Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/1XUi7W-sSWTCckV8gztfLmpdZ34.roa
File:                     1XUi7W-sSWTCckV8gztfLmpdZ34.roa (raw, json)
Hash identifier:          0f/pWIU7b2OV4QWyyG3AxnHEr+uSsCGTZ2NyCsnrISM=
Subject key identifier:   D5:75:22:ED:6F:AC:49:64:C2:72:45:7C:83:3B:5F:2E:6A:5D:67:7E
Certificate issuer:       /CN=ad0618bc00d911a5d5eebf9c5896a41bf2898ecb
Certificate serial:       018CC9BBEBD4C7F3BD39F101A27148FC28A6
Authority key identifier: AD:06:18:BC:00:D9:11:A5:D5:EE:BF:9C:58:96:A4:1B:F2:89:8E:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQYYvADZEaXV7r-cWJakG_KJjss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/1XUi7W-sSWTCckV8gztfLmpdZ34.roa
Signing time:             Tue 02 Jan 2024 10:33:05 +0000
ROA not before:           Tue 02 Jan 2024 10:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202804
IP address blocks:        185.20.78.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/rQYYvADZEaXV7r-cWJakG_KJjss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/rQYYvADZEaXV7r-cWJakG_KJjss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQYYvADZEaXV7r-cWJakG_KJjss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:eb:d4:c7:f3:bd:39:f1:01:a2:71:48:fc:28:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0618bc00d911a5d5eebf9c5896a41bf2898ecb
        Validity
            Not Before: Jan  2 10:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d57522ed6fac4964c272457c833b5f2e6a5d677e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:82:26:0f:33:64:a3:be:39:e2:13:e1:d2:04:
                    7d:67:76:60:a3:c4:93:c4:bf:6b:76:b7:6d:45:88:
                    61:4b:5e:35:53:a2:d5:e2:4f:03:3c:92:f7:ff:fa:
                    b6:23:03:63:5e:20:b5:55:be:e2:6e:e8:00:80:78:
                    4f:42:25:b7:20:74:89:5d:f1:71:84:31:ce:6e:cd:
                    eb:ce:3f:e1:ad:d5:c7:87:0e:58:83:4f:f4:16:81:
                    ce:9e:9f:49:47:20:58:a1:cf:aa:6b:58:fb:82:59:
                    c5:95:77:a6:3f:a5:6f:c2:a3:3b:57:c8:40:34:eb:
                    e6:5c:d7:e5:1b:63:cc:8d:ac:06:09:d4:b5:26:9a:
                    19:69:1b:93:1a:92:a1:7d:6e:c4:24:39:7b:ad:3f:
                    94:a2:e4:93:8a:97:b9:54:9c:32:dc:7f:0d:f5:6d:
                    8a:99:3e:7a:39:1b:aa:46:8d:50:e0:53:b6:95:52:
                    50:ee:2a:41:d9:ac:a2:b6:f2:13:58:95:0b:16:13:
                    4e:1b:dc:e8:f4:bf:24:b5:09:e9:e4:ba:63:bf:5f:
                    c2:b1:1e:c5:c4:03:f5:a6:b8:6b:c4:c0:cb:6f:bd:
                    1a:02:d7:e9:02:2f:d3:b0:59:d0:f9:d1:77:a3:fe:
                    5b:50:ca:54:f8:a8:a9:6c:0b:db:cc:50:be:c5:a2:
                    67:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:75:22:ED:6F:AC:49:64:C2:72:45:7C:83:3B:5F:2E:6A:5D:67:7E
            X509v3 Authority Key Identifier:
                keyid:AD:06:18:BC:00:D9:11:A5:D5:EE:BF:9C:58:96:A4:1B:F2:89:8E:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQYYvADZEaXV7r-cWJakG_KJjss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/1XUi7W-sSWTCckV8gztfLmpdZ34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/9f35e9-a17a-48cd-9402-31d245f3b3b8/1/rQYYvADZEaXV7r-cWJakG_KJjss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:7b:7e:ab:54:63:ab:a1:72:22:4e:1b:f4:b7:e1:d7:91:79:
         de:28:c9:a3:dd:50:75:45:10:62:7e:8a:41:f1:5e:26:a6:b4:
         53:3d:41:fb:ac:50:4a:22:7d:9f:e7:27:bb:48:db:24:b2:9c:
         aa:0c:71:e8:e1:3a:39:c0:18:8e:c2:68:10:15:bb:83:2a:09:
         ee:62:52:95:0f:ba:0f:76:50:65:3a:c7:da:99:43:fa:13:ac:
         c5:6a:1f:da:fd:27:43:9e:20:11:f1:96:73:3c:12:15:b3:f4:
         84:97:5a:ba:aa:42:51:e0:86:0d:a8:f8:9c:59:ef:81:b8:f1:
         98:b3:27:25:1a:50:b7:34:6e:27:87:fe:f5:ef:41:dc:8f:f3:
         97:1b:9e:8e:27:19:d5:44:2c:9b:8d:11:e1:df:0b:6a:4d:87:
         ce:7e:7f:ee:f2:c9:db:a8:a9:72:c1:c1:c5:7e:d9:5c:ae:27:
         6f:02:66:8e:fb:0d:c3:ce:77:f8:74:a0:2f:dd:e2:78:0b:0a:
         55:16:72:3e:db:58:51:d4:95:c8:e2:d6:5a:de:cd:83:db:f2:
         37:1d:32:74:9c:b8:d3:19:95:64:0f:7a:68:ab:7d:6b:5f:1f:
         90:55:4f:84:71:38:84:4a:a1:ee:69:94:b8:17:55:73:ca:da:
         6e:e3:c5:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu+vUx/O9OfEBonFI/CimMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMDYxOGJjMDBkOTExYTVkNWVlYmY5YzU4OTZhNDFiZjI4
OThlY2IwHhcNMjQwMTAyMTAzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTc1MjJlZDZmYWM0OTY0YzI3MjQ1N2M4MzNiNWYyZTZhNWQ2NzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIImDzNko7454hPh0gR9Z3Zgo8ST
xL9rdrdtRYhhS141U6LV4k8DPJL3//q2IwNjXiC1Vb7ibugAgHhPQiW3IHSJXfFx
hDHObs3rzj/hrdXHhw5Yg0/0FoHOnp9JRyBYoc+qa1j7glnFlXemP6VvwqM7V8hA
NOvmXNflG2PMjawGCdS1JpoZaRuTGpKhfW7EJDl7rT+UouSTipe5VJwy3H8N9W2K
mT56ORuqRo1Q4FO2lVJQ7ipB2ayitvITWJULFhNOG9zo9L8ktQnp5Lpjv1/CsR7F
xAP1prhrxMDLb70aAtfpAi/TsFnQ+dF3o/5bUMpU+KipbAvbzFC+xaJnQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNV1Iu1vrElkwnJFfIM7Xy5qXWd+MB8GA1UdIwQY
MBaAFK0GGLwA2RGl1e6/nFiWpBvyiY7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclFZWXZBRFpFYVhWN3ItY1dKYWtHX0tKanNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS85ZjM1ZTktYTE3YS00OGNkLTk0MDIt
MzFkMjQ1ZjNiM2I4LzEvMVhVaTdXLXNTV1RDY2tWOGd6dGZMbXBkWjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS85ZjM1ZTktYTE3YS00OGNkLTk0MDItMzFkMjQ1ZjNiM2I4
LzEvclFZWXZBRFpFYVhWN3ItY1dKYWtHX0tKanNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRROMA0G
CSqGSIb3DQEBCwUAA4IBAQApe36rVGOroXIiThv0t+HXkXneKMmj3VB1RRBifopB
8V4mprRTPUH7rFBKIn2f5ye7SNskspyqDHHo4To5wBiOwmgQFbuDKgnuYlKVD7oP
dlBlOsfamUP6E6zFah/a/SdDniAR8ZZzPBIVs/SEl1q6qkJR4IYNqPicWe+BuPGY
syclGlC3NG4nh/7170Hcj/OXG56OJxnVRCybjRHh3wtqTYfOfn/u8snbqKlywcHF
ftlcridvAmaO+w3Dznf4dKAv3eJ4CwpVFnI+21hR1JXI4tZa3s2D2/I3HTJ0nLjT
GZVkD3poq31rXx+QVU+EcTiESqHuaZS4F1Vzytpu48WW
-----END CERTIFICATE-----