Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/_cFCrVctLYuFKzGEHNmFwY6IIos.roa
File:                     _cFCrVctLYuFKzGEHNmFwY6IIos.roa (raw, json)
Hash identifier:          rHDheU+Y/7uAPmdybxVPw/HjQrzvvrxLstkC7vrdkT0=
Subject key identifier:   FD:C1:42:AD:57:2D:2D:8B:85:2B:31:84:1C:D9:85:C1:8E:88:22:8B
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EE780680F286F86619099F80BAF00
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/_cFCrVctLYuFKzGEHNmFwY6IIos.roa
Signing time:             Mon 01 Jan 2024 14:30:28 +0000
ROA not before:           Mon 01 Jan 2024 14:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8877
IP address blocks:        78.142.60.0/24 maxlen: 24
                          78.128.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e7:80:68:0f:28:6f:86:61:90:99:f8:0b:af:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdc142ad572d2d8b852b31841cd985c18e88228b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ef:80:11:e0:a8:7e:7e:f1:9a:b2:3d:8f:1f:
                    2a:a7:46:43:74:89:96:0e:fb:59:66:09:a8:fa:f8:
                    e7:09:a1:77:6d:32:e2:d7:69:9a:a8:32:77:7e:29:
                    98:60:4c:37:20:67:bd:10:77:c4:65:e1:7d:2f:a5:
                    03:32:bc:c7:73:fe:41:7d:5c:34:c2:b6:e9:f6:e3:
                    73:c7:7e:9b:00:b9:fb:52:ea:0c:49:e1:fe:f7:fc:
                    31:21:4b:ce:75:9c:38:de:dd:19:25:28:1b:e3:6f:
                    ac:79:af:97:e9:0a:17:26:d1:3e:cc:d0:a3:df:9d:
                    d8:50:62:aa:ac:be:b3:96:3b:2c:bf:d4:66:39:e1:
                    41:b5:db:cf:cf:0c:c2:d3:52:d2:8f:aa:27:63:93:
                    9b:a6:b6:d6:ae:cb:92:75:92:77:20:9a:8d:65:d7:
                    05:a0:e8:81:fe:e5:61:ae:66:60:68:08:1c:3e:f7:
                    f9:07:17:65:07:63:79:93:d7:5b:eb:3e:ef:8b:45:
                    7e:e5:43:04:80:c4:13:7f:d7:84:a5:0c:7c:45:25:
                    19:a8:3f:6d:0f:2b:ea:c6:98:25:96:3b:67:28:8e:
                    73:c9:b2:e6:f6:a2:0d:fc:5e:7d:d4:49:53:08:87:
                    e8:00:d1:be:5c:4f:b5:d2:56:ab:39:45:23:d7:17:
                    f0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:C1:42:AD:57:2D:2D:8B:85:2B:31:84:1C:D9:85:C1:8E:88:22:8B
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/_cFCrVctLYuFKzGEHNmFwY6IIos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.0.0/24
                  78.142.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:88:ef:c5:a8:f8:66:e8:58:4b:f3:ec:4d:3f:d9:8e:17:5a:
         ec:c0:15:c4:11:fd:87:51:65:c3:af:84:eb:af:e2:bf:9c:0f:
         47:e4:aa:f6:ec:f9:9d:a3:d5:56:1b:30:63:7c:c2:06:2e:75:
         d0:d0:7b:1b:b2:dd:ab:6c:ea:f4:7c:93:a2:9d:6b:e4:88:45:
         d4:f8:8e:45:df:0f:7a:95:f7:f9:7b:14:b1:7b:80:d6:82:e8:
         06:be:ca:f3:5b:00:09:31:8a:f5:9d:a4:07:14:ca:db:c8:43:
         5d:d1:85:9a:b9:b9:97:26:5a:6c:69:82:d9:25:fe:ca:36:bb:
         9c:c3:b9:fc:1e:70:9d:93:51:12:3b:eb:f3:21:22:be:ca:c8:
         4f:32:99:35:d5:31:c1:a5:48:e8:d4:bb:0f:27:22:83:b3:17:
         d1:bc:8d:96:c8:74:b2:4b:36:1f:c4:27:ea:32:1f:ee:e4:30:
         45:0e:5c:20:9b:91:4f:ed:8c:b6:12:71:42:0d:ca:f9:35:8c:
         97:73:e3:78:10:c0:72:78:55:72:f4:b0:64:fe:11:9b:88:ea:
         6a:a8:1f:19:62:5d:5f:57:e2:81:b3:bd:5f:49:20:c7:b0:39:
         0f:0c:a2:20:12:e2:e6:ca:26:15:47:ff:3a:fb:a4:b2:a2:bc:
         6a:aa:30:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbueAaA8ob4ZhkJn4C68AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGMxNDJhZDU3MmQyZDhiODUyYjMxODQxY2Q5ODVjMThlODgyMjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgu+AEeCofn7xmrI9jx8qp0ZDdImW
DvtZZgmo+vjnCaF3bTLi12maqDJ3fimYYEw3IGe9EHfEZeF9L6UDMrzHc/5BfVw0
wrbp9uNzx36bALn7UuoMSeH+9/wxIUvOdZw43t0ZJSgb42+sea+X6QoXJtE+zNCj
353YUGKqrL6zljssv9RmOeFBtdvPzwzC01LSj6onY5ObprbWrsuSdZJ3IJqNZdcF
oOiB/uVhrmZgaAgcPvf5BxdlB2N5k9db6z7vi0V+5UMEgMQTf9eEpQx8RSUZqD9t
DyvqxpglljtnKI5zybLm9qIN/F591ElTCIfoANG+XE+10larOUUj1xfwFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP3BQq1XLS2LhSsxhBzZhcGOiCKLMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvX2NGQ3JWY3RMWXVGS3pHRUhObUZ3WTZJSW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAToAAAwQA
To48MA0GCSqGSIb3DQEBCwUAA4IBAQBgiO/FqPhm6FhL8+xNP9mOF1rswBXEEf2H
UWXDr4Trr+K/nA9H5Kr27Pmdo9VWGzBjfMIGLnXQ0Hsbst2rbOr0fJOinWvkiEXU
+I5F3w96lff5exSxe4DWgugGvsrzWwAJMYr1naQHFMrbyENd0YWaubmXJlpsaYLZ
Jf7KNrucw7n8HnCdk1ESO+vzISK+yshPMpk11THBpUjo1LsPJyKDsxfRvI2WyHSy
SzYfxCfqMh/u5DBFDlwgm5FP7Yy2EnFCDcr5NYyXc+N4EMByeFVy9LBk/hGbiOpq
qB8ZYl1fV+KBs71fSSDHsDkPDKIgEuLmyiYVR/86+6SyorxqqjAa
-----END CERTIFICATE-----