Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/100919-d951-4a6e-9f0c-7cca3a2e7490/1/1-cE7Y1WGSahSS2LkiMxIK62xUoU.roa
File:                     1-cE7Y1WGSahSS2LkiMxIK62xUoU.roa (raw, json)
Hash identifier:          Y5eOgsT4RENVyWE1E97i56ANv3n2Ryqf8is2LOSCqW0=
Subject key identifier:   F9:C1:3B:63:55:86:49:A8:52:4B:62:E4:88:CC:48:2B:AD:B1:52:85
Certificate issuer:       /CN=b71f4868bd409292b56959f35a4c14fcc25472ec
Certificate serial:       0192E802F81736996D7602B0A4013F3D739A
Authority key identifier: B7:1F:48:68:BD:40:92:92:B5:69:59:F3:5A:4C:14:FC:C2:54:72:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tx9IaL1AkpK1aVnzWkwU_MJUcuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/100919-d951-4a6e-9f0c-7cca3a2e7490/1/1-cE7Y1WGSahSS2LkiMxIK62xUoU.roa
Signing time:             Fri 01 Nov 2024 13:56:01 +0000
ROA not before:           Fri 01 Nov 2024 13:56:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205684
IP address blocks:        195.34.78.0/24 maxlen: 24
                          2001:678:d04::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/100919-d951-4a6e-9f0c-7cca3a2e7490/1/tx9IaL1AkpK1aVnzWkwU_MJUcuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/100919-d951-4a6e-9f0c-7cca3a2e7490/1/tx9IaL1AkpK1aVnzWkwU_MJUcuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tx9IaL1AkpK1aVnzWkwU_MJUcuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e8:02:f8:17:36:99:6d:76:02:b0:a4:01:3f:3d:73:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b71f4868bd409292b56959f35a4c14fcc25472ec
        Validity
            Not Before: Nov  1 13:56:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9c13b63558649a8524b62e488cc482badb15285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:45:6b:f1:66:c6:12:be:c2:28:ed:9d:9d:47:
                    83:38:0e:4b:0e:d6:dd:a6:3b:f9:5a:c2:40:d2:99:
                    be:37:8d:d8:29:80:bc:be:17:8c:a4:bf:8c:84:84:
                    53:fb:8d:a0:8b:36:d6:67:81:94:41:aa:e6:99:bf:
                    1a:57:3c:49:9b:2e:f7:6e:63:79:10:c0:0c:78:be:
                    a3:39:97:68:0b:d1:96:a0:35:06:2d:8e:09:c7:85:
                    f7:38:c1:45:65:c9:03:0f:3c:b3:51:63:14:ba:d1:
                    84:06:5e:2f:0f:94:84:13:fa:30:6e:f8:2b:5a:63:
                    70:31:e5:36:97:1e:eb:70:07:82:cd:8f:cf:0f:80:
                    8b:fb:86:f8:74:e2:ea:f4:b6:b8:d9:5c:7c:fc:f7:
                    20:77:fe:23:cd:69:a2:65:9c:47:dc:8d:f2:dd:fa:
                    c7:45:3a:d3:a4:3b:b5:e2:99:f3:69:30:fc:38:a7:
                    3e:51:78:c9:c8:ec:5a:b4:bc:d8:c3:7d:97:81:f6:
                    2a:45:e7:28:a2:cd:ef:95:96:40:f1:9b:68:b8:75:
                    5e:e5:f7:f3:79:69:ad:57:99:7d:70:84:ab:a8:a5:
                    26:3c:97:5d:cb:59:37:b0:08:eb:b5:c3:eb:76:b5:
                    57:41:2d:6a:f8:cd:be:57:45:0f:ae:b4:3e:f8:9f:
                    db:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C1:3B:63:55:86:49:A8:52:4B:62:E4:88:CC:48:2B:AD:B1:52:85
            X509v3 Authority Key Identifier:
