Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/78owjVfiJyP9pnQNwShVw7ci-4c.roa
File:                     78owjVfiJyP9pnQNwShVw7ci-4c.roa (raw, json)
Hash identifier:          811WSRtZpE3ZDgZnY6VYV/sZ5n7y34VWQdXyob1X25g=
Subject key identifier:   EF:CA:30:8D:57:E2:27:23:FD:A6:74:0D:C1:28:55:C3:B7:22:FB:87
Certificate issuer:       /CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Certificate serial:       018CC5009D6462E4F4E736DF459B0A5B376A
Authority key identifier: DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/78owjVfiJyP9pnQNwShVw7ci-4c.roa
Signing time:             Mon 01 Jan 2024 12:30:00 +0000
ROA not before:           Mon 01 Jan 2024 12:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42019
IP address blocks:        178.252.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9d:64:62:e4:f4:e7:36:df:45:9b:0a:5b:37:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
        Validity
            Not Before: Jan  1 12:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efca308d57e22723fda6740dc12855c3b722fb87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d8:1f:34:8b:66:63:34:29:1f:5c:6d:eb:89:
                    63:b7:a5:7e:f9:67:26:eb:c2:fb:11:b0:68:ea:52:
                    25:a5:95:93:75:28:a0:d3:c7:ba:50:3c:a6:a7:06:
                    0a:03:8c:bb:ec:61:1a:ec:a4:36:36:fb:14:30:d7:
                    63:04:a1:43:5a:cb:64:2b:d1:e1:e7:e8:64:5c:e3:
                    3b:1a:60:ae:db:15:29:51:36:b8:17:69:29:3f:23:
                    e8:b0:d0:bd:9e:9d:1c:ba:de:19:24:40:ef:46:4c:
                    2b:f7:b8:ef:c9:af:0e:b5:47:26:51:e4:62:d3:75:
                    0d:e2:ad:09:a8:20:ca:1b:34:98:cf:74:31:55:74:
                    ce:25:c7:81:db:4f:8a:0c:b7:ae:9c:8e:66:34:df:
                    f4:7c:4e:96:e4:ef:e0:60:e1:44:ac:fb:05:03:6e:
                    ac:0c:77:8d:b8:d8:54:d3:87:59:58:92:c5:da:18:
                    7a:b3:64:cc:a6:e0:0b:6f:69:50:93:d9:81:a0:e8:
                    da:e0:f7:b8:d7:38:71:ae:14:26:18:59:83:bf:05:
                    c0:8e:6d:da:4c:de:8c:db:09:ac:24:a4:53:73:e3:
                    12:d4:9d:0d:fc:f6:de:c3:16:7e:1a:3d:5f:46:c5:
                    07:ab:dd:35:e4:dd:57:d7:40:c8:64:21:bf:46:59:
                    34:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:CA:30:8D:57:E2:27:23:FD:A6:74:0D:C1:28:55:C3:B7:22:FB:87
            X509v3 Authority Key Identifier:
                keyid:DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/78owjVfiJyP9pnQNwShVw7ci-4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.252.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:31:8c:27:19:41:6f:09:e5:26:78:73:ed:d9:13:03:03:cd:
         cf:b8:34:c2:51:24:f7:d4:e8:7a:e7:95:75:ee:91:22:cf:81:
         a5:10:ed:61:83:ef:a3:45:ad:e7:fb:84:63:85:cd:93:85:51:
         1a:54:5c:13:5a:86:af:dd:d1:08:f0:8a:19:36:dd:27:11:f2:
         f3:84:e8:9c:38:02:16:ca:11:1d:38:b3:09:65:d7:74:b8:01:
         be:e0:b8:09:1a:33:67:fe:b0:f4:17:e6:af:a1:77:16:72:ab:
         54:6d:22:c8:1f:93:5e:f9:d7:16:8e:af:97:a8:c1:d8:06:c6:
         e5:93:b2:90:8c:ae:1e:76:e4:90:2f:56:47:99:25:55:81:00:
         18:95:22:c0:0f:eb:64:87:0d:3b:0b:f3:c2:59:9f:66:09:da:
         84:36:a2:68:01:e1:8a:ac:d5:f2:50:92:5b:0c:b9:a7:0b:59:
         e6:c4:c7:c0:67:74:91:a2:f8:77:32:50:42:9c:c5:cb:f3:8e:
         da:cb:94:a6:57:9e:1d:ea:fe:1b:03:6e:8f:dd:2b:81:aa:40:
         85:ad:16:a3:75:8f:1b:42:f1:e8:10:c4:ee:19:60:7a:2b:0a:
         ad:96:da:8b:90:48:ea:aa:54:a9:67:d5:43:fc:18:56:64:13:
         21:c2:a4:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJ1kYuT05zbfRZsKWzdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmI2NDVmMTM0ZjRmZGFkYTQ1ZTcwYmNmY2Q5M2I4OTdk
YmQ3MjUwHhcNMjQwMTAxMTIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmNhMzA4ZDU3ZTIyNzIzZmRhNjc0MGRjMTI4NTVjM2I3MjJmYjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitgfNItmYzQpH1xt64ljt6V++Wcm
68L7EbBo6lIlpZWTdSig08e6UDympwYKA4y77GEa7KQ2NvsUMNdjBKFDWstkK9Hh
5+hkXOM7GmCu2xUpUTa4F2kpPyPosNC9np0cut4ZJEDvRkwr97jvya8OtUcmUeRi
03UN4q0JqCDKGzSYz3QxVXTOJceB20+KDLeunI5mNN/0fE6W5O/gYOFErPsFA26s
DHeNuNhU04dZWJLF2hh6s2TMpuALb2lQk9mBoOja4Pe41zhxrhQmGFmDvwXAjm3a
TN6M2wmsJKRTc+MS1J0N/PbewxZ+Gj1fRsUHq9015N1X10DIZCG/Rlk0GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/KMI1X4icj/aZ0DcEoVcO3IvuHMB8GA1UdIwQY
MBaAFNr7ZF8TT0/a2kXnC8/Nk7iX29clMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2Et
NmJhMGEwY2UwMWVkLzEvNzhvd2pWZmlKeVA5cG5RTndTaFZ3N2NpLTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2EtNmJhMGEwY2UwMWVk
LzEvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvyWMA0G
CSqGSIb3DQEBCwUAA4IBAQBTMYwnGUFvCeUmeHPt2RMDA83PuDTCUST31Oh655V1
7pEiz4GlEO1hg++jRa3n+4Rjhc2ThVEaVFwTWoav3dEI8IoZNt0nEfLzhOicOAIW
yhEdOLMJZdd0uAG+4LgJGjNn/rD0F+avoXcWcqtUbSLIH5Ne+dcWjq+XqMHYBsbl
k7KQjK4eduSQL1ZHmSVVgQAYlSLAD+tkhw07C/PCWZ9mCdqENqJoAeGKrNXyUJJb
DLmnC1nmxMfAZ3SRovh3MlBCnMXL847ay5SmV54d6v4bA26P3SuBqkCFrRajdY8b
QvHoEMTuGWB6KwqtltqLkEjqqlSpZ9VD/BhWZBMhwqQx
-----END CERTIFICATE-----