Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/vSinTsDMoDn1k0fgANWbx5R-osw.roa
File:                     vSinTsDMoDn1k0fgANWbx5R-osw.roa (raw, json)
Hash identifier:          hbbFcnj2E5Y7indy98SO69Ke26KwMap2QKuldcJu4z8=
Subject key identifier:   BD:28:A7:4E:C0:CC:A0:39:F5:93:47:E0:00:D5:9B:C7:94:7E:A2:CC
Certificate issuer:       /CN=393cc8b7d2dc70a27d40fa459e4e56c005ccc63a
Certificate serial:       018CC8DF5E37489ABF51D4CF22DB69CE1C64
Authority key identifier: 39:3C:C8:B7:D2:DC:70:A2:7D:40:FA:45:9E:4E:56:C0:05:CC:C6:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTzIt9LccKJ9QPpFnk5WwAXMxjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/vSinTsDMoDn1k0fgANWbx5R-osw.roa
Signing time:             Tue 02 Jan 2024 06:32:11 +0000
ROA not before:           Tue 02 Jan 2024 06:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207544
IP address blocks:        78.110.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/OTzIt9LccKJ9QPpFnk5WwAXMxjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/OTzIt9LccKJ9QPpFnk5WwAXMxjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OTzIt9LccKJ9QPpFnk5WwAXMxjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:5e:37:48:9a:bf:51:d4:cf:22:db:69:ce:1c:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=393cc8b7d2dc70a27d40fa459e4e56c005ccc63a
        Validity
            Not Before: Jan  2 06:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd28a74ec0cca039f59347e000d59bc7947ea2cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:9a:c1:93:b2:5f:cb:59:ca:d0:66:7d:1d:98:
                    71:02:87:cf:b9:a1:d5:cb:d9:fe:9b:b2:01:69:da:
                    59:9f:1a:fc:cc:3b:cb:e0:6c:8e:a1:cd:a0:55:35:
                    66:6c:50:16:1b:18:0d:6a:8d:f1:4c:89:9c:0e:a8:
                    de:0d:06:4a:06:75:5e:2e:7d:71:98:75:2e:09:7f:
                    a7:e9:75:be:a2:a8:97:e7:48:49:16:4c:6c:cc:81:
                    76:55:e1:06:74:a6:13:4c:9f:72:40:69:12:81:4f:
                    9f:6e:d3:33:cc:83:2a:58:2f:cb:b5:5c:3d:37:b3:
                    7f:47:16:ce:83:5d:90:6f:c5:06:9b:68:8c:e2:d9:
                    da:0a:a6:b6:5c:5e:96:f2:71:fe:56:31:9c:12:19:
                    d5:84:59:12:d9:3b:a2:f0:bb:a4:c7:0d:06:02:ab:
                    d1:fc:02:22:bf:a2:b1:23:fe:23:fd:5c:ce:42:0f:
                    63:83:fe:7d:58:71:04:73:f1:4d:73:b5:29:df:4a:
                    0b:a9:78:4b:86:18:89:70:81:a5:37:87:54:e4:57:
                    71:e8:85:03:84:20:00:f9:4b:a0:81:0f:e7:bf:fa:
                    ef:67:29:0e:bf:8f:f3:ef:41:f3:05:7a:fd:4b:d0:
                    61:a2:0c:fd:4b:51:ea:73:0c:6e:cc:ec:ba:3f:53:
                    6d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:28:A7:4E:C0:CC:A0:39:F5:93:47:E0:00:D5:9B:C7:94:7E:A2:CC
            X509v3 Authority Key Identifier:
                keyid:39:3C:C8:B7:D2:DC:70:A2:7D:40:FA:45:9E:4E:56:C0:05:CC:C6:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTzIt9LccKJ9QPpFnk5WwAXMxjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/vSinTsDMoDn1k0fgANWbx5R-osw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/OTzIt9LccKJ9QPpFnk5WwAXMxjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.110.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:ad:a7:4d:92:10:79:7a:37:fb:6e:d0:ea:17:ef:37:1a:89:
         35:c0:bb:d8:59:8b:c6:03:ac:6a:bf:5c:a5:85:2e:3b:e3:dd:
         50:19:57:08:90:fc:79:b9:5f:9b:31:07:3a:3d:ff:e9:94:c5:
         17:22:97:f1:81:85:41:74:0e:a0:d3:2d:c6:60:6d:af:46:cc:
         da:a9:44:b8:e9:9b:6a:d6:43:cf:00:3a:7f:50:ce:b0:78:81:
         0b:bc:23:a8:3c:af:61:35:a2:b9:c0:c0:84:32:81:e8:d5:f3:
         b6:59:24:74:ca:68:7a:2a:1f:94:d4:6e:d2:a6:88:25:7c:a3:
         1a:12:89:92:af:57:ce:c6:a0:98:ea:28:24:8d:92:82:30:6f:
         d5:d5:e4:8d:f2:5f:04:4c:0a:a5:a9:22:37:f1:0a:b4:78:29:
         15:cc:45:90:19:70:45:30:3a:b3:20:8e:21:f3:4c:c4:81:6d:
         66:dd:61:64:dd:9d:bb:5e:6a:63:dc:4b:84:65:a5:b0:f5:d8:
         25:9e:23:00:bc:d9:5b:01:06:3b:2c:9c:ae:24:83:07:5e:fd:
         33:e9:71:6f:13:ea:0d:ef:14:97:d2:0a:d8:e9:25:cb:1b:02:
         df:b8:56:83:e2:96:5d:57:0e:5a:9d:fc:8e:fe:e9:64:e9:9d:
         2c:03:07:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3143SJq/UdTPIttpzhxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5M2NjOGI3ZDJkYzcwYTI3ZDQwZmE0NTllNGU1NmMwMDVj
Y2M2M2EwHhcNMjQwMTAyMDYzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDI4YTc0ZWMwY2NhMDM5ZjU5MzQ3ZTAwMGQ1OWJjNzk0N2VhMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJrBk7Jfy1nK0GZ9HZhxAofPuaHV
y9n+m7IBadpZnxr8zDvL4GyOoc2gVTVmbFAWGxgNao3xTImcDqjeDQZKBnVeLn1x
mHUuCX+n6XW+oqiX50hJFkxszIF2VeEGdKYTTJ9yQGkSgU+fbtMzzIMqWC/LtVw9
N7N/RxbOg12Qb8UGm2iM4tnaCqa2XF6W8nH+VjGcEhnVhFkS2Tui8Lukxw0GAqvR
/AIiv6KxI/4j/VzOQg9jg/59WHEEc/FNc7Up30oLqXhLhhiJcIGlN4dU5Fdx6IUD
hCAA+UuggQ/nv/rvZykOv4/z70HzBXr9S9Bhogz9S1HqcwxuzOy6P1NtoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0op07AzKA59ZNH4ADVm8eUfqLMMB8GA1UdIwQY
MBaAFDk8yLfS3HCifUD6RZ5OVsAFzMY6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1R6SXQ5TGNjS0o5UVBwRm5rNVd3QVhNeGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8xMzcwMDItZTc1Zi00MjAxLTk5ODgt
OTkxYTFjNzE0Zjk1LzEvdlNpblRzRE1vRG4xazBmZ0FOV2J4NVItb3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8xMzcwMDItZTc1Zi00MjAxLTk5ODgtOTkxYTFjNzE0Zjk1
LzEvT1R6SXQ5TGNjS0o5UVBwRm5rNVd3QVhNeGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATm4AMA0G
CSqGSIb3DQEBCwUAA4IBAQA/radNkhB5ejf7btDqF+83Gok1wLvYWYvGA6xqv1yl
hS47491QGVcIkPx5uV+bMQc6Pf/plMUXIpfxgYVBdA6g0y3GYG2vRszaqUS46Ztq
1kPPADp/UM6weIELvCOoPK9hNaK5wMCEMoHo1fO2WSR0ymh6Kh+U1G7SpoglfKMa
EomSr1fOxqCY6igkjZKCMG/V1eSN8l8ETAqlqSI38Qq0eCkVzEWQGXBFMDqzII4h
80zEgW1m3WFk3Z27Xmpj3EuEZaWw9dglniMAvNlbAQY7LJyuJIMHXv0z6XFvE+oN
7xSX0grY6SXLGwLfuFaD4pZdVw5anfyO/ulk6Z0sAwcv
-----END CERTIFICATE-----