Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/dJjkF115j-rAyk-l2vXVFKZjjVs.roa
File:                     dJjkF115j-rAyk-l2vXVFKZjjVs.roa (raw, json)
Hash identifier:          EuJeBYQb0zC7yvcPfrrKyKErZjK7f3w56Wt0g0r5dgk=
Subject key identifier:   74:98:E4:17:5D:79:8F:EA:C0:CA:4F:A5:DA:F5:D5:14:A6:63:8D:5B
Certificate issuer:       /CN=68e8baea95d4040348f0a89ec4e4bd15275f6c39
Certificate serial:       018EF18F0663C5A0549D2A071FA1BE60A196
Authority key identifier: 68:E8:BA:EA:95:D4:04:03:48:F0:A8:9E:C4:E4:BD:15:27:5F:6C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aOi66pXUBANI8KiexOS9FSdfbDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/dJjkF115j-rAyk-l2vXVFKZjjVs.roa
Signing time:             Thu 18 Apr 2024 14:14:25 +0000
ROA not before:           Thu 18 Apr 2024 14:14:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        147.78.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/aOi66pXUBANI8KiexOS9FSdfbDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/aOi66pXUBANI8KiexOS9FSdfbDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aOi66pXUBANI8KiexOS9FSdfbDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f1:8f:06:63:c5:a0:54:9d:2a:07:1f:a1:be:60:a1:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68e8baea95d4040348f0a89ec4e4bd15275f6c39
        Validity
            Not Before: Apr 18 14:14:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7498e4175d798feac0ca4fa5daf5d514a6638d5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:01:eb:f5:dd:5d:70:33:b7:1f:37:50:67:14:
                    99:73:ff:8d:68:d7:0e:11:9d:62:ff:18:75:20:52:
                    d7:04:c5:53:30:71:23:5c:fa:b1:8f:f4:54:4b:cd:
                    35:28:df:df:46:cc:c1:23:41:d1:88:bd:12:a3:c3:
                    30:cc:2a:05:41:c5:69:a4:19:9e:cd:13:4c:35:79:
                    01:4f:3f:12:52:40:86:8e:c7:aa:86:3b:9b:f2:b6:
                    69:03:13:66:9c:05:3a:8f:b7:9e:40:9b:fb:e0:21:
                    46:2d:c0:e3:d5:11:bf:6b:37:15:91:f3:7a:c3:14:
                    e2:74:05:5e:37:e0:db:4a:56:cd:39:28:87:9f:af:
                    4c:aa:20:81:01:4a:71:11:28:52:81:c3:b7:04:9d:
                    fb:e1:c6:5b:1a:c8:74:92:30:a1:99:35:03:10:68:
                    c9:63:f1:eb:07:38:ce:16:3d:67:12:b7:bf:38:35:
                    a4:10:20:68:2c:40:92:c7:e1:96:62:7c:0b:01:f5:
                    f3:ab:61:9a:d3:1d:40:44:4a:84:5f:71:65:07:79:
                    6a:83:48:6b:17:f2:f0:55:6e:f6:79:d7:69:e1:5b:
                    c5:62:7d:94:7e:b4:df:9e:11:0c:db:37:fd:7e:3a:
                    f2:98:ff:39:1d:46:14:80:07:0f:77:cd:2b:64:a1:
                    98:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:98:E4:17:5D:79:8F:EA:C0:CA:4F:A5:DA:F5:D5:14:A6:63:8D:5B
            X509v3 Authority Key Identifier:
