Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/7GA7gfcJcKMV6DPJbgkSIM4NNEM.roa
File:                     7GA7gfcJcKMV6DPJbgkSIM4NNEM.roa (raw, json)
Hash identifier:          DlKDuKr0bxtqG4AsECFolpQk1l2nM98ja5ytgrborW4=
Subject key identifier:   EC:60:3B:81:F7:09:70:A3:15:E8:33:C9:6E:09:12:20:CE:0D:34:43
Certificate issuer:       /CN=f5d901201ff0b1b97ef3d1a72da41e18f0145762
Certificate serial:       018CC4248372848EB9658C238866D0D7252E
Authority key identifier: F5:D9:01:20:1F:F0:B1:B9:7E:F3:D1:A7:2D:A4:1E:18:F0:14:57:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dkBIB_wsbl-89GnLaQeGPAUV2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/7GA7gfcJcKMV6DPJbgkSIM4NNEM.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203201
IP address blocks:        212.78.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9dkBIB_wsbl-89GnLaQeGPAUV2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9dkBIB_wsbl-89GnLaQeGPAUV2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9dkBIB_wsbl-89GnLaQeGPAUV2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:83:72:84:8e:b9:65:8c:23:88:66:d0:d7:25:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d901201ff0b1b97ef3d1a72da41e18f0145762
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec603b81f70970a315e833c96e091220ce0d3443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c4:97:65:82:34:69:b7:f9:05:2d:ac:d6:ca:
                    0c:8e:13:4e:c8:39:bd:48:bb:15:61:c7:04:39:30:
                    91:f5:8d:13:64:c7:00:04:29:e3:ef:de:fe:0c:9a:
                    1e:ba:10:4d:e2:f7:fe:b8:30:e8:63:3f:05:91:a5:
                    92:86:e8:b9:ca:2a:c9:d4:ee:58:7f:17:21:65:a8:
                    76:52:6e:dc:db:cd:22:ee:d0:8f:7b:13:c1:ef:89:
                    1e:fd:ed:ef:f7:51:7a:86:b0:6a:44:e7:47:a3:e4:
                    d8:76:67:a7:7d:08:ec:e6:d9:f5:92:aa:0b:d8:63:
                    ec:1a:f8:86:0d:96:4b:ef:50:f5:fa:7e:7c:54:e9:
                    ce:e6:df:09:8d:07:27:54:a9:cb:6a:82:da:57:d6:
                    ce:48:c0:bb:59:45:26:db:f1:0d:b5:97:b1:6b:03:
                    c8:8b:35:a4:e5:d2:3a:07:68:6b:2c:d5:0c:b5:3c:
                    78:59:05:d9:41:cb:b2:3a:60:f9:76:2e:a4:ec:4b:
                    39:f5:da:48:8c:33:c5:c7:72:4a:c6:64:25:f3:6e:
                    f3:2e:e2:5f:56:75:fd:0e:7e:7a:23:27:a3:82:e1:
                    25:1e:e8:51:6a:47:92:95:a3:b8:1f:5e:3e:25:39:
                    39:5e:f6:cd:0b:69:bd:13:e6:10:11:e1:01:b1:29:
                    98:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:60:3B:81:F7:09:70:A3:15:E8:33:C9:6E:09:12:20:CE:0D:34:43
            X509v3 Authority Key Identifier:
                keyid:F5:D9:01:20:1F:F0:B1:B9:7E:F3:D1:A7:2D:A4:1E:18:F0:14:57:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dkBIB_wsbl-89GnLaQeGPAUV2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/7GA7gfcJcKMV6DPJbgkSIM4NNEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9dkBIB_wsbl-89GnLaQeGPAUV2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.78.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:83:6d:0b:f2:38:8a:3b:e1:a9:f8:15:a9:02:fc:4d:a9:9f:
         ac:33:aa:da:e3:e3:6e:60:31:b7:aa:c4:7b:2a:fc:47:99:9d:
         fa:08:d7:01:e9:bd:73:2e:62:15:af:80:f8:11:47:91:05:f7:
         c5:be:ed:2d:87:fc:1d:32:5e:1f:b8:47:fb:15:4a:89:b8:84:
         aa:2a:0f:8a:73:5a:37:8f:3f:a6:39:d7:58:6f:03:24:25:18:
         42:b7:bc:56:bf:9f:81:1e:f2:a8:f9:66:92:a8:4c:0a:67:49:
         b2:16:12:a2:27:44:b7:1a:bb:3e:88:8d:7e:dc:06:c4:6e:d4:
         cb:52:b8:2f:8d:8b:c6:19:ba:aa:64:af:94:1b:3e:6b:98:99:
         5b:2d:46:3f:1c:a3:61:37:a8:a6:95:a4:20:e6:dc:08:1e:f8:
         67:18:1e:33:de:41:c3:6a:22:d3:0a:95:05:ff:b8:73:b4:d3:
         c2:2f:8d:d9:05:99:2a:b3:c1:f7:73:95:8d:a4:31:54:0e:17:
         37:82:29:94:a9:03:d7:3b:88:72:51:91:14:6d:c3:c2:fd:76:
         02:b0:5f:81:bb:80:df:a0:d5:ba:24:70:0a:3b:a8:8b:f6:1c:
         27:20:b5:db:ae:10:46:f2:ea:88:f2:17:a6:20:50:a1:7c:8d:
         98:2b:df:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJINyhI65ZYwjiGbQ1yUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDkwMTIwMWZmMGIxYjk3ZWYzZDFhNzJkYTQxZTE4ZjAx
NDU3NjIwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzYwM2I4MWY3MDk3MGEzMTVlODMzYzk2ZTA5MTIyMGNlMGQzNDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysSXZYI0abf5BS2s1soMjhNOyDm9
SLsVYccEOTCR9Y0TZMcABCnj797+DJoeuhBN4vf+uDDoYz8FkaWShui5yirJ1O5Y
fxchZah2Um7c280i7tCPexPB74ke/e3v91F6hrBqROdHo+TYdmenfQjs5tn1kqoL
2GPsGviGDZZL71D1+n58VOnO5t8JjQcnVKnLaoLaV9bOSMC7WUUm2/ENtZexawPI
izWk5dI6B2hrLNUMtTx4WQXZQcuyOmD5di6k7Es59dpIjDPFx3JKxmQl827zLuJf
VnX9Dn56IyejguElHuhRakeSlaO4H14+JTk5XvbNC2m9E+YQEeEBsSmYWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxgO4H3CXCjFegzyW4JEiDODTRDMB8GA1UdIwQY
MBaAFPXZASAf8LG5fvPRpy2kHhjwFFdiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRrQklCX3dzYmwtODlHbkxhUWVHUEFVVjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9hZDU1NDUtZjhhZi00Mjc4LTkwYTUt
YTNiYmM4N2E3N2NjLzEvN0dBN2dmY0pjS01WNkRQSmJna1NJTTROTkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9hZDU1NDUtZjhhZi00Mjc4LTkwYTUtYTNiYmM4N2E3N2Nj
LzEvOWRrQklCX3dzYmwtODlHbkxhUWVHUEFVVjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1E4BMA0G
CSqGSIb3DQEBCwUAA4IBAQAhg20L8jiKO+Gp+BWpAvxNqZ+sM6ra4+NuYDG3qsR7
KvxHmZ36CNcB6b1zLmIVr4D4EUeRBffFvu0th/wdMl4fuEf7FUqJuISqKg+Kc1o3
jz+mOddYbwMkJRhCt7xWv5+BHvKo+WaSqEwKZ0myFhKiJ0S3Grs+iI1+3AbEbtTL
UrgvjYvGGbqqZK+UGz5rmJlbLUY/HKNhN6imlaQg5twIHvhnGB4z3kHDaiLTCpUF
/7hztNPCL43ZBZkqs8H3c5WNpDFUDhc3gimUqQPXO4hyUZEUbcPC/XYCsF+Bu4Df
oNW6JHAKO6iL9hwnILXbrhBG8uqI8hemIFChfI2YK9+W
-----END CERTIFICATE-----