Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/txZcIU0PmoxoAU1jyfS_Ewo2Vg8.roa
File:                     txZcIU0PmoxoAU1jyfS_Ewo2Vg8.roa (raw, json)
Hash identifier:          F8QxbGkx5ir038BnRpOgyBr5p4F2RE0IlyJ+isdaHJs=
Subject key identifier:   B7:16:5C:21:4D:0F:9A:8C:68:01:4D:63:C9:F4:BF:13:0A:36:56:0F
Certificate issuer:       /CN=f811fa5eff370bc36d0e3929625e3414081a2392
Certificate serial:       018CC8DD968735BB9DDA0C8A75D2B6B72526
Authority key identifier: F8:11:FA:5E:FF:37:0B:C3:6D:0E:39:29:62:5E:34:14:08:1A:23:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-BH6Xv83C8NtDjkpYl40FAgaI5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/txZcIU0PmoxoAU1jyfS_Ewo2Vg8.roa
Signing time:             Tue 02 Jan 2024 06:30:14 +0000
ROA not before:           Tue 02 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        78.41.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/1-BH6Xv83C8NtDjkpYl40FAgaI5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/1-BH6Xv83C8NtDjkpYl40FAgaI5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-BH6Xv83C8NtDjkpYl40FAgaI5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:96:87:35:bb:9d:da:0c:8a:75:d2:b6:b7:25:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f811fa5eff370bc36d0e3929625e3414081a2392
        Validity
            Not Before: Jan  2 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7165c214d0f9a8c68014d63c9f4bf130a36560f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:28:f2:ee:a1:cc:8d:42:aa:8c:3c:1f:37:fd:
                    75:82:34:f6:16:9d:f4:f7:cc:e7:3b:df:43:51:cc:
                    dc:24:4d:05:ae:24:63:fa:0f:6b:0c:7c:a2:8f:d5:
                    aa:59:31:22:ca:d3:e7:d4:44:da:83:9c:a5:c5:c0:
                    8b:10:8c:0e:48:c1:23:77:64:49:23:bc:60:d1:0c:
                    68:2f:24:69:cf:9e:2c:eb:42:0a:5f:8d:4f:58:3c:
                    00:e6:8b:aa:4d:9f:ca:2a:3b:9f:d1:4d:d3:f5:d0:
                    e2:e9:4c:01:2b:33:43:54:38:9a:f5:3b:a6:b4:89:
                    68:cc:6f:4e:4d:9a:b0:6d:14:83:69:81:04:e7:e4:
                    b7:76:6e:f9:1d:06:c3:a3:6f:1b:b0:94:ba:da:f0:
                    d3:9d:dc:d1:ac:ff:8b:e6:e4:27:40:17:22:d7:1a:
                    fc:4c:e5:60:7b:a0:46:8e:cd:61:23:7b:0b:5b:34:
                    23:49:50:67:1d:81:d0:1f:93:fb:ba:97:43:05:a7:
                    6c:9e:2b:0f:10:93:03:27:8a:0c:97:5e:f9:44:4e:
                    3e:5c:7e:d4:41:cd:98:8e:8b:1e:1d:8e:76:e4:a7:
                    d7:c2:51:a3:c2:57:72:2e:23:77:40:66:fb:2d:3c:
                    7c:d5:9b:35:a0:8e:be:f6:ce:14:88:95:23:1e:a5:
                    af:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:16:5C:21:4D:0F:9A:8C:68:01:4D:63:C9:F4:BF:13:0A:36:56:0F
            X509v3 Authority Key Identifier:
                keyid:F8:11:FA:5E:FF:37:0B:C3:6D:0E:39:29:62:5E:34:14:08:1A:23:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-BH6Xv83C8NtDjkpYl40FAgaI5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/txZcIU0PmoxoAU1jyfS_Ewo2Vg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/1-BH6Xv83C8NtDjkpYl40FAgaI5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         de:1a:35:8e:97:a7:fd:5f:e4:47:82:0e:b8:4c:cf:2f:62:cf:
         c6:dc:8f:d5:7e:28:dd:fc:01:d6:0a:be:9f:6a:13:76:fc:19:
         17:50:ad:c0:8c:cf:0e:ef:e6:a5:95:3b:17:d2:47:42:f7:9a:
         f6:5c:61:6f:8a:1a:13:4e:54:f9:bf:26:2e:dc:ed:44:bd:32:
         0c:76:98:fe:f6:e5:f9:86:9f:70:41:77:17:ff:a2:e3:a3:c7:
         ea:28:ce:46:79:c6:61:93:3a:f6:b5:ca:6d:53:6e:d0:77:b0:
         a0:a3:2b:8f:83:16:1d:04:fb:de:82:0d:c3:ce:1b:f6:22:cd:
         91:a0:9d:1d:bc:07:96:46:22:dd:5a:37:64:c4:4d:9f:81:fe:
         a6:6c:ae:91:f3:d5:1b:db:d6:a9:d8:09:83:6e:d3:0e:05:87:
         2d:19:f7:4a:2e:ec:0a:cd:ef:d3:5f:1b:bf:26:b3:16:7f:7d:
         7c:cc:48:04:b7:ec:22:c3:22:49:2f:c8:88:ec:23:80:d2:1c:
         43:67:19:c8:3d:29:f9:68:fb:4f:ff:b3:ba:2c:2f:f8:ee:e6:
         a1:4b:7f:46:68:42:7b:74:ab:6e:27:99:d7:4c:be:8e:30:2a:
         ea:3a:96:d3:b2:5b:13:74:34:03:7c:87:b7:19:d6:06:e5:4b:
         e8:bb:e1:ce
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI3ZaHNbud2gyKddK2tyUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MTFmYTVlZmYzNzBiYzM2ZDBlMzkyOTYyNWUzNDE0MDgx
YTIzOTIwHhcNMjQwMTAyMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzE2NWMyMTRkMGY5YThjNjgwMTRkNjNjOWY0YmYxMzBhMzY1NjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyjy7qHMjUKqjDwfN/11gjT2Fp30
98znO99DUczcJE0FriRj+g9rDHyij9WqWTEiytPn1ETag5ylxcCLEIwOSMEjd2RJ
I7xg0QxoLyRpz54s60IKX41PWDwA5ouqTZ/KKjuf0U3T9dDi6UwBKzNDVDia9Tum
tIlozG9OTZqwbRSDaYEE5+S3dm75HQbDo28bsJS62vDTndzRrP+L5uQnQBci1xr8
TOVge6BGjs1hI3sLWzQjSVBnHYHQH5P7updDBadsnisPEJMDJ4oMl175RE4+XH7U
Qc2YjoseHY525KfXwlGjwldyLiN3QGb7LTx81Zs1oI6+9s4UiJUjHqWvVwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLcWXCFND5qMaAFNY8n0vxMKNlYPMB8GA1UdIwQY
MBaAFPgR+l7/NwvDbQ45KWJeNBQIGiOSMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1CSDZYdjgzQzhOdERqa3BZbDQwRkFnYUk1SS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvNGEyOTNkLTJhZDMtNDExNC1hMmIx
LTFjYzUwNTUwMWEwZi8xL3R4WmNJVTBQbW94b0FVMWp5ZlNfRXdvMlZnOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNmEvNGEyOTNkLTJhZDMtNDExNC1hMmIxLTFjYzUwNTUwMWEw
Zi8xLzEtQkg2WHY4M0M4TnREamtwWWw0MEZBZ2FJNUkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJOKVgw
DQYJKoZIhvcNAQELBQADggEBAN4aNY6Xp/1f5EeCDrhMzy9iz8bcj9V+KN38AdYK
vp9qE3b8GRdQrcCMzw7v5qWVOxfSR0L3mvZcYW+KGhNOVPm/Ji7c7US9Mgx2mP72
5fmGn3BBdxf/ouOjx+oozkZ5xmGTOva1ym1TbtB3sKCjK4+DFh0E+96CDcPOG/Yi
zZGgnR28B5ZGIt1aN2TETZ+B/qZsrpHz1Rvb1qnYCYNu0w4Fhy0Z90ou7ArN79Nf
G78msxZ/fXzMSAS37CLDIkkvyIjsI4DSHENnGcg9Kflo+0//s7osL/ju5qFLf0Zo
Qnt0q24nmddMvo4wKuo6ltOyWxN0NAN8h7cZ1gblS+i74c4=
-----END CERTIFICATE-----