Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/Z3TOdkoUCMyxlU3KYFAq_qiJHDo.roa
File:                     Z3TOdkoUCMyxlU3KYFAq_qiJHDo.roa (raw, json)
Hash identifier:          65yg5K0wh9H3NxaTdDSw/EXYpfy+5hiQZKnwzVA4uqs=
Subject key identifier:   67:74:CE:76:4A:14:08:CC:B1:95:4D:CA:60:50:2A:FE:A8:89:1C:3A
Certificate issuer:       /CN=5673fa6842973edf62d579b4efec2fa64fdbf8c8
Certificate serial:       018CC9BC7D73052FA7286D1B035096BDF848
Authority key identifier: 56:73:FA:68:42:97:3E:DF:62:D5:79:B4:EF:EC:2F:A6:4F:DB:F8:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/Z3TOdkoUCMyxlU3KYFAq_qiJHDo.roa
Signing time:             Tue 02 Jan 2024 10:33:42 +0000
ROA not before:           Tue 02 Jan 2024 10:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20940
IP address blocks:        78.135.124.0/23 maxlen: 23
                          78.135.122.0/24 maxlen: 24
                          78.135.126.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:7d:73:05:2f:a7:28:6d:1b:03:50:96:bd:f8:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5673fa6842973edf62d579b4efec2fa64fdbf8c8
        Validity
            Not Before: Jan  2 10:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6774ce764a1408ccb1954dca60502afea8891c3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:55:89:51:d4:85:49:91:7f:2f:9a:a4:f9:d7:
                    5d:08:69:7d:99:50:95:ad:cc:a5:49:c4:4e:b2:b4:
                    07:06:6a:ef:76:75:f2:37:69:b9:2d:6c:08:c7:30:
                    ac:5a:37:5c:88:b9:28:2f:01:61:84:d6:35:63:cb:
                    7f:65:d0:02:da:bb:59:7b:c4:47:55:2d:e7:61:5e:
                    3f:38:48:5d:46:cd:3c:d4:17:65:59:fa:76:72:a6:
                    5a:ec:df:38:5e:09:eb:4a:dc:89:ea:e6:14:8e:d5:
                    a3:12:6d:46:d2:36:74:3b:d9:ab:e1:4d:6b:a0:a2:
                    2d:dd:de:64:78:c7:0c:ba:bc:97:17:ce:41:dc:e8:
                    98:42:b4:cd:04:ac:3b:44:f5:0a:24:80:79:55:19:
                    c1:5f:44:a8:5d:75:45:b3:32:88:44:74:ce:c9:f6:
                    07:20:47:0f:c3:e4:31:3a:d8:da:81:32:d5:c2:45:
                    2a:f5:ef:c9:f8:4d:4c:fa:2e:c7:63:4c:b7:58:e3:
                    84:56:7d:52:1d:db:24:7d:e2:89:b5:05:78:b0:89:
                    eb:3f:b8:a3:a2:5b:e7:35:08:ca:7f:be:dc:29:be:
                    f6:c2:f8:f7:34:34:bb:58:07:22:67:e9:9e:63:74:
                    1a:7b:5a:f5:61:ae:e5:ac:7b:78:01:ea:f5:f6:75:
                    50:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:74:CE:76:4A:14:08:CC:B1:95:4D:CA:60:50:2A:FE:A8:89:1C:3A
            X509v3 Authority Key Identifier:
                keyid:56:73:FA:68:42:97:3E:DF:62:D5:79:B4:EF:EC:2F:A6:4F:DB:F8:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/Z3TOdkoUCMyxlU3KYFAq_qiJHDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.122.0/24
