Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/q9F8f5mzihRTn0pXDQ1vnVOinqs.roa
File:                     q9F8f5mzihRTn0pXDQ1vnVOinqs.roa (raw, json)
Hash identifier:          c6KVCMuU9JHqPQRxOyhTJmoXBOxnWlHyWVy3KygEwug=
Subject key identifier:   AB:D1:7C:7F:99:B3:8A:14:53:9F:4A:57:0D:0D:6F:9D:53:A2:9E:AB
Certificate issuer:       /CN=d2075c84f529c87dd85fd4afea4e0934366af54a
Certificate serial:       018D5AA947BFC15BFEF87BFE94D77BD5F76A
Authority key identifier: D2:07:5C:84:F5:29:C8:7D:D8:5F:D4:AF:EA:4E:09:34:36:6A:F5:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/q9F8f5mzihRTn0pXDQ1vnVOinqs.roa
Signing time:             Tue 30 Jan 2024 13:57:39 +0000
ROA not before:           Tue 30 Jan 2024 13:57:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31239
IP address blocks:        78.40.212.0/24 maxlen: 24
                          89.31.128.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5a:a9:47:bf:c1:5b:fe:f8:7b:fe:94:d7:7b:d5:f7:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2075c84f529c87dd85fd4afea4e0934366af54a
        Validity
            Not Before: Jan 30 13:57:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abd17c7f99b38a14539f4a570d0d6f9d53a29eab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cd:00:47:f0:d1:a3:b9:60:8f:01:a7:32:a2:
                    d0:27:4e:70:59:2d:20:51:90:f2:ae:40:1d:03:28:
                    80:fb:14:c2:c5:b3:a5:8b:ef:e8:39:c0:04:1e:bb:
                    a5:b2:86:f7:6e:32:1f:8e:a0:1b:51:5e:31:2e:22:
                    a0:2d:c7:d5:43:ab:d1:52:32:8b:03:c3:bf:f2:dd:
                    29:d4:7a:a0:ff:04:ad:e7:52:18:7d:0c:48:70:6e:
                    8c:31:0a:d6:56:3a:73:e3:dd:77:d8:44:02:66:98:
                    b4:9d:ea:03:3e:5d:43:36:8e:a2:ae:b1:98:64:1e:
                    ea:ec:3a:b8:2b:a2:2c:26:48:5d:db:c2:25:dc:3f:
                    61:f9:68:f8:24:28:83:54:fa:34:9d:ab:e7:a8:27:
                    49:b2:7c:e8:90:45:74:17:96:ff:3a:fc:b3:8d:b6:
                    8b:1f:f7:75:32:73:2a:bd:d8:5c:3a:fc:27:18:3b:
                    3c:93:61:47:86:87:c2:46:b0:95:a7:58:e0:a2:9c:
                    cf:f2:73:a0:dd:1a:26:7c:26:13:54:ce:b4:ef:28:
                    0c:df:24:f1:9d:f8:e5:0a:bb:c2:8f:8f:55:4e:b0:
                    8c:6a:49:3d:e1:76:0e:39:ad:5d:3f:44:c1:eb:c7:
                    e8:b1:ef:83:93:d4:ac:36:0a:2e:aa:d6:ae:01:e7:
                    22:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D1:7C:7F:99:B3:8A:14:53:9F:4A:57:0D:0D:6F:9D:53:A2:9E:AB
            X509v3 Authority Key Identifier:
                keyid:D2:07:5C:84:F5:29:C8:7D:D8:5F:D4:AF:EA:4E:09:34:36:6A:F5:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/q9F8f5mzihRTn0pXDQ1vnVOinqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/eefa72-8f4c-486c-b019-b4eaa0561fc7/1/0gdchPUpyH3YX9Sv6k4JNDZq9Uo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.212.0/24
