Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/1-a8xEfNCcJbw_POpxQC7vrqCuLc.roa
File:                     1-a8xEfNCcJbw_POpxQC7vrqCuLc.roa (raw, json)
Hash identifier:          XdOuBwVVzj27fs8dR+YDZqCXcK6mT99flkpVL+loDKI=
Subject key identifier:   F9:AF:31:11:F3:42:70:96:F0:FC:F3:A9:C5:00:BB:BE:BA:82:B8:B7
Certificate issuer:       /CN=99e7209a8c9b176fbf623edf3ee0b82007fc2c40
Certificate serial:       018CC5DC4BBC9D49D971E286407635ED7D01
Authority key identifier: 99:E7:20:9A:8C:9B:17:6F:BF:62:3E:DF:3E:E0:B8:20:07:FC:2C:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/1-a8xEfNCcJbw_POpxQC7vrqCuLc.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12810
IP address blocks:        78.40.0.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 07:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4b:bc:9d:49:d9:71:e2:86:40:76:35:ed:7d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99e7209a8c9b176fbf623edf3ee0b82007fc2c40
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9af3111f3427096f0fcf3a9c500bbbeba82b8b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c8:92:d9:b2:14:fb:61:79:84:1e:6a:00:ef:
                    09:42:79:48:6e:14:28:f3:8e:aa:96:d6:da:3f:f0:
                    05:a2:6e:fa:6d:9a:59:f5:ad:2b:70:c5:41:c3:1b:
                    f6:35:f7:38:30:af:ac:6a:c5:76:06:d7:89:3e:38:
                    35:c3:48:e9:59:53:dd:da:db:44:e1:0a:51:d0:f7:
                    f9:89:d4:35:a6:80:bf:d9:cf:0f:bc:11:d8:42:10:
                    55:01:9f:46:e6:f9:c8:de:01:b2:86:61:82:e3:58:
                    6f:f7:7b:47:6c:6a:95:49:b3:8d:f0:39:65:b6:4e:
                    c8:15:e8:ce:c9:70:ce:aa:5b:33:c0:07:51:21:89:
                    f7:fa:be:dd:f9:e7:d5:91:14:03:31:af:4f:0e:f3:
                    94:66:e1:2b:4f:2c:1d:c8:e1:23:d0:ee:71:56:96:
                    c0:c1:ed:f4:88:c8:d1:54:ef:0e:74:4e:ee:87:60:
                    e1:b8:c4:37:29:63:1e:e0:3a:f3:bf:86:c8:47:a4:
                    d9:84:3e:fc:7d:1d:99:7e:91:58:09:9c:ba:89:05:
                    d7:3f:d7:0e:1b:8b:c3:26:7c:8f:ec:63:00:93:0b:
                    59:e3:98:c3:6c:4b:0d:dc:b7:d5:59:c7:b8:f6:ee:
                    bd:53:0d:fc:e5:15:95:44:1e:78:89:50:b5:d9:2a:
                    31:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:AF:31:11:F3:42:70:96:F0:FC:F3:A9:C5:00:BB:BE:BA:82:B8:B7
            X509v3 Authority Key Identifier:
                keyid:99:E7:20:9A:8C:9B:17:6F:BF:62:3E:DF:3E:E0:B8:20:07:FC:2C:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/1-a8xEfNCcJbw_POpxQC7vrqCuLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:0d:07:fb:73:da:e3:0e:d5:70:9b:a6:ef:f6:a1:c9:ae:c9:
