Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/PsCKguq9NMuEmqoFq_7oMFd1PGo.roa
File:                     PsCKguq9NMuEmqoFq_7oMFd1PGo.roa (raw, json)
Hash identifier:          ExFaAXgi192dFJ6yIxd5g9kIQ+dHOMKUTdDfPQDouSc=
Subject key identifier:   3E:C0:8A:82:EA:BD:34:CB:84:9A:AA:05:AB:FE:E8:30:57:75:3C:6A
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01931F614B7A7F98163E6DA551949AE1101F
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/PsCKguq9NMuEmqoFq_7oMFd1PGo.roa
Signing time:             Tue 12 Nov 2024 07:58:10 +0000
ROA not before:           Tue 12 Nov 2024 07:58:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50360
IP address blocks:        78.142.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1f:61:4b:7a:7f:98:16:3e:6d:a5:51:94:9a:e1:10:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Nov 12 07:58:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ec08a82eabd34cb849aaa05abfee83057753c6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:de:a2:e3:a7:9d:da:42:09:33:03:ee:a5:9e:
                    52:25:46:8c:40:59:3b:62:f2:90:0f:2a:ba:17:f0:
                    ca:6f:9f:8b:cf:a9:c0:97:cc:cf:6d:28:3f:9f:f5:
                    cd:9f:b0:52:9b:37:6f:14:54:9a:3c:7e:b6:4f:8a:
                    03:e4:d9:a4:49:77:3d:96:e2:09:23:c3:22:d6:f6:
                    c5:ff:11:e8:26:92:fc:8b:9d:b1:3f:30:c8:26:c6:
                    6e:a2:c8:2b:96:ab:9e:8f:d3:5a:9b:07:78:0e:4d:
                    aa:6c:d5:2b:b0:ed:f8:03:d0:09:46:ed:2d:94:3b:
                    66:fe:0f:a6:1f:70:e5:29:47:9c:83:6a:84:e0:88:
                    ca:bc:fe:ff:2f:ee:d4:af:91:0a:01:82:54:d1:e0:
                    9e:f7:a3:c0:30:85:c0:dc:b3:40:28:ce:87:2c:b2:
                    4d:58:b8:26:79:63:eb:02:68:7c:c8:ed:4f:ac:2a:
                    2a:5e:20:d2:98:1d:5c:f1:24:6a:aa:71:cf:38:10:
                    99:e3:df:6e:ed:6a:dc:74:32:bf:b4:8a:e4:40:6a:
                    3c:62:b5:55:0b:e6:23:13:9a:b4:27:f0:ea:8a:9c:
                    a6:f9:07:2c:fa:49:c1:5f:dc:0f:bb:96:e8:68:ff:
                    21:7a:75:57:d4:24:cf:1b:14:93:76:27:e5:ac:17:
                    ce:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C0:8A:82:EA:BD:34:CB:84:9A:AA:05:AB:FE:E8:30:57:75:3C:6A
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/PsCKguq9NMuEmqoFq_7oMFd1PGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:9b:cb:b7:52:e5:38:63:8f:79:fa:d3:6d:0a:bb:7c:f7:68:
         5f:dd:33:3f:5b:6e:b2:92:c6:8e:df:83:00:76:0b:c9:25:74:
         54:c7:8c:23:fe:f0:81:28:7e:1a:19:f1:76:f9:c4:e0:9c:a5:
         82:88:4b:e4:cf:e3:10:17:5f:f2:2e:d9:43:6f:72:92:10:12:
         1b:e9:dc:c9:c7:31:7f:a6:a5:0f:9a:d9:54:4b:07:e6:70:12:
         55:14:83:f9:bc:58:79:3b:b5:d7:4e:32:d1:66:ac:7b:b8:6f:
         fa:02:10:31:1a:65:67:e3:1c:df:73:ec:cb:d8:cb:3d:c2:d2:
         67:6f:51:47:fc:d9:21:12:27:da:d8:ca:7b:bc:bb:ae:b6:eb:
         c6:94:d5:a6:9a:96:dd:bc:f6:7e:70:68:3c:84:ba:92:ca:8d:
         30:5c:93:45:0b:d7:56:61:f6:79:ba:ee:5a:aa:86:00:67:6e:
         0b:ef:6a:93:4d:b4:c3:ab:65:aa:91:c1:04:af:04:78:47:c7:
         0d:73:7f:00:86:b7:b6:50:db:66:d4:39:9f:2b:53:1d:55:bb:
         03:25:3c:c4:26:24:4e:1a:d8:89:57:f0:86:86:23:79:6d:42:
         fa:57:d5:87:8b:a8:f3:98:e7:c0:65:7b:78:db:59:24:3c:86:
         86:be:3f:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMfYUt6f5gWPm2lUZSa4RAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQxMTEyMDc1ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWMwOGE4MmVhYmQzNGNiODQ5YWFhMDVhYmZlZTgzMDU3NzUzYzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt6i46ed2kIJMwPupZ5SJUaMQFk7
YvKQDyq6F/DKb5+Lz6nAl8zPbSg/n/XNn7BSmzdvFFSaPH62T4oD5NmkSXc9luIJ
I8Mi1vbF/xHoJpL8i52xPzDIJsZuosgrlquej9Namwd4Dk2qbNUrsO34A9AJRu0t
lDtm/g+mH3DlKUecg2qE4IjKvP7/L+7Ur5EKAYJU0eCe96PAMIXA3LNAKM6HLLJN
WLgmeWPrAmh8yO1PrCoqXiDSmB1c8SRqqnHPOBCZ499u7WrcdDK/tIrkQGo8YrVV
C+YjE5q0J/Dqipym+Qcs+knBX9wPu5boaP8henVX1CTPGxSTdiflrBfOdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7AioLqvTTLhJqqBav+6DBXdTxqMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvUHNDS2d1cTlOTXVFbXFvRnFfN29NRmQxUEdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo4xMA0G
CSqGSIb3DQEBCwUAA4IBAQAGm8u3UuU4Y495+tNtCrt892hf3TM/W26yksaO34MA
dgvJJXRUx4wj/vCBKH4aGfF2+cTgnKWCiEvkz+MQF1/yLtlDb3KSEBIb6dzJxzF/
pqUPmtlUSwfmcBJVFIP5vFh5O7XXTjLRZqx7uG/6AhAxGmVn4xzfc+zL2Ms9wtJn
b1FH/NkhEifa2Mp7vLuutuvGlNWmmpbdvPZ+cGg8hLqSyo0wXJNFC9dWYfZ5uu5a
qoYAZ24L72qTTbTDq2WqkcEErwR4R8cNc38Ahre2UNtm1DmfK1MdVbsDJTzEJiRO
GtiJV/CGhiN5bUL6V9WHi6jzmOfAZXt421kkPIaGvj/a
-----END CERTIFICATE-----