Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/85ee02-6f43-4927-ab5d-ed57b24b4465/1/t3uXJVNYIcETNH2wbIt0kGmTa3E.roa
File:                     t3uXJVNYIcETNH2wbIt0kGmTa3E.roa (raw, json)
Hash identifier:          TpjYWQB/dEWPF8i95tLxQWL3noXfiwIkXuk9Gm2aR3o=
Subject key identifier:   B7:7B:97:25:53:58:21:C1:13:34:7D:B0:6C:8B:74:90:69:93:6B:71
Certificate issuer:       /CN=0b1936281b86707a05d55a01f88b2e653d7b3ee9
Certificate serial:       0194236A070972A763D649BB38A65CF92D21
Authority key identifier: 0B:19:36:28:1B:86:70:7A:05:D5:5A:01:F8:8B:2E:65:3D:7B:3E:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cxk2KBuGcHoF1VoB-IsuZT17Puk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/85ee02-6f43-4927-ab5d-ed57b24b4465/1/t3uXJVNYIcETNH2wbIt0kGmTa3E.roa
Signing time:             Wed 01 Jan 2025 19:48:58 +0000
ROA not before:           Wed 01 Jan 2025 19:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209525
IP address blocks:        212.78.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/85ee02-6f43-4927-ab5d-ed57b24b4465/1/Cxk2KBuGcHoF1VoB-IsuZT17Puk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/85ee02-6f43-4927-ab5d-ed57b24b4465/1/Cxk2KBuGcHoF1VoB-IsuZT17Puk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cxk2KBuGcHoF1VoB-IsuZT17Puk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 22:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:07:09:72:a7:63:d6:49:bb:38:a6:5c:f9:2d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1936281b86707a05d55a01f88b2e653d7b3ee9
        Validity
            Not Before: Jan  1 19:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b77b9725535821c113347db06c8b749069936b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a4:21:76:40:b6:a0:55:11:2e:ae:73:92:74:
                    9f:11:ca:d2:9f:aa:9f:e2:34:a0:da:3e:e8:2e:86:
                    31:ec:3a:d8:76:f8:98:5d:9c:49:15:80:da:eb:35:
                    b4:25:72:69:d1:50:95:79:20:7f:fd:13:08:c0:71:
                    83:52:dd:e3:ec:fb:14:09:19:02:9a:f2:70:fd:1c:
                    ab:4c:14:e9:37:35:24:cf:27:c1:9f:26:60:b9:da:
                    31:3f:68:89:44:75:bf:b6:57:78:e4:bc:f5:74:e2:
                    36:c7:27:75:d4:83:c8:e6:b4:df:8b:59:85:07:66:
                    a4:78:77:a3:be:85:b7:c3:19:9c:38:ec:d7:8f:6e:
                    66:1c:0d:a7:88:30:14:02:e0:ae:88:20:60:7c:57:
                    bd:c4:c4:66:c0:8a:3d:28:71:d5:38:db:be:5b:de:
                    70:8f:e2:34:8d:21:ea:8e:f4:98:66:4e:35:a7:5c:
                    aa:07:f0:ce:94:3c:95:18:92:dc:53:b9:71:6c:0f:
                    1a:fe:a8:35:53:40:22:c4:5a:59:e4:52:e6:20:0e:
                    ad:24:f3:b4:8d:37:0c:9a:61:9d:df:81:db:c3:a2:
                    5d:3f:5d:35:4f:81:62:89:f1:02:c2:dd:87:80:96:
                    20:08:47:d4:d2:c2:0c:cb:16:b7:9f:c7:d3:46:62:
                    ba:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:7B:97:25:53:58:21:C1:13:34:7D:B0:6C:8B:74:90:69:93:6B:71
            X509v3 Authority Key Identifier:
                keyid:0B:19:36:28:1B:86:70:7A:05:D5:5A:01:F8:8B:2E:65:3D:7B:3E:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cxk2KBuGcHoF1VoB-IsuZT17Puk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/85ee02-6f43-4927-ab5d-ed57b24b4465/1/t3uXJVNYIcETNH2wbIt0kGmTa3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/85ee02-6f43-4927-ab5d-ed57b24b4465/1/Cxk2KBuGcHoF1VoB-IsuZT17Puk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.78.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:93:90:0c:a1:86:ff:5b:16:3b:f0:f8:9c:81:3c:00:cb:82:
         ab:81:59:dc:5a:54:4f:a2:f6:61:1d:0f:72:17:12:52:5e:1e:
         c7:6e:36:06:54:f7:a6:7a:e7:b6:f9:5b:af:ce:7b:90:e3:8c:
         59:fe:c7:ca:81:9d:3b:85:40:c1:9c:52:de:77:f5:94:cc:92:
         a4:f5:c9:0a:9f:4a:78:1c:b8:7e:0f:30:ba:c8:94:dd:b4:31:
         62:06:b6:92:98:e4:07:e6:2a:10:70:3c:96:a8:6a:47:48:5d:
         6d:44:0d:60:fc:37:f0:df:89:7c:9b:b6:20:30:a2:67:08:51:
         49:d6:b3:56:7e:07:9e:44:00:2c:bc:2d:b1:82:50:0a:d4:98:
         ae:f5:73:17:25:8f:de:f4:ed:04:36:8c:83:c5:14:96:61:86:
         07:76:36:4f:ef:dd:8f:96:6f:64:38:25:d9:7c:b8:53:62:7d:
         08:8a:1c:a5:c4:b4:84:2b:76:66:78:69:12:9c:94:ce:22:6a:
         fa:13:a8:79:38:a9:f6:ac:70:fb:07:15:df:b5:e3:7a:17:aa:
         0a:ba:26:5b:cb:83:5c:5a:f8:b6:b3:02:33:eb:fc:2c:3d:2b:
         a8:19:db:ab:de:ff:8f:99:0b:65:c8:fa:d9:1e:9d:bb:fc:6f:
         16:0c:2e:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagcJcqdj1km7OKZc+S0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMTkzNjI4MWI4NjcwN2EwNWQ1NWEwMWY4OGIyZTY1M2Q3
YjNlZTkwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzdiOTcyNTUzNTgyMWMxMTMzNDdkYjA2YzhiNzQ5MDY5OTM2YjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aQhdkC2oFURLq5zknSfEcrSn6qf
4jSg2j7oLoYx7DrYdviYXZxJFYDa6zW0JXJp0VCVeSB//RMIwHGDUt3j7PsUCRkC
mvJw/RyrTBTpNzUkzyfBnyZgudoxP2iJRHW/tld45Lz1dOI2xyd11IPI5rTfi1mF
B2akeHejvoW3wxmcOOzXj25mHA2niDAUAuCuiCBgfFe9xMRmwIo9KHHVONu+W95w
j+I0jSHqjvSYZk41p1yqB/DOlDyVGJLcU7lxbA8a/qg1U0AixFpZ5FLmIA6tJPO0
jTcMmmGd34Hbw6JdP101T4FiifECwt2HgJYgCEfU0sIMyxa3n8fTRmK63wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLd7lyVTWCHBEzR9sGyLdJBpk2txMB8GA1UdIwQY
MBaAFAsZNigbhnB6BdVaAfiLLmU9ez7pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3hrMktCdUdjSG9GMVZvQi1Jc3VaVDE3UHVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84NWVlMDItNmY0My00OTI3LWFiNWQt
ZWQ1N2IyNGI0NDY1LzEvdDN1WEpWTllJY0VUTkgyd2JJdDBrR21UYTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84NWVlMDItNmY0My00OTI3LWFiNWQtZWQ1N2IyNGI0NDY1
LzEvQ3hrMktCdUdjSG9GMVZvQi1Jc3VaVDE3UHVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1E4kMA0G
CSqGSIb3DQEBCwUAA4IBAQCxk5AMoYb/WxY78PicgTwAy4KrgVncWlRPovZhHQ9y
FxJSXh7HbjYGVPemeue2+VuvznuQ44xZ/sfKgZ07hUDBnFLed/WUzJKk9ckKn0p4
HLh+DzC6yJTdtDFiBraSmOQH5ioQcDyWqGpHSF1tRA1g/Dfw34l8m7YgMKJnCFFJ
1rNWfgeeRAAsvC2xglAK1Jiu9XMXJY/e9O0ENoyDxRSWYYYHdjZP792Plm9kOCXZ
fLhTYn0IihylxLSEK3ZmeGkSnJTOImr6E6h5OKn2rHD7BxXfteN6F6oKuiZby4Nc
Wvi2swIz6/wsPSuoGdur3v+PmQtlyPrZHp27/G8WDC5W
-----END CERTIFICATE-----