Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/1eGw_eSFtEpxPSUaC0VpDW0KI5k.roa
File:                     1eGw_eSFtEpxPSUaC0VpDW0KI5k.roa (raw, json)
Hash identifier:          T82TmXuLlOcarKFujN9vzb118dALFzekfWVmFHNXBwM=
Subject key identifier:   D5:E1:B0:FD:E4:85:B4:4A:71:3D:25:1A:0B:45:69:0D:6D:0A:23:99
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       018CC50139932CE2C033AE6B4488C45F7403
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/1eGw_eSFtEpxPSUaC0VpDW0KI5k.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203287
IP address blocks:        78.159.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:39:93:2c:e2:c0:33:ae:6b:44:88:c4:5f:74:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5e1b0fde485b44a713d251a0b45690d6d0a2399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:47:7e:b6:1b:37:aa:a9:5e:7e:56:f0:e7:87:
                    7e:c3:c2:98:8a:73:c1:62:f7:30:b2:77:f0:87:5f:
                    a7:a7:f2:7f:f0:c3:9c:85:c9:19:e2:38:0c:d7:b7:
                    bd:7f:da:eb:48:3a:87:91:95:9c:03:e3:aa:85:e8:
                    d6:d7:7e:1c:8b:53:f7:e6:25:96:10:f2:8a:bf:79:
                    71:a1:39:84:7b:0e:18:88:55:86:3a:6f:a2:b2:b7:
                    35:39:ea:c6:6a:57:9a:b9:e0:57:f0:7b:1d:7b:76:
                    2f:61:03:d8:ca:c4:2f:37:5c:02:b6:91:7d:a7:ab:
                    f8:bd:8e:34:98:bc:34:39:a5:d4:43:66:b0:43:80:
                    10:5e:fb:f0:b9:7e:01:68:9c:b3:eb:e7:df:eb:ef:
                    e6:c6:68:44:33:4c:e0:21:41:ec:bc:5d:e9:0f:c6:
                    5b:da:2f:b3:19:99:c9:8c:f5:54:90:c5:b7:bc:38:
                    a5:06:1e:1c:ce:76:d2:84:c8:30:02:e3:0d:5d:e6:
                    ce:5f:5d:b5:e7:41:01:e2:c2:e4:3f:f2:f4:19:8e:
                    a7:ab:1e:98:fb:49:5a:ea:a6:eb:4a:82:9e:2e:ca:
                    ca:74:63:d0:0f:fd:d9:82:7e:19:cf:22:6d:11:e5:
                    1f:4d:f7:ec:1a:3e:16:0c:9b:7f:23:d2:08:76:a0:
                    81:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E1:B0:FD:E4:85:B4:4A:71:3D:25:1A:0B:45:69:0D:6D:0A:23:99
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/1eGw_eSFtEpxPSUaC0VpDW0KI5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:b3:5c:58:a9:07:bd:c1:21:09:29:ed:61:e5:1d:0e:f7:75:
         c2:ba:52:7f:e3:fc:c4:6b:41:85:fc:63:84:51:e4:35:c2:28:
         48:6a:99:27:01:3b:a0:03:ce:56:9a:af:ed:60:c9:a8:91:f4:
         29:1c:13:54:b1:55:ea:e8:1f:ad:b7:05:a0:03:b4:79:40:0d:
         21:e2:7d:9a:0f:2f:d0:63:d5:38:06:51:da:4b:a3:a0:f2:9e:
         2d:1a:2a:56:2b:9d:9d:3e:7d:c2:20:1e:9c:8f:ba:67:1d:d1:
         f9:f6:fb:41:36:f6:42:b0:2c:1e:b0:c0:82:54:93:60:74:99:
         33:ed:68:b9:36:fc:84:9d:c7:c3:10:ab:aa:b1:27:6b:bc:f2:
         9a:0c:d4:9d:68:17:40:e2:01:68:a5:fd:ae:7f:55:b6:fa:27:
         f4:9e:b8:e6:b9:00:ae:5a:c6:cf:e1:26:2d:ba:6d:e7:0a:34:
         1b:ba:cb:43:33:06:fb:a0:f0:fc:53:a2:5c:0b:5d:8a:f6:8d:
         7e:d5:33:bc:c5:9a:e5:07:86:ee:ad:8f:7b:40:4f:92:7d:69:
         79:5f:f0:72:f0:a5:82:88:a6:a7:6b:22:80:f9:9a:f8:2a:b5:
         b7:38:b1:c2:23:51:3e:ac:bb:19:c2:b8:5a:6d:eb:90:db:ec:
         97:09:95:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATmTLOLAM65rRIjEX3QDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWUxYjBmZGU0ODViNDRhNzEzZDI1MWEwYjQ1NjkwZDZkMGEyMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEd+ths3qqleflbw54d+w8KYinPB
Yvcwsnfwh1+np/J/8MOchckZ4jgM17e9f9rrSDqHkZWcA+OqhejW134ci1P35iWW
EPKKv3lxoTmEew4YiFWGOm+isrc1OerGaleaueBX8Hsde3YvYQPYysQvN1wCtpF9
p6v4vY40mLw0OaXUQ2awQ4AQXvvwuX4BaJyz6+ff6+/mxmhEM0zgIUHsvF3pD8Zb
2i+zGZnJjPVUkMW3vDilBh4cznbShMgwAuMNXebOX12150EB4sLkP/L0GY6nqx6Y
+0la6qbrSoKeLsrKdGPQD/3Zgn4ZzyJtEeUfTffsGj4WDJt/I9IIdqCBgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXhsP3khbRKcT0lGgtFaQ1tCiOZMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvMWVHd19lU0Z0RXB4UFNVYUMwVnBEVzBLSTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATp9VMA0G
CSqGSIb3DQEBCwUAA4IBAQAgs1xYqQe9wSEJKe1h5R0O93XCulJ/4/zEa0GF/GOE
UeQ1wihIapknATugA85Wmq/tYMmokfQpHBNUsVXq6B+ttwWgA7R5QA0h4n2aDy/Q
Y9U4BlHaS6Og8p4tGipWK52dPn3CIB6cj7pnHdH59vtBNvZCsCwesMCCVJNgdJkz
7Wi5NvyEncfDEKuqsSdrvPKaDNSdaBdA4gFopf2uf1W2+if0nrjmuQCuWsbP4SYt
um3nCjQbustDMwb7oPD8U6JcC12K9o1+1TO8xZrlB4burY97QE+SfWl5X/By8KWC
iKanayKA+Zr4KrW3OLHCI1E+rLsZwrhabeuQ2+yXCZXO
-----END CERTIFICATE-----