Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/bbcd53-c4f8-4245-bb90-00a154b8ecb1/1/9Vc3AbW6vlZ_1l6ygzFXdiG_9DU.roa
File:                     9Vc3AbW6vlZ_1l6ygzFXdiG_9DU.roa (raw, json)
Hash identifier:          XyjyaFRHv8L+Xv8vUnenIR3U/Eb6y+TGYMaeT4tV8mY=
Subject key identifier:   F5:57:37:01:B5:BA:BE:56:7F:D6:5E:B2:83:31:57:76:21:BF:F4:35
Certificate issuer:       /CN=73e157b2918cadca8a5a9fbc66e977608a6df5e1
Certificate serial:       0194221FDD7AC67B00915F55577E9EC81688
Authority key identifier: 73:E1:57:B2:91:8C:AD:CA:8A:5A:9F:BC:66:E9:77:60:8A:6D:F5:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c-FXspGMrcqKWp-8Zul3YIpt9eE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/bbcd53-c4f8-4245-bb90-00a154b8ecb1/1/9Vc3AbW6vlZ_1l6ygzFXdiG_9DU.roa
Signing time:             Wed 01 Jan 2025 13:48:21 +0000
ROA not before:           Wed 01 Jan 2025 13:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        178.21.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/bbcd53-c4f8-4245-bb90-00a154b8ecb1/1/c-FXspGMrcqKWp-8Zul3YIpt9eE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/bbcd53-c4f8-4245-bb90-00a154b8ecb1/1/c-FXspGMrcqKWp-8Zul3YIpt9eE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c-FXspGMrcqKWp-8Zul3YIpt9eE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:dd:7a:c6:7b:00:91:5f:55:57:7e:9e:c8:16:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73e157b2918cadca8a5a9fbc66e977608a6df5e1
        Validity
            Not Before: Jan  1 13:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5573701b5babe567fd65eb28331577621bff435
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:44:c1:6a:8b:d1:30:25:9d:e8:9b:03:7b:d1:
                    f8:07:d6:0e:78:f8:7e:7d:5f:ba:39:9d:b6:30:5b:
                    c6:15:cb:e0:a6:fd:99:f0:ac:3a:b1:2f:c9:45:c7:
                    1e:65:a0:f5:fe:ec:0a:b7:be:89:a4:fe:3a:67:93:
                    5d:f8:d5:8f:a7:86:d4:a2:55:00:ff:95:65:0e:35:
                    9a:4d:13:ef:62:6f:3e:e3:84:94:dc:91:47:d1:01:
                    a2:1c:fe:1a:15:55:b4:0b:d5:bd:3e:83:a5:57:f6:
                    3f:5a:a7:41:53:fe:aa:15:7f:de:18:1a:94:2e:f8:
                    da:84:29:e4:93:7f:e4:2e:78:66:89:dd:8f:cd:a5:
                    d1:fd:0f:5c:32:0b:ca:a0:ad:f9:b5:d3:a1:5e:1c:
                    52:f1:06:c2:d1:9d:60:29:ee:d7:3d:ab:a9:29:e0:
                    53:26:4d:c2:a8:31:df:bc:2b:14:55:f6:97:70:34:
                    08:c1:64:83:04:ee:06:e0:de:c3:ec:25:c6:72:0d:
                    7b:c8:8a:a7:41:b0:ad:e9:a0:b4:63:ad:0c:04:d8:
                    cd:8b:a5:94:29:14:b9:b5:f5:e6:03:1a:35:27:5b:
                    4c:09:8f:40:3a:a6:1a:29:24:fc:21:ea:12:b5:15:
                    a9:85:a7:31:54:dd:77:aa:28:4b:44:32:cb:56:c1:
                    ba:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:57:37:01:B5:BA:BE:56:7F:D6:5E:B2:83:31:57:76:21:BF:F4:35
            X509v3 Authority Key Identifier:
