Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/a_3d322DGG9t9FNVMlgLBzbb0Gs.roa
File:                     a_3d322DGG9t9FNVMlgLBzbb0Gs.roa (raw, json)
Hash identifier:          +ErxTpNos2VTcyOLVNorAOultfeC1ePNBSXmlh/A90A=
Subject key identifier:   6B:FD:DD:DF:6D:83:18:6F:6D:F4:53:55:32:58:0B:07:36:DB:D0:6B
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       018CC5013BB7EF687B9165154EA3CF449335
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/a_3d322DGG9t9FNVMlgLBzbb0Gs.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210911
IP address blocks:        78.159.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3b:b7:ef:68:7b:91:65:15:4e:a3:cf:44:93:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bfddddf6d83186f6df4535532580b0736dbd06b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:3b:d4:0f:94:7b:69:b3:a6:c8:ed:60:83:1a:
                    0e:d6:10:0d:6b:c8:32:24:3c:ad:59:f6:2f:bf:c7:
                    ef:27:8e:7a:42:9b:a3:18:d9:1d:83:0f:f1:47:55:
                    e5:38:16:81:97:af:4f:87:cf:fe:5f:cb:c3:29:07:
                    07:e3:c9:9e:50:b0:25:07:04:a7:57:bf:ff:c6:d2:
                    e2:08:73:3f:35:35:0b:b5:93:4a:4b:ef:a9:28:2f:
                    d6:bc:01:48:0c:21:d9:40:ea:07:be:a2:cb:b4:1d:
                    d0:ee:1c:3f:99:c7:b6:2b:dd:d7:fb:f4:46:4b:8a:
                    5f:b7:e5:36:fb:ea:ef:06:aa:93:01:c1:f1:cb:24:
                    65:9e:47:bf:f7:fb:99:7c:29:cc:ed:93:32:80:97:
                    a4:f6:33:9b:84:6a:7c:d5:24:2e:02:f2:4c:ec:2f:
                    72:ad:0b:69:24:84:23:04:76:63:58:3f:98:74:54:
                    a4:92:d4:a1:1b:ef:5d:5f:e6:47:b5:f9:64:ca:3d:
                    00:78:2b:bb:ef:a5:51:1d:b8:5c:a2:b1:07:02:15:
                    df:1d:1c:84:ba:ed:9c:90:cd:6f:f9:c9:45:ef:51:
                    3d:71:bc:ff:57:5c:7d:d4:22:70:d0:ab:ce:49:30:
                    cb:f4:c6:cd:91:ab:95:69:16:2e:8e:f0:14:a9:fe:
                    8c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:FD:DD:DF:6D:83:18:6F:6D:F4:53:55:32:58:0B:07:36:DB:D0:6B
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/a_3d322DGG9t9FNVMlgLBzbb0Gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:31:89:c1:36:fa:c3:5f:1e:67:84:6c:a6:62:24:02:e8:54:
         ff:39:90:c9:5b:2b:c9:d1:2c:8e:dd:ff:b6:5c:cb:19:ad:a6:
         6c:6b:85:c2:45:a8:db:14:d1:9b:be:34:5a:df:68:48:2a:27:
         bc:f6:72:fc:e8:29:ed:4e:e1:b2:df:77:26:61:2e:1a:7c:a2:
         83:33:d4:60:5f:2a:6d:98:8d:e5:0c:08:b0:da:80:22:ad:9e:
         0e:4f:96:7e:34:50:16:9a:6b:d3:cc:1e:93:1c:8e:ed:6f:a4:
         d9:85:7f:b0:4f:48:bb:52:f6:7d:25:de:81:ed:b9:75:9a:d2:
         b3:14:2c:b8:b0:c6:55:f3:64:c2:fe:1f:88:65:6a:a6:ed:34:
         90:b9:8f:1d:52:23:1d:e7:51:a4:b8:51:a7:43:eb:d2:af:94:
         b5:5a:11:3b:ba:dc:60:e1:63:89:44:df:ed:b3:03:16:5a:f9:
         57:fa:40:3f:2f:07:8a:90:d3:68:f0:5c:da:f6:1a:60:e7:4f:
         eb:d7:8c:8f:6f:f9:22:e3:a5:04:57:17:e0:58:e4:a7:39:f1:
         6c:10:3b:fb:dc:d4:19:d9:43:3c:95:f6:56:39:ff:a9:e5:68:
         34:27:5d:6f:bd:a7:56:10:d2:ee:fe:34:17:57:7b:56:e3:0b:
         50:50:d9:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATu372h7kWUVTqPPRJM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmZkZGRkZjZkODMxODZmNmRmNDUzNTUzMjU4MGIwNzM2ZGJkMDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DvUD5R7abOmyO1ggxoO1hANa8gy
JDytWfYvv8fvJ456QpujGNkdgw/xR1XlOBaBl69Ph8/+X8vDKQcH48meULAlBwSn
V7//xtLiCHM/NTULtZNKS++pKC/WvAFIDCHZQOoHvqLLtB3Q7hw/mce2K93X+/RG
S4pft+U2++rvBqqTAcHxyyRlnke/9/uZfCnM7ZMygJek9jObhGp81SQuAvJM7C9y
rQtpJIQjBHZjWD+YdFSkktShG+9dX+ZHtflkyj0AeCu776VRHbhcorEHAhXfHRyE
uu2ckM1v+clF71E9cbz/V1x91CJw0KvOSTDL9MbNkauVaRYujvAUqf6MFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGv93d9tgxhvbfRTVTJYCwc229BrMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvYV8zZDMyMkRHRzl0OUZOVk1sZ0xCemJiMEdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATp9cMA0G
CSqGSIb3DQEBCwUAA4IBAQAoMYnBNvrDXx5nhGymYiQC6FT/OZDJWyvJ0SyO3f+2
XMsZraZsa4XCRajbFNGbvjRa32hIKie89nL86CntTuGy33cmYS4afKKDM9RgXypt
mI3lDAiw2oAirZ4OT5Z+NFAWmmvTzB6THI7tb6TZhX+wT0i7UvZ9Jd6B7bl1mtKz
FCy4sMZV82TC/h+IZWqm7TSQuY8dUiMd51GkuFGnQ+vSr5S1WhE7utxg4WOJRN/t
swMWWvlX+kA/LweKkNNo8Fza9hpg50/r14yPb/ki46UEVxfgWOSnOfFsEDv73NQZ
2UM8lfZWOf+p5Wg0J11vvadWENLu/jQXV3tW4wtQUNnC
-----END CERTIFICATE-----