                  78.135.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:ce:d1:62:7d:a3:16:7a:16:e6:ef:71:15:53:5d:57:8d:7a:
         11:77:f5:13:9b:07:f0:21:b9:ba:14:25:e9:fe:59:e2:65:f2:
         91:df:63:e2:34:f2:fb:6c:e8:04:d3:2d:04:84:d3:69:0a:f4:
         f9:e8:9f:88:a4:9e:da:f6:57:3c:51:7f:64:4d:4d:32:06:99:
         86:24:2d:01:c0:68:db:90:2c:59:49:1c:56:f5:1a:ee:9a:9d:
         7f:b5:2d:14:a4:97:ab:1f:ed:27:de:08:40:e4:76:4d:e8:53:
         b4:06:3e:58:49:de:ef:af:1a:ce:78:43:1f:02:0e:f6:16:b9:
         1c:4d:11:2f:a3:a4:9e:4a:c6:bf:1c:e8:f9:fd:b1:5c:97:f2:
         cb:79:7e:33:80:03:65:f3:52:c9:55:1c:7f:e5:8c:3a:5a:ce:
         82:0b:84:cb:ab:6c:28:71:41:da:3c:0e:ee:af:d0:30:ce:d2:
         20:d3:49:53:bb:f5:c6:95:30:c1:76:3b:ce:87:97:88:d6:ac:
         c9:ec:6a:17:c7:8e:e8:82:aa:c2:71:fe:b9:7f:42:ea:d1:50:
         47:96:02:34:3f:2b:76:dd:15:3d:f0:c7:e5:37:90:9f:cd:8f:
         f0:c3:b4:8c:84:45:c1:78:a0:f8:36:52:5f:1b:c6:84:0c:b7:
         cc:b9:56:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvH1zBS+nKG0bA1CWvfhIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NzNmYTY4NDI5NzNlZGY2MmQ1NzliNGVmZWMyZmE2NGZk
YmY4YzgwHhcNMjQwMTAyMTAzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzc0Y2U3NjRhMTQwOGNjYjE5NTRkY2E2MDUwMmFmZWE4ODkxYzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+1WJUdSFSZF/L5qk+dddCGl9mVCV
rcylScROsrQHBmrvdnXyN2m5LWwIxzCsWjdciLkoLwFhhNY1Y8t/ZdAC2rtZe8RH
VS3nYV4/OEhdRs081BdlWfp2cqZa7N84XgnrStyJ6uYUjtWjEm1G0jZ0O9mr4U1r
oKIt3d5keMcMuryXF85B3OiYQrTNBKw7RPUKJIB5VRnBX0SoXXVFszKIRHTOyfYH
IEcPw+QxOtjagTLVwkUq9e/J+E1M+i7HY0y3WOOEVn1SHdskfeKJtQV4sInrP7ij
olvnNQjKf77cKb72wvj3NDS7WAciZ+meY3Qae1r1Ya7lrHt4Aer19nVQ0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGd0znZKFAjMsZVNymBQKv6oiRw6MB8GA1UdIwQY
MBaAFFZz+mhClz7fYtV5tO/sL6ZP2/jIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5QNmFFS1hQdDlpMVhtMDctd3Zwa19iLU1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83OGU1ZWItYzJhZi00NDYyLWI4NTkt
ODk4OTk2Yzg2MWRmLzEvWjNUT2Rrb1VDTXl4bFUzS1lGQXFfcWlKSERvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83OGU1ZWItYzJhZi00NDYyLWI4NTktODk4OTk2Yzg2MWRm
LzEvVm5QNmFFS1hQdDlpMVhtMDctd3Zwa19iLU1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATod6AwQC
Tod8MA0GCSqGSIb3DQEBCwUAA4IBAQA/ztFifaMWehbm73EVU11XjXoRd/UTmwfw
Ibm6FCXp/lniZfKR32PiNPL7bOgE0y0EhNNpCvT56J+IpJ7a9lc8UX9kTU0yBpmG
JC0BwGjbkCxZSRxW9Rrump1/tS0UpJerH+0n3ghA5HZN6FO0Bj5YSd7vrxrOeEMf
Ag72FrkcTREvo6SeSsa/HOj5/bFcl/LLeX4zgANl81LJVRx/5Yw6Ws6CC4TLq2wo
cUHaPA7ur9AwztIg00lTu/XGlTDBdjvOh5eI1qzJ7GoXx47ogqrCcf65f0Lq0VBH
lgI0Pyt23RU98MflN5CfzY/ww7SMhEXBeKD4NlJfG8aEDLfMuVYA
-----END CERTIFICATE-----