Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/aySPk-LjpXGQHwZ5y6H08iox8HE.roa
File:                     aySPk-LjpXGQHwZ5y6H08iox8HE.roa (raw, json)
Hash identifier:          iC5e6cZHRIhgvF7NuDnk38N5uIGMd1mWMqtenI2FoxI=
Subject key identifier:   6B:24:8F:93:E2:E3:A5:71:90:1F:06:79:CB:A1:F4:F2:2A:31:F0:71
Certificate issuer:       /CN=78703e7a62309bf027c1f10536926a19b7f14b1e
Certificate serial:       018CC8DF227140D9FB8902FEC6EA9C2EF49E
Authority key identifier: 78:70:3E:7A:62:30:9B:F0:27:C1:F1:05:36:92:6A:19:B7:F1:4B:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eHA-emIwm_AnwfEFNpJqGbfxSx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/aySPk-LjpXGQHwZ5y6H08iox8HE.roa
Signing time:             Tue 02 Jan 2024 06:31:55 +0000
ROA not before:           Tue 02 Jan 2024 06:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3624
IP address blocks:        185.117.213.0/24 maxlen: 24
                          2a06:8782::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/eHA-emIwm_AnwfEFNpJqGbfxSx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/eHA-emIwm_AnwfEFNpJqGbfxSx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eHA-emIwm_AnwfEFNpJqGbfxSx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:22:71:40:d9:fb:89:02:fe:c6:ea:9c:2e:f4:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78703e7a62309bf027c1f10536926a19b7f14b1e
        Validity
            Not Before: Jan  2 06:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b248f93e2e3a571901f0679cba1f4f22a31f071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f0:03:0b:9e:21:24:b8:8b:11:78:06:81:08:
                    d1:df:a7:6e:86:db:70:0a:dc:64:51:e5:a7:ad:33:
                    46:e3:10:0c:89:79:55:be:01:17:c4:01:38:a3:62:
                    c8:54:ee:48:8c:f1:be:81:00:23:47:ad:42:42:36:
                    d2:ef:82:4a:32:e5:c6:eb:e5:85:74:dc:3c:68:0a:
                    68:c8:9b:d6:8d:2b:1b:9c:f3:c4:72:6c:f1:35:74:
                    8f:a3:1f:bd:5a:ed:cd:be:26:9f:38:28:0e:7c:74:
                    88:62:a8:d9:49:34:4d:1a:0d:df:98:11:eb:20:95:
                    69:db:b0:6f:ee:9d:dd:6e:7b:6e:e3:fd:0f:6e:ba:
                    0b:c2:c3:ca:db:45:f9:af:7c:fe:f6:9f:e4:35:a7:
                    12:48:28:a9:fd:bb:76:2a:cc:91:e9:1e:2a:54:c3:
                    68:00:1c:0b:ef:4e:97:7a:61:9c:90:44:a9:cd:77:
                    9f:da:e3:54:d4:6e:69:7a:3c:81:c2:9e:71:f8:f2:
                    9d:6e:40:f5:fc:37:83:0c:c4:22:ff:4d:20:3a:63:
                    68:4e:a6:bf:73:8e:69:6a:14:e2:13:89:67:5c:4f:
                    df:ad:79:bc:ce:5c:5c:d5:30:c5:f8:49:b7:df:c3:
                    59:de:c0:dd:66:f5:87:e0:6b:fb:ae:b0:28:c2:e4:
                    5a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:24:8F:93:E2:E3:A5:71:90:1F:06:79:CB:A1:F4:F2:2A:31:F0:71
            X509v3 Authority Key Identifier:
                keyid:78:70:3E:7A:62:30:9B:F0:27:C1:F1:05:36:92:6A:19:B7:F1:4B:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eHA-emIwm_AnwfEFNpJqGbfxSx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/aySPk-LjpXGQHwZ5y6H08iox8HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/eHA-emIwm_AnwfEFNpJqGbfxSx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.213.0/24
                IPv6:
                  2a06:8782::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:7d:ea:5b:2c:7f:43:bf:82:e3:0e:5a:f4:07:33:ed:fd:5d:
         e4:b6:ad:52:d1:75:68:42:6f:06:6a:39:2a:7e:76:14:16:ec:
         3c:c9:ea:4c:ae:1d:d3:11:47:61:81:8f:c1:33:34:4e:eb:a9:
         bc:c1:27:72:1a:82:53:e8:02:c6:10:19:9f:de:ca:62:27:32:
         5a:48:c4:21:04:40:9c:49:8f:7d:41:6f:4b:66:73:11:99:de:
         68:25:68:2e:de:ad:63:4c:d5:b8:35:ed:f7:f0:aa:97:80:f8:
         ff:4a:66:60:8b:bb:fa:f1:1d:0b:6d:5c:93:6f:c9:ce:bc:b9:
         17:cd:f7:02:9d:b8:ba:8f:f6:ee:0d:8d:20:c3:d9:b3:83:b7:
         2e:cc:a6:45:b6:2d:05:b8:11:6a:42:70:6f:0c:8b:17:43:dd:
         08:74:9e:02:c1:98:d1:01:b5:a0:0b:c7:05:ea:86:c6:e6:e5:
         2a:ea:b1:b5:34:4a:c2:a0:31:44:a3:47:ba:22:dd:5e:50:ae:
         a9:8d:29:06:ce:ea:3c:e8:84:89:d7:38:9a:1c:86:ee:8c:5b:
         1b:45:c3:f8:f6:38:ef:72:b6:0e:d5:05:3d:84:c7:69:ce:0e:
         f9:a9:cf:16:b6:6c:61:d4:77:1e:98:9e:82:8b:97:3d:d1:fb:
         f9:ba:7b:28
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3yJxQNn7iQL+xuqcLvSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NzAzZTdhNjIzMDliZjAyN2MxZjEwNTM2OTI2YTE5Yjdm
MTRiMWUwHhcNMjQwMTAyMDYzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjI0OGY5M2UyZTNhNTcxOTAxZjA2NzljYmExZjRmMjJhMzFmMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvADC54hJLiLEXgGgQjR36duhttw
CtxkUeWnrTNG4xAMiXlVvgEXxAE4o2LIVO5IjPG+gQAjR61CQjbS74JKMuXG6+WF
dNw8aApoyJvWjSsbnPPEcmzxNXSPox+9Wu3NviafOCgOfHSIYqjZSTRNGg3fmBHr
IJVp27Bv7p3dbntu4/0PbroLwsPK20X5r3z+9p/kNacSSCip/bt2KsyR6R4qVMNo
ABwL706XemGckESpzXef2uNU1G5pejyBwp5x+PKdbkD1/DeDDMQi/00gOmNoTqa/
c45pahTiE4lnXE/frXm8zlxc1TDF+Em338NZ3sDdZvWH4Gv7rrAowuRaHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGskj5Pi46VxkB8Gecuh9PIqMfBxMB8GA1UdIwQY
MBaAFHhwPnpiMJvwJ8HxBTaSahm38UseMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUhBLWVtSXdtX0Fud2ZFRk5wSnFHYmZ4U3g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81ZmQ0YmYtNzRkOS00MDcyLWI1NTct
MDg0Y2NhMWM4NjIzLzEvYXlTUGstTGpwWEdRSHdaNXk2SDA4aW94OEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81ZmQ0YmYtNzRkOS00MDcyLWI1NTctMDg0Y2NhMWM4NjIz
LzEvZUhBLWVtSXdtX0Fud2ZFRk5wSnFHYmZ4U3g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXXVMA0E
AgACMAcDBQAqBoeCMA0GCSqGSIb3DQEBCwUAA4IBAQAGfepbLH9Dv4LjDlr0BzPt
/V3ktq1S0XVoQm8GajkqfnYUFuw8yepMrh3TEUdhgY/BMzRO66m8wSdyGoJT6ALG
EBmf3spiJzJaSMQhBECcSY99QW9LZnMRmd5oJWgu3q1jTNW4Ne338KqXgPj/SmZg
i7v68R0LbVyTb8nOvLkXzfcCnbi6j/buDY0gw9mzg7cuzKZFti0FuBFqQnBvDIsX
Q90IdJ4CwZjRAbWgC8cF6obG5uUq6rG1NErCoDFEo0e6It1eUK6pjSkGzuo86ISJ
1ziaHIbujFsbRcP49jjvcrYO1QU9hMdpzg75qc8Wtmxh1HcemJ6Ci5c90fv5unso
-----END CERTIFICATE-----