Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/0a5817-ba85-4244-a052-f7c4657b7b8d/1/TwbY52tXZGMuhzvPzKzzllfMhAo.roa
File:                     TwbY52tXZGMuhzvPzKzzllfMhAo.roa (raw, json)
Hash identifier:          iKx4qyKX65bGbuSEE/Iff0Hu4DuFp5pA2owoKHRGwv8=
Subject key identifier:   4F:06:D8:E7:6B:57:64:63:2E:87:3B:CF:CC:AC:F3:96:57:CC:84:0A
Certificate issuer:       /CN=849ace066a44ed2f95fe6bc2d0a7da412763bf2a
Certificate serial:       018CC424684B4EAB2B4E85F2E862087AFBC1
Authority key identifier: 84:9A:CE:06:6A:44:ED:2F:95:FE:6B:C2:D0:A7:DA:41:27:63:BF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hJrOBmpE7S-V_mvC0KfaQSdjvyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/0a5817-ba85-4244-a052-f7c4657b7b8d/1/TwbY52tXZGMuhzvPzKzzllfMhAo.roa
Signing time:             Mon 01 Jan 2024 08:29:29 +0000
ROA not before:           Mon 01 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43852
IP address blocks:        78.159.161.0/24 maxlen: 24
                          78.159.162.0/24 maxlen: 24
                          78.159.164.0/24 maxlen: 24
                          78.159.160.0/19 maxlen: 19
                          78.159.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/0a5817-ba85-4244-a052-f7c4657b7b8d/1/hJrOBmpE7S-V_mvC0KfaQSdjvyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/0a5817-ba85-4244-a052-f7c4657b7b8d/1/hJrOBmpE7S-V_mvC0KfaQSdjvyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hJrOBmpE7S-V_mvC0KfaQSdjvyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:68:4b:4e:ab:2b:4e:85:f2:e8:62:08:7a:fb:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=849ace066a44ed2f95fe6bc2d0a7da412763bf2a
        Validity
            Not Before: Jan  1 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f06d8e76b5764632e873bcfccacf39657cc840a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5e:c5:0d:e8:a9:aa:a0:fd:85:62:36:52:86:
                    d5:18:4c:7e:32:ed:27:85:d8:2e:d0:7c:aa:44:eb:
                    16:7f:b6:18:99:6c:6c:59:47:29:00:23:21:08:ac:
                    0e:f0:ee:df:b3:b8:18:69:9a:8b:85:ad:f5:53:97:
                    ae:90:57:2d:2c:02:b6:d8:74:f4:54:06:af:e7:47:
                    ed:be:28:45:1e:4b:c8:94:b3:3f:72:6d:b4:63:c4:
                    35:7c:69:9c:e8:9f:0f:5f:87:ba:0e:70:c3:7b:0e:
                    39:6e:82:0c:16:b7:fa:f5:5f:89:72:7b:02:68:92:
                    2a:03:bc:52:a4:4f:06:f6:06:97:4a:93:d7:64:3f:
                    e7:b6:e8:25:84:3b:8a:02:91:81:25:b0:17:06:b9:
                    0f:f7:96:e7:ae:1d:a5:62:81:64:69:a4:15:ad:14:
                    dd:c5:c1:92:9a:4d:69:4a:18:15:60:2b:85:ef:5e:
                    aa:7b:92:4e:20:4e:81:a8:54:b5:9a:56:7f:20:a0:
                    a1:cd:c2:d2:d3:20:2c:cd:45:04:30:5c:07:32:22:
                    0c:a0:c8:91:af:6f:0f:67:02:95:36:57:f3:bb:18:
                    d1:00:55:61:8e:7e:b9:64:f7:13:82:fa:c3:40:89:
                    23:6f:3a:ef:7f:57:f4:5b:84:2b:4a:fb:da:8c:b0:
                    82:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:06:D8:E7:6B:57:64:63:2E:87:3B:CF:CC:AC:F3:96:57:CC:84:0A
