Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/j7ddnzrimFkUJ5_Lh8F1w6P8Bj4.roa
File:                     j7ddnzrimFkUJ5_Lh8F1w6P8Bj4.roa (raw, json)
Hash identifier:          gYTjxjyimnFgPf4eKSYpREk/D99KhXNlU+DonCprGa4=
Subject key identifier:   8F:B7:5D:9F:3A:E2:98:59:14:27:9F:CB:87:C1:75:C3:A3:FC:06:3E
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       018CC56EF5F3F2F987B6DB6512A512C29993
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/j7ddnzrimFkUJ5_Lh8F1w6P8Bj4.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203917
IP address blocks:        212.70.156.0/24 maxlen: 24
                          78.108.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f5:f3:f2:f9:87:b6:db:65:12:a5:12:c2:99:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fb75d9f3ae2985914279fcb87c175c3a3fc063e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e3:9e:f5:b8:0e:80:d4:c0:a5:a9:f1:8f:c9:
                    dd:f3:25:3d:d9:6b:80:9f:f1:53:49:98:6d:d7:46:
                    7a:26:53:ec:50:c2:e0:a6:47:36:db:4f:d5:44:a7:
                    7a:d3:54:49:ff:0d:b9:24:1b:a1:63:71:a5:2d:0a:
                    bf:0a:1c:83:7d:1c:dd:75:01:38:4b:ec:93:be:0e:
                    c2:d0:74:95:c8:84:e6:08:b7:bc:b1:16:60:de:25:
                    08:b5:f2:2d:63:14:3f:31:85:ff:0a:68:c0:90:c9:
                    a1:cf:9b:81:8c:e4:c1:af:e0:58:0c:67:93:07:6f:
                    22:8d:26:86:0d:01:28:dc:92:78:cc:1d:b0:3e:f7:
                    5a:4f:2d:24:17:c5:5e:58:41:6f:85:aa:01:68:82:
                    74:87:a6:9c:93:e7:8f:a9:ea:40:c6:96:b3:33:19:
                    c0:d7:9c:44:5f:eb:5d:57:51:0b:45:91:cc:27:9a:
                    5b:4a:a1:67:0e:5e:d5:50:70:29:1e:74:1c:23:3e:
                    5f:f5:03:f1:ec:a9:46:ac:d0:7d:2d:85:e7:0a:76:
                    f5:01:71:70:65:32:82:80:fe:e6:38:f3:8c:00:6c:
                    70:c2:35:0f:98:8d:d4:7c:2a:c6:f9:dc:62:f9:f7:
                    73:7c:aa:c1:4c:6d:d4:4d:28:59:d6:60:41:b7:d2:
                    d3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B7:5D:9F:3A:E2:98:59:14:27:9F:CB:87:C1:75:C3:A3:FC:06:3E
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/j7ddnzrimFkUJ5_Lh8F1w6P8Bj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.251.0/24
                  212.70.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:98:cf:80:1a:54:cf:14:9f:a2:5b:6e:78:cc:0c:fe:d6:e1:
         b6:2c:25:92:9d:eb:14:0c:11:ff:c7:3d:40:5e:a4:46:41:03:
         5a:83:cf:83:31:7e:78:e6:67:92:e5:09:a1:2e:a3:a4:20:78:
         44:84:91:05:41:2b:10:d4:55:bf:b5:fe:52:6c:d8:fe:49:57:
         c7:c7:0a:81:5a:7f:da:ed:ab:23:4c:50:16:a6:3b:96:5c:d7:
         41:61:32:14:99:50:b5:27:30:85:a4:17:3a:04:48:79:ab:0e:
         6a:da:19:8c:2f:b9:68:77:c3:0f:e8:3c:bd:38:5b:ed:8b:2f:
         89:ba:46:be:86:ad:90:f7:3f:02:a6:8a:93:36:6c:32:d5:f6:
         50:86:72:c7:82:64:a4:20:bd:0f:5d:35:c2:83:ff:96:77:b7:
         8b:5e:81:21:bf:4f:35:a1:ab:bf:bc:bc:af:cb:2b:b0:57:a3:
         8d:83:92:8d:13:69:ee:0e:13:34:41:aa:29:24:73:c2:2e:fb:
         49:be:f8:cd:41:67:a7:ad:7e:13:e6:3b:f3:b4:3c:94:34:ff:
         d4:b1:79:94:ee:68:7c:07:f3:d4:cc:76:d6:09:a8:0d:51:b4:
         4c:15:b8:90:1e:fa:4a:44:16:06:a7:bf:23:c2:00:53:f1:16:
         fb:ae:c7:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbvXz8vmHtttlEqUSwpmTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmI3NWQ5ZjNhZTI5ODU5MTQyNzlmY2I4N2MxNzVjM2EzZmMwNjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOOe9bgOgNTApanxj8nd8yU92WuA
n/FTSZht10Z6JlPsUMLgpkc220/VRKd601RJ/w25JBuhY3GlLQq/ChyDfRzddQE4
S+yTvg7C0HSVyITmCLe8sRZg3iUItfItYxQ/MYX/CmjAkMmhz5uBjOTBr+BYDGeT
B28ijSaGDQEo3JJ4zB2wPvdaTy0kF8VeWEFvhaoBaIJ0h6ack+ePqepAxpazMxnA
15xEX+tdV1ELRZHMJ5pbSqFnDl7VUHApHnQcIz5f9QPx7KlGrNB9LYXnCnb1AXFw
ZTKCgP7mOPOMAGxwwjUPmI3UfCrG+dxi+fdzfKrBTG3UTShZ1mBBt9LTWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI+3XZ864phZFCefy4fBdcOj/AY+MB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvajdkZG56cmltRmtVSjVfTGg4RjF3NlA4Qmo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATmz7AwQA
1EacMA0GCSqGSIb3DQEBCwUAA4IBAQAbmM+AGlTPFJ+iW254zAz+1uG2LCWSnesU
DBH/xz1AXqRGQQNag8+DMX545meS5QmhLqOkIHhEhJEFQSsQ1FW/tf5SbNj+SVfH
xwqBWn/a7asjTFAWpjuWXNdBYTIUmVC1JzCFpBc6BEh5qw5q2hmML7lod8MP6Dy9
OFvtiy+Juka+hq2Q9z8CpoqTNmwy1fZQhnLHgmSkIL0PXTXCg/+Wd7eLXoEhv081
oau/vLyvyyuwV6ONg5KNE2nuDhM0QaopJHPCLvtJvvjNQWenrX4T5jvztDyUNP/U
sXmU7mh8B/PUzHbWCagNUbRMFbiQHvpKRBYGp78jwgBT8Rb7rsdT
-----END CERTIFICATE-----