Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/78ZyGorQ-XMx0LtVucV3fw0bL98.roa
File:                     78ZyGorQ-XMx0LtVucV3fw0bL98.roa (raw, json)
Hash identifier:          kwiSPwPN8tlE2nWHuYCqCFVKLJEmTkfCAXZFI9f76hk=
Subject key identifier:   EF:C6:72:1A:8A:D0:F9:73:31:D0:BB:55:B9:C5:77:7F:0D:1B:2F:DF
Certificate issuer:       /CN=de87d35bdcab123affc1a91d1736867969709a23
Certificate serial:       018CC6B8F0F61E59E6DF920711148417F8E1
Authority key identifier: DE:87:D3:5B:DC:AB:12:3A:FF:C1:A9:1D:17:36:86:79:69:70:9A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/78ZyGorQ-XMx0LtVucV3fw0bL98.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43399
IP address blocks:        91.194.226.0/23 maxlen: 24
                          91.218.132.0/22 maxlen: 24
                          212.233.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 01:03:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f0:f6:1e:59:e6:df:92:07:11:14:84:17:f8:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de87d35bdcab123affc1a91d1736867969709a23
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efc6721a8ad0f97331d0bb55b9c5777f0d1b2fdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:97:d0:95:36:c3:55:e9:16:91:3e:6f:be:2d:
                    c2:77:c1:7a:53:04:9c:bb:d5:3a:d6:4f:45:12:58:
                    96:01:4b:ca:89:1c:0a:65:8b:f6:4d:79:14:e6:1c:
                    73:8b:d2:85:c8:8f:00:09:9a:09:ae:8b:5d:e5:d3:
                    a8:9b:0c:df:71:49:7a:5f:89:40:d3:fc:8b:b2:0c:
                    d9:cd:5b:17:1d:e0:f3:61:6d:d3:f9:2b:39:2a:f1:
                    2b:43:51:4a:8a:b0:50:5b:d5:b7:51:0f:86:e0:3e:
                    b7:89:4d:b6:b7:d2:e3:73:81:a3:6e:36:67:26:0a:
                    96:01:03:17:2f:6d:df:ac:82:d0:e5:21:54:e9:a5:
                    07:32:43:0c:8c:2f:24:1c:89:5f:44:69:1c:dc:19:
                    02:a6:bf:f0:16:20:f8:74:2b:4f:7f:36:3e:94:8e:
                    77:77:aa:96:15:6e:7d:72:bf:18:1f:f1:eb:c8:c1:
                    0f:a3:87:07:29:91:cb:06:31:d6:9a:92:f4:8e:63:
                    8c:9b:e9:d0:3e:6c:0d:a6:1f:9d:72:91:6c:06:a3:
                    67:21:2c:a9:66:fe:01:bc:44:cd:07:7d:1f:28:7f:
                    ba:d0:7d:aa:57:da:ac:e6:d4:bf:65:ad:38:7e:eb:
                    88:d5:77:73:a6:af:30:12:42:ab:5b:23:e6:d0:01:
                    75:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:C6:72:1A:8A:D0:F9:73:31:D0:BB:55:B9:C5:77:7F:0D:1B:2F:DF
            X509v3 Authority Key Identifier:
                keyid:DE:87:D3:5B:DC:AB:12:3A:FF:C1:A9:1D:17:36:86:79:69:70:9A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/78ZyGorQ-XMx0LtVucV3fw0bL98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.226.0/23