            X509v3 Authority Key Identifier:
                keyid:84:9A:CE:06:6A:44:ED:2F:95:FE:6B:C2:D0:A7:DA:41:27:63:BF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hJrOBmpE7S-V_mvC0KfaQSdjvyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/0a5817-ba85-4244-a052-f7c4657b7b8d/1/TwbY52tXZGMuhzvPzKzzllfMhAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/0a5817-ba85-4244-a052-f7c4657b7b8d/1/hJrOBmpE7S-V_mvC0KfaQSdjvyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         60:89:5e:58:bf:b1:f3:b7:c3:22:8b:39:37:a4:90:bd:b6:80:
         63:aa:73:36:d5:ce:5e:73:c2:c3:2c:2a:aa:d3:84:7f:c5:1f:
         f1:0c:d5:72:12:99:b5:f0:a4:0d:32:48:24:62:7b:fe:c1:db:
         38:83:ff:78:0d:f8:de:87:89:bc:73:e4:2f:b6:b1:1d:e7:ba:
         d9:c9:b3:4b:89:ab:c5:e3:ae:3a:15:8b:da:6e:cb:7e:92:93:
         d5:87:51:55:03:ed:f7:a7:44:96:bd:59:5e:4b:a0:08:f5:e9:
         78:49:57:d6:28:4b:b4:25:12:2d:30:6e:25:7f:0a:5e:73:3b:
         48:0c:6f:26:96:2a:74:d0:22:a0:4f:77:76:14:aa:5f:1b:ad:
         4c:d8:a8:d5:9a:a4:b1:49:07:26:54:c0:aa:5c:53:41:7e:73:
         83:0c:03:26:ea:11:ee:d7:4c:5c:9d:1a:f4:c6:b2:6e:b4:5f:
         0e:93:9f:6c:4e:c0:37:de:17:de:f9:0a:8e:7a:95:3f:52:f3:
         fb:35:9a:ff:eb:01:7e:b6:ed:4d:19:5a:3a:82:98:27:c0:ba:
         b1:08:33:12:05:a4:ea:81:a2:0f:af:ac:6c:ea:83:bf:93:05:
         cb:ee:2b:1e:cd:0f:64:bf:9f:69:47:05:12:3c:19:3a:75:1a:
         ed:e7:1d:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGhLTqsrToXy6GIIevvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0OWFjZTA2NmE0NGVkMmY5NWZlNmJjMmQwYTdkYTQxMjc2
M2JmMmEwHhcNMjQwMTAxMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjA2ZDhlNzZiNTc2NDYzMmU4NzNiY2ZjY2FjZjM5NjU3Y2M4NDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAml7FDeipqqD9hWI2UobVGEx+Mu0n
hdgu0HyqROsWf7YYmWxsWUcpACMhCKwO8O7fs7gYaZqLha31U5eukFctLAK22HT0
VAav50ftvihFHkvIlLM/cm20Y8Q1fGmc6J8PX4e6DnDDew45boIMFrf69V+JcnsC
aJIqA7xSpE8G9gaXSpPXZD/ntuglhDuKApGBJbAXBrkP95bnrh2lYoFkaaQVrRTd
xcGSmk1pShgVYCuF716qe5JOIE6BqFS1mlZ/IKChzcLS0yAszUUEMFwHMiIMoMiR
r28PZwKVNlfzuxjRAFVhjn65ZPcTgvrDQIkjbzrvf1f0W4QrSvvajLCCXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8G2OdrV2RjLoc7z8ys85ZXzIQKMB8GA1UdIwQY
MBaAFISazgZqRO0vlf5rwtCn2kEnY78qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEpyT0JtcEU3Uy1WX212QzBLZmFRU2RqdnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8wYTU4MTctYmE4NS00MjQ0LWEwNTIt
ZjdjNDY1N2I3YjhkLzEvVHdiWTUydFhaR011aHp2UHpLenpsbGZNaEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8wYTU4MTctYmE4NS00MjQ0LWEwNTItZjdjNDY1N2I3Yjhk
LzEvaEpyT0JtcEU3Uy1WX212QzBLZmFRU2RqdnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFTp+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBgiV5Yv7Hzt8Miizk3pJC9toBjqnM21c5ec8LDLCqq
04R/xR/xDNVyEpm18KQNMkgkYnv+wds4g/94Dfjeh4m8c+QvtrEd57rZybNLiavF
4646FYvabst+kpPVh1FVA+33p0SWvVleS6AI9el4SVfWKEu0JRItMG4lfwpecztI
DG8mlip00CKgT3d2FKpfG61M2KjVmqSxSQcmVMCqXFNBfnODDAMm6hHu10xcnRr0
xrJutF8Ok59sTsA33hfe+QqOepU/UvP7NZr/6wF+tu1NGVo6gpgnwLqxCDMSBaTq
gaIPr6xs6oO/kwXL7isezQ9kv59pRwUSPBk6dRrt5x3X
-----END CERTIFICATE-----