Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/1RRJQVuaWasy1pyP7RkW8QWIH78.roa
File:                     1RRJQVuaWasy1pyP7RkW8QWIH78.roa (raw, json)
Hash identifier:          cQJ8rxilNRtysGEGf5st9q44YjfauoND/+uZFsJlES4=
Subject key identifier:   D5:14:49:41:5B:9A:59:AB:32:D6:9C:8F:ED:19:16:F1:05:88:1F:BF
Certificate issuer:       /CN=258623ecc8dcb913d10228a9460a86e660cb8fb2
Certificate serial:       018CC8DF4F18A845EF082B026A4577F5C2BA
Authority key identifier: 25:86:23:EC:C8:DC:B9:13:D1:02:28:A9:46:0A:86:E6:60:CB:8F:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/1RRJQVuaWasy1pyP7RkW8QWIH78.roa
Signing time:             Tue 02 Jan 2024 06:32:07 +0000
ROA not before:           Tue 02 Jan 2024 06:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201854
IP address blocks:        185.57.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:4f:18:a8:45:ef:08:2b:02:6a:45:77:f5:c2:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=258623ecc8dcb913d10228a9460a86e660cb8fb2
        Validity
            Not Before: Jan  2 06:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d51449415b9a59ab32d69c8fed1916f105881fbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bf:d9:ad:de:05:f3:51:c0:8f:49:e6:d5:32:
                    69:c0:7c:07:28:ad:38:69:cd:9d:fa:a7:f5:0e:62:
                    15:3d:57:2b:55:56:e5:87:c9:76:94:30:79:dd:7e:
                    d1:28:91:16:38:64:39:f6:48:5b:52:2d:61:9f:36:
                    c1:e4:81:ae:12:2e:8f:6b:77:06:05:83:3d:0b:28:
                    b6:4b:da:6d:c0:c6:30:67:c6:64:4e:4f:97:c0:8e:
                    30:d9:21:0b:f9:68:83:b9:93:1c:be:f1:08:08:d7:
                    e2:27:83:4a:83:ba:04:ce:8a:f7:b5:14:63:b8:00:
                    8f:5e:71:35:28:b0:2e:bd:15:de:b3:c8:0b:ed:bc:
                    b0:72:5e:fd:11:d2:ce:9b:81:d2:7d:02:b3:89:e1:
                    ce:fc:21:5d:39:93:ba:a3:62:2c:52:ab:34:60:f4:
                    2a:ad:f6:d3:6c:98:64:de:4e:54:59:00:06:95:6b:
                    b3:43:7e:d8:cf:dd:e9:75:fd:8c:88:61:e7:bc:3e:
                    52:20:94:2a:b5:50:1e:de:d2:47:4e:9a:59:2a:2d:
                    c5:f9:fb:03:2d:cb:e8:45:d4:ac:e3:75:67:df:85:
                    0a:5e:e6:8e:73:e9:d9:2e:cb:63:39:04:d4:27:c9:
                    97:63:b6:36:52:18:e1:0b:86:59:0d:f6:eb:f8:1e:
                    32:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:14:49:41:5B:9A:59:AB:32:D6:9C:8F:ED:19:16:F1:05:88:1F:BF
            X509v3 Authority Key Identifier:
                keyid:25:86:23:EC:C8:DC:B9:13:D1:02:28:A9:46:0A:86:E6:60:CB:8F:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/1RRJQVuaWasy1pyP7RkW8QWIH78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:6e:e4:47:da:a0:4c:0f:0a:3c:fa:10:57:b0:f9:ff:9b:55:
         87:ec:5b:85:cb:23:db:78:6b:90:21:f6:7a:87:5a:77:d4:80:
         73:f9:0b:a3:c7:a7:fa:8e:d2:a6:43:a7:50:93:65:6c:30:d0:
         ce:fe:dd:5c:32:bd:d9:3a:1a:fe:1a:f1:49:26:51:4c:86:6b:
         56:30:12:fe:10:ed:42:66:88:a8:30:86:b0:6c:38:a0:a0:9d:
         82:09:46:a4:14:4f:fe:f9:17:f1:3c:e1:6f:d9:96:e1:94:63:
         12:7c:1d:ef:0f:e5:ec:dc:01:a7:db:c1:4f:ef:6b:5b:21:4f:
         d5:04:0b:55:65:99:d6:31:06:cf:c4:62:ca:9c:98:80:71:81:
         d4:e3:ff:a8:8e:7d:f6:99:83:24:4a:34:0b:b7:d8:53:e6:e2:
         fd:9c:f7:f6:1a:29:38:d4:9c:47:88:45:ca:f8:f9:6b:68:90:
         7f:14:b1:8f:56:30:e5:89:5f:e3:2b:63:bb:5f:34:64:3d:cd:
         15:27:8c:c0:2d:17:bb:9e:13:d5:2e:32:97:b8:5b:26:09:89:
         3b:0f:ce:d1:ff:61:4d:a6:0d:e7:fe:64:d0:59:0b:ab:5a:6d:
         18:aa:2b:c5:1b:3f:ad:0d:ed:2b:db:01:6d:35:32:6e:9e:db:
         ae:ba:5d:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI308YqEXvCCsCakV39cK6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ODYyM2VjYzhkY2I5MTNkMTAyMjhhOTQ2MGE4NmU2NjBj
YjhmYjIwHhcNMjQwMTAyMDYzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTE0NDk0MTViOWE1OWFiMzJkNjljOGZlZDE5MTZmMTA1ODgxZmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoL/Zrd4F81HAj0nm1TJpwHwHKK04
ac2d+qf1DmIVPVcrVVblh8l2lDB53X7RKJEWOGQ59khbUi1hnzbB5IGuEi6Pa3cG
BYM9Cyi2S9ptwMYwZ8ZkTk+XwI4w2SEL+WiDuZMcvvEICNfiJ4NKg7oEzor3tRRj
uACPXnE1KLAuvRXes8gL7bywcl79EdLOm4HSfQKzieHO/CFdOZO6o2IsUqs0YPQq
rfbTbJhk3k5UWQAGlWuzQ37Yz93pdf2MiGHnvD5SIJQqtVAe3tJHTppZKi3F+fsD
LcvoRdSs43Vn34UKXuaOc+nZLstjOQTUJ8mXY7Y2UhjhC4ZZDfbr+B4ygQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUUSUFbmlmrMtacj+0ZFvEFiB+/MB8GA1UdIwQY
MBaAFCWGI+zI3LkT0QIoqUYKhuZgy4+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSllZajdNamN1UlBSQWlpcFJncUc1bURMajdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC85NmFiOTUtYzJmZS00YjkzLTlhMmUt
NTY4OWVlMDZlMTRjLzEvMVJSSlFWdWFXYXN5MXB5UDdSa1c4UVdJSDc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC85NmFiOTUtYzJmZS00YjkzLTlhMmUtNTY4OWVlMDZlMTRj
LzEvSllZajdNamN1UlBSQWlpcFJncUc1bURMajdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTlOMA0G
CSqGSIb3DQEBCwUAA4IBAQCKbuRH2qBMDwo8+hBXsPn/m1WH7FuFyyPbeGuQIfZ6
h1p31IBz+Qujx6f6jtKmQ6dQk2VsMNDO/t1cMr3ZOhr+GvFJJlFMhmtWMBL+EO1C
ZoioMIawbDigoJ2CCUakFE/++RfxPOFv2ZbhlGMSfB3vD+Xs3AGn28FP72tbIU/V
BAtVZZnWMQbPxGLKnJiAcYHU4/+ojn32mYMkSjQLt9hT5uL9nPf2Gik41JxHiEXK
+PlraJB/FLGPVjDliV/jK2O7XzRkPc0VJ4zALRe7nhPVLjKXuFsmCYk7D87R/2FN
pg3n/mTQWQurWm0YqivFGz+tDe0r2wFtNTJuntuuul0J
-----END CERTIFICATE-----