Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/pHiFvgvCDugCQ0fCV2bMIVDXBvE.roa
File:                     pHiFvgvCDugCQ0fCV2bMIVDXBvE.roa (raw, json)
Hash identifier:          2aIpkdhRrif6dl3FsLOdHBHHHovRmeg4j/7doBldcPc=
Subject key identifier:   A4:78:85:BE:0B:C2:0E:E8:02:43:47:C2:57:66:CC:21:50:D7:06:F1
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019103D82D6E5F677B0EE2D7F5E2C1AF1299
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/pHiFvgvCDugCQ0fCV2bMIVDXBvE.roa
Signing time:             Tue 30 Jul 2024 13:33:04 +0000
ROA not before:           Tue 30 Jul 2024 13:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208949
IP address blocks:        5.178.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:03:d8:2d:6e:5f:67:7b:0e:e2:d7:f5:e2:c1:af:12:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jul 30 13:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a47885be0bc20ee8024347c25766cc2150d706f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c6:35:b7:ca:6c:e1:a7:a7:ad:5c:95:55:73:
                    f2:bd:61:a8:7f:54:f2:94:43:ea:cd:81:48:c3:25:
                    bd:f6:28:5b:05:3c:d3:2a:06:4f:89:38:86:dc:61:
                    60:a6:b0:04:a6:29:6b:fa:f9:d4:8a:a3:71:8c:c2:
                    bc:49:23:cc:92:1b:c1:a2:2d:b8:e9:d5:ca:28:98:
                    c8:29:87:db:32:2c:ad:51:ea:71:96:9b:86:d2:66:
                    be:6e:c5:7d:61:7d:03:4a:b0:ab:e1:49:38:a8:e0:
                    39:5b:dd:bd:ea:8b:b6:a6:95:2a:3b:dd:95:fb:b4:
                    07:e6:e6:ec:9c:51:ca:c1:6c:e9:ed:7a:b3:17:65:
                    d0:a9:f9:5c:3c:e2:ba:d3:40:e0:80:71:7e:f2:8c:
                    30:9c:ba:1c:95:33:d3:ca:7a:fd:99:68:0a:0d:11:
                    24:d8:f4:08:ba:d1:5f:e4:4c:cf:37:85:32:49:e4:
                    9c:d4:4b:ae:14:36:be:51:10:98:2e:39:2c:f4:7c:
                    12:87:ab:2a:b8:95:e4:54:b9:26:f1:0c:32:06:75:
                    63:90:00:39:94:f7:37:ec:b0:e2:fc:8f:11:27:fb:
                    a7:d6:fe:8b:cb:b6:82:30:06:a3:55:82:0d:d8:bf:
                    ec:74:bb:02:b8:31:34:f1:21:a7:c8:84:9d:dd:62:
                    53:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:78:85:BE:0B:C2:0E:E8:02:43:47:C2:57:66:CC:21:50:D7:06:F1
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/pHiFvgvCDugCQ0fCV2bMIVDXBvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:30:15:43:3b:f8:24:83:1b:2f:dc:27:55:b2:8b:b8:af:80:
         da:4b:f9:3e:be:b8:3f:a6:c0:90:7b:6e:6f:ee:a6:55:f9:8a:
         51:6d:ce:55:b5:c9:16:78:3d:5e:da:59:1a:76:84:cd:7d:b3:
         fc:8a:98:47:e5:52:1b:07:8f:c2:29:0b:76:ce:08:53:68:75:
         ad:63:3e:bc:a7:72:8e:06:7a:fc:7b:63:db:e4:45:55:c1:a0:
         f8:a4:7e:ca:4c:fd:03:f5:d1:49:4e:1d:f2:19:a3:ab:65:e8:
         0b:65:45:1c:ef:95:f6:5b:f6:5d:e8:73:d6:77:f7:99:58:8e:
         78:2a:06:7b:02:e4:e7:f3:ff:2f:ac:e2:cb:f6:97:17:56:b0:
         61:a6:fa:38:c5:4e:4c:a9:24:4d:e4:a3:ce:72:f6:37:3b:2e:
         e5:2e:16:53:28:e1:14:90:bf:58:32:f8:3f:cb:ca:d6:c6:bc:
         ea:f5:97:37:19:65:18:37:0e:f4:6c:e3:32:c2:ec:10:53:b7:
         8d:89:d9:a0:9e:5f:c1:fb:97:72:c1:1c:59:10:7d:32:e1:ad:
         21:14:21:4e:1d:0e:81:be:30:8d:d4:53:c0:29:75:99:9d:b3:
         69:a1:54:da:d5:ea:52:7b:6c:c4:a4:a2:b5:35:ca:37:0b:1c:
         14:c3:51:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZED2C1uX2d7DuLX9eLBrxKZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwNzMwMTMzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDc4ODViZTBiYzIwZWU4MDI0MzQ3YzI1NzY2Y2MyMTUwZDcwNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMY1t8ps4aenrVyVVXPyvWGof1Ty
lEPqzYFIwyW99ihbBTzTKgZPiTiG3GFgprAEpilr+vnUiqNxjMK8SSPMkhvBoi24
6dXKKJjIKYfbMiytUepxlpuG0ma+bsV9YX0DSrCr4Uk4qOA5W9296ou2ppUqO92V
+7QH5ubsnFHKwWzp7XqzF2XQqflcPOK600DggHF+8owwnLoclTPTynr9mWgKDREk
2PQIutFf5EzPN4UySeSc1EuuFDa+URCYLjks9HwSh6squJXkVLkm8QwyBnVjkAA5
lPc37LDi/I8RJ/un1v6Ly7aCMAajVYIN2L/sdLsCuDE08SGnyISd3WJTGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKR4hb4Lwg7oAkNHwldmzCFQ1wbxMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvcEhpRnZndkNEdWdDUTBmQ1YyYk1JVkRYQnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbICMA0G
CSqGSIb3DQEBCwUAA4IBAQBBMBVDO/gkgxsv3CdVsou4r4DaS/k+vrg/psCQe25v
7qZV+YpRbc5VtckWeD1e2lkadoTNfbP8iphH5VIbB4/CKQt2zghTaHWtYz68p3KO
Bnr8e2Pb5EVVwaD4pH7KTP0D9dFJTh3yGaOrZegLZUUc75X2W/Zd6HPWd/eZWI54
KgZ7AuTn8/8vrOLL9pcXVrBhpvo4xU5MqSRN5KPOcvY3Oy7lLhZTKOEUkL9YMvg/
y8rWxrzq9Zc3GWUYNw70bOMywuwQU7eNidmgnl/B+5dywRxZEH0y4a0hFCFOHQ6B
vjCN1FPAKXWZnbNpoVTa1epSe2zEpKK1Nco3CxwUw1Ee
-----END CERTIFICATE-----