Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kaOOFN7vb-xGiyw-LV-8HXaHB3c.roa
File:                     kaOOFN7vb-xGiyw-LV-8HXaHB3c.roa (raw, json)
Hash identifier:          UwAO6IDJ9f6kiW5c7bNJ/M25RycOVNwZ3ZiuGdchzCI=
Subject key identifier:   91:A3:8E:14:DE:EF:6F:EC:46:8B:2C:3E:2D:5F:BC:1D:76:87:07:77
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50108BBAF9580944FBDC59141E83880
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kaOOFN7vb-xGiyw-LV-8HXaHB3c.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14080
IP address blocks:        78.142.241.0/24 maxlen: 24
                          2a10:7404::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:08:bb:af:95:80:94:4f:bd:c5:91:41:e8:38:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91a38e14deef6fec468b2c3e2d5fbc1d76870777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1d:31:18:02:1b:bc:2a:68:0e:5f:67:ef:94:
                    5a:95:0a:aa:7a:91:40:ba:91:9b:ed:68:01:31:d4:
                    22:98:b1:a7:d5:eb:f3:e3:33:c3:c5:88:6c:0a:4a:
                    ae:fb:e6:50:fe:4d:c4:f4:4c:19:4a:6a:ce:2e:8b:
                    a7:78:5e:13:5e:fd:c4:ba:80:12:bc:98:5c:f1:48:
                    cd:05:27:ef:49:c8:3f:1d:24:7c:2b:0f:b9:1d:d5:
                    7f:1b:32:60:52:9a:f5:42:9a:4d:cf:70:d1:28:2b:
                    bf:3b:e7:02:00:7b:c3:ee:84:ba:f0:18:c9:6a:81:
                    f6:9d:b1:dd:2e:a5:ac:b4:1c:bb:07:6b:38:12:ea:
                    5f:33:a0:8c:12:ad:ca:b6:fb:e2:70:5c:4a:f6:7f:
                    10:bb:35:5a:48:14:28:d0:c8:1b:c5:82:1f:7e:2c:
                    2e:92:a0:46:f7:5f:10:6d:a1:7e:ee:f1:f1:c3:7f:
                    e8:85:4a:0f:21:d2:2c:04:03:05:4c:40:f2:4e:d8:
                    06:23:ea:74:2e:0d:ad:28:e0:20:74:ea:00:77:9c:
                    fe:5d:1e:fb:1a:c5:c3:d0:11:81:74:94:f4:89:3d:
                    3e:28:be:6b:05:1c:2a:4f:0e:d6:f0:30:41:00:88:
                    0e:db:6e:01:13:6a:98:af:75:b6:19:4d:70:8e:f1:
                    af:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A3:8E:14:DE:EF:6F:EC:46:8B:2C:3E:2D:5F:BC:1D:76:87:07:77
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kaOOFN7vb-xGiyw-LV-8HXaHB3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.241.0/24
                IPv6:
                  2a10:7404::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:22:35:1c:63:94:de:be:11:2c:e2:a8:0b:2a:4a:0c:a7:10:
         44:78:3c:f0:33:a4:de:f6:84:b7:c2:14:5c:4b:50:b6:66:a7:
         60:8c:d3:a1:03:eb:5d:29:7b:22:c7:26:dc:90:5a:e5:27:87:
         32:e2:bc:fc:2f:0a:9c:a8:5c:e7:9e:ba:b6:68:7b:02:95:13:
         cf:23:6c:3f:f7:60:00:59:c9:9a:bc:61:ab:7a:2e:5c:99:7c:
         12:09:d4:19:c0:7b:cd:c1:7c:82:1d:1b:94:c5:38:4b:72:3c:
         c7:ed:6d:d8:83:17:d2:3f:9a:cb:f6:ca:76:79:17:4b:65:28:
         bc:8b:18:01:70:6e:74:da:9c:92:d3:0e:f3:c4:b1:b1:d8:ee:
         e2:33:75:91:23:34:4a:1e:21:05:d5:f4:b0:09:96:ee:1e:8a:
         45:8d:4d:c5:2d:82:cc:ae:94:3e:e0:e0:cf:4f:e7:2b:15:b2:
         27:35:9b:05:31:fa:af:5e:e3:5f:ad:73:a7:65:ff:8b:68:1e:
         40:e7:b0:2d:32:ef:12:a6:3d:d9:fe:27:3b:37:be:e7:98:83:
         65:5f:7d:47:e2:d9:a4:27:f2:a2:e1:6e:2a:7d:4b:5a:f8:e3:
         67:aa:9a:1e:c9:ad:e6:35:9d:c4:7c:38:9b:8d:f9:eb:3c:e4:
         00:9e:cf:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAQi7r5WAlE+9xZFB6DiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWEzOGUxNGRlZWY2ZmVjNDY4YjJjM2UyZDVmYmMxZDc2ODcwNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlx0xGAIbvCpoDl9n75RalQqqepFA
upGb7WgBMdQimLGn1evz4zPDxYhsCkqu++ZQ/k3E9EwZSmrOLouneF4TXv3EuoAS
vJhc8UjNBSfvScg/HSR8Kw+5HdV/GzJgUpr1QppNz3DRKCu/O+cCAHvD7oS68BjJ
aoH2nbHdLqWstBy7B2s4EupfM6CMEq3KtvvicFxK9n8QuzVaSBQo0MgbxYIffiwu
kqBG918QbaF+7vHxw3/ohUoPIdIsBAMFTEDyTtgGI+p0Lg2tKOAgdOoAd5z+XR77
GsXD0BGBdJT0iT0+KL5rBRwqTw7W8DBBAIgO224BE2qYr3W2GU1wjvGvVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJGjjhTe72/sRossPi1fvB12hwd3MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEva2FPT0ZON3ZiLXhHaXl3LUxWLThIWGFIQjNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQATo7xMA0E
AgACMAcDBQAqEHQEMA0GCSqGSIb3DQEBCwUAA4IBAQACIjUcY5TevhEs4qgLKkoM
pxBEeDzwM6Te9oS3whRcS1C2ZqdgjNOhA+tdKXsixybckFrlJ4cy4rz8LwqcqFzn
nrq2aHsClRPPI2w/92AAWcmavGGrei5cmXwSCdQZwHvNwXyCHRuUxThLcjzH7W3Y
gxfSP5rL9sp2eRdLZSi8ixgBcG502pyS0w7zxLGx2O7iM3WRIzRKHiEF1fSwCZbu
HopFjU3FLYLMrpQ+4ODPT+crFbInNZsFMfqvXuNfrXOnZf+LaB5A57AtMu8Spj3Z
/ic7N77nmINlX31H4tmkJ/Ki4W4qfUta+ONnqpoeya3mNZ3EfDibjfnrPOQAns/A
-----END CERTIFICATE-----