Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/1582e8-0698-4baf-9028-df02b13e2e4a/1/zsNdBPwLQ-BuSN2iFMYQpyCF2Ng.roa
File:                     zsNdBPwLQ-BuSN2iFMYQpyCF2Ng.roa (raw, json)
Hash identifier:          86PJV4imnqFx3q9CFrsJ+/HxoivxVA5Yx+Lrt8n8TrQ=
Subject key identifier:   CE:C3:5D:04:FC:0B:43:E0:6E:48:DD:A2:14:C6:10:A7:20:85:D8:D8
Certificate issuer:       /CN=087aac674e4e57960201a34c2c0424861a7fb077
Certificate serial:       018FCE01C173A09CCF8E5E06624EE4EF896A
Authority key identifier: 08:7A:AC:67:4E:4E:57:96:02:01:A3:4C:2C:04:24:86:1A:7F:B0:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CHqsZ05OV5YCAaNMLAQkhhp_sHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/1582e8-0698-4baf-9028-df02b13e2e4a/1/zsNdBPwLQ-BuSN2iFMYQpyCF2Ng.roa
Signing time:             Fri 31 May 2024 09:36:12 +0000
ROA not before:           Fri 31 May 2024 09:36:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203778
IP address blocks:        185.78.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/1582e8-0698-4baf-9028-df02b13e2e4a/1/CHqsZ05OV5YCAaNMLAQkhhp_sHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/1582e8-0698-4baf-9028-df02b13e2e4a/1/CHqsZ05OV5YCAaNMLAQkhhp_sHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CHqsZ05OV5YCAaNMLAQkhhp_sHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ce:01:c1:73:a0:9c:cf:8e:5e:06:62:4e:e4:ef:89:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=087aac674e4e57960201a34c2c0424861a7fb077
        Validity
            Not Before: May 31 09:36:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cec35d04fc0b43e06e48dda214c610a72085d8d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:e0:48:19:46:29:18:a8:dd:93:86:b3:0f:8b:
                    3c:81:e4:0e:19:02:c9:4d:7b:5e:b6:5e:93:c0:4e:
                    7b:7c:cc:a4:ad:87:8f:18:67:a1:26:6c:88:21:06:
                    58:44:fc:ef:6b:b2:8a:8e:1d:ce:bc:c4:6d:e6:c6:
                    21:e4:4b:ca:27:a3:fe:0b:47:7a:09:bc:4d:e8:3f:
                    2e:26:25:c2:db:e9:25:b3:4f:a6:b0:be:d4:e6:80:
                    ad:df:98:13:88:8d:07:c5:76:5c:17:76:ac:e9:a7:
                    30:11:05:3c:65:70:73:23:0c:cb:a8:ee:7a:13:15:
                    d7:ef:34:fe:68:7d:36:cd:98:15:3c:e6:98:50:83:
                    a9:56:12:80:0c:ce:4b:3e:5a:6f:7e:ca:da:c3:38:
                    90:58:d7:32:8c:79:4b:a7:5e:57:51:ba:00:88:f3:
                    d0:f8:98:26:83:aa:b6:31:35:d0:02:48:dc:19:dd:
                    85:a0:10:36:8d:ae:65:7d:17:bc:03:0b:e0:0b:68:
                    de:53:ab:28:d9:54:1f:27:7e:3b:1f:bc:a5:5f:4b:
                    20:77:a7:c1:fc:f6:61:bf:65:d3:d1:31:67:fb:3b:
                    13:61:59:55:a5:f4:db:b4:ef:e2:6b:53:ae:65:a3:
                    f5:78:29:4f:3b:18:c4:ff:ca:07:0e:15:96:95:ec:
                    71:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C3:5D:04:FC:0B:43:E0:6E:48:DD:A2:14:C6:10:A7:20:85:D8:D8
            X509v3 Authority Key Identifier:
                keyid:08:7A:AC:67:4E:4E:57:96:02:01:A3:4C:2C:04:24:86:1A:7F:B0:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CHqsZ05OV5YCAaNMLAQkhhp_sHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1582e8-0698-4baf-9028-df02b13e2e4a/1/zsNdBPwLQ-BuSN2iFMYQpyCF2Ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1582e8-0698-4baf-9028-df02b13e2e4a/1/CHqsZ05OV5YCAaNMLAQkhhp_sHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:1e:34:d7:1e:1a:ba:82:a2:33:ef:94:83:89:5e:e7:ac:7e:
         b0:41:73:a3:7a:a7:04:27:e4:77:17:31:0b:2c:3a:ac:e4:e2:
         8e:8f:ab:13:ba:42:49:bd:96:bf:f0:f8:1f:33:23:24:58:57:
         85:33:e8:37:bd:c3:0a:dc:9a:35:7e:7c:ea:03:9b:82:7c:d1:
         7f:3c:8e:5d:a1:6f:25:dc:f0:f4:4c:ef:78:6d:a2:8d:ba:15:
         a2:6c:8f:21:d8:b7:d2:97:da:e3:68:1e:2b:db:b3:d7:b5:c9:
         f8:93:a5:fc:d4:1d:f0:ce:2f:7c:c4:bd:d0:17:ab:da:d5:74:
         ba:fc:d1:43:92:7a:4f:52:6c:cb:5c:5e:84:ce:40:78:7d:30:
         90:76:14:96:bf:55:af:76:4d:c6:c6:4b:5e:1b:d0:8d:7f:7f:
         a8:73:9d:fe:c2:8b:49:36:11:6e:14:d3:02:ec:a3:9a:f3:42:
         29:f6:04:31:52:1b:c6:87:e2:e0:2f:b9:f3:bd:ab:71:90:cc:
         b5:87:9b:e7:18:a8:d2:98:f8:58:1b:3e:a5:0d:36:79:7b:0b:
         a7:c9:26:b1:32:aa:71:d6:00:9e:22:54:02:a7:5c:54:45:9a:
         63:1d:f1:38:53:1f:9f:c9:cb:b4:2e:74:3a:60:ff:6f:f3:a8:
         2e:97:f3:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/OAcFzoJzPjl4GYk7k74lqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4N2FhYzY3NGU0ZTU3OTYwMjAxYTM0YzJjMDQyNDg2MWE3
ZmIwNzcwHhcNMjQwNTMxMDkzNjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWMzNWQwNGZjMGI0M2UwNmU0OGRkYTIxNGM2MTBhNzIwODVkOGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5uBIGUYpGKjdk4azD4s8geQOGQLJ
TXtetl6TwE57fMykrYePGGehJmyIIQZYRPzva7KKjh3OvMRt5sYh5EvKJ6P+C0d6
CbxN6D8uJiXC2+kls0+msL7U5oCt35gTiI0HxXZcF3as6acwEQU8ZXBzIwzLqO56
ExXX7zT+aH02zZgVPOaYUIOpVhKADM5LPlpvfsrawziQWNcyjHlLp15XUboAiPPQ
+Jgmg6q2MTXQAkjcGd2FoBA2ja5lfRe8AwvgC2jeU6so2VQfJ347H7ylX0sgd6fB
/PZhv2XT0TFn+zsTYVlVpfTbtO/ia1OuZaP1eClPOxjE/8oHDhWWlexxJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7DXQT8C0PgbkjdohTGEKcghdjYMB8GA1UdIwQY
MBaAFAh6rGdOTleWAgGjTCwEJIYaf7B3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0hxc1owNU9WNVlDQWFOTUxBUWtoaHBfc0hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xNTgyZTgtMDY5OC00YmFmLTkwMjgt
ZGYwMmIxM2UyZTRhLzEvenNOZEJQd0xRLUJ1U04yaUZNWVFweUNGMk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xNTgyZTgtMDY5OC00YmFmLTkwMjgtZGYwMmIxM2UyZTRh
LzEvQ0hxc1owNU9WNVlDQWFOTUxBUWtoaHBfc0hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU5LMA0G
CSqGSIb3DQEBCwUAA4IBAQCPHjTXHhq6gqIz75SDiV7nrH6wQXOjeqcEJ+R3FzEL
LDqs5OKOj6sTukJJvZa/8PgfMyMkWFeFM+g3vcMK3Jo1fnzqA5uCfNF/PI5doW8l
3PD0TO94baKNuhWibI8h2LfSl9rjaB4r27PXtcn4k6X81B3wzi98xL3QF6va1XS6
/NFDknpPUmzLXF6EzkB4fTCQdhSWv1Wvdk3GxkteG9CNf3+oc53+wotJNhFuFNMC
7KOa80Ip9gQxUhvGh+LgL7nzvatxkMy1h5vnGKjSmPhYGz6lDTZ5ewunySaxMqpx
1gCeIlQCp1xURZpjHfE4Ux+fycu0LnQ6YP9v86gul/Pc
-----END CERTIFICATE-----