifier:   65:EA:DF:F2:3A:88:D4:D4:52:9A:DF:F6:B2:3F:C4:95:7B:5C:43:26
Certificate issuer:       /CN=d2075c84f529c87dd85fd4afea4e0934366af54a
Certificate serial:       018CCA2B9FAE22E4553BA906B8FDABC7133C
Authority key identifier: D2:07:5C:84:F5:29:C8:7D:D8:5F:D4:AF:EA:4E:09:34:36:6A:F5:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/Zerf8jqI1NRSmt_2sj_ElXtcQyY.roa
Signing time:             Tue 02 Jan 2024 12:35:05 +0000
ROA not before:           Tue 02 Jan 2024 12:35:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20751
IP address blocks:        78.40.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:9f:ae:22:e4:55:3b:a9:06:b8:fd:ab:c7:13:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2075c84f529c87dd85fd4afea4e0934366af54a
        Validity
            Not Before: Jan  2 12:35:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65eadff23a88d4d4529adff6b23fc4957b5c4326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:45:f3:83:06:7f:8a:c1:29:bf:86:fa:7f:6c:
                    8d:27:f3:78:ff:52:c9:1a:58:66:36:9f:c3:fd:88:
                    59:89:d8:04:a3:a7:a2:3e:76:91:5e:d3:4e:50:5b:
                    67:dd:3f:26:bb:64:3b:c3:e3:67:3b:af:99:2a:f8:
                    dc:e6:2a:66:6d:14:d2:96:eb:88:3f:c3:5c:d2:81:
                    48:28:60:94:e5:57:a8:52:c9:c5:f3:0a:82:b8:db:
                    25:5e:3c:fc:68:50:f0:a6:fd:3a:e9:2e:0e:b7:b2:
                    f7:74:93:49:79:b8:03:0b:16:b3:de:55:ae:40:81:
                    3a:bc:bd:d3:c2:d7:cf:35:73:9d:fb:dd:b1:7a:d8:
                    f5:6f:12:9c:0a:d1:b8:30:a4:5b:31:14:92:e5:b1:
                    6a:0c:2d:9c:80:3e:10:3d:da:dc:f4:b5:7a:51:f8:
                    4a:03:2d:0b:88:3f:95:fb:00:b1:2d:01:97:e0:64:
                    4d:77:64:94:a9:51:db:52:96:fe:fc:7b:73:49:7b:
                    b3:f3:59:41:d0:bf:05:fb:f8:d3:4f:a8:92:0b:2c:
                    bc:53:7a:e8:e6:c1:5d:e0:65:fe:23:4e:56:d6:9a:
                    8c:cc:b6:4d:91:c3:7d:9d:4b:fd:de:4b:fc:49:44:
                    89:c7:5a:05:86:b2:c9:93:93:9b:b6:2e:14:29:73:
                    d0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:EA:DF:F2:3A:88:D4:D4:52:9A:DF:F6:B2:3F:C4:95:7B:5C:43:26
            X509v3 Authority Key Identifier:
                keyid:D2:07:5C:84:F5:29:C8:7D:D8:5F:D4:AF:EA:4E:09:34:36:6A:F5:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/Zerf8jqI1NRSmt_2sj_ElXtcQyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:71:0e:b8:1c:f1:67:c2:1a:4e:dc:ce:f2:7a:fb:67:56:c1:
