Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/Kv_jN_jafPlFCORqqwyDET-JAn0.roa
File:                     Kv_jN_jafPlFCORqqwyDET-JAn0.roa (raw, json)
Hash identifier:          +HifRBg/IBVskPxHd+jM6bJ5csZZJJTqH5b9ocaJqIg=
Subject key identifier:   2A:FF:E3:37:F8:DA:7C:F9:45:08:E4:6A:AB:0C:83:11:3F:89:02:7D
Certificate issuer:       /CN=4c101ff51b67eefe0d67800e76d3606df4c94721
Certificate serial:       018DCB8FA31327040CB5D89EE3782A0BBA2A
Authority key identifier: 4C:10:1F:F5:1B:67:EE:FE:0D:67:80:0E:76:D3:60:6D:F4:C9:47:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/Kv_jN_jafPlFCORqqwyDET-JAn0.roa
Signing time:             Wed 21 Feb 2024 12:06:44 +0000
ROA not before:           Wed 21 Feb 2024 12:06:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215447
IP address blocks:        78.110.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:8f:a3:13:27:04:0c:b5:d8:9e:e3:78:2a:0b:ba:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c101ff51b67eefe0d67800e76d3606df4c94721
        Validity
            Not Before: Feb 21 12:06:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2affe337f8da7cf94508e46aab0c83113f89027d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:91:91:18:37:26:10:b3:1d:63:8c:6b:24:e5:
                    37:6d:01:7f:67:84:7d:c3:11:9c:c0:b9:5e:4f:54:
                    a4:2a:55:06:7b:a6:2f:e7:b2:2e:38:f7:0a:ff:f2:
                    8c:ba:44:c3:74:bb:84:0a:5f:1b:fa:fb:f3:ef:27:
                    8a:01:55:92:dc:aa:0a:91:13:62:66:17:cd:48:f4:
                    0e:2f:75:4c:b1:ad:ec:29:1e:d8:1e:a7:de:a7:87:
                    06:50:5d:b8:7c:10:b5:a7:c9:39:79:e9:fd:77:12:
                    69:8a:cc:6f:fa:47:2d:66:f4:60:23:c8:00:d8:a5:
                    e1:ac:90:2f:65:10:57:ce:1d:ef:1a:84:83:6c:5d:
                    67:02:bd:56:32:77:6a:83:d4:70:4f:4a:36:96:9d:
                    c1:d6:0f:d3:22:84:ad:82:7a:d4:dc:d8:8b:df:46:
                    51:3e:75:25:38:36:e3:e9:aa:9a:6c:97:08:2f:ef:
                    ff:99:34:13:5b:f7:fe:db:9c:fb:77:ac:cb:1d:b0:
                    5f:a0:b1:a0:74:3f:49:6f:8e:27:65:7c:64:93:73:
                    8e:3a:5a:f7:0f:7c:db:89:7f:43:7a:c0:f9:19:ef:
                    1c:2a:4c:fd:f5:36:83:97:5d:86:90:cb:79:e9:9b:
                    cc:02:84:0f:66:1f:37:4d:09:44:0c:5c:3a:25:df:
                    8e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:FF:E3:37:F8:DA:7C:F9:45:08:E4:6A:AB:0C:83:11:3F:89:02:7D
            X509v3 Authority Key Identifier:
                keyid:4C:10:1F:F5:1B:67:EE:FE:0D:67:80:0E:76:D3:60:6D:F4:C9:47:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/Kv_jN_jafPlFCORqqwyDET-JAn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.110.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:68:ab:fe:b9:ee:5c:1c:cf:c4:db:9b:36:02:ce:3e:16:c0:
         a8:18:16:03:6b:ee:35:a1:1c:f7:8c:d1:35:b9:59:a4:47:5b:
         21:36:a9:28:f7:d6:43:f5:86:79:80:ab:38:f5:99:b3:ff:5a:
         68:4f:56:cc:8e:00:a2:81:39:a1:c8:b5:5e:4c:ff:55:a6:83:
         5e:d1:c4:1d:04:1c:9d:d2:78:13:16:fa:8b:ab:00:26:fb:85:
         05:d2:fb:dc:c4:ae:c3:56:e4:4c:8a:15:10:60:a1:34:d7:41:
         60:c6:c4:e1:5b:6d:1e:25:16:8e:89:19:b4:11:27:a2:3d:ef:
         af:e7:1d:14:37:fd:ec:a7:46:6d:7b:b2:e1:05:71:97:2b:6e:
         2f:3b:33:e7:ce:ff:75:24:54:41:d0:ea:7d:ea:19:7d:c7:79:
         aa:61:1c:da:ed:9d:c7:e1:5c:dc:d2:ac:f9:5b:43:20:b4:89:
         de:da:c4:26:06:a2:06:4c:5e:9a:66:05:79:67:c2:1f:cf:9b:
         7e:e4:76:fa:2c:8a:06:d8:5a:db:03:21:00:d5:76:bf:91:cb:
         a9:76:1c:0a:e7:fc:e8:97:e1:d8:94:58:6c:7e:4b:a5:7a:ff:
         92:e7:d0:1c:e3:15:6c:2a:9e:b9:12:c9:6f:00:4e:a2:46:dc:
         47:42:78:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3Lj6MTJwQMtdie43gqC7oqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMTAxZmY1MWI2N2VlZmUwZDY3ODAwZTc2ZDM2MDZkZjRj
OTQ3MjEwHhcNMjQwMjIxMTIwNjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWZmZTMzN2Y4ZGE3Y2Y5NDUwOGU0NmFhYjBjODMxMTNmODkwMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspGRGDcmELMdY4xrJOU3bQF/Z4R9
wxGcwLleT1SkKlUGe6Yv57IuOPcK//KMukTDdLuECl8b+vvz7yeKAVWS3KoKkRNi
ZhfNSPQOL3VMsa3sKR7YHqfep4cGUF24fBC1p8k5een9dxJpisxv+kctZvRgI8gA
2KXhrJAvZRBXzh3vGoSDbF1nAr1WMndqg9RwT0o2lp3B1g/TIoStgnrU3NiL30ZR
PnUlODbj6aqabJcIL+//mTQTW/f+25z7d6zLHbBfoLGgdD9Jb44nZXxkk3OOOlr3
D3zbiX9DesD5Ge8cKkz99TaDl12GkMt56ZvMAoQPZh83TQlEDFw6Jd+OhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCr/4zf42nz5RQjkaqsMgxE/iQJ9MB8GA1UdIwQY
MBaAFEwQH/UbZ+7+DWeADnbTYG30yUchMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJBZjlSdG43djROWjRBT2R0TmdiZlRKUnlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC81OWRjYmQtNzhiZi00OGVkLTk1NGQt
Y2NhYTZlYjNjNTEzLzEvS3Zfak5famFmUGxGQ09ScXF3eURFVC1KQW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC81OWRjYmQtNzhiZi00OGVkLTk1NGQtY2NhYTZlYjNjNTEz
LzEvVEJBZjlSdG43djROWjRBT2R0TmdiZlRKUnlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATm4jMA0G
CSqGSIb3DQEBCwUAA4IBAQAMaKv+ue5cHM/E25s2As4+FsCoGBYDa+41oRz3jNE1
uVmkR1shNqko99ZD9YZ5gKs49Zmz/1poT1bMjgCigTmhyLVeTP9VpoNe0cQdBByd
0ngTFvqLqwAm+4UF0vvcxK7DVuRMihUQYKE010FgxsThW20eJRaOiRm0ESeiPe+v
5x0UN/3sp0Zte7LhBXGXK24vOzPnzv91JFRB0Op96hl9x3mqYRza7Z3H4Vzc0qz5
W0MgtIne2sQmBqIGTF6aZgV5Z8Ifz5t+5Hb6LIoG2FrbAyEA1Xa/kcupdhwK5/zo
l+HYlFhsfkulev+S59Ac4xVsKp65EslvAE6iRtxHQngJ
-----END CERTIFICATE-----