Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/nE68Tpolw96WYEnosN3YvKelj8k.roa
File:                     nE68Tpolw96WYEnosN3YvKelj8k.roa (raw, json)
Hash identifier:          QpIqMBYrKSLRx01eEqpkW7pe74zjopU0Nzi2oZnWlFA=
Subject key identifier:   9C:4E:BC:4E:9A:25:C3:DE:96:60:49:E8:B0:DD:D8:BC:A7:A5:8F:C9
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       018CC5013B7B0F1EB89B28DA9718D9ACC30F
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/nE68Tpolw96WYEnosN3YvKelj8k.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207033
IP address blocks:        78.159.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3b:7b:0f:1e:b8:9b:28:da:97:18:d9:ac:c3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c4ebc4e9a25c3de966049e8b0ddd8bca7a58fc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5f:9d:a0:0c:5b:b3:31:53:f2:90:5a:e9:df:
                    eb:2a:38:2d:15:1c:e8:f2:00:03:8b:63:2a:52:57:
                    94:7c:67:dd:2d:8d:d0:57:a3:41:e9:31:52:0a:51:
                    22:ca:be:0a:9b:cf:35:bf:06:bb:e6:b6:9e:f9:3e:
                    30:8c:91:65:89:c4:a9:f7:74:6f:76:b5:0d:6b:ea:
                    55:0e:54:40:3c:14:3e:fc:e6:94:8d:92:2a:4c:5a:
                    16:36:4a:97:03:2b:61:0b:73:21:64:a1:37:99:61:
                    bf:85:3b:52:99:d6:ad:44:a4:d8:05:41:8c:2b:31:
                    da:91:93:d1:44:eb:4d:44:10:64:4d:78:db:7f:4d:
                    dc:83:20:9c:67:07:91:e5:01:7e:70:5a:4f:aa:b2:
                    08:71:ab:76:d3:79:04:d5:86:34:76:b9:c7:ce:7e:
                    e1:76:46:bd:ba:4a:24:d8:88:a8:94:04:9a:54:98:
                    1f:d9:ae:ec:98:7b:a3:bf:7f:25:4a:79:ce:03:3b:
                    24:69:2a:26:c1:fd:ed:ae:77:dd:ab:2d:4d:a6:40:
                    3a:62:59:8a:b4:db:3b:dd:be:5b:df:da:7b:b8:7e:
                    60:05:25:65:e8:e8:70:74:4e:08:0e:b4:96:13:d0:
                    c7:d0:3b:bd:ce:5b:f3:d7:8e:e5:fb:a4:66:42:5c:
                    45:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4E:BC:4E:9A:25:C3:DE:96:60:49:E8:B0:DD:D8:BC:A7:A5:8F:C9
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/nE68Tpolw96WYEnosN3YvKelj8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:e1:bb:23:68:0f:f7:19:e6:16:20:30:e6:a7:40:72:69:38:
         27:73:f7:15:26:f3:2f:7b:a9:8e:d6:fa:e1:28:6f:68:d1:40:
         ff:6d:18:35:cd:9b:51:7d:57:bb:35:5a:55:04:cf:d3:0f:c5:
         7d:99:cc:59:ff:54:96:ed:ea:ae:95:72:97:d3:c1:73:ea:2e:
         c0:73:c2:83:9a:89:13:80:01:aa:2f:b1:e3:0f:34:32:83:c3:
         71:f9:94:68:8f:75:98:7a:91:07:22:b3:01:21:a6:b1:ff:af:
         96:71:11:d2:92:7b:d6:02:e2:3c:ee:b6:b5:66:d0:88:96:72:
         af:da:89:e2:8a:49:38:8c:3d:ed:d0:48:07:29:d3:60:5e:92:
         a9:5e:7d:a4:62:db:10:a4:13:e6:f3:27:24:84:f6:4e:e1:90:
         97:b8:6d:57:23:d7:02:71:29:1e:8b:37:c6:05:1d:5f:e9:f4:
         f6:ba:2e:8c:22:74:f3:2a:67:06:16:6f:7d:78:21:ce:91:20:
         db:b8:ec:4f:3d:6e:b2:3c:f7:50:07:79:0f:5f:86:d2:69:02:
         21:aa:49:be:a2:61:d0:9f:8e:89:6a:89:a7:50:52:af:b2:f9:
         3e:30:89:e9:a7:41:88:de:32:57:ff:18:fb:bf:26:e3:98:5b:
         48:21:c2:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATt7Dx64myjalxjZrMMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRlYmM0ZTlhMjVjM2RlOTY2MDQ5ZThiMGRkZDhiY2E3YTU4ZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1+doAxbszFT8pBa6d/rKjgtFRzo
8gADi2MqUleUfGfdLY3QV6NB6TFSClEiyr4Km881vwa75rae+T4wjJFlicSp93Rv
drUNa+pVDlRAPBQ+/OaUjZIqTFoWNkqXAythC3MhZKE3mWG/hTtSmdatRKTYBUGM
KzHakZPRROtNRBBkTXjbf03cgyCcZweR5QF+cFpPqrIIcat203kE1YY0drnHzn7h
dka9ukok2IiolASaVJgf2a7smHujv38lSnnOAzskaSomwf3trnfdqy1NpkA6YlmK
tNs73b5b39p7uH5gBSVl6OhwdE4IDrSWE9DH0Du9zlvz147l+6RmQlxFZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxOvE6aJcPelmBJ6LDd2LynpY/JMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvbkU2OFRwb2x3OTZXWUVub3NOM1l2S2VsajhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATp9UMA0G
CSqGSIb3DQEBCwUAA4IBAQCg4bsjaA/3GeYWIDDmp0ByaTgnc/cVJvMve6mO1vrh
KG9o0UD/bRg1zZtRfVe7NVpVBM/TD8V9mcxZ/1SW7equlXKX08Fz6i7Ac8KDmokT
gAGqL7HjDzQyg8Nx+ZRoj3WYepEHIrMBIaax/6+WcRHSknvWAuI87ra1ZtCIlnKv
2oniikk4jD3t0EgHKdNgXpKpXn2kYtsQpBPm8yckhPZO4ZCXuG1XI9cCcSkeizfG
BR1f6fT2ui6MInTzKmcGFm99eCHOkSDbuOxPPW6yPPdQB3kPX4bSaQIhqkm+omHQ
n46JaomnUFKvsvk+MInpp0GI3jJX/xj7vybjmFtIIcLJ
-----END CERTIFICATE-----