Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/2de87a-0176-4f19-b0e8-ab5630211f7a/1/xR2RbMANlNFhXEYDRfk9sz_rL8A.roa
File:                     xR2RbMANlNFhXEYDRfk9sz_rL8A.roa (raw, json)
Hash identifier:          YW0KNJlV0yM77prNumjT9aDQqgXPWMQ9fpcpd80OP9Y=
Subject key identifier:   C5:1D:91:6C:C0:0D:94:D1:61:5C:46:03:45:F9:3D:B3:3F:EB:2F:C0
Certificate issuer:       /CN=ac9a51bea1b570ffa72d9c52d1a518c24bc78c02
Certificate serial:       018CC26D7F38396BCC1BB36B0F020ECD07C9
Authority key identifier: AC:9A:51:BE:A1:B5:70:FF:A7:2D:9C:52:D1:A5:18:C2:4B:C7:8C:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJpRvqG1cP-nLZxS0aUYwkvHjAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/2de87a-0176-4f19-b0e8-ab5630211f7a/1/xR2RbMANlNFhXEYDRfk9sz_rL8A.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50772
IP address blocks:        195.78.100.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/2de87a-0176-4f19-b0e8-ab5630211f7a/1/rJpRvqG1cP-nLZxS0aUYwkvHjAI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/2de87a-0176-4f19-b0e8-ab5630211f7a/1/rJpRvqG1cP-nLZxS0aUYwkvHjAI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJpRvqG1cP-nLZxS0aUYwkvHjAI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7f:38:39:6b:cc:1b:b3:6b:0f:02:0e:cd:07:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9a51bea1b570ffa72d9c52d1a518c24bc78c02
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c51d916cc00d94d1615c460345f93db33feb2fc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:39:38:52:5c:fc:50:44:78:ba:cd:67:1d:a4:
                    95:40:12:19:3e:69:35:d5:9e:22:ec:8f:37:08:b4:
                    c1:9a:e9:a5:bf:60:fc:cc:05:d2:88:87:60:0b:d3:
                    5c:35:a1:4d:21:dc:61:7a:61:6e:7a:1f:dd:8f:c1:
                    e6:3f:ff:d0:7c:00:6b:d7:85:8d:28:f2:4d:e3:11:
                    d7:2a:72:96:8e:a9:ca:ee:59:21:64:90:d6:d3:b2:
                    b3:87:70:e3:2b:14:db:91:21:97:de:70:43:21:3b:
                    c3:ff:81:a9:c6:c9:e9:37:fc:8a:04:0d:ac:32:e4:
                    b9:67:93:82:ee:42:17:5b:f8:21:ac:6e:48:be:a8:
                    ae:b9:ee:5a:8d:01:59:8a:6a:33:6c:f0:77:23:71:
                    76:82:55:19:86:55:e9:9e:58:d8:ff:1d:b2:ec:d7:
                    ad:cb:53:27:37:b4:ae:8f:71:eb:6d:3b:43:f7:ab:
                    07:b4:5a:2f:00:55:df:f1:0d:2e:4c:7b:14:31:1d:
                    f0:28:f6:74:1a:6a:03:9a:fd:a9:3c:71:8e:39:65:
                    8a:b9:25:13:4a:6f:ee:bf:86:f6:77:e1:3b:b0:2d:
                    e7:1e:0c:f2:ca:75:1d:57:17:ee:bf:cb:d7:df:0f:
                    4e:7a:41:7d:92:8b:c3:d6:f2:41:90:5e:ee:cf:4c:
                    d1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:1D:91:6C:C0:0D:94:D1:61:5C:46:03:45:F9:3D:B3:3F:EB:2F:C0
            X509v3 Authority Key Identifier:
