Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/RJIf8nqZnyFfBDin6LSdKFNYhgk.roa
File:                     RJIf8nqZnyFfBDin6LSdKFNYhgk.roa (raw, json)
Hash identifier:          F9/1ZDoL+SyQkNi9U5Ctj+3wz8IbIvhvaqUoRRAm5gg=
Subject key identifier:   44:92:1F:F2:7A:99:9F:21:5F:04:38:A7:E8:B4:9D:28:53:58:86:09
Certificate issuer:       /CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
Certificate serial:       018D5F2DBB2FE5A7241A1EE12738A63616A9
Authority key identifier: 5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/RJIf8nqZnyFfBDin6LSdKFNYhgk.roa
Signing time:             Wed 31 Jan 2024 11:00:49 +0000
ROA not before:           Wed 31 Jan 2024 11:00:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201769
IP address blocks:        78.93.50.0/24 maxlen: 24
                          185.114.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5f:2d:bb:2f:e5:a7:24:1a:1e:e1:27:38:a6:36:16:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
        Validity
            Not Before: Jan 31 11:00:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44921ff27a999f215f0438a7e8b49d2853588609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:71:94:85:c7:1d:d6:0d:14:fd:52:98:e7:f4:
                    cd:f5:4f:67:1a:74:97:37:07:d1:1b:29:b6:7e:05:
                    0e:5d:57:91:03:0c:fc:a6:a6:4c:4c:a4:93:53:63:
                    41:48:bb:b7:f1:74:6d:2c:4e:a6:00:6c:2e:7a:52:
                    ee:03:87:47:3b:30:42:44:82:3e:f6:c8:4b:3d:4a:
                    58:75:6d:9c:fc:d4:c8:1e:b2:2e:75:d3:a2:a3:4d:
                    da:3c:a5:84:00:2b:8b:5b:45:fc:22:ca:47:5b:71:
                    d1:55:53:7f:cb:6b:ac:f7:8a:ef:8f:a8:71:63:56:
                    f9:0a:6b:78:f5:b8:73:de:2c:20:cd:c1:2f:55:89:
                    93:5c:a1:a2:b6:4a:5c:11:fc:ad:ba:b9:ef:ad:20:
                    38:4e:49:66:13:b8:e3:08:90:75:eb:2e:1d:66:d5:
                    33:1f:0f:a0:4d:2b:29:ab:98:c4:38:5b:34:8c:53:
                    21:1d:40:2d:49:17:27:81:52:b9:a8:9c:68:60:4f:
                    40:e7:51:c4:21:a6:8d:62:a2:7a:25:09:33:30:6f:
                    3d:83:32:1a:eb:e6:33:44:a4:0e:f7:6f:43:7b:f7:
                    fa:f2:86:2c:80:0b:20:b5:8b:65:59:5b:71:8c:26:
                    68:fa:d8:2c:50:54:e1:fa:a8:00:d6:43:a3:50:5e:
                    6e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:92:1F:F2:7A:99:9F:21:5F:04:38:A7:E8:B4:9D:28:53:58:86:09
            X509v3 Authority Key Identifier:
                keyid:5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/RJIf8nqZnyFfBDin6LSdKFNYhgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.93.50.0/24
                  185.114.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:ba:fc:cb:d2:7d:3f:d6:2a:52:ec:f8:05:a7:0b:fc:b8:df:
         ca:af:e3:51:da:b0:f8:c8:5b:0f:5f:c3:30:ad:cf:e8:ff:e8:
         0b:f7:1f:10:5d:81:c6:a4:65:bb:ad:e1:23:4a:23:89:38:23:
         a0:81:e5:cc:25:cf:48:96:aa:8f:89:75:91:cb:b4:54:35:19:
         79:44:1f:52:e1:19:72:45:33:96:ef:56:c4:bc:ef:e3:8c:9c:
         f9:d1:f8:11:3d:ec:c5:7c:96:d5:d1:b0:9f:09:50:34:0d:69:
         06:71:c3:a7:04:b2:83:39:c8:5f:aa:83:9f:b0:16:4f:94:52:
         8b:b1:70:cc:12:42:19:85:b1:86:ea:a9:02:e7:42:8b:90:fc:
         8a:4f:d3:c2:1f:f5:29:8e:be:66:79:88:94:1a:1f:bf:39:a2:
         03:bb:b9:d3:96:e3:c5:82:32:40:c7:1e:ae:0e:0a:c0:d8:ff:
         e8:e0:3c:65:f6:80:0b:07:eb:72:19:02:0e:36:e5:4b:e4:2a:
         07:bc:ee:4f:95:30:5d:5f:ab:f3:05:3e:62:50:5f:b3:61:5d:
         ea:29:18:14:88:c0:c1:f5:05:e3:9f:50:27:15:b5:a5:86:21:
         17:77:5f:b0:6b:ba:b8:ed:19:e7:7e:30:be:9a:bc:0c:71:de:
         88:5e:d9:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1fLbsv5ackGh7hJzimNhapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNDNlOWUyNjc5NTZlN2YyNjJjMTdmMDA4OWYwZjYwYmE3
YWJlZmIwHhcNMjQwMTMxMTEwMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDkyMWZmMjdhOTk5ZjIxNWYwNDM4YTdlOGI0OWQyODUzNTg4NjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnGUhccd1g0U/VKY5/TN9U9nGnSX
NwfRGym2fgUOXVeRAwz8pqZMTKSTU2NBSLu38XRtLE6mAGwuelLuA4dHOzBCRII+
9shLPUpYdW2c/NTIHrIuddOio03aPKWEACuLW0X8IspHW3HRVVN/y2us94rvj6hx
Y1b5Cmt49bhz3iwgzcEvVYmTXKGitkpcEfyturnvrSA4TklmE7jjCJB16y4dZtUz
Hw+gTSspq5jEOFs0jFMhHUAtSRcngVK5qJxoYE9A51HEIaaNYqJ6JQkzMG89gzIa
6+YzRKQO929De/f68oYsgAsgtYtlWVtxjCZo+tgsUFTh+qgA1kOjUF5u0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFESSH/J6mZ8hXwQ4p+i0nShTWIYJMB8GA1UdIwQY
MBaAFFpD6eJnlW5/JiwX8AifD2C6er77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGIt
NzljODk4N2E4YjFjLzEvUkpJZjhucVpueUZmQkRpbjZMU2RLRk5ZaGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGItNzljODk4N2E4YjFj
LzEvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATl0yAwQA
uXJEMA0GCSqGSIb3DQEBCwUAA4IBAQCAuvzL0n0/1ipS7PgFpwv8uN/Kr+NR2rD4
yFsPX8Mwrc/o/+gL9x8QXYHGpGW7reEjSiOJOCOggeXMJc9IlqqPiXWRy7RUNRl5
RB9S4RlyRTOW71bEvO/jjJz50fgRPezFfJbV0bCfCVA0DWkGccOnBLKDOchfqoOf
sBZPlFKLsXDMEkIZhbGG6qkC50KLkPyKT9PCH/Upjr5meYiUGh+/OaIDu7nTluPF
gjJAxx6uDgrA2P/o4Dxl9oALB+tyGQIONuVL5CoHvO5PlTBdX6vzBT5iUF+zYV3q
KRgUiMDB9QXjn1AnFbWlhiEXd1+wa7q47RnnfjC+mrwMcd6IXtkY
-----END CERTIFICATE-----