Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/78mbWpq9jkm_sSJWr4SaSZw-ZVc.roa
File:                     78mbWpq9jkm_sSJWr4SaSZw-ZVc.roa (raw, json)
Hash identifier:          oqS01waSpPa+kyj82+sao982kM76N1VOAmjaPLAeUTg=
Subject key identifier:   EF:C9:9B:5A:9A:BD:8E:49:BF:B1:22:56:AF:84:9A:49:9C:3E:65:57
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0197DF7EDD28D8679EFA9ADCC40F1910F2D4
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/78mbWpq9jkm_sSJWr4SaSZw-ZVc.roa
Signing time:             Sun 06 Jul 2025 11:28:42 +0000
ROA not before:           Sun 06 Jul 2025 11:28:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        194.87.29.0/24 maxlen: 24
                          194.87.77.0/24 maxlen: 24
                          212.192.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 08:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:df:7e:dd:28:d8:67:9e:fa:9a:dc:c4:0f:19:10:f2:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  6 11:28:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efc99b5a9abd8e49bfb12256af849a499c3e6557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d8:12:01:dc:a4:82:c6:b1:dc:d2:dc:a0:bd:
                    5c:da:24:ab:6e:7c:bd:93:d2:c6:02:a6:bb:0d:77:
                    83:4c:b7:cb:02:0d:6c:c2:6e:ac:9a:ad:95:20:be:
                    df:8c:50:98:42:31:78:80:51:46:c6:bf:f5:ae:f0:
                    40:34:77:a7:5f:76:c4:8b:bb:3f:8a:51:d5:ca:67:
                    e4:a3:fb:9f:f4:c6:4a:33:8c:28:1c:c9:f0:d1:46:
                    67:a3:76:e8:ab:fa:4e:24:88:0a:15:da:f0:7d:41:
                    ea:87:82:a0:88:f7:da:af:11:ea:14:2b:ca:d5:af:
                    e7:d0:a2:eb:b7:bd:dc:ca:87:34:2d:c3:d5:68:59:
                    de:ad:cc:3e:0f:ef:e2:3f:dc:8c:d4:d6:0b:9a:79:
                    3f:97:74:7a:ca:cc:a4:ab:18:b9:70:7c:7e:58:bc:
                    60:79:f6:f6:95:b6:49:93:14:0a:04:58:e3:47:63:
                    93:bc:a5:d1:16:f4:91:ea:9c:4f:ca:14:8b:c4:13:
                    7d:23:ac:d3:3b:1b:36:93:e0:41:59:7c:8e:6c:f8:
                    ff:ef:e3:41:7a:6d:e5:69:c5:c6:3d:dd:de:24:db:
                    9b:37:75:e4:53:d0:38:1c:9c:44:89:ec:e1:12:8a:
                    fd:87:b7:ee:bf:2c:5b:46:0b:a6:67:aa:9c:13:b5:
                    e2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:C9:9B:5A:9A:BD:8E:49:BF:B1:22:56:AF:84:9A:49:9C:3E:65:57
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/78mbWpq9jkm_sSJWr4SaSZw-ZVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.29.0/24
                  194.87.77.0/24
                  212.192.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:51:12:96:10:9f:e7:92:fe:7d:1f:63:b3:36:e4:c5:40:63:
         42:41:21:d0:25:9c:b5:d2:41:3d:d9:dc:55:a5:fa:cb:ec:8d:
         ed:20:3e:d8:d6:61:4c:ff:5c:59:46:bb:f2:29:9e:ee:5a:5d:
         d9:74:f4:3e:b3:67:f5:68:00:45:7c:32:a0:62:d6:a7:6c:dd:
         7e:3a:a6:1e:87:87:74:92:ac:14:c0:28:94:6d:4a:61:ff:ad:
         2e:ee:4a:33:8d:56:e6:3e:5d:0d:75:25:ab:73:c4:c1:1a:77:
         39:61:4b:84:22:26:f8:fa:11:48:53:85:44:9a:a8:c4:36:4f:
         d4:49:8d:8b:45:65:79:8b:95:98:15:94:cf:56:d2:ef:01:cd:
         4f:91:9f:8b:cd:50:50:2e:6c:59:23:dd:9d:7f:83:00:ef:e1:
         ae:2b:55:bb:1a:7d:0a:06:fe:69:03:ab:0f:e4:3c:2d:ca:fc:
         e3:3c:f9:12:e2:cc:56:23:63:82:81:ca:30:b9:ad:05:9d:1b:
         ac:61:54:7b:bc:74:d9:82:97:76:c5:e2:c3:ef:b4:75:d6:01:
         09:35:66:ea:9d:80:4f:6a:b2:a0:f8:64:3e:6c:7a:a1:1f:d2:
         9e:38:a3:7d:f9:3d:a2:70:ff:05:57:14:99:03:b7:10:b1:5b:
         e7:e9:38:dd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZffft0o2Gee+prcxA8ZEPLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNzA2MTEyODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmM5OWI1YTlhYmQ4ZTQ5YmZiMTIyNTZhZjg0OWE0OTljM2U2NTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9gSAdykgsax3NLcoL1c2iSrbny9
k9LGAqa7DXeDTLfLAg1swm6smq2VIL7fjFCYQjF4gFFGxr/1rvBANHenX3bEi7s/
ilHVymfko/uf9MZKM4woHMnw0UZno3boq/pOJIgKFdrwfUHqh4KgiPfarxHqFCvK
1a/n0KLrt73cyoc0LcPVaFnercw+D+/iP9yM1NYLmnk/l3R6ysykqxi5cHx+WLxg
efb2lbZJkxQKBFjjR2OTvKXRFvSR6pxPyhSLxBN9I6zTOxs2k+BBWXyObPj/7+NB
em3lacXGPd3eJNubN3XkU9A4HJxEiezhEor9h7fuvyxbRgumZ6qcE7XiyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO/Jm1qavY5Jv7EiVq+EmkmcPmVXMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNzhtYldwcTlqa21fc1NKV3I0U2FTWnctWlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwlcdAwQA
wldNAwQA1MD2MA0GCSqGSIb3DQEBCwUAA4IBAQAbURKWEJ/nkv59H2OzNuTFQGNC
QSHQJZy10kE92dxVpfrL7I3tID7Y1mFM/1xZRrvyKZ7uWl3ZdPQ+s2f1aABFfDKg
YtanbN1+OqYeh4d0kqwUwCiUbUph/60u7kozjVbmPl0NdSWrc8TBGnc5YUuEIib4
+hFIU4VEmqjENk/USY2LRWV5i5WYFZTPVtLvAc1PkZ+LzVBQLmxZI92df4MA7+Gu
K1W7Gn0KBv5pA6sP5DwtyvzjPPkS4sxWI2OCgcowua0FnRusYVR7vHTZgpd2xeLD
77R11gEJNWbqnYBParKg+GQ+bHqhH9KeOKN9+T2icP8FVxSZA7cQsVvn6Tjd
-----END CERTIFICATE-----