Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/8PSnTlr4ybxA_uPmcxh-xuWDIlE.roa
File:                     8PSnTlr4ybxA_uPmcxh-xuWDIlE.roa (raw, json)
Hash identifier:          P6XweFgdeUCAv4+RQU0xgaux/KcLRlds6BBn5XGlbyU=
Subject key identifier:   F0:F4:A7:4E:5A:F8:C9:BC:40:FE:E3:E6:73:18:7E:C6:E5:83:22:51
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018CC4936F1FF1A230E38106D21214F420BC
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/8PSnTlr4ybxA_uPmcxh-xuWDIlE.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        80.78.132.0/24 maxlen: 24
                          2a0d:2146:2400::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6f:1f:f1:a2:30:e3:81:06:d2:12:14:f4:20:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0f4a74e5af8c9bc40fee3e673187ec6e5832251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:68:35:54:b8:78:03:bb:4d:55:0a:7d:d5:96:
                    a2:0d:9c:79:cd:56:a3:ee:2f:05:12:55:03:ec:8a:
                    79:f5:13:98:21:c6:84:7e:b6:2b:8d:1d:a4:5d:e2:
                    b4:f8:77:a0:62:84:f8:30:5c:e4:6a:97:1c:3b:83:
                    7f:45:ec:c3:9f:4a:39:9b:ae:c0:49:46:21:a5:4a:
                    46:66:a8:60:7a:11:21:72:54:c2:67:79:d0:73:5e:
                    c8:2d:56:ea:66:61:a2:37:da:5f:2a:d4:ca:e4:d4:
                    16:80:46:5a:b9:63:5b:b2:82:24:7b:a0:fe:14:5d:
                    8b:76:ab:77:bc:42:7a:fc:a6:7c:af:ec:52:56:e8:
                    06:4a:0d:4e:bc:09:3b:21:82:36:ee:5f:81:bb:27:
                    1e:b2:e4:48:81:bc:00:d3:b9:bd:80:b0:03:bd:ed:
                    6b:62:54:5c:f4:7f:4b:dd:a2:cb:f6:36:dd:ca:17:
                    e1:28:d9:98:08:08:fd:70:17:bb:4c:9b:f4:82:6a:
                    42:58:35:49:39:b5:37:49:ed:c4:4a:ba:ea:9d:5b:
                    2a:21:12:0e:d9:ba:ec:bd:29:21:bd:c7:b2:9f:a3:
                    24:a9:7e:29:7f:bc:c9:1b:95:aa:68:d0:d9:67:57:
                    f3:7f:d7:b3:cd:e5:f1:1f:5c:b0:10:05:14:c7:be:
                    7b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:F4:A7:4E:5A:F8:C9:BC:40:FE:E3:E6:73:18:7E:C6:E5:83:22:51
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/8PSnTlr4ybxA_uPmcxh-xuWDIlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.78.132.0/24
                IPv6:
                  2a0d:2146:2400::/44

    Signature Algorithm: sha256WithRSAEncryption
         84:e9:e3:2e:87:c7:c7:51:42:14:e5:15:86:67:50:25:9f:7f:
         ef:ec:34:95:91:ec:78:45:a0:79:49:13:00:d8:73:48:b9:cd:
         37:97:f7:56:cf:6d:65:88:f3:8d:c4:b3:51:16:37:1f:05:ed:
         92:56:ce:a2:a1:64:cc:4a:80:1a:35:26:55:13:c8:8f:32:70:
         1a:79:9d:8a:97:2c:59:5f:68:ed:61:41:0b:7a:8d:bd:70:60:
         19:0d:b2:54:37:53:4a:25:be:5b:84:4d:07:c7:1a:ba:19:ec:
         7e:89:8c:16:5f:2c:7e:ed:d9:12:2f:69:54:cf:dd:e0:73:5e:
         d7:fa:49:9e:1a:8a:d5:84:23:76:a8:ae:a7:1a:73:1f:2f:63:
         2f:34:4f:b1:a9:63:31:a6:23:fc:70:70:6a:13:3c:99:1b:b0:
         56:73:73:93:ab:98:11:e8:c3:22:50:35:7d:65:e2:a0:bb:b7:
         93:93:0a:05:59:f5:f9:31:64:ab:8a:c1:14:d4:f6:80:6a:e2:
         e0:28:e1:82:00:03:d7:f4:6b:f8:6b:3b:cb:2d:83:81:d5:88:
         6f:45:2a:d9:4c:99:db:96:64:0a:47:a0:f8:e7:a0:d0:79:31:
         f2:6a:66:27:55:f0:ad:66:25:5b:e3:3d:11:87:01:cd:29:58:
         ad:38:58:48
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk28f8aIw44EG0hIU9CC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGY0YTc0ZTVhZjhjOWJjNDBmZWUzZTY3MzE4N2VjNmU1ODMyMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWg1VLh4A7tNVQp91ZaiDZx5zVaj
7i8FElUD7Ip59ROYIcaEfrYrjR2kXeK0+HegYoT4MFzkapccO4N/RezDn0o5m67A
SUYhpUpGZqhgehEhclTCZ3nQc17ILVbqZmGiN9pfKtTK5NQWgEZauWNbsoIke6D+
FF2Ldqt3vEJ6/KZ8r+xSVugGSg1OvAk7IYI27l+BuycesuRIgbwA07m9gLADve1r
YlRc9H9L3aLL9jbdyhfhKNmYCAj9cBe7TJv0gmpCWDVJObU3Se3ESrrqnVsqIRIO
2brsvSkhvceyn6MkqX4pf7zJG5WqaNDZZ1fzf9ezzeXxH1ywEAUUx757fwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPD0p05a+Mm8QP7j5nMYfsblgyJRMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvOFBTblRscjR5YnhBX3VQbWN4aC14dVdESWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUE6EMA8E
AgACMAkDBwQqDSFGJAAwDQYJKoZIhvcNAQELBQADggEBAITp4y6Hx8dRQhTlFYZn
UCWff+/sNJWR7HhFoHlJEwDYc0i5zTeX91bPbWWI843Es1EWNx8F7ZJWzqKhZMxK
gBo1JlUTyI8ycBp5nYqXLFlfaO1hQQt6jb1wYBkNslQ3U0olvluETQfHGroZ7H6J
jBZfLH7t2RIvaVTP3eBzXtf6SZ4aitWEI3aorqcacx8vYy80T7GpYzGmI/xwcGoT
PJkbsFZzc5OrmBHowyJQNX1l4qC7t5OTCgVZ9fkxZKuKwRTU9oBq4uAo4YIAA9f0
a/hrO8stg4HViG9FKtlMmduWZApHoPjnoNB5MfJqZidV8K1mJVvjPRGHAc0pWK04
WEg=
-----END CERTIFICATE-----