Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/DZmQxr5StXrumeSz56BX4X2s-0Q.roa
File:                     DZmQxr5StXrumeSz56BX4X2s-0Q.roa (raw, json)
Hash identifier:          WQH6cn833CfePJizgkSb6XOiOT0wAsnKo6fHFivg2Yg=
Subject key identifier:   0D:99:90:C6:BE:52:B5:7A:EE:99:E4:B3:E7:A0:57:E1:7D:AC:FB:44
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01942369A70D671FC7AB4983166E3CE18CFD
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/DZmQxr5StXrumeSz56BX4X2s-0Q.roa
Signing time:             Wed 01 Jan 2025 19:48:34 +0000
ROA not before:           Wed 01 Jan 2025 19:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57790
IP address blocks:        188.215.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:a7:0d:67:1f:c7:ab:49:83:16:6e:3c:e1:8c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d9990c6be52b57aee99e4b3e7a057e17dacfb44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fc:48:73:51:dc:90:c0:75:65:e3:19:3a:f1:
                    d2:71:d7:98:a1:a5:5c:cc:f9:82:74:a7:99:a3:bd:
                    20:c2:d9:de:f0:f7:4e:f4:82:93:cc:dc:82:f0:16:
                    c9:a1:dc:0b:3b:47:d0:c7:eb:4f:b9:a5:0e:b9:8e:
                    aa:67:f8:1e:16:51:0e:d8:53:ee:f5:a2:05:c4:5f:
                    c8:3f:97:8c:13:65:2f:09:8c:27:3e:d7:53:43:91:
                    7f:1e:d1:90:fb:82:e9:79:5b:84:25:c3:e9:bf:24:
                    a0:7e:46:21:b3:ae:7f:70:55:79:d5:a8:2c:58:e8:
                    3a:7a:21:90:f9:55:f2:fb:ae:34:c0:96:6a:10:e6:
                    d5:1c:44:bd:80:0f:64:a8:6d:dc:a5:e7:f6:84:35:
                    d2:5a:6e:b4:88:85:18:8a:62:fc:ac:c9:a9:49:9b:
                    b1:87:c3:87:cc:13:7d:5d:2d:a6:57:69:59:82:ab:
                    a7:09:21:c7:bf:fb:35:4b:f5:1b:03:10:42:4f:4f:
                    72:a2:13:98:e7:9c:51:f7:34:f9:70:a0:bc:e8:cf:
                    71:19:ff:4a:aa:9b:e7:a2:c3:04:51:9e:f4:de:23:
                    12:35:cc:a6:f7:48:78:7e:6a:43:a8:6a:54:86:34:
                    26:b3:18:93:23:ff:53:51:31:0a:ef:1a:fc:b0:9b:
                    70:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:99:90:C6:BE:52:B5:7A:EE:99:E4:B3:E7:A0:57:E1:7D:AC:FB:44
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/DZmQxr5StXrumeSz56BX4X2s-0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.215.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:5c:3a:4f:a3:a0:8c:9c:cc:2d:15:71:23:0e:9a:de:40:33:
         4c:08:a0:d1:68:4c:dc:bb:f1:6b:7e:e2:9e:42:1c:7a:34:72:
         ae:29:be:a7:ee:ae:43:a3:b4:43:3a:10:62:ee:20:a6:a2:06:
         df:66:9b:89:04:35:02:00:cb:27:70:a5:23:6c:74:e6:09:24:
         e7:93:5e:f5:d6:b9:7c:01:ee:88:3c:82:d1:14:75:41:56:c0:
         58:8e:97:20:a8:0c:40:0f:76:07:fa:d1:e9:79:56:ca:bc:f3:
         98:1d:85:0b:d2:59:32:5c:57:93:c8:0f:ba:f1:db:1c:a7:38:
         df:10:8e:dd:e0:7b:ad:40:cd:b8:83:34:77:a0:5e:07:4a:8a:
         3e:96:df:0f:21:b0:b9:3d:ff:6d:32:a8:23:b1:39:5c:56:19:
         1e:0f:ac:62:e4:a8:17:a9:ec:0a:bb:fa:a8:38:08:57:f7:6f:
         65:50:1f:0f:7c:4e:46:45:c3:11:7e:10:97:88:e1:73:f5:05:
         7a:20:10:fc:d9:00:4a:43:d8:36:4d:d2:37:0e:3f:ec:d7:c7:
         a0:d4:3b:33:e1:1b:9b:0b:11:1f:df:7a:c9:ed:b5:41:65:47:
         50:27:b4:98:44:69:ca:a6:a3:f2:4a:2d:24:63:f3:f8:5c:20:
         cc:c4:51:52
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaacNZx/Hq0mDFm484Yz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDk5OTBjNmJlNTJiNTdhZWU5OWU0YjNlN2EwNTdlMTdkYWNmYjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfxIc1HckMB1ZeMZOvHScdeYoaVc
zPmCdKeZo70gwtne8PdO9IKTzNyC8BbJodwLO0fQx+tPuaUOuY6qZ/geFlEO2FPu
9aIFxF/IP5eME2UvCYwnPtdTQ5F/HtGQ+4LpeVuEJcPpvySgfkYhs65/cFV51ags
WOg6eiGQ+VXy+640wJZqEObVHES9gA9kqG3cpef2hDXSWm60iIUYimL8rMmpSZux
h8OHzBN9XS2mV2lZgqunCSHHv/s1S/UbAxBCT09yohOY55xR9zT5cKC86M9xGf9K
qpvnosMEUZ703iMSNcym90h4fmpDqGpUhjQmsxiTI/9TUTEK7xr8sJtw8QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFA2ZkMa+UrV67pnks+egV+F9rPtEMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0RabVF4cjVTdFhydW1lU3o1NkJYNFgycy0wUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC8104w
DQYJKoZIhvcNAQELBQADggEBAC9cOk+joIyczC0VcSMOmt5AM0wIoNFoTNy78Wt+
4p5CHHo0cq4pvqfurkOjtEM6EGLuIKaiBt9mm4kENQIAyydwpSNsdOYJJOeTXvXW
uXwB7og8gtEUdUFWwFiOlyCoDEAPdgf60el5Vsq885gdhQvSWTJcV5PID7rx2xyn
ON8Qjt3ge61AzbiDNHegXgdKij6W3w8hsLk9/20yqCOxOVxWGR4PrGLkqBep7Aq7
+qg4CFf3b2VQHw98TkZFwxF+EJeI4XP1BXogEPzZAEpD2DZN0jcOP+zXx6DUOzPh
G5sLER/fesnttUFlR1AntJhEacqmo/JKLSRj8/hcIMzEUVI=
-----END CERTIFICATE-----