Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/JFe0BgWzTfWPErZk90Gdrvcp3IM.roa
File:                     JFe0BgWzTfWPErZk90Gdrvcp3IM.roa (raw, json)
Hash identifier:          k3UHYUQnhHrd4/5p9x16IHWSntdW487DEos+u0D08J0=
Subject key identifier:   24:57:B4:06:05:B3:4D:F5:8F:12:B6:64:F7:41:9D:AE:F7:29:DC:83
Certificate issuer:       /CN=68e8baea95d4040348f0a89ec4e4bd15275f6c39
Certificate serial:       018CC26CF69AE6C1C67FAE79A179E08B7F3F
Authority key identifier: 68:E8:BA:EA:95:D4:04:03:48:F0:A8:9E:C4:E4:BD:15:27:5F:6C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aOi66pXUBANI8KiexOS9FSdfbDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/JFe0BgWzTfWPErZk90Gdrvcp3IM.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208271
IP address blocks:        147.78.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/aOi66pXUBANI8KiexOS9FSdfbDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/aOi66pXUBANI8KiexOS9FSdfbDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aOi66pXUBANI8KiexOS9FSdfbDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f6:9a:e6:c1:c6:7f:ae:79:a1:79:e0:8b:7f:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68e8baea95d4040348f0a89ec4e4bd15275f6c39
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2457b40605b34df58f12b664f7419daef729dc83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3f:26:79:5a:74:51:35:c3:42:c8:3a:81:6a:
                    64:28:85:e2:1d:d0:e0:4b:3c:ed:e0:bd:d5:19:7f:
                    82:f2:bf:c7:66:dc:d9:4b:ee:70:25:88:2a:be:0e:
                    3d:d1:f1:8f:74:f0:a1:31:a6:93:15:99:64:4e:31:
                    d8:e1:ea:a5:b3:91:6b:4e:88:23:7a:06:d9:a0:16:
                    98:2f:f4:8e:26:fe:e8:b3:16:9b:13:5e:1f:99:c7:
                    8c:8f:03:9a:33:c6:35:0f:6c:5c:91:aa:2a:71:f8:
                    2c:40:a7:48:e6:96:0d:81:ec:c1:44:e9:69:89:7c:
                    59:26:ab:f0:15:a6:c1:12:51:26:c8:37:16:86:2c:
                    3c:49:13:eb:63:2a:36:a9:eb:76:d1:51:8f:e2:74:
                    44:85:53:bc:fd:e3:06:77:b6:3c:54:f3:6f:8f:94:
                    1a:0a:7d:65:02:ac:39:0a:ca:e8:c0:8c:29:c9:98:
                    54:07:4e:23:cb:68:8d:d2:02:a6:af:18:07:a1:a4:
                    37:b7:84:1c:2e:0c:7a:3d:53:09:25:9d:b8:23:51:
                    65:1d:fd:05:3e:73:99:61:0a:95:5d:af:f9:86:c1:
                    de:57:e5:f8:b1:0c:62:26:f1:3e:d4:03:0b:af:28:
                    81:12:64:94:36:62:17:32:37:91:5f:66:2d:7a:07:
                    12:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:57:B4:06:05:B3:4D:F5:8F:12:B6:64:F7:41:9D:AE:F7:29:DC:83
            X509v3 Authority Key Identifier:
                keyid:68:E8:BA:EA:95:D4:04:03:48:F0:A8:9E:C4:E4:BD:15:27:5F:6C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aOi66pXUBANI8KiexOS9FSdfbDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/JFe0BgWzTfWPErZk90Gdrvcp3IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/aOi66pXUBANI8KiexOS9FSdfbDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:db:44:5d:5d:6c:ce:ef:37:b2:b1:ad:dc:0b:26:f9:a3:3c:
         ba:eb:e5:1f:96:4d:85:65:c5:7e:22:7e:99:a1:78:3e:1c:34:
         dc:e7:ce:ce:a5:b2:71:d8:73:94:8c:14:62:6c:53:88:be:da:
         dc:83:15:1b:5a:68:07:68:86:83:06:f9:8c:92:d7:a6:e3:a2:
         24:d5:89:ad:10:73:c5:80:a7:83:5f:8f:8f:8d:80:91:24:70:
         50:f6:51:21:67:9b:cc:58:22:13:53:47:3e:7e:ac:d6:08:3e:
         05:f4:9d:28:c1:95:4e:84:11:49:a1:ea:f9:59:ef:72:b5:76:
         c6:e2:9d:14:49:27:6f:6e:90:6e:dc:26:bb:5d:1e:a4:e5:ec:
         3f:4b:3d:98:66:ae:99:ba:f1:ad:7e:0e:a9:73:1c:88:9a:69:
         2d:14:ce:5d:79:58:ef:e5:d5:cc:e8:9e:f4:1f:11:a1:a8:03:
         87:ca:24:dc:75:c0:5e:a7:f3:0c:be:bf:eb:11:93:c8:66:58:
         34:38:78:59:f5:c6:fa:9c:c1:56:53:04:25:7f:67:a5:5d:c4:
         a7:cb:8f:7b:48:80:b3:e8:a8:3b:3f:e8:ec:67:4c:8e:fb:97:
         37:f8:e1:39:67:d6:c1:0f:94:f3:8d:88:68:e6:cd:8a:1c:35:
         db:2d:86:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPaa5sHGf655oXngi38/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZThiYWVhOTVkNDA0MDM0OGYwYTg5ZWM0ZTRiZDE1Mjc1
ZjZjMzkwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDU3YjQwNjA1YjM0ZGY1OGYxMmI2NjRmNzQxOWRhZWY3MjlkYzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz8meVp0UTXDQsg6gWpkKIXiHdDg
Szzt4L3VGX+C8r/HZtzZS+5wJYgqvg490fGPdPChMaaTFZlkTjHY4eqls5FrTogj
egbZoBaYL/SOJv7osxabE14fmceMjwOaM8Y1D2xckaoqcfgsQKdI5pYNgezBROlp
iXxZJqvwFabBElEmyDcWhiw8SRPrYyo2qet20VGP4nREhVO8/eMGd7Y8VPNvj5Qa
Cn1lAqw5CsrowIwpyZhUB04jy2iN0gKmrxgHoaQ3t4QcLgx6PVMJJZ24I1FlHf0F
PnOZYQqVXa/5hsHeV+X4sQxiJvE+1AMLryiBEmSUNmIXMjeRX2YtegcSbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRXtAYFs031jxK2ZPdBna73KdyDMB8GA1UdIwQY
MBaAFGjouuqV1AQDSPConsTkvRUnX2w5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU9pNjZwWFVCQU5JOEtpZXhPUzlGU2RmYkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83NjUzZTAtOGE3Mi00MzUxLWJmY2Ut
MzcxMWZhZThjYTc3LzEvSkZlMEJnV3pUZldQRXJaazkwR2RydmNwM0lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83NjUzZTAtOGE3Mi00MzUxLWJmY2UtMzcxMWZhZThjYTc3
LzEvYU9pNjZwWFVCQU5JOEtpZXhPUzlGU2RmYkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk04iMA0G
CSqGSIb3DQEBCwUAA4IBAQDH20RdXWzO7zeysa3cCyb5ozy66+Uflk2FZcV+In6Z
oXg+HDTc587OpbJx2HOUjBRibFOIvtrcgxUbWmgHaIaDBvmMktem46Ik1YmtEHPF
gKeDX4+PjYCRJHBQ9lEhZ5vMWCITU0c+fqzWCD4F9J0owZVOhBFJoer5We9ytXbG
4p0USSdvbpBu3Ca7XR6k5ew/Sz2YZq6ZuvGtfg6pcxyImmktFM5deVjv5dXM6J70
HxGhqAOHyiTcdcBep/MMvr/rEZPIZlg0OHhZ9cb6nMFWUwQlf2elXcSny497SICz
6Kg7P+jsZ0yO+5c3+OE5Z9bBD5TzjYho5s2KHDXbLYar
-----END CERTIFICATE-----