         0b:f4:73:4b:1a:75:1c:f1:91:1c:21:09:dc:c3:d8:8b:53:83:
         7b:06:08:0e:fa:8e:d6:ad:7f:53:f2:ae:e5:8a:b3:b5:eb:fa:
         e9:04:08:6a:48:5a:e8:49:0e:be:57:dd:83:dd:22:2f:8c:b8:
         07:99:c9:14:c6:ee:e0:33:a0:18:83:14:cc:36:a0:1b:dd:12:
         6a:3c:87:3b:19:b9:5a:84:be:d7:03:c2:c5:fc:1b:c7:60:8f:
         cf:f4:6f:6b:76:d1:13:ac:af:a9:1b:7b:a7:01:61:2c:e7:3f:
         4c:c6:a2:90:62:ed:52:a4:14:ca:b7:58:83:fc:ab:9d:f9:62:
         c6:d3:7b:5c:04:79:05:f1:3a:8e:bc:71:3c:0f:46:c9:7b:d3:
         ad:7a:71:dd:94:41:01:82:a7:47:5c:ad:3c:16:4f:20:06:a5:
         e4:e5:d6:7a:6f:43:9b:2b:2b:64:5f:85:6f:8b:07:e4:08:bc:
         71:c0:76:de:4d:f3:d0:9b:45:d1:74:22:40:8f:ca:69:89:d8:
         1b:9a:9a:1e:4b:ed:49:75:b5:92:50:cd:ac:1a:52:4c:9a:a4:
         e5:4d:14:aa:da:32:03:a4:9e:06:46:34:7d:1f:2f:ee:12:33:
         ae:8f:57:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK5+uIuRVO6kGuP2rxxM8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMDc1Yzg0ZjUyOWM4N2RkODVmZDRhZmVhNGUwOTM0MzY2
YWY1NGEwHhcNMjQwMTAyMTIzNTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWVhZGZmMjNhODhkNGQ0NTI5YWRmZjZiMjNmYzQ5NTdiNWM0MzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikXzgwZ/isEpv4b6f2yNJ/N4/1LJ
GlhmNp/D/YhZidgEo6eiPnaRXtNOUFtn3T8mu2Q7w+NnO6+ZKvjc5ipmbRTSluuI
P8Nc0oFIKGCU5VeoUsnF8wqCuNslXjz8aFDwpv066S4Ot7L3dJNJebgDCxaz3lWu
QIE6vL3TwtfPNXOd+92xetj1bxKcCtG4MKRbMRSS5bFqDC2cgD4QPdrc9LV6UfhK
Ay0LiD+V+wCxLQGX4GRNd2SUqVHbUpb+/HtzSXuz81lB0L8F+/jTT6iSCyy8U3ro
5sFd4GX+I05W1pqMzLZNkcN9nUv93kv8SUSJx1oFhrLJk5Obti4UKXPQHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXq3/I6iNTUUprf9rI/xJV7XEMmMB8GA1UdIwQY
MBaAFNIHXIT1Kch92F/Ur+pOCTQ2avVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGdkY2hQVXB5SDNZWDlTdjZrNEpORFpxOVVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9lZWZhNzItOGY0Yy00ODZjLWIwMTkt
YjRlYWEwNTYxZmM3LzEvWmVyZjhqcUkxTlJTbXRfMnNqX0VsWHRjUXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9lZWZhNzItOGY0Yy00ODZjLWIwMTktYjRlYWEwNTYxZmM3
LzEvMGdkY2hQVXB5SDNZWDlTdjZrNEpORFpxOVVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATijVMA0G
CSqGSIb3DQEBCwUAA4IBAQAlcQ64HPFnwhpO3M7yevtnVsEL9HNLGnUc8ZEcIQnc
w9iLU4N7BggO+o7WrX9T8q7lirO16/rpBAhqSFroSQ6+V92D3SIvjLgHmckUxu7g
M6AYgxTMNqAb3RJqPIc7GblahL7XA8LF/BvHYI/P9G9rdtETrK+pG3unAWEs5z9M
xqKQYu1SpBTKt1iD/Kud+WLG03tcBHkF8TqOvHE8D0bJe9OtenHdlEEBgqdHXK08
Fk8gBqXk5dZ6b0ObKytkX4VviwfkCLxxwHbeTfPQm0XRdCJAj8ppidgbmpoeS+1J
dbWSUM2sGlJMmqTlTRSq2jIDpJ4GRjR9Hy/uEjOuj1dG
-----END CERTIFICATE-----