Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/H-OFx25XnAimUbPDy-uFctsekWU.roa
File:                     H-OFx25XnAimUbPDy-uFctsekWU.roa (raw, json)
Hash identifier:          YshoyPMdWmuBxtMMTydRoYo3xHhf83dVUWlQxY+mDSU=
Subject key identifier:   1F:E3:85:C7:6E:57:9C:08:A6:51:B3:C3:CB:EB:85:72:DB:1E:91:65
Certificate issuer:       /CN=a6b789b32e16e9dd2f70513119dc77ea61ff1e09
Certificate serial:       018CC6B7BDEB4915F228FB84A9E252641581
Authority key identifier: A6:B7:89:B3:2E:16:E9:DD:2F:70:51:31:19:DC:77:EA:61:FF:1E:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/preJsy4W6d0vcFExGdx36mH_Hgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/H-OFx25XnAimUbPDy-uFctsekWU.roa
Signing time:             Mon 01 Jan 2024 20:29:39 +0000
ROA not before:           Mon 01 Jan 2024 20:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213159
IP address blocks:        147.78.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/preJsy4W6d0vcFExGdx36mH_Hgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/preJsy4W6d0vcFExGdx36mH_Hgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/preJsy4W6d0vcFExGdx36mH_Hgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:bd:eb:49:15:f2:28:fb:84:a9:e2:52:64:15:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6b789b32e16e9dd2f70513119dc77ea61ff1e09
        Validity
            Not Before: Jan  1 20:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fe385c76e579c08a651b3c3cbeb8572db1e9165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ed:86:33:b6:5e:30:2c:fa:19:4c:d0:24:21:
                    1a:e4:bb:f8:ec:54:0b:19:42:5a:ac:c0:74:70:b2:
                    a4:8d:bb:fe:6d:7e:2f:fe:62:54:dd:cc:88:3d:94:
                    93:fa:f3:6f:c7:af:23:be:61:06:da:9a:9e:a1:9b:
                    61:56:72:0d:46:f4:55:32:50:91:db:ef:cc:20:89:
                    ea:bb:33:99:e4:df:2d:d6:f6:96:cb:24:5f:14:8a:
                    e7:d3:cd:3f:cf:9d:1b:ac:cf:bc:27:4c:fd:64:5c:
                    31:6e:15:d1:5b:52:c9:19:c5:9c:24:76:9f:4e:c9:
                    d0:85:5c:1a:94:b7:30:33:e9:7e:a1:cd:9b:e6:89:
                    6a:f7:21:15:56:aa:3b:0f:93:e1:4a:40:0a:c5:3c:
                    45:6c:ac:b5:71:82:05:ef:b3:f5:6c:31:15:9f:be:
                    3f:ac:d7:cb:0b:94:fd:08:9c:35:cf:43:7a:76:bb:
                    03:92:f0:17:34:56:a1:f0:46:30:ef:60:14:1b:50:
                    74:57:05:94:22:92:2e:da:9f:32:d7:bc:8c:0a:98:
                    8f:79:1c:13:07:c7:ba:0c:83:43:8c:bb:d4:82:f7:
                    3a:3a:bb:4f:82:1e:57:74:87:24:fb:a8:4a:71:78:
                    26:0e:60:e6:9f:68:43:f8:56:d8:ce:20:28:4a:db:
                    07:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E3:85:C7:6E:57:9C:08:A6:51:B3:C3:CB:EB:85:72:DB:1E:91:65
            X509v3 Authority Key Identifier:
                keyid:A6:B7:89:B3:2E:16:E9:DD:2F:70:51:31:19:DC:77:EA:61:FF:1E:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/preJsy4W6d0vcFExGdx36mH_Hgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/H-OFx25XnAimUbPDy-uFctsekWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/preJsy4W6d0vcFExGdx36mH_Hgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:ba:3b:b3:ba:b4:77:05:33:29:d8:08:37:9c:76:54:96:1a:
         18:17:ab:27:34:55:47:00:1e:a7:7c:c9:83:fb:ca:b4:32:0c:
         67:45:98:36:c8:b2:3b:38:d6:d5:0c:82:eb:01:b7:84:58:b9:
         2c:c3:54:fa:e5:02:a9:db:39:b9:81:7d:b7:50:68:f4:95:c7:
         99:6a:ac:78:5f:f0:30:2c:ce:6d:8d:bf:8d:55:af:cc:a4:1b:
         17:e3:12:b8:c3:cc:3d:5d:ca:cf:e4:e7:0a:94:b8:2b:4c:a6:
         ac:c7:48:c7:46:88:55:42:8d:ff:47:ce:b9:1a:16:95:83:7a:
         23:5e:24:fd:29:49:57:df:37:e1:95:ca:0b:df:63:82:f6:e6:
         5f:a1:90:49:a9:74:2b:95:df:ef:1b:bc:4f:a5:0d:a2:20:63:
         96:1c:c8:f3:af:99:6f:36:0f:b7:09:b0:9a:78:97:8a:7a:be:
         ee:4e:b9:2a:94:32:eb:29:73:07:07:44:f2:fe:d5:6e:ca:59:
         b4:68:eb:3f:19:ab:68:48:2a:93:24:75:1c:4f:b6:c5:10:27:
         88:85:a5:fb:5e:d1:5e:a6:96:88:cf:3a:a0:f6:5d:83:38:bb:
         50:56:4c:3c:01:e2:29:ba:c6:34:06:fb:25:89:54:9d:d1:21:
         7b:d5:0a:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt73rSRXyKPuEqeJSZBWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Yjc4OWIzMmUxNmU5ZGQyZjcwNTEzMTE5ZGM3N2VhNjFm
ZjFlMDkwHhcNMjQwMTAxMjAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmUzODVjNzZlNTc5YzA4YTY1MWIzYzNjYmViODU3MmRiMWU5MTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+2GM7ZeMCz6GUzQJCEa5Lv47FQL
GUJarMB0cLKkjbv+bX4v/mJU3cyIPZST+vNvx68jvmEG2pqeoZthVnINRvRVMlCR
2+/MIInquzOZ5N8t1vaWyyRfFIrn080/z50brM+8J0z9ZFwxbhXRW1LJGcWcJHaf
TsnQhVwalLcwM+l+oc2b5olq9yEVVqo7D5PhSkAKxTxFbKy1cYIF77P1bDEVn74/
rNfLC5T9CJw1z0N6drsDkvAXNFah8EYw72AUG1B0VwWUIpIu2p8y17yMCpiPeRwT
B8e6DINDjLvUgvc6OrtPgh5XdIck+6hKcXgmDmDmn2hD+FbYziAoStsHhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/jhcduV5wIplGzw8vrhXLbHpFlMB8GA1UdIwQY
MBaAFKa3ibMuFundL3BRMRncd+ph/x4JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHJlSnN5NFc2ZDB2Y0ZFeEdkeDM2bUhfSGdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lNzY4YmQtZjUxMi00YjhhLTkzNmEt
MDZjOTI5NmYwOGEyLzEvSC1PRngyNVhuQWltVWJQRHktdUZjdHNla1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lNzY4YmQtZjUxMi00YjhhLTkzNmEtMDZjOTI5NmYwOGEy
LzEvcHJlSnN5NFc2ZDB2Y0ZFeEdkeDM2bUhfSGdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk053MA0G
CSqGSIb3DQEBCwUAA4IBAQAeujuzurR3BTMp2Ag3nHZUlhoYF6snNFVHAB6nfMmD
+8q0MgxnRZg2yLI7ONbVDILrAbeEWLksw1T65QKp2zm5gX23UGj0lceZaqx4X/Aw
LM5tjb+NVa/MpBsX4xK4w8w9XcrP5OcKlLgrTKasx0jHRohVQo3/R865GhaVg3oj
XiT9KUlX3zfhlcoL32OC9uZfoZBJqXQrld/vG7xPpQ2iIGOWHMjzr5lvNg+3CbCa
eJeKer7uTrkqlDLrKXMHB0Ty/tVuylm0aOs/GatoSCqTJHUcT7bFECeIhaX7XtFe
ppaIzzqg9l2DOLtQVkw8AeIpusY0BvsliVSd0SF71QrT
-----END CERTIFICATE-----