Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/ydZk0obv7bVj0H5Iz8YDS1A_OoI.roa
File:                     ydZk0obv7bVj0H5Iz8YDS1A_OoI.roa (raw, json)
Hash identifier:          A/+/9Cb8ZkhS5WljSmbGlesFin2PpKldQ6ws68t/myQ=
Subject key identifier:   C9:D6:64:D2:86:EF:ED:B5:63:D0:7E:48:CF:C6:03:4B:50:3F:3A:82
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       01906D9CEC5361363FB5D3BEC452BD0AC77E
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/ydZk0obv7bVj0H5Iz8YDS1A_OoI.roa
Signing time:             Mon 01 Jul 2024 09:25:18 +0000
ROA not before:           Mon 01 Jul 2024 09:25:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212908
IP address blocks:        78.159.64.0/21 maxlen: 21
                          78.159.86.0/24 maxlen: 24
                          2a02:7f0:200::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6d:9c:ec:53:61:36:3f:b5:d3:be:c4:52:bd:0a:c7:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jul  1 09:25:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9d664d286efedb563d07e48cfc6034b503f3a82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:28:67:06:00:62:d7:da:93:dd:01:6a:ad:b5:
                    e7:83:33:c0:22:97:06:11:7f:31:60:32:3e:a7:fd:
                    d0:1e:e8:2e:58:b0:2c:cf:5b:12:ad:43:e2:2d:7c:
                    3a:49:1e:56:51:19:ac:db:d0:c2:67:d7:7b:1e:a1:
                    49:25:ba:01:fc:6d:d2:70:d5:d5:79:2d:f4:87:62:
                    a3:ea:de:e3:8b:0f:f5:69:60:51:16:5e:dc:2b:38:
                    f0:e1:10:b0:cf:c0:ec:76:07:3b:4d:a5:ad:16:b9:
                    3e:f2:29:89:cc:9b:12:3e:6c:23:1d:80:e2:8c:98:
                    40:33:5e:ec:03:3d:a8:3d:3d:64:40:2a:e3:23:b3:
                    ec:ea:7b:4e:ee:0d:f2:a2:1e:45:bf:4d:27:0c:b1:
                    b2:e5:c1:4a:51:64:99:72:97:a1:03:64:f1:40:55:
                    d6:37:13:24:bb:d5:e5:45:f9:22:8a:4a:2d:0b:dc:
                    6d:3b:fe:ad:0d:79:2a:1b:38:cf:3c:92:de:08:62:
                    5d:d9:b2:6d:22:9e:85:ae:c0:f2:e1:3f:e2:a1:11:
                    5e:22:c9:79:aa:7a:71:80:9f:a4:5d:4b:bc:68:d1:
                    d2:aa:2d:32:22:52:ef:72:43:9a:92:b2:62:7a:72:
                    96:e7:15:ca:61:5e:14:6f:89:53:c0:a9:06:e3:b6:
                    b0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D6:64:D2:86:EF:ED:B5:63:D0:7E:48:CF:C6:03:4B:50:3F:3A:82
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/ydZk0obv7bVj0H5Iz8YDS1A_OoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.64.0/21
                  78.159.86.0/24
                IPv6:
                  2a02:7f0:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         94:cf:75:e9:75:a5:b8:05:93:db:ba:8a:eb:c5:fc:ab:5e:c0:
         7e:df:d1:98:68:b6:27:09:85:69:7a:51:2e:3e:07:8e:aa:28:
         85:55:ec:37:95:8b:4f:a7:04:c3:c0:ab:d0:e3:25:7f:f6:48:
         72:c2:d2:b6:2e:17:ad:79:0c:a2:37:63:78:2e:6b:27:9d:55:
         7e:af:dd:4a:b9:d7:2c:ce:fc:8d:0b:b1:08:a4:f2:39:84:ab:
         09:32:a2:ac:a3:f9:00:dc:9e:95:2f:c6:56:d4:58:ac:78:6f:
         0e:09:80:8d:3d:0b:f6:ca:f5:3b:99:23:f6:c3:e5:27:c5:9b:
         74:e7:39:36:92:bd:4d:2a:9b:03:3d:81:16:f4:49:13:dc:46:
         d3:ae:da:6c:ff:6d:cb:46:ca:c2:19:45:b3:03:c0:3e:78:8f:
         ae:ea:1a:57:a2:dc:20:41:ab:b9:7d:82:11:56:41:d8:70:03:
         ed:87:14:26:79:2b:bf:1a:5d:c7:4d:39:f3:23:96:cf:fc:bc:
         62:d2:26:17:4c:a5:0b:af:76:4d:bf:18:49:9f:63:4c:db:cc:
         b7:42:7d:64:15:e7:fc:08:88:f4:24:ae:55:81:c4:a1:47:b1:
         95:71:92:ae:cb:a4:ac:a7:2c:b0:b7:25:4e:4c:6a:45:2f:ec:
         42:2c:31:a7
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZBtnOxTYTY/tdO+xFK9Csd+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwNzAxMDkyNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQ2NjRkMjg2ZWZlZGI1NjNkMDdlNDhjZmM2MDM0YjUwM2YzYTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArChnBgBi19qT3QFqrbXngzPAIpcG
EX8xYDI+p/3QHuguWLAsz1sSrUPiLXw6SR5WURms29DCZ9d7HqFJJboB/G3ScNXV
eS30h2Kj6t7jiw/1aWBRFl7cKzjw4RCwz8Dsdgc7TaWtFrk+8imJzJsSPmwjHYDi
jJhAM17sAz2oPT1kQCrjI7Ps6ntO7g3yoh5Fv00nDLGy5cFKUWSZcpehA2TxQFXW
NxMku9XlRfkiikotC9xtO/6tDXkqGzjPPJLeCGJd2bJtIp6FrsDy4T/ioRFeIsl5
qnpxgJ+kXUu8aNHSqi0yIlLvckOakrJienKW5xXKYV4Ub4lTwKkG47awxQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFMnWZNKG7+21Y9B+SM/GA0tQPzqCMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEveWRaazBvYnY3YlZqMEg1SXo4WURTMUFfT29JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQDTp9AAwQA
Tp9WMA4EAgACMAgDBgAqAgfwAjANBgkqhkiG9w0BAQsFAAOCAQEAlM916XWluAWT
27qK68X8q17Aft/RmGi2JwmFaXpRLj4HjqoohVXsN5WLT6cEw8Cr0OMlf/ZIcsLS
ti4XrXkMojdjeC5rJ51Vfq/dSrnXLM78jQuxCKTyOYSrCTKirKP5ANyelS/GVtRY
rHhvDgmAjT0L9sr1O5kj9sPlJ8WbdOc5NpK9TSqbAz2BFvRJE9xG067abP9ty0bK
whlFswPAPniPruoaV6LcIEGruX2CEVZB2HAD7YcUJnkrvxpdx0058yOWz/y8YtIm
F0ylC692Tb8YSZ9jTNvMt0J9ZBXn/AiI9CSuVYHEoUexlXGSrsukrKcssLclTkxq
RS/sQiwxpw==
-----END CERTIFICATE-----