Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/80sSu0o-Qt1eYaIiu3Qhbyx9KpU.roa
File:                     80sSu0o-Qt1eYaIiu3Qhbyx9KpU.roa (raw, json)
Hash identifier:          d6jwMNNeFtQiPiZfMKYHLBqAWeTK30XpjW2361FSggE=
Subject key identifier:   F3:4B:12:BB:4A:3E:42:DD:5E:61:A2:22:BB:74:21:6F:2C:7D:2A:95
Certificate issuer:       /CN=54b24d895bf9c0a5fd000a45a347510b2a087fb8
Certificate serial:       018CC2DB2C70ED62DB2B958147F27481CA32
Authority key identifier: 54:B2:4D:89:5B:F9:C0:A5:FD:00:0A:45:A3:47:51:0B:2A:08:7F:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/80sSu0o-Qt1eYaIiu3Qhbyx9KpU.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57773
IP address blocks:        147.78.228.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2c:70:ed:62:db:2b:95:81:47:f2:74:81:ca:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54b24d895bf9c0a5fd000a45a347510b2a087fb8
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f34b12bb4a3e42dd5e61a222bb74216f2c7d2a95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6b:0e:e6:d2:b4:30:bd:ea:87:0b:65:d7:e1:
                    15:aa:dc:b5:29:f5:b2:08:02:07:e7:71:fd:af:04:
                    51:5f:b1:7e:2e:97:a8:7d:4e:81:1f:d5:d4:70:9b:
                    d3:47:3b:71:30:39:1e:89:50:e4:d9:bf:c0:ae:1b:
                    20:f8:e2:71:2b:c8:28:14:84:71:01:ce:b0:d3:3c:
                    4c:95:57:6a:ef:dc:c4:26:2b:97:70:9e:79:b1:34:
                    9f:b0:70:b3:62:54:fc:d9:bb:70:b2:f5:fa:cd:31:
                    cd:df:b2:dd:dc:ae:fd:16:0f:2f:d6:fd:c3:c3:e9:
                    d1:40:f4:28:db:f7:e3:1a:71:39:5b:f8:55:eb:0d:
                    05:89:af:22:cc:aa:b3:70:f3:19:59:04:88:5e:2e:
                    25:c2:71:85:06:86:5d:52:73:51:37:13:7e:0d:1e:
                    e3:8c:c6:79:03:f4:e1:f2:c9:8b:60:6f:f9:a2:59:
                    eb:14:a2:eb:48:77:1c:99:ed:82:58:09:20:cf:2e:
                    05:c0:db:da:a5:d2:5e:5d:5a:02:97:27:d5:c2:33:
                    2f:24:59:18:49:c6:da:5e:b3:93:c2:2f:bb:29:62:
                    1c:52:69:d4:e8:e8:91:ed:fe:f6:9f:ff:f1:38:e9:
                    01:06:06:b5:ae:39:d3:16:74:fc:39:62:27:df:a3:
                    fd:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:4B:12:BB:4A:3E:42:DD:5E:61:A2:22:BB:74:21:6F:2C:7D:2A:95
            X509v3 Authority Key Identifier:
                keyid:54:B2:4D:89:5B:F9:C0:A5:FD:00:0A:45:A3:47:51:0B:2A:08:7F:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/80sSu0o-Qt1eYaIiu3Qhbyx9KpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f0:0c:89:d8:c2:dc:38:92:35:76:79:35:7e:b8:5a:ac:e0:
