Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/zAYA9SOz3dOuxniZ1Y8aRy-WRy8.roa
File:                     zAYA9SOz3dOuxniZ1Y8aRy-WRy8.roa (raw, json)
Hash identifier:          pBg1MmXR5VdvDfsyCqAG/3J0pVQ4K3fqw7YDoLvNbkw=
Subject key identifier:   CC:06:00:F5:23:B3:DD:D3:AE:C6:78:99:D5:8F:1A:47:2F:96:47:2F
Certificate issuer:       /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial:       018CC94DEA25156E3B5B119EEA2149958F53
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/zAYA9SOz3dOuxniZ1Y8aRy-WRy8.roa
Signing time:             Tue 02 Jan 2024 08:32:55 +0000
ROA not before:           Tue 02 Jan 2024 08:32:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48900
IP address blocks:        78.130.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ea:25:15:6e:3b:5b:11:9e:ea:21:49:95:8f:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
        Validity
            Not Before: Jan  2 08:32:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc0600f523b3ddd3aec67899d58f1a472f96472f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1f:4d:9c:87:e3:53:a6:86:46:78:d4:ff:e5:
                    2d:ce:5b:24:6d:9a:24:0e:7d:cd:a6:c4:85:da:a2:
                    1a:f8:2b:78:85:62:9a:82:8d:69:ac:a7:dc:89:33:
                    23:81:7c:30:be:48:d9:98:16:34:91:40:c2:a6:ae:
                    94:5c:77:78:ff:12:c1:b1:c8:18:f5:60:50:31:60:
                    f4:0f:39:50:76:72:93:4a:bf:f4:09:34:78:a5:75:
                    49:c8:07:8a:ea:5b:3f:63:00:a3:b4:b8:3f:92:c3:
                    53:06:e9:a5:e4:b5:4f:a3:8d:cb:af:0e:3c:39:36:
                    69:1a:7f:82:92:34:57:3a:a4:02:dd:f9:79:c1:66:
                    74:65:1a:a0:e7:c4:14:a4:6a:d1:28:01:1c:9d:26:
                    de:93:9a:88:11:b1:28:98:7a:59:93:50:10:aa:4b:
                    fc:50:9a:a0:be:2e:2b:cb:8c:01:b7:1d:fe:bf:92:
                    74:bd:b1:fd:51:3f:5a:64:2c:98:42:dc:5f:09:46:
                    9f:bc:81:f6:64:a9:ed:9e:6a:bb:8c:4e:d1:2e:d8:
                    78:fd:d8:fe:ab:b3:e3:07:70:76:5d:8f:b9:48:69:
                    26:7a:4d:86:55:fe:ea:f2:97:86:27:00:54:72:cd:
                    84:04:ff:5d:41:73:21:cb:be:30:bc:2f:ef:4c:30:
                    60:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:06:00:F5:23:B3:DD:D3:AE:C6:78:99:D5:8F:1A:47:2F:96:47:2F
            X509v3 Authority Key Identifier:
                keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/zAYA9SOz3dOuxniZ1Y8aRy-WRy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.130.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:0a:ff:e0:b1:bd:39:3f:2a:da:ab:e5:96:e8:fd:05:9c:38:
         63:c5:c1:01:b9:d6:a8:d1:81:db:68:c1:5e:c7:a4:62:97:e4:
         35:83:43:6e:07:f9:47:f8:7e:7a:f0:6d:f0:69:cd:3a:4a:3c:
         45:b8:f7:c9:67:e0:1b:66:50:34:37:49:20:a9:4f:44:6c:c3:
         7a:d0:a2:58:d5:de:ea:f1:92:d7:70:b8:89:49:41:cc:c4:99:
         cc:71:00:79:2f:7d:7a:93:ab:75:8b:c7:7d:28:13:ef:31:60:
         19:cf:00:a7:51:c7:67:c7:52:3f:ae:1c:95:26:49:13:66:0a:
         1b:36:a5:f1:32:34:54:0d:af:1d:32:28:9f:c8:8b:49:b9:4a:
         00:8e:6a:6a:d2:c4:40:6a:92:81:4b:82:da:99:4c:d1:5a:42:
         51:f1:db:65:b4:02:c7:16:8a:bc:5b:68:56:39:b8:61:40:b4:
         a2:3f:2f:d8:30:d3:12:fc:d1:5b:28:d0:67:b3:34:af:cd:b0:
         e0:fe:6d:6b:78:6b:42:36:3b:7a:6a:36:14:c9:20:94:00:69:
         b6:df:26:a3:7f:1e:cd:a2:d4:69:71:64:f7:6b:9c:02:49:ab:
         6d:3d:a0:56:67:09:59:10:6e:4a:15:4e:44:a8:c4:46:74:02:
         4f:d8:89:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTeolFW47WxGe6iFJlY9TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjQwMTAyMDgzMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzA2MDBmNTIzYjNkZGQzYWVjNjc4OTlkNThmMWE0NzJmOTY0NzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB9NnIfjU6aGRnjU/+UtzlskbZok
Dn3NpsSF2qIa+Ct4hWKago1prKfciTMjgXwwvkjZmBY0kUDCpq6UXHd4/xLBscgY
9WBQMWD0DzlQdnKTSr/0CTR4pXVJyAeK6ls/YwCjtLg/ksNTBuml5LVPo43Lrw48
OTZpGn+CkjRXOqQC3fl5wWZ0ZRqg58QUpGrRKAEcnSbek5qIEbEomHpZk1AQqkv8
UJqgvi4ry4wBtx3+v5J0vbH9UT9aZCyYQtxfCUafvIH2ZKntnmq7jE7RLth4/dj+
q7PjB3B2XY+5SGkmek2GVf7q8peGJwBUcs2EBP9dQXMhy74wvC/vTDBgkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwGAPUjs93TrsZ4mdWPGkcvlkcvMB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvekFZQTlTT3ozZE91eG5pWjFZOGFSeS1XUnk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToKAMA0G
CSqGSIb3DQEBCwUAA4IBAQA1Cv/gsb05Pyraq+WW6P0FnDhjxcEBudao0YHbaMFe
x6Ril+Q1g0NuB/lH+H568G3wac06SjxFuPfJZ+AbZlA0N0kgqU9EbMN60KJY1d7q
8ZLXcLiJSUHMxJnMcQB5L316k6t1i8d9KBPvMWAZzwCnUcdnx1I/rhyVJkkTZgob
NqXxMjRUDa8dMiifyItJuUoAjmpq0sRAapKBS4LamUzRWkJR8dtltALHFoq8W2hW
ObhhQLSiPy/YMNMS/NFbKNBnszSvzbDg/m1reGtCNjt6ajYUySCUAGm23yajfx7N
otRpcWT3a5wCSattPaBWZwlZEG5KFU5EqMRGdAJP2Ils
-----END CERTIFICATE-----