Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/gaONNO_VBUW-R7s0i5-THeKv1_4.roa
File:                     gaONNO_VBUW-R7s0i5-THeKv1_4.roa (raw, json)
Hash identifier:          EfBphDLhaGN9ABg6zaMLF1y9f9YPoo56tgT/ianoVZk=
Subject key identifier:   81:A3:8D:34:EF:D5:05:45:BE:47:BB:34:8B:9F:93:1D:E2:AF:D7:FE
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018DCB9A9F79A09C4C2F58BC603B343F5E76
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/gaONNO_VBUW-R7s0i5-THeKv1_4.roa
Signing time:             Wed 21 Feb 2024 12:18:44 +0000
ROA not before:           Wed 21 Feb 2024 12:18:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56322
IP address blocks:        212.16.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:9a:9f:79:a0:9c:4c:2f:58:bc:60:3b:34:3f:5e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Feb 21 12:18:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81a38d34efd50545be47bb348b9f931de2afd7fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8c:00:f9:2f:01:65:69:e5:f7:46:30:25:f2:
                    b5:bc:a5:00:73:0c:19:6b:65:93:a8:78:fb:54:64:
                    d7:06:75:99:3f:34:a4:8c:3a:58:4b:b5:af:92:9c:
                    b1:fa:5e:10:f4:5d:81:9d:a6:78:a2:75:af:c0:ac:
                    31:c1:30:11:61:c7:7a:85:c9:60:96:9b:6f:b7:c9:
                    19:66:9a:40:9f:c8:98:63:11:7e:01:08:e5:cd:bd:
                    f4:60:ae:13:57:c4:3b:35:c9:ca:dd:80:30:e1:bb:
                    d0:d0:62:56:07:e6:63:02:a9:31:95:1a:fb:01:de:
                    d1:f9:61:c1:86:a2:4f:2f:08:05:7a:00:09:f5:bc:
                    89:12:f7:82:a3:57:d2:d7:95:14:ab:2c:93:30:45:
                    20:6c:f1:0c:90:e6:d6:5b:74:3b:6c:47:68:65:00:
                    35:5c:be:36:73:3f:f4:f7:a3:b3:cd:14:55:1f:c2:
                    65:57:42:f0:d2:45:00:fb:49:cd:9b:32:50:0f:2f:
                    99:81:c7:00:05:d6:04:a4:55:7b:b2:82:7b:ae:f9:
                    02:7e:be:7b:76:71:d4:fb:3b:4a:4b:95:69:8f:5c:
                    3f:53:2f:e2:a0:55:94:82:33:ce:81:9d:d6:77:8b:
                    f2:28:9d:63:89:57:11:71:c6:0f:35:a0:59:86:7d:
                    86:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A3:8D:34:EF:D5:05:45:BE:47:BB:34:8B:9F:93:1D:E2:AF:D7:FE
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/gaONNO_VBUW-R7s0i5-THeKv1_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:74:98:58:80:ed:01:2f:92:64:f6:7c:a5:e5:c8:7d:95:84:
         a2:6f:59:02:82:93:e3:46:59:a0:3e:b6:c7:81:1f:5b:88:c9:
         0e:f5:fe:d9:30:d7:f0:ff:25:19:a4:d4:46:43:c0:6d:7f:96:
         2d:32:c5:57:c4:3c:59:4c:e9:05:aa:f1:10:94:72:23:d8:31:
         4c:d4:60:75:46:e6:8a:4d:cc:d3:77:a7:1a:05:8e:f6:38:de:
         9b:3c:12:a6:6f:b6:6f:ce:7b:a4:6a:56:9c:4a:76:23:e7:28:
         bc:e6:fc:ab:fd:69:84:3b:8a:b4:16:b3:88:83:99:9c:2b:30:
         bf:fe:b2:5e:73:85:f6:b2:aa:67:e2:e6:1d:a3:51:1d:e6:4d:
         c7:42:20:bc:2f:04:b9:a5:3c:aa:20:c5:bb:cc:f2:e1:93:26:
         08:5d:59:69:63:0e:39:1d:10:d9:1a:2e:65:b1:04:59:b8:9f:
         8d:b3:39:33:31:d8:8d:04:30:ab:75:d3:df:f1:12:6f:97:85:
         c9:e1:90:06:61:d2:67:00:c3:3d:00:94:4d:0f:70:2e:d9:36:
         53:2c:d8:10:fd:08:a3:c6:e8:71:0f:87:8a:71:a9:db:4a:4a:
         bd:39:59:65:97:8c:ff:03:ff:d1:74:69:b8:68:9b:63:e2:49:
         c8:04:a3:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3Lmp95oJxML1i8YDs0P152MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMjIxMTIxODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWEzOGQzNGVmZDUwNTQ1YmU0N2JiMzQ4YjlmOTMxZGUyYWZkN2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIwA+S8BZWnl90YwJfK1vKUAcwwZ
a2WTqHj7VGTXBnWZPzSkjDpYS7Wvkpyx+l4Q9F2BnaZ4onWvwKwxwTARYcd6hclg
lptvt8kZZppAn8iYYxF+AQjlzb30YK4TV8Q7NcnK3YAw4bvQ0GJWB+ZjAqkxlRr7
Ad7R+WHBhqJPLwgFegAJ9byJEveCo1fS15UUqyyTMEUgbPEMkObWW3Q7bEdoZQA1
XL42cz/096OzzRRVH8JlV0Lw0kUA+0nNmzJQDy+ZgccABdYEpFV7soJ7rvkCfr57
dnHU+ztKS5Vpj1w/Uy/ioFWUgjPOgZ3Wd4vyKJ1jiVcRccYPNaBZhn2GAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGjjTTv1QVFvke7NIufkx3ir9f+MB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvZ2FPTk5PX1ZCVVctUjdzMGk1LVRIZUt2MV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BBOMA0G
CSqGSIb3DQEBCwUAA4IBAQB1dJhYgO0BL5Jk9nyl5ch9lYSib1kCgpPjRlmgPrbH
gR9biMkO9f7ZMNfw/yUZpNRGQ8Btf5YtMsVXxDxZTOkFqvEQlHIj2DFM1GB1RuaK
TczTd6caBY72ON6bPBKmb7ZvznukalacSnYj5yi85vyr/WmEO4q0FrOIg5mcKzC/
/rJec4X2sqpn4uYdo1Ed5k3HQiC8LwS5pTyqIMW7zPLhkyYIXVlpYw45HRDZGi5l
sQRZuJ+NszkzMdiNBDCrddPf8RJvl4XJ4ZAGYdJnAMM9AJRND3Au2TZTLNgQ/Qij
xuhxD4eKcanbSkq9OVlll4z/A//RdGm4aJtj4knIBKMT
-----END CERTIFICATE-----