         f3:56:dc:33:49:1c:41:26:03:33:70:90:de:00:30:d1:ce:7d:
         9d:b7:3b:1a:a7:46:61:2a:7a:47:3e:57:81:ad:8a:c2:53:57:
         a6:72:05:99:ff:84:31:72:bd:68:59:6e:4e:ff:b0:bc:e9:77:
         3b:98:14:3f:5c:11:14:0d:1d:a4:36:8f:c0:80:61:56:81:3f:
         b4:7d:ea:4c:e5:96:e3:8c:f0:90:67:54:2a:8c:78:17:cf:86:
         3b:0f:a3:56:bb:d5:22:c8:49:18:a4:e2:17:24:60:2e:b8:b2:
         94:be:49:a1:80:84:75:1a:ed:f9:20:c2:d2:4d:b7:bf:29:e2:
         2d:49:41:0e:ed:b3:38:9d:ea:9e:4e:0d:2f:88:96:72:be:4a:
         60:db:cd:4a:a9:d7:00:bd:e3:73:2e:3f:5d:9e:58:f7:d9:76:
         5e:88:03:8b:87:75:14:65:17:65:d3:c1:a3:6d:c4:b0:8f:55:
         c2:dc:f6:77:9f:8f:42:96:31:e3:53:e6:98:c4:88:70:0e:fb:
         d8:89:27:dc:7b:01:a1:3b:d1:f8:c5:af:4e:3e:25:4e:25:f8:
         00:d4:13:ce:6f:88:06:70:49:96:16:04:74:13:70:42:09:6c:
         fd:14:9a:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yxw7WLbK5WBR/J0gcoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YjI0ZDg5NWJmOWMwYTVmZDAwMGE0NWEzNDc1MTBiMmEw
ODdmYjgwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzRiMTJiYjRhM2U0MmRkNWU2MWEyMjJiYjc0MjE2ZjJjN2QyYTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWsO5tK0ML3qhwtl1+EVqty1KfWy
CAIH53H9rwRRX7F+LpeofU6BH9XUcJvTRztxMDkeiVDk2b/Arhsg+OJxK8goFIRx
Ac6w0zxMlVdq79zEJiuXcJ55sTSfsHCzYlT82btwsvX6zTHN37Ld3K79Fg8v1v3D
w+nRQPQo2/fjGnE5W/hV6w0Fia8izKqzcPMZWQSIXi4lwnGFBoZdUnNRNxN+DR7j
jMZ5A/Th8smLYG/5olnrFKLrSHccme2CWAkgzy4FwNvapdJeXVoClyfVwjMvJFkY
ScbaXrOTwi+7KWIcUmnU6OiR7f72n//xOOkBBga1rjnTFnT8OWIn36P95QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPNLErtKPkLdXmGiIrt0IW8sfSqVMB8GA1UdIwQY
MBaAFFSyTYlb+cCl/QAKRaNHUQsqCH+4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkxKTmlWdjV3S1g5QUFwRm8wZFJDeW9JZjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kMjE2NzktMmFkMi00ZGY1LTgwYjAt
ZmNiOWJkMDViMWFiLzEvODBzU3Uwby1RdDFlWWFJaXUzUWhieXg5S3BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kMjE2NzktMmFkMi00ZGY1LTgwYjAtZmNiOWJkMDViMWFi
LzEvVkxKTmlWdjV3S1g5QUFwRm8wZFJDeW9JZjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk07kMA0G
CSqGSIb3DQEBCwUAA4IBAQBG8AyJ2MLcOJI1dnk1frharODzVtwzSRxBJgMzcJDe
ADDRzn2dtzsap0ZhKnpHPleBrYrCU1emcgWZ/4Qxcr1oWW5O/7C86Xc7mBQ/XBEU
DR2kNo/AgGFWgT+0fepM5ZbjjPCQZ1QqjHgXz4Y7D6NWu9UiyEkYpOIXJGAuuLKU
vkmhgIR1Gu35IMLSTbe/KeItSUEO7bM4neqeTg0viJZyvkpg281KqdcAveNzLj9d
nlj32XZeiAOLh3UUZRdl08GjbcSwj1XC3PZ3n49CljHjU+aYxIhwDvvYiSfcewGh
O9H4xa9OPiVOJfgA1BPOb4gGcEmWFgR0E3BCCWz9FJqQ
-----END CERTIFICATE-----