Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/pPk67LqQ1fZ-kSYK9Kqux2aMH70.roa
File:                     pPk67LqQ1fZ-kSYK9Kqux2aMH70.roa (raw, json)
Hash identifier:          x4FKosE07A5RcH2lyS1fSqiFUVJOZntWHGWLij8zkBI=
Subject key identifier:   A4:F9:3A:EC:BA:90:D5:F6:7E:91:26:0A:F4:AA:AE:C7:66:8C:1F:BD
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DCA19D5369357ED23DA95A0B8EF006
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/pPk67LqQ1fZ-kSYK9Kqux2aMH70.roa
Signing time:             Mon 01 Jan 2024 16:30:19 +0000
ROA not before:           Mon 01 Jan 2024 16:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400377
IP address blocks:        5.178.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a1:9d:53:69:35:7e:d2:3d:a9:5a:0b:8e:f0:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4f93aecba90d5f67e91260af4aaaec7668c1fbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d7:46:d4:5e:21:27:2e:cd:18:39:54:3d:a1:
                    e1:18:40:46:42:3d:fa:d2:51:8e:cd:a7:d6:0a:99:
                    1b:d4:ca:d1:ca:12:40:94:a7:c3:eb:0f:a1:3b:07:
                    80:df:df:d2:1d:5e:9f:8a:74:4b:51:28:86:50:e4:
                    42:52:93:94:77:ef:b6:77:83:f6:d7:bd:21:a9:60:
                    27:d8:83:cc:67:1e:4c:18:c9:81:ac:10:4c:7c:48:
                    fb:e8:f4:c8:46:a7:a8:92:c2:a3:9d:07:80:cb:7f:
                    11:97:01:fb:07:18:dc:b8:5c:bd:38:a3:3a:ee:3e:
                    4f:a0:72:fd:4c:fa:96:b5:52:75:c0:28:14:59:93:
                    8d:9b:bf:97:2d:37:a5:1b:72:71:17:29:69:7f:be:
                    5d:06:db:96:14:da:b9:00:59:6b:e9:29:c2:b4:ef:
                    3a:91:b3:8b:66:34:8c:58:92:6b:19:76:cf:f1:d6:
                    48:a5:68:5f:d2:ff:9a:75:e3:75:b5:84:f1:b3:f1:
                    78:d7:01:2d:e3:1a:d3:e9:7d:74:87:5a:f3:07:25:
                    8f:b1:fa:b9:3f:57:42:07:d9:19:a8:43:4d:99:24:
                    c3:51:f9:c9:34:31:74:07:76:2c:bf:cd:13:91:30:
                    03:35:ef:c1:43:3d:01:1d:c7:1d:13:2c:43:ba:e4:
                    af:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F9:3A:EC:BA:90:D5:F6:7E:91:26:0A:F4:AA:AE:C7:66:8C:1F:BD
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/pPk67LqQ1fZ-kSYK9Kqux2aMH70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:63:0b:10:6e:32:e9:4b:fb:d0:9f:6a:5a:16:ca:8a:ae:7f:
         62:54:4b:9c:ee:67:a7:b4:af:01:c1:47:d7:d3:59:9e:d8:c4:
         10:b3:d5:2b:ce:ee:2b:c3:03:fc:1f:7e:03:db:72:51:08:5f:
         11:b5:77:fc:5e:db:9a:7e:8c:5d:85:6b:b2:15:49:3f:fb:7b:
         52:1b:08:c1:44:93:33:57:08:d0:f2:36:a7:f9:59:e3:dd:3a:
         d1:e6:6a:f5:c7:16:ab:22:58:8f:5a:ff:5d:ff:85:ec:f0:ff:
         16:27:fb:4d:a9:ad:c7:23:35:9f:ca:e0:97:a1:e8:8a:07:d7:
         c6:41:ec:e5:62:8e:05:47:c7:5a:e9:bb:15:72:19:f3:66:b6:
         ae:bc:ff:2e:e4:04:b5:c4:ab:3d:55:7c:80:d1:1c:4e:48:b9:
         29:64:be:56:c4:ca:1e:12:ac:50:f2:80:4e:6c:e2:a0:28:c9:
         dc:59:11:41:43:d3:58:1b:12:fb:1a:61:48:11:9e:2b:d2:b9:
         7d:86:9c:ca:9e:eb:15:dc:11:a4:e4:3a:42:e8:a1:8f:a7:f9:
         b1:7e:0f:0d:3f:0d:21:6b:bd:31:df:02:16:c2:dd:c5:72:83:
         f6:80:59:3f:78:16:8b:30:a7:24:95:16:90:c5:41:53:1a:ba:
         f9:13:ad:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KGdU2k1ftI9qVoLjvAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY5M2FlY2JhOTBkNWY2N2U5MTI2MGFmNGFhYWVjNzY2OGMxZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9dG1F4hJy7NGDlUPaHhGEBGQj36
0lGOzafWCpkb1MrRyhJAlKfD6w+hOweA39/SHV6finRLUSiGUORCUpOUd++2d4P2
170hqWAn2IPMZx5MGMmBrBBMfEj76PTIRqeoksKjnQeAy38RlwH7BxjcuFy9OKM6
7j5PoHL9TPqWtVJ1wCgUWZONm7+XLTelG3JxFylpf75dBtuWFNq5AFlr6SnCtO86
kbOLZjSMWJJrGXbP8dZIpWhf0v+adeN1tYTxs/F41wEt4xrT6X10h1rzByWPsfq5
P1dCB9kZqENNmSTDUfnJNDF0B3Ysv80TkTADNe/BQz0BHccdEyxDuuSvcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKT5Ouy6kNX2fpEmCvSqrsdmjB+9MB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvcFBrNjdMcVExZlota1NZSzlLcXV4MmFNSDcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbIHMA0G
CSqGSIb3DQEBCwUAA4IBAQAsYwsQbjLpS/vQn2paFsqKrn9iVEuc7mentK8BwUfX
01me2MQQs9Urzu4rwwP8H34D23JRCF8RtXf8XtuafoxdhWuyFUk/+3tSGwjBRJMz
VwjQ8jan+Vnj3TrR5mr1xxarIliPWv9d/4Xs8P8WJ/tNqa3HIzWfyuCXoeiKB9fG
QezlYo4FR8da6bsVchnzZrauvP8u5AS1xKs9VXyA0RxOSLkpZL5WxMoeEqxQ8oBO
bOKgKMncWRFBQ9NYGxL7GmFIEZ4r0rl9hpzKnusV3BGk5DpC6KGPp/mxfg8NPw0h
a70x3wIWwt3FcoP2gFk/eBaLMKcklRaQxUFTGrr5E63T
-----END CERTIFICATE-----