Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/mEjNfG9vhfqEvntUHRwoOQnC-zA.roa
File:                     mEjNfG9vhfqEvntUHRwoOQnC-zA.roa (raw, json)
Hash identifier:          Ax5K7lJyp2Q2c4op7PhI/qTicp9ak1inF/DpPoCcs2g=
Subject key identifier:   98:48:CD:7C:6F:6F:85:FA:84:BE:7B:54:1D:1C:28:39:09:C2:FB:30
Certificate issuer:       /CN=dfea4e9bff294e20bd749ed2eeb9184f208bc9d6
Certificate serial:       018CC26D0D97B071BDE66D57FA6714262079
Authority key identifier: DF:EA:4E:9B:FF:29:4E:20:BD:74:9E:D2:EE:B9:18:4F:20:8B:C9:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-pOm_8pTiC9dJ7S7rkYTyCLydY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/mEjNfG9vhfqEvntUHRwoOQnC-zA.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200088
IP address blocks:        185.89.78.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/3-pOm_8pTiC9dJ7S7rkYTyCLydY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/3-pOm_8pTiC9dJ7S7rkYTyCLydY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-pOm_8pTiC9dJ7S7rkYTyCLydY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0d:97:b0:71:bd:e6:6d:57:fa:67:14:26:20:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfea4e9bff294e20bd749ed2eeb9184f208bc9d6
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9848cd7c6f6f85fa84be7b541d1c283909c2fb30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:31:17:cb:9f:1e:d6:2b:94:79:4f:c1:fe:d6:
                    fd:c5:81:a6:ad:ad:df:e6:74:ef:e2:61:d6:64:cd:
                    a3:74:45:4b:ae:63:fb:d4:9e:0a:ca:fb:33:06:60:
                    9e:79:6f:82:49:4c:e0:fe:02:d0:f6:2e:11:21:c0:
                    28:83:40:9f:dd:48:1a:86:29:db:3f:f2:12:dd:cf:
                    c8:a1:1b:a9:b1:84:84:59:cf:9c:af:11:f0:43:6c:
                    d4:83:9c:6d:70:06:54:e4:b2:48:13:a3:b0:bc:d8:
                    60:68:fb:27:44:22:36:c8:96:76:e8:6b:c6:e3:01:
                    88:e0:56:aa:ec:82:67:39:45:3c:ef:29:65:e6:53:
                    d2:cd:5c:77:da:95:b9:33:85:66:99:2d:69:2f:72:
                    f5:27:9f:ba:d2:d0:80:05:57:4f:38:17:3b:45:b1:
                    df:22:f7:df:19:a7:e7:9e:e3:91:c9:5f:80:26:9f:
                    83:ff:96:5c:b3:2c:31:5a:ad:8f:3b:1a:c7:ce:f9:
                    9a:be:aa:50:87:68:12:8a:e8:4c:ed:d3:3c:72:d6:
                    76:08:06:68:83:8c:72:75:07:ed:d5:2d:30:0d:af:
                    fb:4a:6a:88:fe:d0:fe:18:ec:13:d1:a4:04:5d:22:
                    d5:95:b9:9d:b7:c4:75:28:d1:51:81:14:30:89:cb:
                    3a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:48:CD:7C:6F:6F:85:FA:84:BE:7B:54:1D:1C:28:39:09:C2:FB:30
            X509v3 Authority Key Identifier:
                keyid:DF:EA:4E:9B:FF:29:4E:20:BD:74:9E:D2:EE:B9:18:4F:20:8B:C9:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-pOm_8pTiC9dJ7S7rkYTyCLydY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/mEjNfG9vhfqEvntUHRwoOQnC-zA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/3-pOm_8pTiC9dJ7S7rkYTyCLydY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:83:cc:a2:d9:cc:01:82:9e:f7:9e:49:9f:b3:7e:ce:89:89:
         ff:f9:db:1b:c4:1e:ec:b1:a4:22:7f:c7:a2:85:15:e6:d9:82:
         ae:a9:47:72:be:2f:d2:33:a0:26:ee:b6:bb:e2:15:a0:ae:3b:
         2c:c1:25:89:a6:f3:84:d4:01:6e:80:da:49:04:ad:ec:78:56:
         29:bc:69:38:53:4c:30:33:56:07:b0:69:ad:96:5b:93:a0:4c:
         4b:26:4d:03:63:9a:dd:73:f8:30:fe:e2:b9:30:cf:ca:d4:b3:
         e3:9e:b1:25:24:81:e5:0c:b8:55:10:9b:73:15:25:b6:46:6e:
         cb:68:bd:62:63:cc:33:a2:9a:f5:7c:48:6e:12:d2:48:93:aa:
         e0:42:a5:ce:ba:f3:a5:59:be:76:9c:f7:98:10:83:1c:3a:97:
         9b:17:bf:5d:74:0e:ea:66:a6:0e:40:76:a4:4b:0a:c0:ce:90:
         3b:e1:5e:1b:2e:04:17:ac:b5:c7:53:ee:cf:a1:c8:95:82:29:
         06:58:96:6a:72:85:42:29:0c:0e:1f:84:12:92:73:af:94:57:
         70:27:c5:31:e3:ad:e6:43:ee:38:ed:f4:45:b3:bd:d0:15:75:
         53:56:6a:c9:8a:d5:02:dd:3e:6c:63:61:b8:7c:a8:68:c1:fd:
         38:e2:0b:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQ2XsHG95m1X+mcUJiB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWE0ZTliZmYyOTRlMjBiZDc0OWVkMmVlYjkxODRmMjA4
YmM5ZDYwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODQ4Y2Q3YzZmNmY4NWZhODRiZTdiNTQxZDFjMjgzOTA5YzJmYjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozEXy58e1iuUeU/B/tb9xYGmra3f
5nTv4mHWZM2jdEVLrmP71J4KyvszBmCeeW+CSUzg/gLQ9i4RIcAog0Cf3Ugahinb
P/IS3c/IoRupsYSEWc+crxHwQ2zUg5xtcAZU5LJIE6OwvNhgaPsnRCI2yJZ26GvG
4wGI4Faq7IJnOUU87yll5lPSzVx32pW5M4VmmS1pL3L1J5+60tCABVdPOBc7RbHf
IvffGafnnuORyV+AJp+D/5ZcsywxWq2POxrHzvmavqpQh2gSiuhM7dM8ctZ2CAZo
g4xydQft1S0wDa/7SmqI/tD+GOwT0aQEXSLVlbmdt8R1KNFRgRQwics6tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhIzXxvb4X6hL57VB0cKDkJwvswMB8GA1UdIwQY
MBaAFN/qTpv/KU4gvXSe0u65GE8gi8nWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy1wT21fOHBUaUM5ZEo3Uzdya1lUeUNMeWRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS83M2Y0YWItYjNlNi00MjZkLWIyODQt
NjliZmM5MjU5NzlkLzEvbUVqTmZHOXZoZnFFdm50VUhSd29PUW5DLXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS83M2Y0YWItYjNlNi00MjZkLWIyODQtNjliZmM5MjU5Nzlk
LzEvMy1wT21fOHBUaUM5ZEo3Uzdya1lUeUNMeWRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVlOMA0G
CSqGSIb3DQEBCwUAA4IBAQB2g8yi2cwBgp73nkmfs37OiYn/+dsbxB7ssaQif8ei
hRXm2YKuqUdyvi/SM6Am7ra74hWgrjsswSWJpvOE1AFugNpJBK3seFYpvGk4U0ww
M1YHsGmtlluToExLJk0DY5rdc/gw/uK5MM/K1LPjnrElJIHlDLhVEJtzFSW2Rm7L
aL1iY8wzopr1fEhuEtJIk6rgQqXOuvOlWb52nPeYEIMcOpebF79ddA7qZqYOQHak
SwrAzpA74V4bLgQXrLXHU+7PociVgikGWJZqcoVCKQwOH4QSknOvlFdwJ8Ux463m
Q+447fRFs73QFXVTVmrJitUC3T5sY2G4fKhowf044gsl
-----END CERTIFICATE-----