Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/78Ksif-Gobll5AfoHeykuB2Xcbg.roa
File:                     78Ksif-Gobll5AfoHeykuB2Xcbg.roa (raw, json)
Hash identifier:          7gFFZt/t8QVJCVzl1d3GUYimxagClzRq6ozi+1CHVPM=
Subject key identifier:   EF:C2:AC:89:FF:86:A1:B9:65:E4:07:E8:1D:EC:A4:B8:1D:97:71:B8
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EF0B716BDD64D8ACD2A2204E5EF09
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/78Ksif-Gobll5AfoHeykuB2Xcbg.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215941
IP address blocks:        77.76.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f0:b7:16:bd:d6:4d:8a:cd:2a:22:04:e5:ef:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efc2ac89ff86a1b965e407e81deca4b81d9771b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:12:c6:a6:fe:2f:e1:fa:d6:f1:62:aa:ad:fa:
                    fe:ff:3c:2c:6f:9d:6a:03:28:1e:80:c0:36:0f:bc:
                    5a:39:54:63:f6:56:a2:60:d4:e8:91:18:27:c6:33:
                    a8:be:54:3e:a5:0b:37:43:96:63:9e:3e:a9:f9:51:
                    de:da:3c:ed:3a:90:cd:8d:9b:f4:c7:8b:d8:3e:54:
                    01:12:a2:95:8f:88:e8:0d:19:a2:8f:fe:ab:78:24:
                    48:ac:a5:c0:b0:b0:50:d6:7b:0e:5d:2c:74:13:30:
                    d4:6c:cc:2f:ad:d6:3a:de:93:29:5a:f3:fe:12:58:
                    3e:32:da:33:9b:67:f5:2f:cb:57:e3:f1:97:c2:35:
                    1c:d7:60:96:0c:ba:2f:ad:e2:e1:12:96:c3:85:8e:
                    94:46:85:74:0e:a5:26:19:b5:f2:02:12:98:4e:64:
                    6d:c0:10:80:ee:18:0d:de:47:73:76:a3:46:13:2b:
                    f1:30:86:c8:97:c2:27:8f:44:11:a9:f7:57:d1:5f:
                    07:09:a5:f0:e5:d0:ba:47:35:ed:73:c0:eb:d8:b5:
                    a4:96:25:a9:72:43:a2:67:8e:d4:48:8a:5a:f9:e8:
                    15:01:1a:b0:e1:03:f8:43:91:09:5f:07:25:a5:b1:
                    3f:34:a7:f8:54:2d:40:c8:7e:c3:cc:b5:81:5f:dc:
                    aa:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:C2:AC:89:FF:86:A1:B9:65:E4:07:E8:1D:EC:A4:B8:1D:97:71:B8
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/78Ksif-Gobll5AfoHeykuB2Xcbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:13:1a:7f:ea:3c:b3:69:52:92:39:c5:f5:6c:62:fd:c5:05:
         f6:b2:6c:51:b3:82:3c:96:c9:31:c2:9c:5d:30:0b:81:92:c9:
         e8:78:0d:8d:17:64:f2:67:87:e9:28:d4:35:5a:be:d9:03:02:
         2a:bc:c3:2b:98:df:a7:51:a2:aa:3c:bf:90:e0:1b:52:26:5a:
         15:47:8f:f1:6c:7d:0d:e3:99:ac:eb:fb:2a:93:f7:e6:2d:73:
         8f:32:09:ff:89:d1:29:e4:8e:fc:d0:fe:31:6c:3a:64:0a:35:
         0c:d8:37:6b:0c:85:5d:9f:67:76:fd:4b:ae:46:3e:94:0a:5d:
         bd:50:da:9a:d0:e4:a4:43:e5:1d:c3:80:b8:7c:70:78:ac:80:
         ed:26:ba:63:44:80:90:a8:ce:89:d6:d6:55:80:61:85:35:99:
         53:0f:86:c1:e8:8d:99:e3:36:d1:12:36:ce:1e:82:00:e2:ae:
         77:17:a0:f1:77:8a:ed:a5:72:75:2b:94:5b:48:dc:20:bd:f9:
         39:36:81:e2:43:eb:4f:5a:de:93:63:d0:87:be:10:cc:c7:21:
         da:44:50:86:28:e3:fc:35:bb:89:ac:3e:2a:2d:ea:84:57:12:
         bf:a9:70:f6:c4:fc:ec:77:e4:60:21:05:66:25:af:d9:b6:56:
         b5:c4:c6:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvC3Fr3WTYrNKiIE5e8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmMyYWM4OWZmODZhMWI5NjVlNDA3ZTgxZGVjYTRiODFkOTc3MWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBLGpv4v4frW8WKqrfr+/zwsb51q
AygegMA2D7xaOVRj9laiYNTokRgnxjOovlQ+pQs3Q5Zjnj6p+VHe2jztOpDNjZv0
x4vYPlQBEqKVj4joDRmij/6reCRIrKXAsLBQ1nsOXSx0EzDUbMwvrdY63pMpWvP+
Elg+Mtozm2f1L8tX4/GXwjUc12CWDLovreLhEpbDhY6URoV0DqUmGbXyAhKYTmRt
wBCA7hgN3kdzdqNGEyvxMIbIl8Inj0QRqfdX0V8HCaXw5dC6RzXtc8Dr2LWkliWp
ckOiZ47USIpa+egVARqw4QP4Q5EJXwclpbE/NKf4VC1AyH7DzLWBX9yqiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/CrIn/hqG5ZeQH6B3spLgdl3G4MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvNzhLc2lmLUdvYmxsNUFmb0hleWt1QjJYY2JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUwPMA0G
CSqGSIb3DQEBCwUAA4IBAQCZExp/6jyzaVKSOcX1bGL9xQX2smxRs4I8lskxwpxd
MAuBksnoeA2NF2TyZ4fpKNQ1Wr7ZAwIqvMMrmN+nUaKqPL+Q4BtSJloVR4/xbH0N
45ms6/sqk/fmLXOPMgn/idEp5I780P4xbDpkCjUM2DdrDIVdn2d2/UuuRj6UCl29
UNqa0OSkQ+Udw4C4fHB4rIDtJrpjRICQqM6J1tZVgGGFNZlTD4bB6I2Z4zbREjbO
HoIA4q53F6Dxd4rtpXJ1K5RbSNwgvfk5NoHiQ+tPWt6TY9CHvhDMxyHaRFCGKOP8
NbuJrD4qLeqEVxK/qXD2xPzsd+RgIQVmJa/Ztla1xMat
-----END CERTIFICATE-----