Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/7SSzJj03qPrwFuKTHgN1uHL3CV4.roa
File:                     7SSzJj03qPrwFuKTHgN1uHL3CV4.roa (raw, json)
Hash identifier:          U3jrRr1hP52cKm3CfAXYP8tXCMgNcj8Z9XItWKQhMNM=
Subject key identifier:   ED:24:B3:26:3D:37:A8:FA:F0:16:E2:93:1E:03:75:B8:72:F7:09:5E
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       018CC5013951C478A0A0A5233CD23E347A9E
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/7SSzJj03qPrwFuKTHgN1uHL3CV4.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199234
IP address blocks:        78.159.94.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 17:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:39:51:c4:78:a0:a0:a5:23:3c:d2:3e:34:7a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed24b3263d37a8faf016e2931e0375b872f7095e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:46:3e:1c:34:4c:bc:f7:91:67:61:23:fe:67:
                    c6:ba:81:b6:b0:32:f4:1a:37:30:0e:89:09:f5:76:
                    4b:d9:33:c2:3f:27:57:d4:9b:c1:71:68:f5:06:ae:
                    c6:04:b8:1f:4a:d1:2f:d1:67:42:93:9f:2e:91:28:
                    dd:ee:d2:8a:0a:d2:46:f7:24:94:e4:46:31:fd:62:
                    ec:3d:71:67:8b:f4:ab:f6:ba:e5:42:5b:f8:cf:9f:
                    02:69:bd:ac:cf:ec:d8:91:a3:76:77:96:38:93:23:
                    62:ca:e8:ee:47:98:a3:ce:97:38:59:4c:5f:9f:c6:
                    3a:70:bc:55:8d:5b:2d:b6:aa:91:89:85:5a:41:ce:
                    db:03:36:32:25:5b:88:29:66:83:2d:9d:0c:86:c8:
                    45:f7:27:3f:57:20:79:a3:e4:a8:ef:4c:bd:e7:78:
                    8f:ee:81:95:4b:25:60:68:9d:ef:15:ce:b1:32:62:
                    c2:2c:33:ba:71:c7:9f:35:40:9e:2a:c7:e8:b7:3d:
                    46:1d:2a:55:9b:dd:db:c2:1a:b4:e3:7a:b8:74:8e:
                    f6:e2:0f:24:8f:8c:0d:66:2c:0e:26:dc:95:73:c0:
                    df:42:77:9c:e5:b2:8f:5b:f0:0c:48:77:55:c9:6b:
                    f6:84:d3:3a:e9:c2:7a:02:c2:8b:a3:47:fa:70:45:
                    19:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:24:B3:26:3D:37:A8:FA:F0:16:E2:93:1E:03:75:B8:72:F7:09:5E
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/7SSzJj03qPrwFuKTHgN1uHL3CV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:6f:ac:e1:c8:6c:13:2a:37:80:40:16:79:1e:5c:03:89:87:
         ca:2f:d5:49:16:19:96:fc:c2:a4:0f:b9:91:3b:be:9b:91:ba:
         63:ba:17:1f:a1:d7:90:05:39:41:6f:cc:d2:dc:f7:a6:e4:b4:
         d8:41:ef:cf:98:04:17:b4:bd:30:3d:c7:ee:23:52:2f:32:30:
         6d:c1:6e:1d:a4:79:90:51:79:54:53:d8:95:8e:8d:6b:da:bf:
         06:a5:99:3e:76:a5:4f:73:8e:0f:02:80:ff:c1:7c:8a:2e:3f:
         10:02:34:7f:4e:ca:35:92:f3:1f:82:e2:b2:48:ea:5c:07:80:
         0a:1f:05:53:3e:7e:36:5d:e3:a3:b8:29:8e:e1:23:9b:df:55:
         18:b4:ef:74:b7:b6:5a:1b:dc:84:88:05:2b:a1:23:f2:78:09:
         c1:e5:d3:0d:4c:c9:4e:fa:3a:27:8c:1d:ff:71:43:aa:78:a6:
         b3:8f:84:9d:5e:1b:46:58:0e:0f:e9:a5:5e:05:0e:f7:3f:72:
         e7:b4:da:2b:80:97:80:66:b1:1e:91:ee:86:ab:91:db:74:b7:
         7d:b0:ef:1e:e8:64:bc:54:c9:ba:2d:e0:49:01:0c:5d:cb:cc:
         0c:31:6c:7b:fc:bf:ab:d4:53:7a:56:c4:c6:b2:8d:ce:8e:b6:
         13:bd:15:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATlRxHigoKUjPNI+NHqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDI0YjMyNjNkMzdhOGZhZjAxNmUyOTMxZTAzNzViODcyZjcwOTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUY+HDRMvPeRZ2Ej/mfGuoG2sDL0
GjcwDokJ9XZL2TPCPydX1JvBcWj1Bq7GBLgfStEv0WdCk58ukSjd7tKKCtJG9ySU
5EYx/WLsPXFni/Sr9rrlQlv4z58Cab2sz+zYkaN2d5Y4kyNiyujuR5ijzpc4WUxf
n8Y6cLxVjVsttqqRiYVaQc7bAzYyJVuIKWaDLZ0MhshF9yc/VyB5o+So70y953iP
7oGVSyVgaJ3vFc6xMmLCLDO6ccefNUCeKsfotz1GHSpVm93bwhq043q4dI724g8k
j4wNZiwOJtyVc8DfQnec5bKPW/AMSHdVyWv2hNM66cJ6AsKLo0f6cEUZwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO0ksyY9N6j68Bbikx4Ddbhy9wleMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvN1NTekpqMDNxUHJ3RnVLVEhnTjF1SEwzQ1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTp9eMA0G
CSqGSIb3DQEBCwUAA4IBAQB0b6zhyGwTKjeAQBZ5HlwDiYfKL9VJFhmW/MKkD7mR
O76bkbpjuhcfodeQBTlBb8zS3Pem5LTYQe/PmAQXtL0wPcfuI1IvMjBtwW4dpHmQ
UXlUU9iVjo1r2r8GpZk+dqVPc44PAoD/wXyKLj8QAjR/Tso1kvMfguKySOpcB4AK
HwVTPn42XeOjuCmO4SOb31UYtO90t7ZaG9yEiAUroSPyeAnB5dMNTMlO+jonjB3/
cUOqeKazj4SdXhtGWA4P6aVeBQ73P3LntNorgJeAZrEeke6Gq5HbdLd9sO8e6GS8
VMm6LeBJAQxdy8wMMWx7/L+r1FN6VsTGso3OjrYTvRVY
-----END CERTIFICATE-----