                keyid:68:E8:BA:EA:95:D4:04:03:48:F0:A8:9E:C4:E4:BD:15:27:5F:6C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aOi66pXUBANI8KiexOS9FSdfbDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/dJjkF115j-rAyk-l2vXVFKZjjVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/7653e0-8a72-4351-bfce-3711fae8ca77/1/aOi66pXUBANI8KiexOS9FSdfbDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:d0:9b:d2:47:25:c2:fa:dd:11:e6:bf:ef:f8:c2:96:3a:8e:
         0e:48:7b:0e:c1:fc:ae:47:4a:5d:7e:2d:e1:37:c1:0e:e3:33:
         eb:49:e1:dc:28:3d:46:6f:cb:50:2b:ac:d5:2b:a9:c1:54:58:
         b2:bc:76:15:cb:8b:a8:50:0f:d5:db:49:ee:91:ce:28:cd:6e:
         80:5d:a8:99:f6:4b:0c:c4:55:a6:fe:f2:ff:f5:8a:84:81:30:
         8f:f1:22:6e:fb:7d:44:ee:e9:3f:a7:f0:bd:db:d8:41:b7:dd:
         ee:6c:9c:d4:f3:3a:e2:bd:72:e0:fc:19:36:da:bc:8b:f5:85:
         62:cf:cc:2c:6b:f2:8b:45:67:d0:df:55:da:5c:f3:c8:4a:a0:
         f6:03:ca:04:87:46:7f:a2:70:df:27:e0:d6:28:cd:ce:23:58:
         99:57:eb:31:a0:b1:9b:3f:da:77:0b:0f:63:55:d3:34:10:a8:
         3f:5a:6c:8f:b3:11:77:23:4f:9e:f1:a3:a2:11:a4:5e:e1:76:
         55:0a:28:cd:b5:d8:b3:ce:f2:ef:cf:b5:72:0d:4c:99:ae:cc:
         c2:db:e6:18:84:67:21:a8:72:cd:2b:0a:82:e0:13:e2:46:41:
         d8:cc:0c:cc:eb:a3:96:7f:2c:19:4a:74:71:a5:ff:c4:74:c4:
         8f:91:4a:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7xjwZjxaBUnSoHH6G+YKGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZThiYWVhOTVkNDA0MDM0OGYwYTg5ZWM0ZTRiZDE1Mjc1
ZjZjMzkwHhcNMjQwNDE4MTQxNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDk4ZTQxNzVkNzk4ZmVhYzBjYTRmYTVkYWY1ZDUxNGE2NjM4ZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswHr9d1dcDO3HzdQZxSZc/+NaNcO
EZ1i/xh1IFLXBMVTMHEjXPqxj/RUS801KN/fRszBI0HRiL0So8MwzCoFQcVppBme
zRNMNXkBTz8SUkCGjseqhjub8rZpAxNmnAU6j7eeQJv74CFGLcDj1RG/azcVkfN6
wxTidAVeN+DbSlbNOSiHn69MqiCBAUpxEShSgcO3BJ374cZbGsh0kjChmTUDEGjJ
Y/HrBzjOFj1nEre/ODWkECBoLECSx+GWYnwLAfXzq2Ga0x1AREqEX3FlB3lqg0hr
F/LwVW72eddp4VvFYn2UfrTfnhEM2zf9fjrymP85HUYUgAcPd80rZKGYQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSY5BddeY/qwMpPpdr11RSmY41bMB8GA1UdIwQY
MBaAFGjouuqV1AQDSPConsTkvRUnX2w5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU9pNjZwWFVCQU5JOEtpZXhPUzlGU2RmYkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83NjUzZTAtOGE3Mi00MzUxLWJmY2Ut
MzcxMWZhZThjYTc3LzEvZEpqa0YxMTVqLXJBeWstbDJ2WFZGS1pqalZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83NjUzZTAtOGE3Mi00MzUxLWJmY2UtMzcxMWZhZThjYTc3
LzEvYU9pNjZwWFVCQU5JOEtpZXhPUzlGU2RmYkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk04gMA0G
CSqGSIb3DQEBCwUAA4IBAQCj0JvSRyXC+t0R5r/v+MKWOo4OSHsOwfyuR0pdfi3h
N8EO4zPrSeHcKD1Gb8tQK6zVK6nBVFiyvHYVy4uoUA/V20nukc4ozW6AXaiZ9ksM
xFWm/vL/9YqEgTCP8SJu+31E7uk/p/C929hBt93ubJzU8zrivXLg/Bk22ryL9YVi
z8wsa/KLRWfQ31XaXPPISqD2A8oEh0Z/onDfJ+DWKM3OI1iZV+sxoLGbP9p3Cw9j
VdM0EKg/WmyPsxF3I0+e8aOiEaRe4XZVCijNtdizzvLvz7VyDUyZrszC2+YYhGch
qHLNKwqC4BPiRkHYzAzM66OWfywZSnRxpf/EdMSPkUqJ
-----END CERTIFICATE-----