Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/1293d1-fc7b-4b08-8c9b-3bbac4f5d935/1/twUf093u6NlcI5e9YPSHo96H7sc.roa
File:                     twUf093u6NlcI5e9YPSHo96H7sc.roa (raw, json)
Hash identifier:          l0+b2H9HqiUhxcqGjvn4Q0tLq6ymZ0b0eei9M4EV5rI=
Subject key identifier:   B7:05:1F:D3:DD:EE:E8:D9:5C:23:97:BD:60:F4:87:A3:DE:87:EE:C7
Certificate issuer:       /CN=78ff87e2633bb23286754eca11d83a63b8c3dc0b
Certificate serial:       018CC49367FAF7D7E0230372907B47A7F438
Authority key identifier: 78:FF:87:E2:63:3B:B2:32:86:75:4E:CA:11:D8:3A:63:B8:C3:DC:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eP-H4mM7sjKGdU7KEdg6Y7jD3As.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/1293d1-fc7b-4b08-8c9b-3bbac4f5d935/1/twUf093u6NlcI5e9YPSHo96H7sc.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8412
IP address blocks:        195.182.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/1293d1-fc7b-4b08-8c9b-3bbac4f5d935/1/eP-H4mM7sjKGdU7KEdg6Y7jD3As.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/1293d1-fc7b-4b08-8c9b-3bbac4f5d935/1/eP-H4mM7sjKGdU7KEdg6Y7jD3As.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eP-H4mM7sjKGdU7KEdg6Y7jD3As.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:67:fa:f7:d7:e0:23:03:72:90:7b:47:a7:f4:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78ff87e2633bb23286754eca11d83a63b8c3dc0b
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7051fd3ddeee8d95c2397bd60f487a3de87eec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a2:ad:15:6c:1b:d9:1c:67:7d:c8:e3:87:df:
                    d7:94:97:b2:26:5d:2b:e2:c1:1c:b7:4b:cb:99:56:
                    6b:b5:60:86:07:c1:f2:7c:ef:a8:13:ac:61:fe:40:
                    47:ed:48:e3:59:ea:cd:6a:ed:1b:e4:81:a8:83:22:
                    fc:a6:75:0d:8c:76:9b:80:df:de:f6:16:b8:ad:11:
                    55:c5:c4:cb:6f:23:fa:c6:3f:41:c7:92:ef:6c:a8:
                    76:ef:8a:c0:ac:55:22:d8:35:68:ae:47:5f:41:9c:
                    02:ff:84:75:db:c6:c4:75:ff:44:3d:75:02:61:38:
                    54:a0:3e:9c:e4:cc:fd:45:ce:d3:29:64:a5:55:52:
                    70:75:f7:78:bc:fb:74:9a:17:36:bb:20:ed:26:1d:
                    7f:c3:7e:ea:5e:d1:71:1d:e1:f0:db:34:db:2f:f9:
                    c4:d7:fb:21:e9:d9:70:59:84:de:d5:86:4b:3c:40:
                    c8:53:7e:8a:95:7e:86:4b:41:0e:6d:bb:e8:d0:66:
                    c1:c7:7f:43:42:e0:98:9a:07:f9:ab:91:7c:3d:92:
                    ba:db:d6:b8:97:14:45:47:55:0d:9d:48:39:5b:fd:
                    96:da:ea:59:43:5b:30:97:6a:8a:16:0b:9d:d2:9f:
                    44:dd:33:67:b2:a8:0f:32:73:84:2e:0f:7d:cf:fe:
                    d7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:05:1F:D3:DD:EE:E8:D9:5C:23:97:BD:60:F4:87:A3:DE:87:EE:C7
            X509v3 Authority Key Identifier:
                keyid:78:FF:87:E2:63:3B:B2:32:86:75:4E:CA:11:D8:3A:63:B8:C3:DC:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eP-H4mM7sjKGdU7KEdg6Y7jD3As.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/1293d1-fc7b-4b08-8c9b-3bbac4f5d935/1/twUf093u6NlcI5e9YPSHo96H7sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/1293d1-fc7b-4b08-8c9b-3bbac4f5d935/1/eP-H4mM7sjKGdU7KEdg6Y7jD3As.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:3d:f6:f6:5f:b2:d4:6b:f5:d6:c5:3c:24:13:55:5b:05:3e:
         2f:40:dc:bd:88:f9:a3:0f:e0:b3:32:fe:76:6b:68:8d:d7:fd:
         65:d1:ee:47:bf:f0:15:48:21:66:52:4c:d2:4b:b5:77:db:4e:
         1c:d3:6f:a4:f0:b7:bd:9b:1a:0f:bc:26:a0:0c:59:ab:95:9c:
         37:62:93:dd:cd:b5:da:b8:59:a5:d3:a1:0e:f8:9d:49:25:4f:
         16:21:e2:b4:df:7c:7a:01:af:1b:c2:b5:a4:ad:f6:75:33:f4:
         69:6b:36:c0:da:19:e2:ec:6c:00:fb:16:e0:0b:a6:3b:2c:dc:
         3c:fe:ba:84:e2:3f:f3:a8:22:16:7c:f1:30:66:c7:7a:cd:cb:
         37:30:0a:f7:af:f7:b2:f7:fd:cf:51:80:2b:59:d0:32:99:b9:
         38:7e:f7:f8:8b:eb:22:ff:1b:8b:14:4a:37:4f:ab:f9:9c:2f:
         e1:42:af:86:a8:9e:90:31:c9:71:7e:42:e5:d1:dd:16:cb:51:
         be:40:6a:78:b9:76:a6:25:d6:08:05:e2:e7:77:a7:e8:1f:e0:
         0e:f6:0e:4c:0e:67:4c:9c:b4:ec:d3:df:f9:9c:e7:7e:eb:1f:
         39:1b:a3:27:5f:19:d6:ec:f1:c8:99:3e:99:90:71:7f:b2:00:
         12:ca:b5:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2f699fgIwNykHtHp/Q4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZmY4N2UyNjMzYmIyMzI4Njc1NGVjYTExZDgzYTYzYjhj
M2RjMGIwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzA1MWZkM2RkZWVlOGQ5NWMyMzk3YmQ2MGY0ODdhM2RlODdlZWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqKtFWwb2Rxnfcjjh9/XlJeyJl0r
4sEct0vLmVZrtWCGB8HyfO+oE6xh/kBH7UjjWerNau0b5IGogyL8pnUNjHabgN/e
9ha4rRFVxcTLbyP6xj9Bx5LvbKh274rArFUi2DVorkdfQZwC/4R128bEdf9EPXUC
YThUoD6c5Mz9Rc7TKWSlVVJwdfd4vPt0mhc2uyDtJh1/w37qXtFxHeHw2zTbL/nE
1/sh6dlwWYTe1YZLPEDIU36KlX6GS0EObbvo0GbBx39DQuCYmgf5q5F8PZK629a4
lxRFR1UNnUg5W/2W2upZQ1swl2qKFgud0p9E3TNnsqgPMnOELg99z/7X3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcFH9Pd7ujZXCOXvWD0h6Peh+7HMB8GA1UdIwQY
MBaAFHj/h+JjO7IyhnVOyhHYOmO4w9wLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVAtSDRtTTdzaktHZFU3S0VkZzZZN2pEM0FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8xMjkzZDEtZmM3Yi00YjA4LThjOWIt
M2JiYWM0ZjVkOTM1LzEvdHdVZjA5M3U2TmxjSTVlOVlQU0hvOTZIN3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8xMjkzZDEtZmM3Yi00YjA4LThjOWItM2JiYWM0ZjVkOTM1
LzEvZVAtSDRtTTdzaktHZFU3S0VkZzZZN2pEM0FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7Y3MA0G
CSqGSIb3DQEBCwUAA4IBAQAqPfb2X7LUa/XWxTwkE1VbBT4vQNy9iPmjD+CzMv52
a2iN1/1l0e5Hv/AVSCFmUkzSS7V3204c02+k8Le9mxoPvCagDFmrlZw3YpPdzbXa
uFml06EO+J1JJU8WIeK033x6Aa8bwrWkrfZ1M/RpazbA2hni7GwA+xbgC6Y7LNw8
/rqE4j/zqCIWfPEwZsd6zcs3MAr3r/ey9/3PUYArWdAymbk4fvf4i+si/xuLFEo3
T6v5nC/hQq+GqJ6QMclxfkLl0d0Wy1G+QGp4uXamJdYIBeLnd6foH+AO9g5MDmdM
nLTs09/5nOd+6x85G6MnXxnW7PHImT6ZkHF/sgASyrWF
-----END CERTIFICATE-----