Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/WdAA6KZr8RUDsTz-VDKNcrLla0g.roa
File:                     WdAA6KZr8RUDsTz-VDKNcrLla0g.roa (raw, json)
Hash identifier:          AEpTH5CnH1XF4YCC9N9e9iVCd6InkVaAYjnrexOYQMY=
Subject key identifier:   59:D0:00:E8:A6:6B:F1:15:03:B1:3C:FE:54:32:8D:72:B2:E5:6B:48
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       019058E8EE32AA9832C52BFE26D6AE56161E
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/WdAA6KZr8RUDsTz-VDKNcrLla0g.roa
Signing time:             Thu 27 Jun 2024 08:56:18 +0000
ROA not before:           Thu 27 Jun 2024 08:56:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44967
IP address blocks:        78.108.253.0/24 maxlen: 24
                          78.108.254.0/24 maxlen: 24
                          78.108.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:58:e8:ee:32:aa:98:32:c5:2b:fe:26:d6:ae:56:16:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jun 27 08:56:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59d000e8a66bf11503b13cfe54328d72b2e56b48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f8:ba:75:78:ec:a4:0b:63:a6:fd:d1:8d:03:
                    07:2e:0e:9d:b7:08:3b:b4:2c:9f:89:81:9b:b5:5b:
                    3e:c5:73:c2:34:ab:f2:53:52:a6:d8:41:d6:9c:41:
                    55:ac:af:84:ae:3e:b0:7d:74:a5:60:f8:05:61:6f:
                    8f:21:a8:d3:47:26:9f:03:9c:c1:96:67:ef:86:9d:
                    ff:4b:36:32:e1:27:e5:26:e1:22:82:43:d2:77:26:
                    c2:20:35:8b:b7:85:41:b3:17:a1:a4:a7:38:39:03:
                    56:16:88:4f:1a:1f:fe:e6:bf:df:e3:83:e4:45:3b:
                    f7:17:bd:00:09:d3:f6:ed:2c:fc:26:f6:d2:dd:5c:
                    e3:85:5e:f0:43:37:a4:1a:ae:d8:4c:c2:f4:9e:50:
                    e6:a6:ce:56:36:63:92:16:26:40:b1:a9:6b:af:85:
                    99:49:42:33:d7:32:07:37:5f:83:b9:b0:6e:98:2d:
                    5b:65:85:d9:e9:f6:c0:74:17:88:2e:2e:87:39:55:
                    e8:8d:86:cb:3c:e4:f5:f3:3b:77:5f:e2:f1:1f:ab:
                    de:2f:d9:3e:01:90:d2:3d:5d:d7:10:ae:27:86:3d:
                    e3:d9:cd:32:2b:cd:bb:70:03:b4:4d:09:f2:25:1a:
                    f4:0e:5c:25:c4:ca:bd:ec:0d:7f:d8:6a:17:ee:1a:
                    94:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:D0:00:E8:A6:6B:F1:15:03:B1:3C:FE:54:32:8D:72:B2:E5:6B:48
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/WdAA6KZr8RUDsTz-VDKNcrLla0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.253.0-78.108.255.255

    Signature Algorithm: sha256WithRSAEncryption
         49:67:92:22:f6:8f:ba:8d:22:66:50:cf:d4:50:7b:e4:a1:fd:
         f1:5c:19:58:60:d6:21:dd:3c:68:04:ec:76:7f:2d:1c:af:19:
         83:55:73:58:1b:2a:68:63:10:cb:87:e9:d1:7f:ba:0d:1d:f2:
         85:79:03:07:2d:e6:30:a9:4f:de:7c:1a:0e:9c:0b:07:d8:fa:
         39:43:6f:d5:a2:c2:82:d8:1a:8c:2d:b8:d5:87:79:c0:70:9c:
         b3:50:bf:29:e2:5a:bc:60:26:3f:9f:d3:72:9e:2d:f9:3c:97:
         42:37:5c:a0:ee:9c:6b:40:6f:ed:2b:73:36:50:4b:09:c9:63:
         34:1d:5e:8e:06:b9:2f:d1:bf:4c:e6:11:f7:35:49:f1:8a:a7:
         c1:02:24:9d:3f:0f:98:fe:e0:b6:c9:f9:22:c7:9f:5a:9d:6d:
         43:0a:1e:f6:25:01:fc:19:03:dd:43:c9:9d:7e:76:44:35:c2:
         b4:12:61:7b:5b:8a:24:d0:81:05:6e:8d:e8:74:93:27:fd:0e:
         11:3d:63:d5:e4:a9:b3:43:55:2f:99:b6:4f:32:a3:f3:11:de:
         cf:b2:84:6f:8c:57:f5:26:b3:f1:3f:ba:db:9e:07:4f:59:de:
         c5:7c:17:c6:1f:a0:5f:13:e2:d5:e6:e8:d5:97:3f:57:0d:9a:
         3e:13:b0:e2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZBY6O4yqpgyxSv+JtauVhYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwNjI3MDg1NjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWQwMDBlOGE2NmJmMTE1MDNiMTNjZmU1NDMyOGQ3MmIyZTU2YjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/i6dXjspAtjpv3RjQMHLg6dtwg7
tCyfiYGbtVs+xXPCNKvyU1Km2EHWnEFVrK+Erj6wfXSlYPgFYW+PIajTRyafA5zB
lmfvhp3/SzYy4SflJuEigkPSdybCIDWLt4VBsxehpKc4OQNWFohPGh/+5r/f44Pk
RTv3F70ACdP27Sz8JvbS3VzjhV7wQzekGq7YTML0nlDmps5WNmOSFiZAsalrr4WZ
SUIz1zIHN1+DubBumC1bZYXZ6fbAdBeILi6HOVXojYbLPOT18zt3X+LxH6veL9k+
AZDSPV3XEK4nhj3j2c0yK827cAO0TQnyJRr0DlwlxMq97A1/2GoX7hqUswIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFFnQAOima/EVA7E8/lQyjXKy5WtIMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvV2RBQTZLWnI4UlVEc1R6LVZES05jckxsYTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDBABObP0D
AwBObDANBgkqhkiG9w0BAQsFAAOCAQEASWeSIvaPuo0iZlDP1FB75KH98VwZWGDW
Id08aATsdn8tHK8Zg1VzWBsqaGMQy4fp0X+6DR3yhXkDBy3mMKlP3nwaDpwLB9j6
OUNv1aLCgtgajC241Yd5wHCcs1C/KeJavGAmP5/Tcp4t+TyXQjdcoO6ca0Bv7Stz
NlBLCcljNB1ejga5L9G/TOYR9zVJ8YqnwQIknT8PmP7gtsn5IsefWp1tQwoe9iUB
/BkD3UPJnX52RDXCtBJhe1uKJNCBBW6N6HSTJ/0OET1j1eSps0NVL5m2TzKj8xHe
z7KEb4xX9Saz8T+6254HT1nexXwXxh+gXxPi1ebo1Zc/Vw2aPhOw4g==
-----END CERTIFICATE-----