Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/75e8c5-cbd0-41d6-a0bd-47c63cdffd08/1/fN3rTdrh0syzCY77OcscyOlTVXU.roa
File:                     fN3rTdrh0syzCY77OcscyOlTVXU.roa (raw, json)
Hash identifier:          kN+6no1tncI4x1ZRbNmkFgEH4G/7HnDSvbL7htESz4w=
Subject key identifier:   7C:DD:EB:4D:DA:E1:D2:CC:B3:09:8E:FB:39:CB:1C:C8:E9:53:55:75
Certificate issuer:       /CN=dcfa552601c477c52bfce4a88dbabe1b7cd72e19
Certificate serial:       018CC7272613416CDA1E64214588C5DA98CD
Authority key identifier: DC:FA:55:26:01:C4:77:C5:2B:FC:E4:A8:8D:BA:BE:1B:7C:D7:2E:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3PpVJgHEd8Ur_OSojbq-G3zXLhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/75e8c5-cbd0-41d6-a0bd-47c63cdffd08/1/fN3rTdrh0syzCY77OcscyOlTVXU.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202205
IP address blocks:        78.41.80.0/22 maxlen: 24
                          195.78.108.0/23 maxlen: 24
                          195.78.118.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/75e8c5-cbd0-41d6-a0bd-47c63cdffd08/1/3PpVJgHEd8Ur_OSojbq-G3zXLhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/75e8c5-cbd0-41d6-a0bd-47c63cdffd08/1/3PpVJgHEd8Ur_OSojbq-G3zXLhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3PpVJgHEd8Ur_OSojbq-G3zXLhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:26:13:41:6c:da:1e:64:21:45:88:c5:da:98:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcfa552601c477c52bfce4a88dbabe1b7cd72e19
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cddeb4ddae1d2ccb3098efb39cb1cc8e9535575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:70:37:68:34:40:0a:1d:d1:1d:46:92:3a:60:
                    92:0e:bf:ee:6e:e0:e0:03:ce:f6:b6:3f:58:72:27:
                    1a:a3:60:6a:4c:a0:93:47:d0:03:d8:10:b1:3c:9a:
                    9e:fd:c8:90:75:b5:ee:29:37:9b:ed:ba:70:f1:28:
                    61:ea:0c:f6:e8:46:ec:fa:76:a6:57:12:9f:21:a8:
                    28:90:60:3b:cb:db:9a:3b:b7:07:60:bf:27:35:6a:
                    e2:23:d5:6e:90:ea:1b:2c:33:2c:43:94:ef:36:19:
                    25:e4:d8:e8:92:1f:91:d8:5a:ce:32:92:00:49:7b:
                    f7:37:bf:a4:fb:f8:fd:a1:e1:a5:bd:73:fa:9c:75:
                    61:94:54:e4:67:72:bc:f0:ae:fc:e7:05:d2:cd:4c:
                    f0:d0:a2:4c:d5:21:c3:48:b0:0d:79:d6:aa:49:c2:
                    e5:26:7a:ef:17:0b:67:3a:4c:90:f2:48:39:1c:51:
                    c7:45:5c:ad:cf:14:48:fe:01:01:52:bb:6b:f8:c5:
                    28:74:54:1a:3d:f3:13:70:07:49:83:ab:81:ff:6e:
                    e8:57:c7:42:c0:68:9a:68:84:cf:70:71:5a:38:ca:
                    9c:0e:4d:06:14:f2:be:ce:25:b9:2f:58:09:98:e1:
                    75:15:e4:ab:90:f5:fd:17:48:3b:a7:33:cd:b8:c5:
                    c4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:DD:EB:4D:DA:E1:D2:CC:B3:09:8E:FB:39:CB:1C:C8:E9:53:55:75
            X509v3 Authority Key Identifier:
                keyid:DC:FA:55:26:01:C4:77:C5:2B:FC:E4:A8:8D:BA:BE:1B:7C:D7:2E:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3PpVJgHEd8Ur_OSojbq-G3zXLhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/75e8c5-cbd0-41d6-a0bd-47c63cdffd08/1/fN3rTdrh0syzCY77OcscyOlTVXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/75e8c5-cbd0-41d6-a0bd-47c63cdffd08/1/3PpVJgHEd8Ur_OSojbq-G3zXLhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.80.0/22
                  195.78.108.0/23
                  195.78.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:54:fe:bc:e9:47:bf:c2:44:ac:a1:16:98:cb:12:af:2b:dd:
         cf:c9:2e:5e:a2:3a:f6:b3:30:fd:4d:d5:94:1e:cf:e3:b6:06:
         52:08:19:3c:18:ad:80:c8:e6:4c:ea:c2:00:9b:e5:e9:ba:51:
         cd:6d:ea:87:07:be:c4:c6:6e:c6:1d:d9:4e:9e:96:38:73:f9:
         4b:7a:b8:fd:e7:83:3a:43:c7:a9:a6:1c:c8:27:7e:74:a0:a8:
         99:19:3c:2c:5a:47:c9:7e:ee:c9:52:15:30:bd:46:e2:b7:9d:
         3a:b2:73:bb:8c:57:fd:38:65:b8:5a:4d:a6:4e:53:48:c8:a1:
         d1:96:77:99:39:c3:1b:b3:58:2d:bf:2d:7d:c6:61:0c:7b:f1:
         ff:bf:25:e1:89:eb:7d:bc:da:da:e2:dc:ff:a1:22:37:f3:72:
         2d:15:7c:4e:af:89:51:e3:d3:14:86:f9:e9:d4:92:d6:da:a2:
         8d:58:cf:ff:ba:73:9a:68:52:0c:d9:2a:96:ff:22:da:98:4b:
         a0:34:f0:4a:40:53:82:ee:9f:cc:20:3f:a2:02:53:17:c1:83:
         3c:64:9b:ba:d6:85:60:46:92:10:31:c0:4c:99:5e:c0:96:73:
         a6:57:56:83:dd:9e:91:bf:3d:ce:45:8b:cd:d2:5d:99:a7:18:
         d1:70:e4:ee
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJyYTQWzaHmQhRYjF2pjNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZmE1NTI2MDFjNDc3YzUyYmZjZTRhODhkYmFiZTFiN2Nk
NzJlMTkwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2RkZWI0ZGRhZTFkMmNjYjMwOThlZmIzOWNiMWNjOGU5NTM1NTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3A3aDRACh3RHUaSOmCSDr/ubuDg
A872tj9Ycicao2BqTKCTR9AD2BCxPJqe/ciQdbXuKTeb7bpw8Shh6gz26Ebs+nam
VxKfIagokGA7y9uaO7cHYL8nNWriI9VukOobLDMsQ5TvNhkl5Njokh+R2FrOMpIA
SXv3N7+k+/j9oeGlvXP6nHVhlFTkZ3K88K785wXSzUzw0KJM1SHDSLANedaqScLl
JnrvFwtnOkyQ8kg5HFHHRVytzxRI/gEBUrtr+MUodFQaPfMTcAdJg6uB/27oV8dC
wGiaaITPcHFaOMqcDk0GFPK+ziW5L1gJmOF1FeSrkPX9F0g7pzPNuMXErQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHzd603a4dLMswmO+znLHMjpU1V1MB8GA1UdIwQY
MBaAFNz6VSYBxHfFK/zkqI26vht81y4ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1BwVkpnSEVkOFVyX09Tb2picS1HM3pYTGhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS83NWU4YzUtY2JkMC00MWQ2LWEwYmQt
NDdjNjNjZGZmZDA4LzEvZk4zclRkcmgwc3l6Q1k3N09jc2N5T2xUVlhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS83NWU4YzUtY2JkMC00MWQ2LWEwYmQtNDdjNjNjZGZmZDA4
LzEvM1BwVkpnSEVkOFVyX09Tb2picS1HM3pYTGhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCTilQAwQB
w05sAwQBw052MA0GCSqGSIb3DQEBCwUAA4IBAQCfVP686Ue/wkSsoRaYyxKvK93P
yS5eojr2szD9TdWUHs/jtgZSCBk8GK2AyOZM6sIAm+XpulHNbeqHB77Exm7GHdlO
npY4c/lLerj954M6Q8epphzIJ350oKiZGTwsWkfJfu7JUhUwvUbit506snO7jFf9
OGW4Wk2mTlNIyKHRlneZOcMbs1gtvy19xmEMe/H/vyXhiet9vNra4tz/oSI383It
FXxOr4lR49MUhvnp1JLW2qKNWM//unOaaFIM2SqW/yLamEugNPBKQFOC7p/MID+i
AlMXwYM8ZJu61oVgRpIQMcBMmV7AlnOmV1aD3Z6Rvz3ORYvN0l2ZpxjRcOTu
-----END CERTIFICATE-----