Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/U4kZg29tRWPA-zcSlOURw0G_68o.roa
File:                     U4kZg29tRWPA-zcSlOURw0G_68o.roa (raw, json)
Hash identifier:          Pp6AAl7bCRW6GqM/7mR51+rD139CgYPbKghNdE2j3p8=
Subject key identifier:   53:89:19:83:6F:6D:45:63:C0:FB:37:12:94:E5:11:C3:41:BF:EB:CA
Certificate issuer:       /CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
Certificate serial:       0190C55E5E7B2F5B808F215F9F3DFBFF2591
Authority key identifier: FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/U4kZg29tRWPA-zcSlOURw0G_68o.roa
Signing time:             Thu 18 Jul 2024 10:23:34 +0000
ROA not before:           Thu 18 Jul 2024 10:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48254
IP address blocks:        212.78.75.0/24 maxlen: 24
                          212.78.76.0/23 maxlen: 24
                          212.78.78.0/24 maxlen: 24
                          212.78.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:5e:5e:7b:2f:5b:80:8f:21:5f:9f:3d:fb:ff:25:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
        Validity
            Not Before: Jul 18 10:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=538919836f6d4563c0fb371294e511c341bfebca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:0e:23:b6:0d:58:c9:01:e0:d9:a8:d2:7d:ca:
                    10:93:de:e7:e8:d0:6c:7e:71:8d:22:61:48:04:45:
                    b5:6a:66:f3:a9:5a:f8:9d:80:99:8a:f7:88:eb:2a:
                    c8:72:0c:18:03:a0:61:28:fd:7a:43:a8:15:12:a0:
                    11:ff:5e:ab:bc:7d:2c:01:89:e0:8b:d8:ac:04:67:
                    df:27:31:53:51:72:39:7a:a1:1f:fe:3e:c9:0b:d2:
                    9c:b0:88:ea:25:46:a3:8b:d0:43:6f:12:1c:9e:65:
                    02:ce:ad:1c:0e:f2:1a:4c:66:25:92:be:31:d8:3e:
                    e7:56:6d:3b:82:31:3b:c0:6b:da:09:e9:7e:4e:9b:
                    ec:8f:cc:3b:93:ec:0a:8c:25:5f:0d:45:e5:87:80:
                    2b:7a:c2:e0:e5:4d:a8:03:a4:17:d0:f2:48:d8:b2:
                    50:8f:77:89:fa:78:0f:6b:93:3e:9e:09:7c:8b:d9:
                    d1:4a:71:2e:12:89:0a:7d:40:21:98:6c:a2:7c:9f:
                    57:6c:46:ad:0e:4d:aa:ff:cb:00:71:60:3f:6b:f0:
                    db:5f:ac:c5:a1:50:ba:39:63:f2:47:18:8a:a6:86:
                    7e:b3:a5:67:a5:7c:53:44:92:4a:04:41:8f:c2:e6:
                    2b:d2:8c:39:a4:c2:89:9b:8d:97:4a:40:f8:80:b6:
                    fb:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:89:19:83:6F:6D:45:63:C0:FB:37:12:94:E5:11:C3:41:BF:EB:CA
            X509v3 Authority Key Identifier:
                keyid:FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/U4kZg29tRWPA-zcSlOURw0G_68o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.78.75.0-212.78.78.255
                  212.78.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:d4:5f:20:7b:2d:ed:e6:8b:22:2a:2d:bf:3d:06:bd:d9:4a:
         8d:1d:cd:39:f1:c7:ed:a4:64:7a:08:bb:70:db:f9:f9:01:1d:
         d2:b4:98:9f:fb:f2:46:30:b4:5f:29:b8:40:25:95:1f:8d:5d:
         f9:bb:1a:02:18:f3:63:fb:5c:97:21:e1:fb:2b:cf:30:f1:b0:
         e9:71:6e:51:ad:3f:ed:1f:a5:34:57:b3:4e:b3:1a:71:ae:52:
         82:17:c0:dc:eb:c1:8d:0a:3e:ae:30:cd:e8:ab:6b:b9:ac:5f:
         17:28:5f:d0:6a:b8:97:0a:51:83:dc:ee:f6:ac:de:2d:81:36:
         74:68:80:4f:c5:13:d6:08:6f:7e:a5:d3:02:f0:fc:5e:3e:42:
         c2:1b:7b:c2:49:89:63:63:0c:03:0b:51:ae:c1:4d:01:d3:21:
         87:8f:bf:a3:10:1d:8c:a4:d3:fb:89:7e:bd:06:cb:b3:eb:bb:
         b5:2f:6b:d9:fe:9e:15:53:79:50:1e:0a:4c:4a:34:a8:8f:96:
         90:32:e7:ab:5f:4d:5c:6c:9c:3d:65:15:56:e6:a7:4f:d2:ed:
         0d:b2:e4:e1:a7:e7:4c:3d:ac:f3:e6:c9:44:33:b2:37:a8:4a:
         12:6e:b6:e7:7a:d9:21:8f:f8:5f:c4:ef:5c:56:7f:3e:b5:a8:
         dc:48:59:0e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZDFXl57L1uAjyFfnz37/yWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYzM4MWY1M2YyNWRiYzJhMGVmYWJmODg5ZmNhMzI0MTk5
NThkZDAwHhcNMjQwNzE4MTAyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzg5MTk4MzZmNmQ0NTYzYzBmYjM3MTI5NGU1MTFjMzQxYmZlYmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3g4jtg1YyQHg2ajSfcoQk97n6NBs
fnGNImFIBEW1ambzqVr4nYCZiveI6yrIcgwYA6BhKP16Q6gVEqAR/16rvH0sAYng
i9isBGffJzFTUXI5eqEf/j7JC9KcsIjqJUaji9BDbxIcnmUCzq0cDvIaTGYlkr4x
2D7nVm07gjE7wGvaCel+Tpvsj8w7k+wKjCVfDUXlh4AresLg5U2oA6QX0PJI2LJQ
j3eJ+ngPa5M+ngl8i9nRSnEuEokKfUAhmGyifJ9XbEatDk2q/8sAcWA/a/DbX6zF
oVC6OWPyRxiKpoZ+s6VnpXxTRJJKBEGPwuYr0ow5pMKJm42XSkD4gLb7zwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFOJGYNvbUVjwPs3EpTlEcNBv+vKMB8GA1UdIwQY
MBaAFP/DgfU/JdvCoO+r+In8oyQZlY3QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDkt
NmZlMzQ4MDVhNmM2LzEvVTRrWmcyOXRSV1BBLXpjU2xPVVJ3MEdfNjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDktNmZlMzQ4MDVhNmM2
LzEvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADUTksD
BADUTk4DBADUTlUwDQYJKoZIhvcNAQELBQADggEBAHXUXyB7Le3miyIqLb89Br3Z
So0dzTnxx+2kZHoIu3Db+fkBHdK0mJ/78kYwtF8puEAllR+NXfm7GgIY82P7XJch
4fsrzzDxsOlxblGtP+0fpTRXs06zGnGuUoIXwNzrwY0KPq4wzeira7msXxcoX9Bq
uJcKUYPc7vas3i2BNnRogE/FE9YIb36l0wLw/F4+QsIbe8JJiWNjDAMLUa7BTQHT
IYePv6MQHYyk0/uJfr0Gy7Pru7Uva9n+nhVTeVAeCkxKNKiPlpAy56tfTVxsnD1l
FVbmp0/S7Q2y5OGn50w9rPPmyUQzsjeoShJutud62SGP+F/E71xWfz61qNxIWQ4=
-----END CERTIFICATE-----