Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/kt8Xw-F9Qur23l3wq9-b3H3ldPw.roa
File:                     kt8Xw-F9Qur23l3wq9-b3H3ldPw.roa (raw, json)
Hash identifier:          aY5eYajH22O1PB258fIWHjune9+AF9rf/Cua09wF5dM=
Subject key identifier:   92:DF:17:C3:E1:7D:42:EA:F6:DE:5D:F0:AB:DF:9B:DC:7D:E5:74:FC
Certificate issuer:       /CN=f62e0e55e5c5a30ec04bd6dc46d154b3e4b7b5f5
Certificate serial:       018CC26D7C68B9EFBF967CA301DD5C7358F6
Authority key identifier: F6:2E:0E:55:E5:C5:A3:0E:C0:4B:D6:DC:46:D1:54:B3:E4:B7:B5:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9i4OVeXFow7AS9bcRtFUs-S3tfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/kt8Xw-F9Qur23l3wq9-b3H3ldPw.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201218
IP address blocks:        78.24.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/9i4OVeXFow7AS9bcRtFUs-S3tfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/9i4OVeXFow7AS9bcRtFUs-S3tfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9i4OVeXFow7AS9bcRtFUs-S3tfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7c:68:b9:ef:bf:96:7c:a3:01:dd:5c:73:58:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f62e0e55e5c5a30ec04bd6dc46d154b3e4b7b5f5
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92df17c3e17d42eaf6de5df0abdf9bdc7de574fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:56:4d:d5:c7:e2:07:40:3d:18:17:c7:7a:7b:
                    0e:1f:05:25:9f:f7:38:3d:ae:3e:1e:9c:f8:8c:ff:
                    57:9b:59:85:69:28:5c:f5:ba:15:cb:f2:12:0a:f1:
                    ed:f3:5e:90:59:f4:41:08:ec:e4:49:99:ca:96:e3:
                    4d:09:d9:f2:69:e5:63:7a:f3:6f:1c:ec:49:b5:10:
                    e2:79:34:2e:0e:0f:ff:26:95:d2:09:20:44:f3:20:
                    bd:a0:c2:ec:77:c6:f1:95:31:cb:72:59:ad:43:40:
                    d3:d8:76:2f:96:92:1a:77:b7:46:a5:d1:8c:fb:c0:
                    8c:46:01:bf:1c:0e:bb:23:3e:28:01:49:03:37:3a:
                    fa:eb:d0:72:da:80:0b:c1:f1:3c:a7:a0:53:7f:9f:
                    b4:69:f7:29:1b:4f:e5:2c:82:87:9a:2d:6e:4c:8d:
                    61:35:aa:84:ae:03:bb:a3:b1:7f:6b:17:45:eb:d6:
                    53:8e:24:76:3b:f4:cd:64:e0:a7:f2:c8:45:bc:23:
                    a2:a0:d5:c2:2d:1e:8f:52:80:0e:d7:e0:6e:2a:72:
                    39:e3:f1:01:70:5b:d4:8a:b6:58:38:37:a5:eb:08:
                    62:7f:8c:d2:ce:3d:2d:04:e6:bc:0c:75:a1:e9:65:
                    46:12:d5:7c:45:00:ec:4e:c4:69:e4:c8:55:75:c3:
                    88:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:DF:17:C3:E1:7D:42:EA:F6:DE:5D:F0:AB:DF:9B:DC:7D:E5:74:FC
            X509v3 Authority Key Identifier:
                keyid:F6:2E:0E:55:E5:C5:A3:0E:C0:4B:D6:DC:46:D1:54:B3:E4:B7:B5:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i4OVeXFow7AS9bcRtFUs-S3tfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/kt8Xw-F9Qur23l3wq9-b3H3ldPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/9i4OVeXFow7AS9bcRtFUs-S3tfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:77:9a:6c:83:f4:4e:9d:97:46:ad:24:7d:5f:0c:68:da:de:
         52:72:40:0b:07:46:67:79:d1:85:7e:de:98:25:aa:e6:0b:bd:
         e9:d2:7f:f3:33:5f:43:2b:44:6f:88:5e:78:ea:63:12:80:9e:
         10:db:f6:a5:3f:16:cd:00:96:c7:21:8c:35:0f:21:d2:bb:37:
         28:7a:00:f3:05:a9:ee:1c:33:45:e6:62:48:4b:af:75:73:92:
         af:8d:f0:d1:cd:b9:2a:5f:19:06:28:19:0f:90:04:94:86:86:
         51:2e:2e:8c:8a:ee:95:b9:ea:13:e0:a3:de:26:1c:c7:f1:00:
         ca:73:c2:f5:9b:10:4a:e2:d0:b2:d3:b1:eb:93:c2:77:67:bc:
         38:1b:80:32:c1:75:40:0f:e9:0f:44:fa:50:1b:f4:8b:7a:b0:
         d2:23:b7:d8:76:4f:e7:65:be:0a:26:c7:6c:77:2c:90:b2:81:
         6a:4e:bc:73:d3:7d:3e:b1:53:3c:53:91:4e:45:44:dd:3d:94:
         0d:04:de:fa:d6:ae:f9:30:05:6e:06:fb:f0:ea:7f:2f:35:05:
         6a:be:03:7a:49:87:f9:56:3f:8c:76:b1:d8:0f:12:ac:96:cf:
         a5:8c:12:2d:c8:05:88:e0:af:8b:ce:71:76:11:be:a4:41:c6:
         80:b1:45:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXxoue+/lnyjAd1cc1j2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmUwZTU1ZTVjNWEzMGVjMDRiZDZkYzQ2ZDE1NGIzZTRi
N2I1ZjUwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmRmMTdjM2UxN2Q0MmVhZjZkZTVkZjBhYmRmOWJkYzdkZTU3NGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilZN1cfiB0A9GBfHensOHwUln/c4
Pa4+Hpz4jP9Xm1mFaShc9boVy/ISCvHt816QWfRBCOzkSZnKluNNCdnyaeVjevNv
HOxJtRDieTQuDg//JpXSCSBE8yC9oMLsd8bxlTHLclmtQ0DT2HYvlpIad7dGpdGM
+8CMRgG/HA67Iz4oAUkDNzr669By2oALwfE8p6BTf5+0afcpG0/lLIKHmi1uTI1h
NaqErgO7o7F/axdF69ZTjiR2O/TNZOCn8shFvCOioNXCLR6PUoAO1+BuKnI54/EB
cFvUirZYODel6whif4zSzj0tBOa8DHWh6WVGEtV8RQDsTsRp5MhVdcOIywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLfF8PhfULq9t5d8Kvfm9x95XT8MB8GA1UdIwQY
MBaAFPYuDlXlxaMOwEvW3EbRVLPkt7X1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk0T1ZlWEZvdzdBUzliY1J0RlVzLVMzdGZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mOTk3YzgtZGY3MC00ZDdmLWI4NmQt
MTkyY2IzNjk0MjNmLzEva3Q4WHctRjlRdXIyM2wzd3E5LWIzSDNsZFB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mOTk3YzgtZGY3MC00ZDdmLWI4NmQtMTkyY2IzNjk0MjNm
LzEvOWk0T1ZlWEZvdzdBUzliY1J0RlVzLVMzdGZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThjLMA0G
CSqGSIb3DQEBCwUAA4IBAQCdd5psg/ROnZdGrSR9Xwxo2t5SckALB0ZnedGFft6Y
JarmC73p0n/zM19DK0RviF546mMSgJ4Q2/alPxbNAJbHIYw1DyHSuzcoegDzBanu
HDNF5mJIS691c5KvjfDRzbkqXxkGKBkPkASUhoZRLi6Miu6VueoT4KPeJhzH8QDK
c8L1mxBK4tCy07Hrk8J3Z7w4G4AywXVAD+kPRPpQG/SLerDSI7fYdk/nZb4KJsds
dyyQsoFqTrxz030+sVM8U5FORUTdPZQNBN761q75MAVuBvvw6n8vNQVqvgN6SYf5
Vj+MdrHYDxKsls+ljBItyAWI4K+LznF2Eb6kQcaAsUX3
-----END CERTIFICATE-----