Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/J06zDjJpmF_NaVV1B1Eq7jUPcZs.roa
File:                     J06zDjJpmF_NaVV1B1Eq7jUPcZs.roa (raw, json)
Hash identifier:          bok9V8ZQB1aNOvqHOojkGQhNHa24+EkLU13Zp6IPXwU=
Subject key identifier:   27:4E:B3:0E:32:69:98:5F:CD:69:55:75:07:51:2A:EE:35:0F:71:9B
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018DB2110BC2F039F19E8E5391A896BF31F7
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/J06zDjJpmF_NaVV1B1Eq7jUPcZs.roa
Signing time:             Fri 16 Feb 2024 13:17:58 +0000
ROA not before:           Fri 16 Feb 2024 13:17:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200673
IP address blocks:        78.135.64.0/24 maxlen: 24
                          188.132.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:11:0b:c2:f0:39:f1:9e:8e:53:91:a8:96:bf:31:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Feb 16 13:17:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=274eb30e3269985fcd69557507512aee350f719b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:dd:6d:de:82:e1:97:ad:d1:e4:04:9b:21:df:
                    63:92:37:4d:92:a7:f7:49:f1:82:39:74:e0:2a:a0:
                    7b:ae:92:83:e4:e4:fd:c5:e6:c4:24:a3:f9:a6:a5:
                    df:7c:95:b5:52:6d:8d:06:b8:ca:39:c0:a9:0b:15:
                    95:51:5f:c1:c8:28:28:8a:f4:06:11:00:6d:ff:f0:
                    58:73:3c:2c:ef:90:a9:22:60:a1:97:d6:60:b1:4a:
                    56:c3:c4:bb:ed:e0:f3:96:72:ae:d6:dc:31:8a:9a:
                    77:a8:5d:ff:30:d5:ab:0a:3a:b7:bf:a8:2f:28:cd:
                    54:c2:54:07:3b:c5:1b:91:49:39:51:21:8c:76:f0:
                    7b:14:57:85:be:f8:93:9a:fe:34:66:ba:37:47:97:
                    aa:4f:8e:a7:82:6b:55:78:17:33:19:e1:8f:db:fb:
                    fb:fd:db:f8:1c:b8:ac:9a:09:8a:d0:23:81:b5:20:
                    f9:63:1c:f8:6a:c3:6c:2a:23:41:60:d4:dc:17:e3:
                    1b:68:50:9d:43:c7:bd:04:ec:fb:9b:12:af:94:f9:
                    16:a3:a4:f8:81:13:ee:c4:f0:99:24:ba:05:8d:60:
                    a1:ad:39:a9:06:45:a3:87:e7:88:7f:28:48:19:d7:
                    1d:96:ab:ea:c7:b0:40:ea:ed:a8:e4:e3:7d:5c:4d:
                    6c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:4E:B3:0E:32:69:98:5F:CD:69:55:75:07:51:2A:EE:35:0F:71:9B
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/J06zDjJpmF_NaVV1B1Eq7jUPcZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.64.0/24
                  188.132.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:84:d3:49:56:ef:5b:9d:12:53:68:b0:d1:87:fc:35:c6:2b:
         a3:b5:23:89:db:15:dd:b6:56:c2:37:15:6d:bf:84:4b:5b:5d:
         05:e9:16:4c:be:0b:dc:6c:0e:fc:1a:5c:99:ba:e2:f3:75:b5:
         ff:08:14:ec:dd:cf:b7:14:4c:59:3f:18:12:36:59:fd:77:51:
         7c:f3:32:48:ef:52:44:d0:fa:7c:f7:04:21:e1:5d:d1:64:c1:
         de:75:6a:99:11:6e:c2:a6:5c:24:7c:93:5e:e9:d5:cc:85:3a:
         4b:5a:42:6c:65:e4:a6:50:c3:ce:0c:c0:a6:49:e1:a5:94:f1:
         cf:f3:fd:51:50:69:f1:3d:4c:5c:9a:83:9f:b9:76:a8:53:a0:
         d0:bb:1f:73:23:b7:d1:9c:28:0a:21:dd:b6:45:e2:da:9d:47:
         ea:e1:5e:a3:38:8e:ff:f7:89:a0:91:16:0f:0b:40:91:43:5f:
         ca:72:1c:30:68:65:44:49:e5:3f:f2:0b:c2:cc:05:69:93:86:
         61:09:1f:47:a6:c5:b7:d7:8f:59:7c:72:de:ed:15:35:3c:0d:
         c8:b2:9a:74:9c:f9:f0:88:0b:c6:e4:d7:d0:73:82:97:e3:49:
         9f:91:45:14:0e:96:19:ff:fd:af:83:a1:e0:dd:f2:ef:ce:dd:
         67:8c:75:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2yEQvC8Dnxno5TkaiWvzH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMjE2MTMxNzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzRlYjMwZTMyNjk5ODVmY2Q2OTU1NzUwNzUxMmFlZTM1MGY3MTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgN1t3oLhl63R5ASbId9jkjdNkqf3
SfGCOXTgKqB7rpKD5OT9xebEJKP5pqXffJW1Um2NBrjKOcCpCxWVUV/ByCgoivQG
EQBt//BYczws75CpImChl9ZgsUpWw8S77eDzlnKu1twxipp3qF3/MNWrCjq3v6gv
KM1UwlQHO8UbkUk5USGMdvB7FFeFvviTmv40Zro3R5eqT46ngmtVeBczGeGP2/v7
/dv4HLismgmK0COBtSD5Yxz4asNsKiNBYNTcF+MbaFCdQ8e9BOz7mxKvlPkWo6T4
gRPuxPCZJLoFjWChrTmpBkWjh+eIfyhIGdcdlqvqx7BA6u2o5ON9XE1sswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCdOsw4yaZhfzWlVdQdRKu41D3GbMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvSjA2ekRqSnBtRl9OYVZWMUIxRXE3alVQY1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATodAAwQA
vITbMA0GCSqGSIb3DQEBCwUAA4IBAQBShNNJVu9bnRJTaLDRh/w1xiujtSOJ2xXd
tlbCNxVtv4RLW10F6RZMvgvcbA78GlyZuuLzdbX/CBTs3c+3FExZPxgSNln9d1F8
8zJI71JE0Pp89wQh4V3RZMHedWqZEW7CplwkfJNe6dXMhTpLWkJsZeSmUMPODMCm
SeGllPHP8/1RUGnxPUxcmoOfuXaoU6DQux9zI7fRnCgKId22ReLanUfq4V6jOI7/
94mgkRYPC0CRQ1/KchwwaGVESeU/8gvCzAVpk4ZhCR9HpsW3149ZfHLe7RU1PA3I
spp0nPnwiAvG5NfQc4KX40mfkUUUDpYZ//2vg6Hg3fLvzt1njHUM
-----END CERTIFICATE-----