Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/yv5-6x-Ke7Rhxsqv-6UqBxDBO9g.roa
File:                     yv5-6x-Ke7Rhxsqv-6UqBxDBO9g.roa (raw, json)
Hash identifier:          /K6lIwlHYvACb2skcgaVaYCGEz0l7t51WRaAeNKFyEI=
Subject key identifier:   CA:FE:7E:EB:1F:8A:7B:B4:61:C6:CA:AF:FB:A5:2A:07:10:C1:3B:D8
Certificate issuer:       /CN=78703e7a62309bf027c1f10536926a19b7f14b1e
Certificate serial:       018CC8DF2380B66A115C4167C27DA4EB84D3
Authority key identifier: 78:70:3E:7A:62:30:9B:F0:27:C1:F1:05:36:92:6A:19:B7:F1:4B:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eHA-emIwm_AnwfEFNpJqGbfxSx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/yv5-6x-Ke7Rhxsqv-6UqBxDBO9g.roa
Signing time:             Tue 02 Jan 2024 06:31:55 +0000
ROA not before:           Tue 02 Jan 2024 06:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205112
IP address blocks:        185.117.214.0/24 maxlen: 24
                          2a06:8784:8000::/33 maxlen: 33
                          2a06:8784::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/eHA-emIwm_AnwfEFNpJqGbfxSx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/eHA-emIwm_AnwfEFNpJqGbfxSx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eHA-emIwm_AnwfEFNpJqGbfxSx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:23:80:b6:6a:11:5c:41:67:c2:7d:a4:eb:84:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78703e7a62309bf027c1f10536926a19b7f14b1e
        Validity
            Not Before: Jan  2 06:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cafe7eeb1f8a7bb461c6caaffba52a0710c13bd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:51:62:09:1a:dc:0a:f6:3b:f8:c9:17:d5:48:
                    e9:7f:1d:f5:4a:cc:53:8e:34:2c:9d:3b:62:2a:1f:
                    50:0b:3d:27:14:36:0e:66:ef:ea:9c:a8:75:a2:94:
                    97:52:64:0f:de:12:c8:29:c9:a4:27:87:c5:cc:63:
                    b5:17:dd:18:6c:c6:b4:2e:91:eb:40:c6:7c:c7:08:
                    78:33:1b:af:44:32:c9:ed:88:e9:55:f4:1a:2a:aa:
                    ec:83:2d:33:0f:e1:eb:cb:d1:5a:39:4d:55:b4:71:
                    a0:ed:9c:df:e7:9b:05:88:cb:ee:c5:6c:e1:a2:c5:
                    ed:d8:d3:44:4c:8a:3d:4f:44:7b:87:b3:98:82:3f:
                    e9:d6:aa:04:71:e9:2a:c2:45:fb:88:cf:c2:da:08:
                    ab:9d:d9:f1:e7:f5:20:4f:15:c3:6b:77:8f:ec:c8:
                    95:ec:3d:5e:44:37:53:f9:25:fe:6c:cb:94:c9:79:
                    9c:f2:ec:39:60:01:ae:7d:1a:c2:f8:4c:f7:e6:a2:
                    1b:c5:fc:21:76:d4:69:8f:c0:0a:93:2a:39:58:d7:
                    01:4f:af:3e:28:8d:aa:e7:d7:9d:30:90:78:49:8b:
                    b3:c7:bd:84:4f:88:ce:b1:c7:ec:6d:ff:2e:7b:ae:
                    e6:0b:cf:e1:9a:ab:cc:a0:1a:90:c0:b9:3d:63:39:
                    8a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:FE:7E:EB:1F:8A:7B:B4:61:C6:CA:AF:FB:A5:2A:07:10:C1:3B:D8
            X509v3 Authority Key Identifier:
                keyid:78:70:3E:7A:62:30:9B:F0:27:C1:F1:05:36:92:6A:19:B7:F1:4B:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eHA-emIwm_AnwfEFNpJqGbfxSx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/yv5-6x-Ke7Rhxsqv-6UqBxDBO9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/5fd4bf-74d9-4072-b557-084cca1c8623/1/eHA-emIwm_AnwfEFNpJqGbfxSx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.214.0/24
                IPv6:
                  2a06:8784::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:14:70:86:ef:63:b8:42:fb:00:02:46:6c:9c:d3:7d:ab:68:
         1a:e2:96:ed:92:0d:54:50:6b:b0:90:52:d4:92:4d:1f:a1:90:
         e0:dd:ec:fe:1d:17:33:28:86:33:53:94:23:5b:9e:0c:2e:9e:
         aa:11:c3:fa:ac:06:81:63:1b:88:3a:49:51:0e:93:1d:72:ee:
         85:b6:3a:33:22:cd:1d:12:d5:32:0b:b8:0a:17:bc:f2:5e:11:
         9f:d4:e3:34:18:72:fb:54:1f:00:19:26:e2:82:84:63:bc:1c:
         99:ec:1d:0f:e9:a5:cf:83:c7:20:fd:a1:8c:6c:4b:15:2e:13:
         71:7c:1d:b8:ae:64:55:17:7e:5d:52:60:54:6c:1c:4c:65:ad:
         1d:65:04:63:3b:90:a9:25:54:4d:14:0c:c4:f5:8f:12:57:eb:
         cb:1b:7a:c5:3f:b0:be:9a:6a:5a:9d:bc:06:20:85:84:55:a2:
         83:cb:c4:05:2c:11:c4:83:33:9b:27:c7:61:86:65:7c:77:67:
         be:42:a5:ad:e2:7b:ce:97:0a:e4:16:81:8e:08:be:9e:9f:06:
         a1:93:a5:d2:ac:a7:62:50:3c:e5:fe:d9:de:0a:53:0a:06:e9:
         de:22:72:8c:e2:66:55:ca:c8:1a:d8:3b:81:53:77:cf:a3:f3:
         0d:28:11:31
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3yOAtmoRXEFnwn2k64TTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NzAzZTdhNjIzMDliZjAyN2MxZjEwNTM2OTI2YTE5Yjdm
MTRiMWUwHhcNMjQwMTAyMDYzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZlN2VlYjFmOGE3YmI0NjFjNmNhYWZmYmE1MmEwNzEwYzEzYmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVFiCRrcCvY7+MkX1Ujpfx31SsxT
jjQsnTtiKh9QCz0nFDYOZu/qnKh1opSXUmQP3hLIKcmkJ4fFzGO1F90YbMa0LpHr
QMZ8xwh4MxuvRDLJ7YjpVfQaKqrsgy0zD+Hry9FaOU1VtHGg7Zzf55sFiMvuxWzh
osXt2NNETIo9T0R7h7OYgj/p1qoEcekqwkX7iM/C2girndnx5/UgTxXDa3eP7MiV
7D1eRDdT+SX+bMuUyXmc8uw5YAGufRrC+Ez35qIbxfwhdtRpj8AKkyo5WNcBT68+
KI2q59edMJB4SYuzx72ET4jOscfsbf8ue67mC8/hmqvMoBqQwLk9YzmKqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMr+fusfinu0YcbKr/ulKgcQwTvYMB8GA1UdIwQY
MBaAFHhwPnpiMJvwJ8HxBTaSahm38UseMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUhBLWVtSXdtX0Fud2ZFRk5wSnFHYmZ4U3g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81ZmQ0YmYtNzRkOS00MDcyLWI1NTct
MDg0Y2NhMWM4NjIzLzEveXY1LTZ4LUtlN1JoeHNxdi02VXFCeERCTzlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81ZmQ0YmYtNzRkOS00MDcyLWI1NTctMDg0Y2NhMWM4NjIz
LzEvZUhBLWVtSXdtX0Fud2ZFRk5wSnFHYmZ4U3g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXXWMA0E
AgACMAcDBQAqBoeEMA0GCSqGSIb3DQEBCwUAA4IBAQAfFHCG72O4QvsAAkZsnNN9
q2ga4pbtkg1UUGuwkFLUkk0foZDg3ez+HRczKIYzU5QjW54MLp6qEcP6rAaBYxuI
OklRDpMdcu6FtjozIs0dEtUyC7gKF7zyXhGf1OM0GHL7VB8AGSbigoRjvByZ7B0P
6aXPg8cg/aGMbEsVLhNxfB24rmRVF35dUmBUbBxMZa0dZQRjO5CpJVRNFAzE9Y8S
V+vLG3rFP7C+mmpanbwGIIWEVaKDy8QFLBHEgzObJ8dhhmV8d2e+QqWt4nvOlwrk
FoGOCL6enwahk6XSrKdiUDzl/tneClMKBuneInKM4mZVysga2DuBU3fPo/MNKBEx
-----END CERTIFICATE-----