Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/ytFkpLehJs3CVmIpxWzuMJnYFnw.roa
File:                     ytFkpLehJs3CVmIpxWzuMJnYFnw.roa (raw, json)
Hash identifier:          RGfvWMDkmzrQljGdHnk4HKPeOV7otH55pggv8MhHYpo=
Subject key identifier:   CA:D1:64:A4:B7:A1:26:CD:C2:56:62:29:C5:6C:EE:30:99:D8:16:7C
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018E0E7DFBC9F1F070071B2BBEA3060A8270
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/ytFkpLehJs3CVmIpxWzuMJnYFnw.roa
Signing time:             Tue 05 Mar 2024 12:02:01 +0000
ROA not before:           Tue 05 Mar 2024 12:02:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        145.78.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:7d:fb:c9:f1:f0:70:07:1b:2b:be:a3:06:0a:82:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Mar  5 12:02:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cad164a4b7a126cdc2566229c56cee3099d8167c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:77:99:87:d6:fd:49:35:34:cd:f9:6b:b4:aa:
                    38:c6:f9:59:46:f9:1f:b4:42:e1:91:fa:1a:0b:8b:
                    ba:13:43:e9:a8:41:aa:65:78:a8:95:10:c9:36:a3:
                    2a:3e:34:ba:3a:60:56:00:11:28:90:6d:0b:fb:58:
                    27:c8:45:fb:0b:a0:0e:f5:50:27:35:db:e7:14:5d:
                    7c:3c:07:d4:a0:6a:31:75:76:6f:ac:0d:b7:2b:09:
                    9e:41:d8:4d:d9:7a:ee:a2:68:e8:29:ba:a9:e0:a7:
                    15:6a:f0:0b:59:32:62:79:5f:97:68:11:8c:38:7c:
                    e0:7a:33:28:4a:09:0f:8f:fd:6b:31:6b:5e:99:4e:
                    08:c9:ec:19:b8:7d:a8:c3:c7:39:f5:c4:82:09:3b:
                    5e:f5:a2:51:20:55:d6:88:00:ff:26:57:31:09:23:
                    f6:08:08:d7:b2:35:da:fe:61:ee:bc:6e:a2:13:63:
                    dd:8d:e0:40:6c:8b:d1:71:ec:28:58:50:70:5d:15:
                    95:16:b5:f6:ed:a0:e6:65:5c:48:52:4e:10:bc:0c:
                    be:64:5a:e4:ea:60:ef:50:1f:00:9f:8b:0c:87:59:
                    65:d4:00:a3:eb:c1:d8:21:60:bc:ea:e6:48:50:52:
                    0c:1e:bb:28:c7:ca:16:53:31:2d:79:dc:f3:d0:90:
                    2d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D1:64:A4:B7:A1:26:CD:C2:56:62:29:C5:6C:EE:30:99:D8:16:7C
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/ytFkpLehJs3CVmIpxWzuMJnYFnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.78.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:ef:0a:2a:d1:3d:3e:e6:6b:98:88:f9:0d:71:78:e9:03:be:
         47:c7:33:b0:2d:2c:79:ba:61:25:b9:a6:23:46:80:e7:88:4a:
         c2:1f:9c:75:89:6a:b1:27:47:fc:61:fd:c7:3b:76:3a:9e:ee:
         68:bd:1e:2c:89:43:b0:35:b7:fd:58:16:99:26:d9:8c:8c:c5:
         06:30:62:7a:c6:43:b0:5f:d1:62:e6:8a:42:e2:f3:15:8e:65:
         3e:bc:4e:6c:11:b4:3c:1e:ac:40:f4:78:be:bc:56:fe:17:1f:
         9d:aa:04:02:b5:fe:d5:0a:9b:0c:f7:64:d8:3c:8a:08:bd:c7:
         9c:f2:33:f2:8e:fd:fa:53:fb:72:e9:a7:57:22:61:d6:76:84:
         95:7d:3a:2f:fa:4d:c3:00:73:7e:72:83:d3:8f:1f:6d:b9:d6:
         24:6f:39:17:12:52:47:7a:84:9b:ad:1c:fd:81:30:68:47:ec:
         1d:32:aa:c2:40:dc:41:36:dd:36:02:82:51:24:0b:f9:83:71:
         0b:6c:7b:ce:6d:37:eb:46:9b:3a:b7:93:3b:72:8e:4f:81:91:
         73:5e:c1:2b:f6:cc:2f:68:49:28:f0:f9:35:dd:73:df:91:63:
         df:d8:eb:32:a2:80:53:4a:43:19:69:da:ed:73:30:ad:3b:47:
         ae:91:61:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4OffvJ8fBwBxsrvqMGCoJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMzA1MTIwMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQxNjRhNGI3YTEyNmNkYzI1NjYyMjljNTZjZWUzMDk5ZDgxNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhneZh9b9STU0zflrtKo4xvlZRvkf
tELhkfoaC4u6E0PpqEGqZXiolRDJNqMqPjS6OmBWABEokG0L+1gnyEX7C6AO9VAn
NdvnFF18PAfUoGoxdXZvrA23KwmeQdhN2XruomjoKbqp4KcVavALWTJieV+XaBGM
OHzgejMoSgkPj/1rMWtemU4IyewZuH2ow8c59cSCCTte9aJRIFXWiAD/JlcxCSP2
CAjXsjXa/mHuvG6iE2PdjeBAbIvRcewoWFBwXRWVFrX27aDmZVxIUk4QvAy+ZFrk
6mDvUB8An4sMh1ll1ACj68HYIWC86uZIUFIMHrsox8oWUzEtedzz0JAtqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrRZKS3oSbNwlZiKcVs7jCZ2BZ8MB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEveXRGa3BMZWhKczNDVm1JcHhXenVNSm5ZRm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkU4UMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ7woq0T0+5muYiPkNcXjpA75HxzOwLSx5umEluaYj
RoDniErCH5x1iWqxJ0f8Yf3HO3Y6nu5ovR4siUOwNbf9WBaZJtmMjMUGMGJ6xkOw
X9Fi5opC4vMVjmU+vE5sEbQ8HqxA9Hi+vFb+Fx+dqgQCtf7VCpsM92TYPIoIvcec
8jPyjv36U/ty6adXImHWdoSVfTov+k3DAHN+coPTjx9tudYkbzkXElJHeoSbrRz9
gTBoR+wdMqrCQNxBNt02AoJRJAv5g3ELbHvObTfrRps6t5M7co5PgZFzXsEr9swv
aEko8Pk13XPfkWPf2OsyooBTSkMZadrtczCtO0eukWEm
-----END CERTIFICATE-----