                  89.31.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:e9:8d:59:4b:67:8c:c4:fe:1f:b7:6b:af:d2:03:79:b9:4e:
         3f:3f:ac:03:0a:f4:77:0e:89:93:8f:24:96:ad:80:51:54:14:
         ec:64:c5:98:4d:70:f0:aa:d7:8a:ba:d1:22:5d:17:16:ad:ca:
         12:7e:6b:31:e6:6a:24:3c:ab:66:30:e7:d1:d1:77:fc:fe:26:
         4c:96:d7:48:03:c2:8e:da:0a:73:2d:3d:2f:df:15:ee:c4:68:
         55:39:35:d9:e3:a4:c0:f4:a7:90:e9:e7:9f:8d:92:db:a1:79:
         72:3f:c4:34:ed:e9:1a:76:c9:9e:06:53:13:09:dc:4e:43:bd:
         4c:f0:4d:3f:66:11:26:3c:67:59:32:e9:c4:d0:35:ac:49:ff:
         bb:df:94:de:fc:3f:93:fc:4a:b6:3d:49:b1:b9:34:14:c5:41:
         a2:1f:b0:00:09:1f:c7:81:53:71:6a:87:65:aa:92:35:82:58:
         ab:26:69:fe:dd:b9:57:b9:d4:11:a7:ce:66:d7:51:8d:43:ed:
         67:22:46:5c:f8:3a:64:21:1e:d8:87:90:e0:a2:34:a9:72:e6:
         9d:cb:9e:75:b9:8d:b1:26:af:c1:88:ea:5d:27:66:e1:d5:f1:
         c4:65:ed:44:3c:ea:3d:00:27:00:f5:9a:f3:03:dd:5e:4d:22:
         cb:07:ba:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1aqUe/wVv++Hv+lNd71fdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMDc1Yzg0ZjUyOWM4N2RkODVmZDRhZmVhNGUwOTM0MzY2
YWY1NGEwHhcNMjQwMTMwMTM1NzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQxN2M3Zjk5YjM4YTE0NTM5ZjRhNTcwZDBkNmY5ZDUzYTI5ZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx80AR/DRo7lgjwGnMqLQJ05wWS0g
UZDyrkAdAyiA+xTCxbOli+/oOcAEHrulsob3bjIfjqAbUV4xLiKgLcfVQ6vRUjKL
A8O/8t0p1Hqg/wSt51IYfQxIcG6MMQrWVjpz49132EQCZpi0neoDPl1DNo6irrGY
ZB7q7Dq4K6IsJkhd28Il3D9h+Wj4JCiDVPo0navnqCdJsnzokEV0F5b/OvyzjbaL
H/d1MnMqvdhcOvwnGDs8k2FHhofCRrCVp1jgopzP8nOg3RomfCYTVM607ygM3yTx
nfjlCrvCj49VTrCMakk94XYOOa1dP0TB68fose+Dk9SsNgouqtauAeciEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKvRfH+Zs4oUU59KVw0Nb51Top6rMB8GA1UdIwQY
MBaAFNIHXIT1Kch92F/Ur+pOCTQ2avVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGdkY2hQVXB5SDNZWDlTdjZrNEpORFpxOVVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9lZWZhNzItOGY0Yy00ODZjLWIwMTkt
YjRlYWEwNTYxZmM3LzEvcTlGOGY1bXppaFJUbjBwWERRMXZuVk9pbnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9lZWZhNzItOGY0Yy00ODZjLWIwMTktYjRlYWEwNTYxZmM3
LzEvMGdkY2hQVXB5SDNZWDlTdjZrNEpORFpxOVVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATijUAwQD
WR+AMA0GCSqGSIb3DQEBCwUAA4IBAQBW6Y1ZS2eMxP4ft2uv0gN5uU4/P6wDCvR3
DomTjySWrYBRVBTsZMWYTXDwqteKutEiXRcWrcoSfmsx5mokPKtmMOfR0Xf8/iZM
ltdIA8KO2gpzLT0v3xXuxGhVOTXZ46TA9KeQ6eefjZLboXlyP8Q07ekadsmeBlMT
CdxOQ71M8E0/ZhEmPGdZMunE0DWsSf+735Te/D+T/Eq2PUmxuTQUxUGiH7AACR/H
gVNxaodlqpI1glirJmn+3blXudQRp85m11GNQ+1nIkZc+DpkIR7Yh5DgojSpcuad
y551uY2xJq/BiOpdJ2bh1fHEZe1EPOo9ACcA9ZrzA91eTSLLB7oj
-----END CERTIFICATE-----