Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/jdSAQkXRU1EcDxGVMXB4lIxMwpQ.roa
File:                     jdSAQkXRU1EcDxGVMXB4lIxMwpQ.roa (raw, json)
Hash identifier:          ybTgf6BpBUeMEIIaBWP/Q1N0ojjZeqh3yi1EvVdPwMs=
Subject key identifier:   8D:D4:80:42:45:D1:53:51:1C:0F:11:95:31:70:78:94:8C:4C:C2:94
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC9FE00DD40E05991F2D1CBE7B618C
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/jdSAQkXRU1EcDxGVMXB4lIxMwpQ.roa
Signing time:             Mon 01 Jan 2024 16:30:19 +0000
ROA not before:           Mon 01 Jan 2024 16:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212025
IP address blocks:        85.158.145.0/24 maxlen: 24
                          5.178.2.0/24 maxlen: 24
                          5.10.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9f:e0:0d:d4:0e:05:99:1f:2d:1c:be:7b:61:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dd4804245d153511c0f1195317078948c4cc294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:24:5e:53:3f:af:52:4e:68:98:76:d7:70:06:
                    9e:b9:b4:25:40:d9:fc:c0:9f:2e:29:d5:ab:3e:78:
                    e2:df:2f:f4:8a:bb:83:90:17:5a:3c:94:d4:fe:e5:
                    e5:ed:ff:3b:b9:6c:fc:0f:69:04:5d:f3:fd:fc:dd:
                    0a:29:80:f0:25:30:c8:d1:43:b6:6f:fa:84:85:8c:
                    3a:f7:c0:1b:e5:b0:bc:68:88:ca:e7:c1:ba:a2:15:
                    16:24:c6:7b:0a:3d:d9:0e:2c:e7:f0:3b:ae:0c:12:
                    ff:23:d7:eb:17:b8:0b:e2:c9:73:7a:8e:43:f5:ea:
                    7d:12:84:b9:53:1f:c9:fe:79:63:c9:3b:de:dc:f4:
                    39:84:65:27:a8:e4:3f:84:eb:9a:d5:2e:ed:1a:f0:
                    8f:19:67:55:4b:f4:78:4c:d7:17:54:93:1d:34:e8:
                    5f:9b:fb:7c:c5:11:28:38:8f:e1:b6:71:ea:9f:e2:
                    83:9f:a6:83:f8:ae:ad:89:8e:aa:d5:0a:76:39:d4:
                    25:9e:0a:0d:1c:b2:43:4f:a1:d4:c8:eb:ea:9f:aa:
                    fb:92:0b:eb:ac:01:fe:9a:47:7c:31:61:6b:e9:5b:
                    23:6c:d8:02:28:32:58:7f:2d:ce:52:1d:08:57:02:
                    a4:e9:df:5f:82:f0:25:38:ae:b7:b1:3b:2a:fe:bf:
                    27:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D4:80:42:45:D1:53:51:1C:0F:11:95:31:70:78:94:8C:4C:C2:94
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/jdSAQkXRU1EcDxGVMXB4lIxMwpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.249.0/24
                  5.178.2.0/24
                  85.158.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:13:90:5a:3d:2d:3c:a8:05:51:5a:32:53:cb:28:08:bc:68:
         4e:ed:a9:2b:77:d5:b0:ef:f1:1b:88:2b:61:f1:3c:2c:f1:0f:
         33:8d:40:1c:59:d8:f6:22:ea:33:91:24:7d:ba:28:54:db:d6:
         6a:91:78:f0:63:b6:6c:0c:e4:d1:27:1d:47:e2:62:7b:18:17:
         20:61:e3:44:b4:ba:14:e1:9f:86:1d:f1:c6:ba:a8:42:50:64:
         35:d3:5f:41:df:17:3e:89:d5:c1:a8:ce:15:c7:00:a3:da:89:
         f5:7e:26:00:30:a4:3c:82:a9:6b:48:f1:7e:8c:17:6a:c7:6f:
         29:c0:f1:2e:e6:a1:81:28:51:a8:59:6c:98:17:fb:b1:d7:e1:
         96:6d:8e:53:54:99:ec:68:31:9c:98:6a:6a:31:3a:25:eb:8d:
         98:23:a4:72:63:e4:92:52:f9:68:6a:da:5b:66:da:fc:7a:ec:
         37:58:de:5c:53:28:f1:62:67:c8:82:ba:28:f5:07:6f:c8:66:
         40:d6:26:15:4f:3d:a5:0d:7e:79:00:ec:a1:e9:c2:a1:e9:02:
         04:8d:d0:e8:46:55:27:77:63:a4:1a:e4:ab:26:d3:04:f8:3a:
         bb:c4:fa:6c:5e:3a:c1:45:8d:b6:be:d2:0c:6d:26:56:4d:ab:
         8a:41:ab:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3J/gDdQOBZkfLRy+e2GMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQ0ODA0MjQ1ZDE1MzUxMWMwZjExOTUzMTcwNzg5NDhjNGNjMjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCReUz+vUk5omHbXcAaeubQlQNn8
wJ8uKdWrPnji3y/0iruDkBdaPJTU/uXl7f87uWz8D2kEXfP9/N0KKYDwJTDI0UO2
b/qEhYw698Ab5bC8aIjK58G6ohUWJMZ7Cj3ZDizn8DuuDBL/I9frF7gL4slzeo5D
9ep9EoS5Ux/J/nljyTve3PQ5hGUnqOQ/hOua1S7tGvCPGWdVS/R4TNcXVJMdNOhf
m/t8xREoOI/htnHqn+KDn6aD+K6tiY6q1Qp2OdQlngoNHLJDT6HUyOvqn6r7kgvr
rAH+mkd8MWFr6VsjbNgCKDJYfy3OUh0IVwKk6d9fgvAlOK63sTsq/r8npQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI3UgEJF0VNRHA8RlTFweJSMTMKUMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvamRTQVFrWFJVMUVjRHhHVk1YQjRsSXhNd3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABQr5AwQA
BbICAwQAVZ6RMA0GCSqGSIb3DQEBCwUAA4IBAQBYE5BaPS08qAVRWjJTyygIvGhO
7akrd9Ww7/EbiCth8Tws8Q8zjUAcWdj2IuozkSR9uihU29ZqkXjwY7ZsDOTRJx1H
4mJ7GBcgYeNEtLoU4Z+GHfHGuqhCUGQ1019B3xc+idXBqM4VxwCj2on1fiYAMKQ8
gqlrSPF+jBdqx28pwPEu5qGBKFGoWWyYF/ux1+GWbY5TVJnsaDGcmGpqMTol642Y
I6RyY+SSUvloatpbZtr8euw3WN5cUyjxYmfIgroo9QdvyGZA1iYVTz2lDX55AOyh
6cKh6QIEjdDoRlUnd2OkGuSrJtME+Dq7xPpsXjrBRY22vtIMbSZWTauKQavG
-----END CERTIFICATE-----