Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/e9c6a6-6bc6-41e2-80e9-bc9887a7b553/1/4zuCiQp4U7vE-dup7yihhaM5N2U.roa
File:                     4zuCiQp4U7vE-dup7yihhaM5N2U.roa (raw, json)
Hash identifier:          IGM4UWR5//ando11qb4o1p9ktvGzJe0VU9oVc7fQmoI=
Subject key identifier:   E3:3B:82:89:0A:78:53:BB:C4:F9:DB:A9:EF:28:A1:85:A3:39:37:65
Certificate issuer:       /CN=412add9455bc132b730e727051f0b64ba45fcda4
Certificate serial:       01929ECCAD36F9909E18E5213760B5A3FF58
Authority key identifier: 41:2A:DD:94:55:BC:13:2B:73:0E:72:70:51:F0:B6:4B:A4:5F:CD:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QSrdlFW8EytzDnJwUfC2S6RfzaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/e9c6a6-6bc6-41e2-80e9-bc9887a7b553/1/4zuCiQp4U7vE-dup7yihhaM5N2U.roa
Signing time:             Fri 18 Oct 2024 08:44:26 +0000
ROA not before:           Fri 18 Oct 2024 08:44:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59463
IP address blocks:        78.108.248.0/24 maxlen: 24
                          78.108.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/e9c6a6-6bc6-41e2-80e9-bc9887a7b553/1/QSrdlFW8EytzDnJwUfC2S6RfzaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/e9c6a6-6bc6-41e2-80e9-bc9887a7b553/1/QSrdlFW8EytzDnJwUfC2S6RfzaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QSrdlFW8EytzDnJwUfC2S6RfzaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9e:cc:ad:36:f9:90:9e:18:e5:21:37:60:b5:a3:ff:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=412add9455bc132b730e727051f0b64ba45fcda4
        Validity
            Not Before: Oct 18 08:44:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e33b82890a7853bbc4f9dba9ef28a185a3393765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1f:d1:65:77:c5:4d:b4:83:62:f3:41:0b:87:
                    55:76:f6:73:98:20:b5:8e:f7:33:1c:5f:88:48:cb:
                    e7:9e:8e:ed:bf:5d:be:ee:fc:52:14:04:17:53:54:
                    39:78:02:da:6b:3d:4b:1c:66:ad:a3:40:65:81:b5:
                    a0:85:3a:2c:7e:3a:26:86:b3:82:51:c4:44:8b:3a:
                    cb:e8:29:14:47:6a:06:0f:a5:e1:38:67:f4:88:fb:
                    2f:d6:50:d9:ad:7b:e6:5f:64:b3:4f:1a:4e:c6:69:
                    d6:e7:7f:17:8c:6f:68:73:f3:96:4e:00:f1:05:c7:
                    93:5d:fe:cb:de:62:43:10:d3:fc:27:ba:f1:50:32:
                    fd:61:01:49:9a:36:2a:4a:b7:16:5c:1b:71:3c:6f:
                    a3:11:70:c8:97:e4:8b:9b:9a:58:20:0f:ab:c6:f5:
                    f3:13:34:58:f1:ae:d9:50:b6:90:3b:f8:72:e1:be:
                    4f:5e:73:6a:38:d8:6d:86:4f:22:d3:fd:a2:70:7f:
                    b8:5a:4d:83:03:8b:57:11:8e:f3:2b:46:1c:cf:be:
                    78:66:fe:28:57:36:0d:6b:6d:26:f9:de:9d:c7:c3:
                    c7:9b:28:8c:b0:87:bd:c5:5b:30:c4:6c:54:14:0b:
                    86:a6:d2:9b:9b:90:53:c1:0a:fd:81:97:4f:74:d0:
                    b8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:3B:82:89:0A:78:53:BB:C4:F9:DB:A9:EF:28:A1:85:A3:39:37:65
            X509v3 Authority Key Identifier:
                keyid:41:2A:DD:94:55:BC:13:2B:73:0E:72:70:51:F0:B6:4B:A4:5F:CD:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QSrdlFW8EytzDnJwUfC2S6RfzaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e9c6a6-6bc6-41e2-80e9-bc9887a7b553/1/4zuCiQp4U7vE-dup7yihhaM5N2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e9c6a6-6bc6-41e2-80e9-bc9887a7b553/1/QSrdlFW8EytzDnJwUfC2S6RfzaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:89:3c:59:67:7d:99:18:4d:a7:45:4b:b6:63:97:93:df:38:
         5b:a6:62:45:ff:53:48:f0:65:77:be:dc:94:55:fa:78:fe:a2:
         b9:4c:ea:98:a7:eb:9e:b7:26:1a:28:e6:69:f2:f0:84:55:cf:
         61:80:f2:5c:e9:34:ee:2f:67:88:9c:08:cc:72:f3:f6:ac:8e:
         00:b8:fd:89:47:8c:40:bd:ec:c3:e2:0f:b1:b4:41:4d:d8:22:
         1c:e1:e8:0e:17:ed:ef:74:9f:1a:70:65:46:cc:18:99:e1:b8:
         72:d5:90:e9:d7:44:c1:9d:0a:8b:88:f4:36:69:80:dd:d5:16:
         c3:57:27:52:11:2e:9f:e4:e1:ad:08:c9:89:bb:8e:d7:99:b3:
         d6:39:0f:ba:66:b3:68:2f:b6:03:9a:17:6c:c8:6f:d3:8b:83:
         14:48:42:c4:00:56:c4:e8:f7:c3:ee:26:04:7f:97:66:6d:bf:
         5d:a4:11:72:81:4e:d6:94:8e:78:89:0e:6d:f1:b9:00:82:ac:
         d9:7f:eb:1a:5f:d1:6c:88:78:9c:e0:5c:9a:5b:c7:08:db:75:
         29:92:6a:99:f1:b0:a1:3f:51:01:c6:d3:17:33:7a:fb:39:03:
         4e:33:24:c6:fc:c3:35:bc:e1:3e:42:72:a7:58:a1:61:96:72:
         46:89:6a:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKezK02+ZCeGOUhN2C1o/9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMmFkZDk0NTViYzEzMmI3MzBlNzI3MDUxZjBiNjRiYTQ1
ZmNkYTQwHhcNMjQxMDE4MDg0NDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzNiODI4OTBhNzg1M2JiYzRmOWRiYTllZjI4YTE4NWEzMzkzNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApx/RZXfFTbSDYvNBC4dVdvZzmCC1
jvczHF+ISMvnno7tv12+7vxSFAQXU1Q5eALaaz1LHGato0BlgbWghTosfjomhrOC
UcREizrL6CkUR2oGD6XhOGf0iPsv1lDZrXvmX2SzTxpOxmnW538XjG9oc/OWTgDx
BceTXf7L3mJDENP8J7rxUDL9YQFJmjYqSrcWXBtxPG+jEXDIl+SLm5pYIA+rxvXz
EzRY8a7ZULaQO/hy4b5PXnNqONhthk8i0/2icH+4Wk2DA4tXEY7zK0Ycz754Zv4o
VzYNa20m+d6dx8PHmyiMsIe9xVswxGxUFAuGptKbm5BTwQr9gZdPdNC4YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOM7gokKeFO7xPnbqe8ooYWjOTdlMB8GA1UdIwQY
MBaAFEEq3ZRVvBMrcw5ycFHwtkukX82kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVNyZGxGVzhFeXR6RG5Kd1VmQzJTNlJmemFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9lOWM2YTYtNmJjNi00MWUyLTgwZTkt
YmM5ODg3YTdiNTUzLzEvNHp1Q2lRcDRVN3ZFLWR1cDd5aWhoYU01TjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9lOWM2YTYtNmJjNi00MWUyLTgwZTktYmM5ODg3YTdiNTUz
LzEvUVNyZGxGVzhFeXR6RG5Kd1VmQzJTNlJmemFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTmz4MA0G
CSqGSIb3DQEBCwUAA4IBAQAViTxZZ32ZGE2nRUu2Y5eT3zhbpmJF/1NI8GV3vtyU
Vfp4/qK5TOqYp+uetyYaKOZp8vCEVc9hgPJc6TTuL2eInAjMcvP2rI4AuP2JR4xA
vezD4g+xtEFN2CIc4egOF+3vdJ8acGVGzBiZ4bhy1ZDp10TBnQqLiPQ2aYDd1RbD
VydSES6f5OGtCMmJu47XmbPWOQ+6ZrNoL7YDmhdsyG/Ti4MUSELEAFbE6PfD7iYE
f5dmbb9dpBFygU7WlI54iQ5t8bkAgqzZf+saX9FsiHic4FyaW8cI23UpkmqZ8bCh
P1EBxtMXM3r7OQNOMyTG/MM1vOE+QnKnWKFhlnJGiWrA
-----END CERTIFICATE-----