Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Nfuty-7p7ADN_nGg-Rbn-kMhsu4.roa
File:                     Nfuty-7p7ADN_nGg-Rbn-kMhsu4.roa (raw, json)
Hash identifier:          Z+JE35uZxRFXyiHBhbeck9D+AAB+fgGoNnxXcYxrVjE=
Subject key identifier:   35:FB:AD:CB:EE:E9:EC:00:CD:FE:71:A0:F9:16:E7:FA:43:21:B2:EE
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0192F6D400614C576FFF780BE91E541C16E7
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Nfuty-7p7ADN_nGg-Rbn-kMhsu4.roa
Signing time:             Mon 04 Nov 2024 10:59:01 +0000
ROA not before:           Mon 04 Nov 2024 10:59:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215886
IP address blocks:        185.223.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f6:d4:00:61:4c:57:6f:ff:78:0b:e9:1e:54:1c:16:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  4 10:59:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35fbadcbeee9ec00cdfe71a0f916e7fa4321b2ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c7:88:01:05:21:08:23:62:61:72:6a:56:bc:
                    c2:e0:7d:0a:bc:10:1a:ce:fd:68:64:53:8a:c5:3a:
                    cc:29:05:2e:71:ef:5b:c4:ee:6a:12:8f:e8:19:06:
                    91:db:83:18:fd:41:f0:f6:78:07:2a:fb:fb:34:52:
                    f8:a4:b2:59:e4:77:73:90:ff:4f:b2:1a:59:73:68:
                    97:0a:51:af:46:db:3e:02:ed:9b:17:df:86:b1:ce:
                    15:ad:4c:08:2c:9a:9d:3a:4f:5c:72:a4:4b:f8:04:
                    84:18:29:c4:85:49:27:f0:bb:3f:e6:d9:5d:8b:b6:
                    ed:44:33:09:67:b8:8b:ad:31:99:be:9f:44:92:24:
                    24:2a:7c:a5:8e:37:06:d5:0f:62:a5:f4:a7:60:a2:
                    ed:e0:b9:86:66:91:1b:03:ad:82:c0:2c:65:4b:38:
                    98:de:dc:18:b5:50:00:61:6d:70:37:55:ea:5b:1d:
                    cf:a7:8e:b2:b0:1e:98:34:3b:d6:bc:95:2f:f7:bc:
                    e9:76:bf:e3:f7:26:30:d3:88:e4:c3:f4:af:d7:78:
                    0b:7a:3d:9c:f3:7d:35:99:bb:9a:58:d6:73:d9:18:
                    0c:41:8a:23:88:c3:a5:77:68:af:8f:4c:69:90:a3:
                    c3:15:e3:ce:bc:41:92:6a:6b:6c:52:a4:ae:c7:bc:
                    9c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:FB:AD:CB:EE:E9:EC:00:CD:FE:71:A0:F9:16:E7:FA:43:21:B2:EE
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Nfuty-7p7ADN_nGg-Rbn-kMhsu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:2e:cd:ab:df:8f:51:0a:b3:d8:e1:a0:6b:23:c5:d6:7a:98:
         c3:8a:74:3b:9b:fd:a4:8c:92:77:03:26:92:35:5f:8f:4c:b6:
         81:cf:f1:ec:05:98:60:d9:f6:3f:dd:fe:fb:ae:e6:c0:66:61:
         42:fe:78:77:38:06:e7:ae:5e:07:ca:4d:50:13:fa:e3:78:12:
         20:6e:4c:87:c3:5c:17:fd:74:7e:cb:85:0c:e3:7b:b2:bc:2a:
         bb:95:92:74:50:10:3e:e2:e2:37:06:a6:23:10:a9:bc:6c:86:
         16:c8:52:93:cc:f1:27:17:50:63:1d:d1:ef:c8:ac:f8:59:9a:
         88:48:7d:94:c4:ad:2b:33:76:74:be:70:1e:d6:a2:74:ca:1a:
         70:a5:63:02:aa:ff:a9:c1:1a:78:03:03:6d:16:c6:9f:b6:19:
         ea:2b:5c:c7:88:7e:c3:40:1f:c4:c4:e9:77:f7:9b:d0:fc:f3:
         46:33:8a:05:b4:eb:6e:01:f0:df:b0:90:e9:35:e8:d4:c6:59:
         83:e3:f2:ef:c9:6f:6d:b9:5d:50:a7:89:e1:3c:2e:72:94:d8:
         ee:12:9e:fc:42:64:8b:01:7b:91:fc:08:58:b4:45:33:d2:58:
         5b:20:d0:18:4e:c9:0b:05:dd:86:92:a3:ab:0d:bd:fc:81:18:
         cb:92:4b:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL21ABhTFdv/3gL6R5UHBbnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTA0MTA1OTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZiYWRjYmVlZTllYzAwY2RmZTcxYTBmOTE2ZTdmYTQzMjFiMmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMeIAQUhCCNiYXJqVrzC4H0KvBAa
zv1oZFOKxTrMKQUuce9bxO5qEo/oGQaR24MY/UHw9ngHKvv7NFL4pLJZ5HdzkP9P
shpZc2iXClGvRts+Au2bF9+Gsc4VrUwILJqdOk9ccqRL+ASEGCnEhUkn8Ls/5tld
i7btRDMJZ7iLrTGZvp9EkiQkKnyljjcG1Q9ipfSnYKLt4LmGZpEbA62CwCxlSziY
3twYtVAAYW1wN1XqWx3Pp46ysB6YNDvWvJUv97zpdr/j9yYw04jkw/Sv13gLej2c
8301mbuaWNZz2RgMQYojiMOld2ivj0xpkKPDFePOvEGSamtsUqSux7ycbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDX7rcvu6ewAzf5xoPkW5/pDIbLuMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTmZ1dHktN3A3QUROX25HZy1SYm4ta01oc3U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud9OMA0G
CSqGSIb3DQEBCwUAA4IBAQCMLs2r349RCrPY4aBrI8XWepjDinQ7m/2kjJJ3AyaS
NV+PTLaBz/HsBZhg2fY/3f77rubAZmFC/nh3OAbnrl4Hyk1QE/rjeBIgbkyHw1wX
/XR+y4UM43uyvCq7lZJ0UBA+4uI3BqYjEKm8bIYWyFKTzPEnF1BjHdHvyKz4WZqI
SH2UxK0rM3Z0vnAe1qJ0yhpwpWMCqv+pwRp4AwNtFsafthnqK1zHiH7DQB/ExOl3
95vQ/PNGM4oFtOtuAfDfsJDpNejUxlmD4/LvyW9tuV1Qp4nhPC5ylNjuEp78QmSL
AXuR/AhYtEUz0lhbINAYTskLBd2GkqOrDb38gRjLkkuX
-----END CERTIFICATE-----