                keyid:B7:1F:48:68:BD:40:92:92:B5:69:59:F3:5A:4C:14:FC:C2:54:72:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tx9IaL1AkpK1aVnzWkwU_MJUcuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/100919-d951-4a6e-9f0c-7cca3a2e7490/1/1-cE7Y1WGSahSS2LkiMxIK62xUoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/100919-d951-4a6e-9f0c-7cca3a2e7490/1/tx9IaL1AkpK1aVnzWkwU_MJUcuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.34.78.0/24
                IPv6:
                  2001:678:d04::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:12:bb:a8:ae:a3:13:5b:68:ec:ae:9e:73:6f:91:14:42:b8:
         f6:82:1e:01:7f:43:00:89:02:35:30:41:48:f1:f5:09:e5:5f:
         0b:d3:f8:9b:92:07:bf:3b:5f:4d:8f:51:af:6b:cb:c0:1f:e1:
         4b:b2:95:32:1c:62:73:99:43:5c:7c:38:94:5a:97:d2:74:41:
         69:ea:2a:f7:c6:9b:3f:cd:e5:80:fe:fa:d4:e5:90:18:7b:9d:
         38:43:f1:2e:da:f7:e2:42:6d:de:c1:cb:39:95:0b:70:15:54:
         be:a5:96:63:2d:90:9e:0b:1a:80:7d:99:5d:c7:e2:e2:96:b6:
         6a:e0:27:d4:12:20:4c:98:c0:bd:b0:fa:31:b4:75:68:1c:5c:
         3c:d5:c0:b1:cd:81:c8:42:b7:b5:ad:bd:47:00:e1:e0:bd:7c:
         0d:f4:2a:f7:9b:a1:54:88:25:64:cf:36:e6:44:a5:c4:4f:fb:
         ee:d7:52:3d:76:d9:a9:96:f8:50:33:8a:eb:32:5f:54:52:88:
         1f:2c:ae:c4:18:38:43:8d:a8:a9:4f:25:18:f2:60:fe:79:9b:
         4a:7b:55:12:1b:56:45:b1:18:b2:df:d8:99:c4:9d:fa:3e:12:
         26:ab:c9:fe:f5:6c:5a:f5:6b:44:51:a7:2e:df:4d:1e:f6:04:
         1c:86:05:3f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZLoAvgXNpltdgKwpAE/PXOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MWY0ODY4YmQ0MDkyOTJiNTY5NTlmMzVhNGMxNGZjYzI1
NDcyZWMwHhcNMjQxMTAxMTM1NjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWMxM2I2MzU1ODY0OWE4NTI0YjYyZTQ4OGNjNDgyYmFkYjE1Mjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9kVr8WbGEr7CKO2dnUeDOA5LDtbd
pjv5WsJA0pm+N43YKYC8vheMpL+MhIRT+42gizbWZ4GUQarmmb8aVzxJmy73bmN5
EMAMeL6jOZdoC9GWoDUGLY4Jx4X3OMFFZckDDzyzUWMUutGEBl4vD5SEE/owbvgr
WmNwMeU2lx7rcAeCzY/PD4CL+4b4dOLq9La42Vx8/Pcgd/4jzWmiZZxH3I3y3frH
RTrTpDu14pnzaTD8OKc+UXjJyOxatLzYw32XgfYqRecoos3vlZZA8ZtouHVe5ffz
eWmtV5l9cISrqKUmPJddy1k3sAjrtcPrdrVXQS1q+M2+V0UPrrQ++J/btwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPnBO2NVhkmoUkti5IjMSCutsVKFMB8GA1UdIwQY
MBaAFLcfSGi9QJKStWlZ81pMFPzCVHLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHg5SWFMMUFrcEsxYVZueldrd1VfTUpVY3V3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8xMDA5MTktZDk1MS00YTZlLTlmMGMt
N2NjYTNhMmU3NDkwLzEvMS1jRTdZMVdHU2FoU1MyTGtpTXhJSzYyeFVvVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjgvMTAwOTE5LWQ5NTEtNGE2ZS05ZjBjLTdjY2EzYTJlNzQ5
MC8xL3R4OUlhTDFBa3BLMWFWbnpXa3dVX01KVWN1dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMMiTjAP
BAIAAjAJAwcAIAEGeA0EMA0GCSqGSIb3DQEBCwUAA4IBAQBBEruorqMTW2jsrp5z
b5EUQrj2gh4Bf0MAiQI1MEFI8fUJ5V8L0/ibkge/O19Nj1Gva8vAH+FLspUyHGJz
mUNcfDiUWpfSdEFp6ir3xps/zeWA/vrU5ZAYe504Q/Eu2vfiQm3ewcs5lQtwFVS+
pZZjLZCeCxqAfZldx+LilrZq4CfUEiBMmMC9sPoxtHVoHFw81cCxzYHIQre1rb1H
AOHgvXwN9Cr3m6FUiCVkzzbmRKXET/vu11I9dtmplvhQM4rrMl9UUogfLK7EGDhD
jaipTyUY8mD+eZtKe1USG1ZFsRiy39iZxJ36PhImq8n+9Wxa9WtEUacu300e9gQc
hgU/
-----END CERTIFICATE-----