Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/b1a67d-5fb3-4855-8d19-09a28e0d7178/1/q3oH4WqBy89nlHf_ohkPgGYaYoc.roa
File:                     q3oH4WqBy89nlHf_ohkPgGYaYoc.roa (raw, json)
Hash identifier:          /Ya4Ak12mdvsioIt2KLsqtGYRCnDo04vhdOQ06CJDUU=
Subject key identifier:   AB:7A:07:E1:6A:81:CB:CF:67:94:77:FF:A2:19:0F:80:66:1A:62:87
Certificate issuer:       /CN=372ac6ef92b81d705787a4ef89fd4673805c7abc
Certificate serial:       01942521A3A1921FECB79FC3258FB12315D6
Authority key identifier: 37:2A:C6:EF:92:B8:1D:70:57:87:A4:EF:89:FD:46:73:80:5C:7A:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NyrG75K4HXBXh6Tvif1Gc4Bcerw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/b1a67d-5fb3-4855-8d19-09a28e0d7178/1/q3oH4WqBy89nlHf_ohkPgGYaYoc.roa
Signing time:             Thu 02 Jan 2025 03:49:09 +0000
ROA not before:           Thu 02 Jan 2025 03:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40513
IP address blocks:        147.78.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/b1a67d-5fb3-4855-8d19-09a28e0d7178/1/NyrG75K4HXBXh6Tvif1Gc4Bcerw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/b1a67d-5fb3-4855-8d19-09a28e0d7178/1/NyrG75K4HXBXh6Tvif1Gc4Bcerw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NyrG75K4HXBXh6Tvif1Gc4Bcerw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a3:a1:92:1f:ec:b7:9f:c3:25:8f:b1:23:15:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=372ac6ef92b81d705787a4ef89fd4673805c7abc
        Validity
            Not Before: Jan  2 03:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab7a07e16a81cbcf679477ffa2190f80661a6287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ac:17:4b:54:88:13:b1:c1:d2:7e:88:4e:59:
                    a9:64:11:bd:5c:1e:2f:aa:dc:ce:10:27:11:08:4f:
                    57:b7:2b:16:d9:7a:81:02:3a:69:6b:a1:77:9d:d4:
                    7f:ad:32:9c:91:50:39:c2:4e:b2:c9:cc:4c:a9:8b:
                    f7:39:1e:40:25:fc:0c:98:13:d2:e6:6a:bd:23:1f:
                    af:a4:c9:b2:f7:be:06:97:5e:6c:d9:c8:f0:94:19:
                    74:e3:24:d7:84:c0:55:bd:15:09:17:1d:18:a2:89:
                    ba:47:6d:32:95:ad:72:48:72:c9:6c:7f:bd:06:61:
                    92:98:0d:8d:93:fc:a7:9f:5e:eb:e4:5d:22:65:58:
                    3f:3d:9b:57:75:c1:9e:18:9e:68:47:85:b8:c7:dc:
                    8e:62:13:c7:75:bc:81:e2:20:c1:88:8f:ef:20:63:
                    52:3d:86:c4:82:27:4d:38:b8:56:bb:12:e9:cb:62:
                    cf:96:a4:01:6f:b6:22:84:84:bd:14:0c:be:c6:94:
                    b5:b1:78:3a:c2:61:ab:fd:39:a9:f4:d4:13:38:d2:
                    a5:04:62:a6:c4:a5:37:68:d0:d0:e3:dd:67:33:53:
                    19:fa:39:c0:68:8b:3a:b8:30:a9:5e:2c:f1:2f:fa:
                    e5:5f:dc:a9:cc:60:34:f4:0e:3c:2c:88:f7:84:be:
                    fa:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:7A:07:E1:6A:81:CB:CF:67:94:77:FF:A2:19:0F:80:66:1A:62:87
            X509v3 Authority Key Identifier:
                keyid:37:2A:C6:EF:92:B8:1D:70:57:87:A4:EF:89:FD:46:73:80:5C:7A:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NyrG75K4HXBXh6Tvif1Gc4Bcerw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/b1a67d-5fb3-4855-8d19-09a28e0d7178/1/q3oH4WqBy89nlHf_ohkPgGYaYoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/b1a67d-5fb3-4855-8d19-09a28e0d7178/1/NyrG75K4HXBXh6Tvif1Gc4Bcerw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:05:ee:d3:12:92:74:18:7b:3d:e2:62:1a:e0:f4:a9:7f:82:
         c1:27:54:10:18:3b:f6:2c:6a:99:03:3a:01:a5:27:f6:c1:79:
         7e:40:f3:a5:41:3d:d1:98:f3:fa:a5:49:35:c7:d8:4f:2a:1e:
         ad:87:eb:8d:d5:1d:2a:7a:b2:14:69:87:5f:3a:7b:df:74:77:
         90:ac:9a:8b:4d:bb:58:65:7b:fa:40:00:d2:fb:97:df:39:e0:
         85:ab:21:17:4f:35:96:a9:9f:71:98:17:c6:30:a6:45:53:b0:
         65:25:dc:53:02:91:67:91:a0:a5:ab:de:07:dd:b0:ab:3b:7e:
         7e:04:06:e1:ba:65:91:1f:7c:6c:f9:45:c4:f5:8b:d1:b0:2c:
         d3:49:d7:6c:ef:2d:b6:8c:0a:e3:d2:3b:77:61:d1:33:ec:3b:
         d2:4b:fa:9c:7a:b9:bc:3a:e3:ee:dc:69:5b:f7:24:20:e8:f6:
         4d:ce:aa:80:12:62:e7:42:91:f1:f0:8a:72:14:ba:08:4d:d2:
         f6:44:a0:6a:cc:be:b7:b3:46:75:c1:e2:ee:20:ae:3d:38:b7:
         14:1f:dd:6d:56:1f:66:9a:fa:5e:c7:1b:c1:f8:0c:fb:41:ef:
         17:bb:35:12:fd:10:dd:b1:84:47:45:cc:ad:55:6b:d9:62:f3:
         46:e6:35:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIaOhkh/st5/DJY+xIxXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MmFjNmVmOTJiODFkNzA1Nzg3YTRlZjg5ZmQ0NjczODA1
YzdhYmMwHhcNMjUwMTAyMDM0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjdhMDdlMTZhODFjYmNmNjc5NDc3ZmZhMjE5MGY4MDY2MWE2Mjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6wXS1SIE7HB0n6ITlmpZBG9XB4v
qtzOECcRCE9XtysW2XqBAjppa6F3ndR/rTKckVA5wk6yycxMqYv3OR5AJfwMmBPS
5mq9Ix+vpMmy974Gl15s2cjwlBl04yTXhMBVvRUJFx0Yoom6R20yla1ySHLJbH+9
BmGSmA2Nk/ynn17r5F0iZVg/PZtXdcGeGJ5oR4W4x9yOYhPHdbyB4iDBiI/vIGNS
PYbEgidNOLhWuxLpy2LPlqQBb7YihIS9FAy+xpS1sXg6wmGr/Tmp9NQTONKlBGKm
xKU3aNDQ491nM1MZ+jnAaIs6uDCpXizxL/rlX9ypzGA09A48LIj3hL76ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKt6B+FqgcvPZ5R3/6IZD4BmGmKHMB8GA1UdIwQY
MBaAFDcqxu+SuB1wV4ek74n9RnOAXHq8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnlyRzc1SzRIWEJYaDZUdmlmMUdjNEJjZXJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iMWE2N2QtNWZiMy00ODU1LThkMTkt
MDlhMjhlMGQ3MTc4LzEvcTNvSDRXcUJ5ODlubEhmX29oa1BnR1lhWW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iMWE2N2QtNWZiMy00ODU1LThkMTktMDlhMjhlMGQ3MTc4
LzEvTnlyRzc1SzRIWEJYaDZUdmlmMUdjNEJjZXJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCk048MA0G
CSqGSIb3DQEBCwUAA4IBAQB2Be7TEpJ0GHs94mIa4PSpf4LBJ1QQGDv2LGqZAzoB
pSf2wXl+QPOlQT3RmPP6pUk1x9hPKh6th+uN1R0qerIUaYdfOnvfdHeQrJqLTbtY
ZXv6QADS+5ffOeCFqyEXTzWWqZ9xmBfGMKZFU7BlJdxTApFnkaClq94H3bCrO35+
BAbhumWRH3xs+UXE9YvRsCzTSdds7y22jArj0jt3YdEz7DvSS/qcerm8OuPu3Glb
9yQg6PZNzqqAEmLnQpHx8IpyFLoITdL2RKBqzL63s0Z1weLuIK49OLcUH91tVh9m
mvpexxvB+Az7Qe8XuzUS/RDdsYRHRcytVWvZYvNG5jW/
-----END CERTIFICATE-----