                  91.218.132.0/22
                  212.233.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:93:59:6f:f1:b9:e9:ea:60:84:62:ef:de:3b:f9:d5:8b:68:
         1b:98:31:f6:10:68:32:74:9f:c3:2f:ab:2b:a6:a6:32:8e:28:
         b6:70:6c:f6:c7:05:4b:ab:22:18:c8:cd:f6:f6:29:74:31:9c:
         0e:72:cb:a9:71:48:b4:5a:b2:c2:85:63:8a:71:73:c3:c7:06:
         c7:83:b2:7d:12:d1:19:a7:e3:28:90:55:34:3d:50:91:6f:8c:
         be:9e:c2:07:75:f7:9d:d8:a3:1b:f3:8d:a0:c5:a1:18:03:3b:
         e4:0e:9d:34:32:08:af:51:6c:b4:76:20:51:18:38:9c:28:85:
         84:b4:b8:46:7f:0c:31:18:65:9d:ad:84:9c:de:2b:0e:0d:3f:
         95:80:e8:fd:b2:d4:ac:c1:a7:db:ff:bc:17:d5:b2:b0:82:73:
         3b:42:6b:16:36:dc:b0:c2:a2:8c:23:f2:34:32:c4:df:8a:1b:
         51:60:47:ec:7e:c6:43:fb:a3:de:a7:7f:cd:22:d2:00:6a:b4:
         cb:8d:70:23:07:85:2a:58:a3:71:cc:a5:f6:38:23:05:e4:8b:
         0c:82:12:c2:a4:d9:e2:e7:6c:c7:25:fa:2d:39:1d:a7:65:07:
         cd:ef:bd:cb:af:6f:6b:d4:6c:a8:3b:57:c8:6b:0b:0e:af:38:
         cb:5d:0a:f1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuPD2Hlnm35IHERSEF/jhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlODdkMzViZGNhYjEyM2FmZmMxYTkxZDE3MzY4Njc5Njk3
MDlhMjMwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmM2NzIxYThhZDBmOTczMzFkMGJiNTViOWM1Nzc3ZjBkMWIyZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJfQlTbDVekWkT5vvi3Cd8F6UwSc
u9U61k9FEliWAUvKiRwKZYv2TXkU5hxzi9KFyI8ACZoJrotd5dOomwzfcUl6X4lA
0/yLsgzZzVsXHeDzYW3T+Ss5KvErQ1FKirBQW9W3UQ+G4D63iU22t9Ljc4GjbjZn
JgqWAQMXL23frILQ5SFU6aUHMkMMjC8kHIlfRGkc3BkCpr/wFiD4dCtPfzY+lI53
d6qWFW59cr8YH/HryMEPo4cHKZHLBjHWmpL0jmOMm+nQPmwNph+dcpFsBqNnISyp
Zv4BvETNB30fKH+60H2qV9qs5tS/Za04fuuI1Xdzpq8wEkKrWyPm0AF1NwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO/GchqK0PlzMdC7VbnFd38NGy/fMB8GA1UdIwQY
MBaAFN6H01vcqxI6/8GpHRc2hnlpcJojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM29mVFc5eXJFanJfd2FrZEZ6YUdlV2x3bWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85MTA3MTYtZjI2Ni00N2YwLTliYWQt
YzIyMzkwZThkOWE2LzEvNzhaeUdvclEtWE14MEx0VnVjVjNmdzBiTDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85MTA3MTYtZjI2Ni00N2YwLTliYWQtYzIyMzkwZThkOWE2
LzEvM29mVFc5eXJFanJfd2FrZEZ6YUdlV2x3bWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW8LiAwQC
W9qEAwQC1OlQMA0GCSqGSIb3DQEBCwUAA4IBAQARk1lv8bnp6mCEYu/eO/nVi2gb
mDH2EGgydJ/DL6srpqYyjii2cGz2xwVLqyIYyM329il0MZwOcsupcUi0WrLChWOK
cXPDxwbHg7J9EtEZp+MokFU0PVCRb4y+nsIHdfed2KMb842gxaEYAzvkDp00Mgiv
UWy0diBRGDicKIWEtLhGfwwxGGWdrYSc3isODT+VgOj9stSswafb/7wX1bKwgnM7
QmsWNtywwqKMI/I0MsTfihtRYEfsfsZD+6Pep3/NItIAarTLjXAjB4UqWKNxzKX2
OCMF5IsMghLCpNni52zHJfotOR2nZQfN773Lr29r1GyoO1fIawsOrzjLXQrx
-----END CERTIFICATE-----