Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/huRseKKMZ6MrEbEtnTidADNp1Qk.roa
File:                     huRseKKMZ6MrEbEtnTidADNp1Qk.roa (raw, json)
Hash identifier:          2Cpw72DhJ+0Co4QK9K/ptsbGLArKbkMx0RKaT4rzilY=
Subject key identifier:   86:E4:6C:78:A2:8C:67:A3:2B:11:B1:2D:9D:38:9D:00:33:69:D5:09
Certificate issuer:       /CN=619cf9a9e0b6461ad833875ac1168f8923fd550b
Certificate serial:       0194206840DC8412EA9002833071A8FAFA8C
Authority key identifier: 61:9C:F9:A9:E0:B6:46:1A:D8:33:87:5A:C1:16:8F:89:23:FD:55:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YZz5qeC2RhrYM4dawRaPiSP9VQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/huRseKKMZ6MrEbEtnTidADNp1Qk.roa
Signing time:             Wed 01 Jan 2025 05:48:10 +0000
ROA not before:           Wed 01 Jan 2025 05:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200410
IP address blocks:        78.24.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/YZz5qeC2RhrYM4dawRaPiSP9VQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/YZz5qeC2RhrYM4dawRaPiSP9VQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YZz5qeC2RhrYM4dawRaPiSP9VQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:40:dc:84:12:ea:90:02:83:30:71:a8:fa:fa:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=619cf9a9e0b6461ad833875ac1168f8923fd550b
        Validity
            Not Before: Jan  1 05:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86e46c78a28c67a32b11b12d9d389d003369d509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:8b:16:df:44:af:7f:15:fb:eb:4b:d0:68:f4:
                    e1:4c:e5:8f:ac:dd:cf:0b:a5:a6:be:1d:e7:25:4a:
                    0d:b0:4a:07:e0:84:1a:29:84:01:99:79:7f:2b:51:
                    9a:7b:e0:34:9f:4a:a4:14:ac:d4:15:fb:b5:7d:e0:
                    ef:9d:da:19:bb:82:f5:3b:64:09:d7:9c:2e:f1:9a:
                    25:1a:25:1f:66:49:cb:fb:88:7a:4b:93:bd:5a:23:
                    1e:3e:b5:01:bd:fe:e8:a5:a8:f6:43:38:59:cf:a9:
                    97:6a:4b:04:47:71:7c:c1:92:b2:53:44:8b:34:8f:
                    a4:70:7f:92:a9:ee:fc:a3:13:8e:c1:9c:2e:dd:fd:
                    ac:25:8c:e0:bb:9d:d8:3c:22:d9:e6:29:00:d9:02:
                    61:fb:e7:46:10:4b:5a:72:b7:09:35:51:e1:f4:2c:
                    f9:cc:d0:81:47:01:f0:18:10:b0:e2:42:b0:b8:e6:
                    66:2d:78:fc:a6:e1:f0:7e:de:5a:02:5c:71:8e:8d:
                    49:e6:44:b1:49:a8:80:6b:c2:ba:9b:6f:4b:0d:14:
                    f1:9b:02:41:ec:6c:12:3c:36:fa:ae:22:a0:d5:f3:
                    13:fd:34:31:15:33:a4:cc:3c:d5:97:af:1f:7f:42:
                    5c:f0:56:30:9b:b1:44:1f:14:66:25:81:51:8a:f6:
                    10:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E4:6C:78:A2:8C:67:A3:2B:11:B1:2D:9D:38:9D:00:33:69:D5:09
            X509v3 Authority Key Identifier:
                keyid:61:9C:F9:A9:E0:B6:46:1A:D8:33:87:5A:C1:16:8F:89:23:FD:55:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YZz5qeC2RhrYM4dawRaPiSP9VQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/huRseKKMZ6MrEbEtnTidADNp1Qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/d6bfab-eac6-4a42-8872-14afae91336d/1/YZz5qeC2RhrYM4dawRaPiSP9VQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:77:fa:9b:2f:a7:d0:e3:80:0e:b6:61:ef:80:b4:44:13:bf:
         85:49:30:fa:8e:d3:3e:03:45:7a:22:5b:dc:cc:26:5a:d4:ed:
         30:c4:ee:68:ec:d2:f0:3c:f8:bb:5b:0f:10:3e:11:e5:b6:6f:
         6e:ac:ab:7c:98:d8:d0:94:bd:10:73:a1:58:03:37:34:56:11:
         c2:65:05:b7:f0:4b:ec:46:aa:99:79:b9:0e:8b:13:d5:00:b8:
         96:02:d4:e7:f0:6b:6a:a3:11:b7:43:b2:4e:93:72:42:a7:c5:
         15:d0:14:4d:9f:7c:5c:04:dd:93:05:3f:fa:f7:1a:69:5c:8a:
         48:5e:97:59:02:77:f1:46:07:c8:b7:97:45:de:25:76:70:74:
         a4:c5:2f:e9:98:0a:d1:c9:d2:22:d1:0a:10:7c:49:db:a2:f2:
         ad:1b:e8:0f:05:1a:56:68:57:44:02:2f:b8:aa:56:97:83:be:
         d6:e9:b7:97:ae:82:f9:37:c1:6d:a8:fb:84:9f:8e:e5:d7:b7:
         e9:74:3e:1e:bc:ed:70:92:f6:0c:69:e1:a0:23:8f:48:2a:b3:
         06:fd:ae:55:70:89:2a:6c:4b:af:b8:5b:1d:ee:93:5f:1a:46:
         bb:69:af:4b:8a:f6:79:ca:04:ad:02:21:f7:13:90:13:da:3b:
         c1:cd:34:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaEDchBLqkAKDMHGo+vqMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxOWNmOWE5ZTBiNjQ2MWFkODMzODc1YWMxMTY4Zjg5MjNm
ZDU1MGIwHhcNMjUwMTAxMDU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmU0NmM3OGEyOGM2N2EzMmIxMWIxMmQ5ZDM4OWQwMDMzNjlkNTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA84sW30SvfxX760vQaPThTOWPrN3P
C6Wmvh3nJUoNsEoH4IQaKYQBmXl/K1Gae+A0n0qkFKzUFfu1feDvndoZu4L1O2QJ
15wu8ZolGiUfZknL+4h6S5O9WiMePrUBvf7opaj2QzhZz6mXaksER3F8wZKyU0SL
NI+kcH+Sqe78oxOOwZwu3f2sJYzgu53YPCLZ5ikA2QJh++dGEEtacrcJNVHh9Cz5
zNCBRwHwGBCw4kKwuOZmLXj8puHwft5aAlxxjo1J5kSxSaiAa8K6m29LDRTxmwJB
7GwSPDb6riKg1fMT/TQxFTOkzDzVl68ff0Jc8FYwm7FEHxRmJYFRivYQxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbkbHiijGejKxGxLZ04nQAzadUJMB8GA1UdIwQY
MBaAFGGc+angtkYa2DOHWsEWj4kj/VULMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVp6NXFlQzJSaHJZTTRkYXdSYVBpU1A5VlFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9kNmJmYWItZWFjNi00YTQyLTg4NzIt
MTRhZmFlOTEzMzZkLzEvaHVSc2VLS01aNk1yRWJFdG5UaWRBRE5wMVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9kNmJmYWItZWFjNi00YTQyLTg4NzItMTRhZmFlOTEzMzZk
LzEvWVp6NXFlQzJSaHJZTTRkYXdSYVBpU1A5VlFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThjJMA0G
CSqGSIb3DQEBCwUAA4IBAQCAd/qbL6fQ44AOtmHvgLREE7+FSTD6jtM+A0V6Ilvc
zCZa1O0wxO5o7NLwPPi7Ww8QPhHltm9urKt8mNjQlL0Qc6FYAzc0VhHCZQW38Evs
RqqZebkOixPVALiWAtTn8GtqoxG3Q7JOk3JCp8UV0BRNn3xcBN2TBT/69xppXIpI
XpdZAnfxRgfIt5dF3iV2cHSkxS/pmArRydIi0QoQfEnbovKtG+gPBRpWaFdEAi+4
qlaXg77W6beXroL5N8FtqPuEn47l17fpdD4evO1wkvYMaeGgI49IKrMG/a5VcIkq
bEuvuFsd7pNfGka7aa9LivZ5ygStAiH3E5AT2jvBzTQa
-----END CERTIFICATE-----