         01:ae:b7:1d:5b:f4:54:9b:f8:2d:e3:c7:3c:29:28:be:8c:88:
         73:ba:f8:92:bf:69:64:7b:73:7c:49:31:ed:87:5a:6f:7a:e8:
         ff:25:88:15:2a:07:d0:7f:b6:32:6d:2f:f9:c5:18:7b:ae:5b:
         71:3e:4e:a4:ca:57:50:41:3e:a8:80:08:ad:17:8f:ae:64:c7:
         b2:72:8e:78:f8:0b:f8:24:20:34:44:91:79:ce:61:14:f3:26:
         a5:16:d6:93:ff:dd:62:38:1c:31:92:96:c1:45:17:eb:6d:37:
         83:f0:94:43:e0:c2:3f:82:ad:cd:60:10:b5:4c:7d:ba:1a:17:
         bf:57:71:c2:66:e0:ac:6d:f6:af:ca:60:be:c6:09:f6:b9:b3:
         00:23:7f:ee:8f:db:18:b2:e0:40:73:44:68:94:f7:bc:f2:88:
         10:49:2e:b0:bd:43:62:ea:91:d7:9f:fc:60:52:7e:9f:f8:05:
         ca:fb:c7:15:2e:34:d0:ac:db:9a:9a:8d:e3:3a:43:59:d8:af:
         7d:d9:c9:66:9d:b6:23:91:0e:52:02:6f:b1:d2:19:db:2a:d4:
         5c:84:10:49:fc:87:6a:0a:40:e9:28:fa:2d:ea:9e:92:49:17:
         66:c5:fd:9a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3Eu8nUnZceKGQHY17X0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZTcyMDlhOGM5YjE3NmZiZjYyM2VkZjNlZTBiODIwMDdm
YzJjNDAwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWFmMzExMWYzNDI3MDk2ZjBmY2YzYTljNTAwYmJiZWJhODJiOGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxciS2bIU+2F5hB5qAO8JQnlIbhQo
846qltbaP/AFom76bZpZ9a0rcMVBwxv2Nfc4MK+sasV2BteJPjg1w0jpWVPd2ttE
4QpR0Pf5idQ1poC/2c8PvBHYQhBVAZ9G5vnI3gGyhmGC41hv93tHbGqVSbON8Dll
tk7IFejOyXDOqlszwAdRIYn3+r7d+efVkRQDMa9PDvOUZuErTywdyOEj0O5xVpbA
we30iMjRVO8OdE7uh2DhuMQ3KWMe4Drzv4bIR6TZhD78fR2ZfpFYCZy6iQXXP9cO
G4vDJnyP7GMAkwtZ45jDbEsN3LfVWce49u69Uw385RWVRB54iVC12SoxXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmvMRHzQnCW8PzzqcUAu766gri3MB8GA1UdIwQY
MBaAFJnnIJqMmxdvv2I+3z7guCAH/CxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWVjZ21veWJGMi1fWWo3ZlB1QzRJQWY4TEVBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9lZjU4NTYtYmJjMC00NWE0LTg5MWUt
YjJkY2MxODYzZThiLzEvMS1hOHhFZk5DY0pid19QT3B4UUM3dnJxQ3VMYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2IvZWY1ODU2LWJiYzAtNDVhNC04OTFlLWIyZGNjMTg2M2U4
Yi8xL21lY2dtb3liRjItX1lqN2ZQdUM0SUFmOExFQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAU4oADAN
BgkqhkiG9w0BAQsFAAOCAQEAYw0H+3Pa4w7VcJum7/ahya7JAa63HVv0VJv4LePH
PCkovoyIc7r4kr9pZHtzfEkx7Ydab3ro/yWIFSoH0H+2Mm0v+cUYe65bcT5OpMpX
UEE+qIAIrRePrmTHsnKOePgL+CQgNESRec5hFPMmpRbWk//dYjgcMZKWwUUX6203
g/CUQ+DCP4KtzWAQtUx9uhoXv1dxwmbgrG32r8pgvsYJ9rmzACN/7o/bGLLgQHNE
aJT3vPKIEEkusL1DYuqR15/8YFJ+n/gFyvvHFS400KzbmpqN4zpDWdivfdnJZp22
I5EOUgJvsdIZ2yrUXIQQSfyHagpA6Sj6LeqekkkXZsX9mg==
-----END CERTIFICATE-----