                keyid:AC:9A:51:BE:A1:B5:70:FF:A7:2D:9C:52:D1:A5:18:C2:4B:C7:8C:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJpRvqG1cP-nLZxS0aUYwkvHjAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/2de87a-0176-4f19-b0e8-ab5630211f7a/1/xR2RbMANlNFhXEYDRfk9sz_rL8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/2de87a-0176-4f19-b0e8-ab5630211f7a/1/rJpRvqG1cP-nLZxS0aUYwkvHjAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.78.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:fb:99:29:95:e5:4c:03:e3:77:69:ae:e0:3f:47:79:ac:44:
         54:05:5c:93:66:1b:35:f0:6e:fb:41:38:71:16:98:78:9b:01:
         ef:2f:6a:61:1a:30:f1:5c:03:52:c4:cd:cf:c8:e2:0a:08:c0:
         dc:e9:82:bc:af:a5:8d:99:13:b4:e9:c5:3a:76:7f:fb:15:d9:
         9b:fc:ac:9d:41:9b:fc:f5:a9:a7:b0:f4:41:fc:9d:25:f7:26:
         67:10:af:9f:95:78:f1:e5:2c:06:17:31:63:a9:01:0e:65:5b:
         5b:db:b9:af:75:53:6b:75:a9:80:77:b2:2c:bd:fa:fc:52:b0:
         b0:28:a4:52:de:21:50:5d:8f:2e:ad:2c:d1:29:cb:ec:38:c8:
         8b:49:1d:be:4b:c6:a4:c6:59:7f:31:e1:03:a3:7a:99:6c:4f:
         1d:cb:07:d5:78:0c:00:9f:9f:15:2c:4b:98:61:b1:0e:2e:64:
         e9:3f:c9:07:12:38:2f:75:33:1e:1b:b8:5f:c3:11:a0:ed:e3:
         db:7a:82:8b:c7:7d:d9:66:17:db:c4:18:58:07:a9:b4:d2:ca:
         27:2a:c2:76:fb:69:da:8b:11:a0:54:0c:76:75:2d:88:f8:85:
         c5:8d:b3:da:df:ce:af:6a:52:9c:eb:03:1f:b8:6c:62:8e:6f:
         ad:42:20:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbX84OWvMG7NrDwIOzQfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOWE1MWJlYTFiNTcwZmZhNzJkOWM1MmQxYTUxOGMyNGJj
NzhjMDIwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTFkOTE2Y2MwMGQ5NGQxNjE1YzQ2MDM0NWY5M2RiMzNmZWIyZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDk4Ulz8UER4us1nHaSVQBIZPmk1
1Z4i7I83CLTBmumlv2D8zAXSiIdgC9NcNaFNIdxhemFueh/dj8HmP//QfABr14WN
KPJN4xHXKnKWjqnK7lkhZJDW07Kzh3DjKxTbkSGX3nBDITvD/4GpxsnpN/yKBA2s
MuS5Z5OC7kIXW/ghrG5Ivqiuue5ajQFZimozbPB3I3F2glUZhlXpnljY/x2y7Net
y1MnN7Suj3HrbTtD96sHtFovAFXf8Q0uTHsUMR3wKPZ0GmoDmv2pPHGOOWWKuSUT
Sm/uv4b2d+E7sC3nHgzyynUdVxfuv8vX3w9OekF9kovD1vJBkF7uz0zREwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUdkWzADZTRYVxGA0X5PbM/6y/AMB8GA1UdIwQY
MBaAFKyaUb6htXD/py2cUtGlGMJLx4wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckpwUnZxRzFjUC1uTFp4UzBhVVl3a3ZIakFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8yZGU4N2EtMDE3Ni00ZjE5LWIwZTgt
YWI1NjMwMjExZjdhLzEveFIyUmJNQU5sTkZoWEVZRFJmazlzel9yTDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8yZGU4N2EtMDE3Ni00ZjE5LWIwZTgtYWI1NjMwMjExZjdh
LzEvckpwUnZxRzFjUC1uTFp4UzBhVVl3a3ZIakFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw05kMA0G
CSqGSIb3DQEBCwUAA4IBAQAy+5kpleVMA+N3aa7gP0d5rERUBVyTZhs18G77QThx
Fph4mwHvL2phGjDxXANSxM3PyOIKCMDc6YK8r6WNmRO06cU6dn/7Fdmb/KydQZv8
9amnsPRB/J0l9yZnEK+flXjx5SwGFzFjqQEOZVtb27mvdVNrdamAd7Isvfr8UrCw
KKRS3iFQXY8urSzRKcvsOMiLSR2+S8akxll/MeEDo3qZbE8dywfVeAwAn58VLEuY
YbEOLmTpP8kHEjgvdTMeG7hfwxGg7ePbeoKLx33ZZhfbxBhYB6m00sonKsJ2+2na
ixGgVAx2dS2I+IXFjbPa386valKc6wMfuGxijm+tQiCW
-----END CERTIFICATE-----