                keyid:73:E1:57:B2:91:8C:AD:CA:8A:5A:9F:BC:66:E9:77:60:8A:6D:F5:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c-FXspGMrcqKWp-8Zul3YIpt9eE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/bbcd53-c4f8-4245-bb90-00a154b8ecb1/1/9Vc3AbW6vlZ_1l6ygzFXdiG_9DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/bbcd53-c4f8-4245-bb90-00a154b8ecb1/1/c-FXspGMrcqKWp-8Zul3YIpt9eE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.21.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:06:97:f4:cb:3d:af:40:be:c9:68:b8:72:c6:24:51:d8:b6:
         0b:30:e0:db:0a:fa:36:5d:4d:8b:4b:94:b8:af:a7:a8:c2:f8:
         27:03:e7:af:f5:c8:06:7d:2c:5b:c9:f1:31:4b:8a:89:91:d7:
         ec:0e:8b:ac:33:0a:b6:0d:73:03:c2:8e:90:26:5e:d5:94:79:
         40:b6:c4:5d:4f:c4:c2:44:29:f8:76:62:1e:46:93:1e:12:68:
         0a:3b:4e:9e:b7:bf:29:c5:6e:de:2d:73:d8:8f:ec:dd:5b:de:
         63:43:0f:a7:cb:f5:46:42:f5:c0:51:83:62:0e:7a:cb:33:a5:
         d7:5a:56:b8:fe:dd:94:d0:10:5e:33:e9:f5:f7:b5:22:6d:70:
         db:6d:6d:56:46:31:bb:61:e6:f9:5b:0a:63:69:79:00:42:eb:
         7c:45:d4:65:b3:2a:48:e9:44:b1:5b:ba:3d:50:0d:05:5c:e7:
         b8:0d:cf:9b:e6:73:49:23:6f:c9:97:aa:3c:56:b2:b8:ef:ee:
         81:a7:c3:e0:87:1d:5f:76:f4:2c:c8:19:eb:16:94:e9:aa:e2:
         e8:38:e0:6c:71:11:d7:ab:f3:7f:2d:19:ca:13:44:33:9b:49:
         3b:6a:39:5c:98:82:d8:30:cb:6d:5e:31:89:db:1a:85:97:d7:
         34:af:a5:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH916xnsAkV9VV36eyBaIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZTE1N2IyOTE4Y2FkY2E4YTVhOWZiYzY2ZTk3NzYwOGE2
ZGY1ZTEwHhcNMjUwMTAxMTM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTU3MzcwMWI1YmFiZTU2N2ZkNjVlYjI4MzMxNTc3NjIxYmZmNDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUTBaovRMCWd6JsDe9H4B9YOePh+
fV+6OZ22MFvGFcvgpv2Z8Kw6sS/JRcceZaD1/uwKt76JpP46Z5Nd+NWPp4bUolUA
/5VlDjWaTRPvYm8+44SU3JFH0QGiHP4aFVW0C9W9PoOlV/Y/WqdBU/6qFX/eGBqU
LvjahCnkk3/kLnhmid2PzaXR/Q9cMgvKoK35tdOhXhxS8QbC0Z1gKe7XPaupKeBT
Jk3CqDHfvCsUVfaXcDQIwWSDBO4G4N7D7CXGcg17yIqnQbCt6aC0Y60MBNjNi6WU
KRS5tfXmAxo1J1tMCY9AOqYaKST8IeoStRWphacxVN13qihLRDLLVsG6UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVXNwG1ur5Wf9ZesoMxV3Yhv/Q1MB8GA1UdIwQY
MBaAFHPhV7KRjK3KilqfvGbpd2CKbfXhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYy1GWHNwR01yY3FLV3AtOFp1bDNZSXB0OWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9iYmNkNTMtYzRmOC00MjQ1LWJiOTAt
MDBhMTU0YjhlY2IxLzEvOVZjM0FiVzZ2bFpfMWw2eWd6RlhkaUdfOURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9iYmNkNTMtYzRmOC00MjQ1LWJiOTAtMDBhMTU0YjhlY2Ix
LzEvYy1GWHNwR01yY3FLV3AtOFp1bDNZSXB0OWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshWUMA0G
CSqGSIb3DQEBCwUAA4IBAQAbBpf0yz2vQL7JaLhyxiRR2LYLMODbCvo2XU2LS5S4
r6eowvgnA+ev9cgGfSxbyfExS4qJkdfsDousMwq2DXMDwo6QJl7VlHlAtsRdT8TC
RCn4dmIeRpMeEmgKO06et78pxW7eLXPYj+zdW95jQw+ny/VGQvXAUYNiDnrLM6XX
Wla4/t2U0BBeM+n197UibXDbbW1WRjG7Yeb5WwpjaXkAQut8RdRlsypI6USxW7o9
UA0FXOe4Dc+b5nNJI2/Jl6o8VrK47+6Bp8Pghx1fdvQsyBnrFpTpquLoOOBscRHX
q/N/LRnKE0Qzm0k7ajlcmILYMMttXjGJ2xqFl9c0r6UH
-----END CERTIFICATE-----