Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/A_ZWXFS7hnva8o0uCHwWMp9dsNo.roa
File:                     A_ZWXFS7hnva8o0uCHwWMp9dsNo.roa (raw, json)
Hash identifier:          HLyp1enyS+az7jH4yxniLoyPOKwY0AONts1jSFEt290=
Subject key identifier:   03:F6:56:5C:54:BB:86:7B:DA:F2:8D:2E:08:7C:16:32:9F:5D:B0:DA
Certificate issuer:       /CN=535ef40faf483433b3e33698e4d1ee95f3c94bec
Certificate serial:       018CC56ECD4C3869875036ECB63013775403
Authority key identifier: 53:5E:F4:0F:AF:48:34:33:B3:E3:36:98:E4:D1:EE:95:F3:C9:4B:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U170D69INDOz4zaY5NHulfPJS-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/A_ZWXFS7hnva8o0uCHwWMp9dsNo.roa
Signing time:             Mon 01 Jan 2024 14:30:22 +0000
ROA not before:           Mon 01 Jan 2024 14:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209966
IP address blocks:        78.41.55.0/24 maxlen: 24
                          78.41.52.0/24 maxlen: 24
                          78.41.54.0/24 maxlen: 24
                          78.41.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/U170D69INDOz4zaY5NHulfPJS-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/U170D69INDOz4zaY5NHulfPJS-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U170D69INDOz4zaY5NHulfPJS-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:cd:4c:38:69:87:50:36:ec:b6:30:13:77:54:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=535ef40faf483433b3e33698e4d1ee95f3c94bec
        Validity
            Not Before: Jan  1 14:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03f6565c54bb867bdaf28d2e087c16329f5db0da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:42:c1:76:ba:1c:a0:b2:ed:71:ba:ec:7a:a9:
                    4f:70:a9:d6:b3:0f:10:00:3b:af:8d:3c:3a:c0:9d:
                    c6:ec:0b:f6:d0:54:ea:97:59:a2:c3:fb:a7:29:4e:
                    7c:1e:7d:06:f5:a7:88:48:30:17:6d:d3:d8:e7:07:
                    32:07:b3:50:4d:6c:76:2c:2e:1c:57:f9:79:51:9c:
                    be:d1:fc:48:b2:05:86:95:d2:8e:e6:c9:61:b5:1a:
                    64:9c:b6:51:3b:1a:e6:45:62:9a:35:2b:7b:aa:6a:
                    60:cb:ba:00:8b:e1:11:a6:9d:da:fd:7a:d2:84:a0:
                    59:ca:45:4a:d7:81:80:37:e7:8c:0a:90:66:6a:96:
                    d2:60:66:d5:25:82:5d:45:57:15:55:4f:33:18:d7:
                    cb:b2:46:53:ef:c4:d4:1e:20:f9:39:ff:2e:88:32:
                    8d:b5:43:35:f1:d0:fd:36:56:ab:ec:ee:4a:e0:43:
                    65:50:cf:23:02:f8:5f:47:cc:7d:36:b8:dc:df:49:
                    7f:38:5c:04:e8:75:2c:65:13:d2:15:28:25:26:84:
                    1a:21:06:2c:14:4a:cd:ff:83:af:0d:29:8a:2e:ac:
                    60:58:25:9e:f8:7a:0a:58:47:60:16:34:2b:79:54:
                    d6:0a:a1:92:29:a8:dd:1d:d1:96:8a:56:2b:a3:f7:
                    91:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:F6:56:5C:54:BB:86:7B:DA:F2:8D:2E:08:7C:16:32:9F:5D:B0:DA
            X509v3 Authority Key Identifier:
                keyid:53:5E:F4:0F:AF:48:34:33:B3:E3:36:98:E4:D1:EE:95:F3:C9:4B:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U170D69INDOz4zaY5NHulfPJS-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/A_ZWXFS7hnva8o0uCHwWMp9dsNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/U170D69INDOz4zaY5NHulfPJS-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:a3:29:aa:47:a8:a9:57:cc:3f:cb:01:cf:0f:10:47:1d:a5:
         b6:94:4b:c6:d6:c0:9e:51:91:61:30:07:6a:c8:6c:8d:59:30:
         c8:c2:36:49:03:90:6d:19:90:d3:d4:b2:91:c0:44:95:11:23:
         cc:05:29:e6:b5:7b:5c:bf:8b:d2:61:b5:b8:32:e2:40:fe:a0:
         45:5c:d7:f2:cf:cd:98:44:d4:a7:02:5f:5a:a3:86:e6:83:71:
         bd:8e:bf:51:41:61:9a:c2:96:8e:6f:be:f1:5f:f9:38:61:cd:
         31:a8:63:de:c9:7f:7e:af:f3:7a:f6:46:ee:4d:51:37:5e:45:
         84:40:67:42:36:34:73:c4:df:ae:cd:ba:6c:86:da:92:c7:02:
         d3:98:94:f4:1e:28:22:b8:3b:10:49:4d:76:19:1d:70:a6:df:
         8d:b9:ba:dc:d6:22:4d:ca:0c:fd:41:35:69:ac:38:6d:eb:bd:
         ae:c5:e2:a0:2f:10:73:7c:cc:64:ea:d4:73:18:21:79:75:75:
         c4:49:19:d5:fa:07:03:8f:22:9e:8f:ec:4f:eb:ff:80:f3:c7:
         1b:99:02:c9:24:96:18:d4:12:b1:30:9b:c5:9f:5f:d3:80:38:
         90:4b:3a:a8:9a:7d:62:d7:35:1e:3a:dc:ae:d6:d4:17:a6:e5:
         db:07:56:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbs1MOGmHUDbstjATd1QDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNWVmNDBmYWY0ODM0MzNiM2UzMzY5OGU0ZDFlZTk1ZjNj
OTRiZWMwHhcNMjQwMTAxMTQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Y2NTY1YzU0YmI4NjdiZGFmMjhkMmUwODdjMTYzMjlmNWRiMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ULBdrocoLLtcbrseqlPcKnWsw8Q
ADuvjTw6wJ3G7Av20FTql1miw/unKU58Hn0G9aeISDAXbdPY5wcyB7NQTWx2LC4c
V/l5UZy+0fxIsgWGldKO5slhtRpknLZROxrmRWKaNSt7qmpgy7oAi+ERpp3a/XrS
hKBZykVK14GAN+eMCpBmapbSYGbVJYJdRVcVVU8zGNfLskZT78TUHiD5Of8uiDKN
tUM18dD9Nlar7O5K4ENlUM8jAvhfR8x9Nrjc30l/OFwE6HUsZRPSFSglJoQaIQYs
FErN/4OvDSmKLqxgWCWe+HoKWEdgFjQreVTWCqGSKajdHdGWilYro/eRTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAP2VlxUu4Z72vKNLgh8FjKfXbDaMB8GA1UdIwQY
MBaAFFNe9A+vSDQzs+M2mOTR7pXzyUvsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTE3MEQ2OUlORE96NHphWTVOSHVsZlBKUy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy83N2E5ZjEtZjFmYi00ODVmLTkyM2Yt
N2MzNzg5NDA1YmQ2LzEvQV9aV1hGUzdobnZhOG8wdUNId1dNcDlkc05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy83N2E5ZjEtZjFmYi00ODVmLTkyM2YtN2MzNzg5NDA1YmQ2
LzEvVTE3MEQ2OUlORE96NHphWTVOSHVsZlBKUy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTik0MA0G
CSqGSIb3DQEBCwUAA4IBAQDAoymqR6ipV8w/ywHPDxBHHaW2lEvG1sCeUZFhMAdq
yGyNWTDIwjZJA5BtGZDT1LKRwESVESPMBSnmtXtcv4vSYbW4MuJA/qBFXNfyz82Y
RNSnAl9ao4bmg3G9jr9RQWGawpaOb77xX/k4Yc0xqGPeyX9+r/N69kbuTVE3XkWE
QGdCNjRzxN+uzbpshtqSxwLTmJT0HigiuDsQSU12GR1wpt+Nubrc1iJNygz9QTVp
rDht672uxeKgLxBzfMxk6tRzGCF5dXXESRnV+gcDjyKej+xP6/+A88cbmQLJJJYY
1BKxMJvFn1/TgDiQSzqomn1i1zUeOtyu1tQXpuXbB1Zf
-----END CERTIFICATE-----