Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/bf878d-0e4e-4822-881e-129bce864c22/1/U_PzZEpzDnu1gf9veJCDwPDD6WY.roa
File:                     U_PzZEpzDnu1gf9veJCDwPDD6WY.roa (raw, json)
Hash identifier:          84NF6HDmyUvHXTw7bAcPwD/siKeB3azEK9U2JHaZAw4=
Subject key identifier:   53:F3:F3:64:4A:73:0E:7B:B5:81:FF:6F:78:90:83:C0:F0:C3:E9:66
Certificate issuer:       /CN=78d31ec53dc4405d6915e1825964b97d7a116f81
Certificate serial:       018CC9BBEADC977EC683A9B2D2623EE7CD02
Authority key identifier: 78:D3:1E:C5:3D:C4:40:5D:69:15:E1:82:59:64:B9:7D:7A:11:6F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNMexT3EQF1pFeGCWWS5fXoRb4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/bf878d-0e4e-4822-881e-129bce864c22/1/U_PzZEpzDnu1gf9veJCDwPDD6WY.roa
Signing time:             Tue 02 Jan 2024 10:33:04 +0000
ROA not before:           Tue 02 Jan 2024 10:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211999
IP address blocks:        185.232.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/bf878d-0e4e-4822-881e-129bce864c22/1/eNMexT3EQF1pFeGCWWS5fXoRb4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/bf878d-0e4e-4822-881e-129bce864c22/1/eNMexT3EQF1pFeGCWWS5fXoRb4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNMexT3EQF1pFeGCWWS5fXoRb4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ea:dc:97:7e:c6:83:a9:b2:d2:62:3e:e7:cd:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78d31ec53dc4405d6915e1825964b97d7a116f81
        Validity
            Not Before: Jan  2 10:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53f3f3644a730e7bb581ff6f789083c0f0c3e966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9c:05:1e:9d:f8:ff:18:3b:ee:df:89:16:22:
                    06:07:da:da:af:6d:b1:e9:c0:d3:3b:a9:43:c5:fd:
                    d1:36:3a:1a:92:6c:8e:89:8f:7d:b1:f4:84:13:b1:
                    71:f8:19:da:82:f2:3e:02:f1:0b:14:08:a1:f3:94:
                    38:1a:e1:e0:0f:8a:2d:7d:e0:26:1c:25:b7:9c:88:
                    e2:17:bc:e4:df:1e:7b:c4:c7:29:20:0b:5c:3f:9f:
                    00:b1:70:fc:1a:38:13:9f:03:58:03:4d:c5:74:96:
                    49:63:b6:26:50:ac:34:72:af:a8:7d:8d:08:c6:55:
                    30:c2:96:e6:39:ae:5a:bd:ac:c0:af:c8:ef:43:25:
                    37:2b:23:27:61:20:74:0c:51:0b:d1:2c:e7:df:fe:
                    46:bc:84:84:f9:d2:da:53:cf:98:2f:b2:1b:eb:3e:
                    66:0c:c5:fa:37:3b:d1:92:8a:fb:8f:90:7f:d5:1a:
                    0e:ae:d1:f9:f7:75:6e:82:57:30:11:77:fc:0e:41:
                    52:bd:e3:b3:3c:51:74:48:76:45:19:3a:a5:21:92:
                    5b:d6:f3:ab:87:db:93:d3:67:cd:08:8d:5f:98:49:
                    86:88:57:a8:7e:bd:ed:7e:23:83:25:6e:40:04:74:
                    b4:d7:ff:42:c0:b4:b3:2a:22:eb:24:58:f0:1d:5a:
                    cd:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:F3:F3:64:4A:73:0E:7B:B5:81:FF:6F:78:90:83:C0:F0:C3:E9:66
            X509v3 Authority Key Identifier:
                keyid:78:D3:1E:C5:3D:C4:40:5D:69:15:E1:82:59:64:B9:7D:7A:11:6F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNMexT3EQF1pFeGCWWS5fXoRb4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/bf878d-0e4e-4822-881e-129bce864c22/1/U_PzZEpzDnu1gf9veJCDwPDD6WY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/bf878d-0e4e-4822-881e-129bce864c22/1/eNMexT3EQF1pFeGCWWS5fXoRb4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:b6:09:06:ce:66:39:cb:fe:ba:32:1f:10:6a:a0:37:6f:72:
         23:1e:0c:89:d3:b3:c8:66:2f:65:3e:ff:46:02:c2:1f:55:7b:
         11:7a:94:5a:f7:55:cc:43:be:63:5c:4a:c9:81:1b:a9:fe:96:
         f9:22:26:55:dd:e9:32:d6:99:97:47:32:78:42:b1:fd:ea:c7:
         95:8e:61:da:91:51:64:7c:c7:b4:be:55:bb:0b:77:c9:7a:eb:
         61:c3:5b:18:2d:53:6e:73:c8:e0:dc:b8:59:9a:0d:bd:cf:0c:
         05:13:fc:ea:fd:08:01:e9:1c:d9:48:69:44:ce:5e:18:20:95:
         70:8f:03:4a:cb:37:51:2e:ac:80:fe:6e:dc:a8:3e:95:a9:19:
         8a:dc:a9:9a:c0:e9:29:fc:79:ff:ef:9c:40:d5:95:89:81:99:
         3e:15:b9:44:ee:bc:31:73:5e:50:40:6d:d4:6c:8f:75:1d:0d:
         44:91:a8:9a:6b:3f:0f:b5:89:ac:59:8c:38:89:d7:76:b5:6f:
         ca:68:6d:16:91:5b:d0:71:6b:33:b4:d7:4d:44:b4:c4:de:7e:
         b1:36:c5:70:d0:21:61:a4:62:f4:2f:59:98:09:49:4c:44:1d:
         04:53:3f:be:a8:54:dd:13:de:cc:b9:7c:70:88:1d:c9:36:f6:
         4c:1d:c1:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu+rcl37Gg6my0mI+580CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZDMxZWM1M2RjNDQwNWQ2OTE1ZTE4MjU5NjRiOTdkN2Ex
MTZmODEwHhcNMjQwMTAyMTAzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2YzZjM2NDRhNzMwZTdiYjU4MWZmNmY3ODkwODNjMGYwYzNlOTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5wFHp34/xg77t+JFiIGB9rar22x
6cDTO6lDxf3RNjoakmyOiY99sfSEE7Fx+BnagvI+AvELFAih85Q4GuHgD4otfeAm
HCW3nIjiF7zk3x57xMcpIAtcP58AsXD8GjgTnwNYA03FdJZJY7YmUKw0cq+ofY0I
xlUwwpbmOa5avazAr8jvQyU3KyMnYSB0DFEL0Szn3/5GvISE+dLaU8+YL7Ib6z5m
DMX6NzvRkor7j5B/1RoOrtH593VuglcwEXf8DkFSveOzPFF0SHZFGTqlIZJb1vOr
h9uT02fNCI1fmEmGiFeofr3tfiODJW5ABHS01/9CwLSzKiLrJFjwHVrNoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPz82RKcw57tYH/b3iQg8Dww+lmMB8GA1UdIwQY
MBaAFHjTHsU9xEBdaRXhgllkuX16EW+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU5NZXhUM0VRRjFwRmVHQ1dXUzVmWG9SYjRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9iZjg3OGQtMGU0ZS00ODIyLTg4MWUt
MTI5YmNlODY0YzIyLzEvVV9QelpFcHpEbnUxZ2Y5dmVKQ0R3UERENldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9iZjg3OGQtMGU0ZS00ODIyLTg4MWUtMTI5YmNlODY0YzIy
LzEvZU5NZXhUM0VRRjFwRmVHQ1dXUzVmWG9SYjRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuejqMA0G
CSqGSIb3DQEBCwUAA4IBAQCDtgkGzmY5y/66Mh8QaqA3b3IjHgyJ07PIZi9lPv9G
AsIfVXsRepRa91XMQ75jXErJgRup/pb5IiZV3eky1pmXRzJ4QrH96seVjmHakVFk
fMe0vlW7C3fJeuthw1sYLVNuc8jg3LhZmg29zwwFE/zq/QgB6RzZSGlEzl4YIJVw
jwNKyzdRLqyA/m7cqD6VqRmK3KmawOkp/Hn/75xA1ZWJgZk+FblE7rwxc15QQG3U
bI91HQ1Ekaiaaz8PtYmsWYw4idd2tW/KaG0WkVvQcWsztNdNRLTE3n6xNsVw0CFh
pGL0L1mYCUlMRB0EUz++qFTdE97MuXxwiB3JNvZMHcGH
-----END CERTIFICATE-----