Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/foEIKKiKGzP167JX4o8XvUykr-g.roa
File:                     foEIKKiKGzP167JX4o8XvUykr-g.roa (raw, json)
Hash identifier:          evb8m5fPfJsy+xSv7BIO0U4CuUb+yRCVsqdlmwoMX6M=
Subject key identifier:   7E:81:08:28:A8:8A:1B:33:F5:EB:B2:57:E2:8F:17:BD:4C:A4:AF:E8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0195DBD8C160B3DF0C7AE5B21D28861CB930
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/foEIKKiKGzP167JX4o8XvUykr-g.roa
Signing time:             Fri 28 Mar 2025 08:22:50 +0000
ROA not before:           Fri 28 Mar 2025 08:22:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20648
IP address blocks:        147.78.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:db:d8:c1:60:b3:df:0c:7a:e5:b2:1d:28:86:1c:b9:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 28 08:22:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e810828a88a1b33f5ebb257e28f17bd4ca4afe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e8:3d:5d:54:5e:03:03:2f:e3:b7:aa:02:b9:
                    83:f5:39:a2:65:b7:b7:01:17:b6:9a:c2:5d:2d:80:
                    62:0d:84:0a:95:f4:5f:d4:2c:27:a3:b8:ff:86:39:
                    47:99:a4:43:85:5b:2d:50:c6:4e:21:9c:e2:3e:4d:
                    8e:fa:44:0f:a4:3a:4b:a2:93:98:2c:16:81:92:54:
                    2e:48:ca:dc:23:87:3d:87:24:93:71:85:ff:f4:f4:
                    65:75:40:2d:5c:89:0e:61:70:57:48:81:59:98:9a:
                    c7:87:b0:9f:53:7a:71:e9:a1:40:f5:ce:48:ae:9e:
                    a9:6b:07:ef:8e:87:b9:1f:d1:ea:ad:a8:8e:07:a7:
                    ec:f3:d7:ed:45:8d:ae:3c:fc:61:ed:89:8c:b6:5b:
                    76:dc:d5:b1:80:68:52:11:e0:26:0f:20:ef:b8:8a:
                    d6:93:03:02:8a:c7:ce:2d:bb:fc:71:3b:01:84:3e:
                    29:ef:91:d2:ab:9f:4f:97:c8:1a:4b:58:4e:25:4a:
                    b4:11:7d:ee:77:3f:2f:8d:50:9d:b0:74:6d:f8:d0:
                    10:0c:76:be:97:6b:03:50:ec:e6:b8:b9:ce:de:e9:
                    43:64:c4:60:c8:f8:2a:17:57:77:55:23:66:f4:31:
                    12:5b:cb:1c:5c:7c:8f:c1:fd:8d:9b:8b:77:ea:78:
                    ad:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:81:08:28:A8:8A:1B:33:F5:EB:B2:57:E2:8F:17:BD:4C:A4:AF:E8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/foEIKKiKGzP167JX4o8XvUykr-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:a9:42:17:7a:c3:d2:34:88:4f:8c:36:56:ff:1d:99:27:f9:
         f9:9f:bd:20:93:92:ca:16:2c:b0:32:65:c1:bd:f4:67:19:4b:
         d5:67:9a:25:29:70:b9:66:ac:bf:8d:35:80:b0:39:b2:93:2b:
         55:14:5e:0c:68:ba:a4:a7:b8:7d:b7:5a:4b:9f:7e:ca:df:93:
         bd:3a:fb:58:59:95:86:3b:37:a3:0f:53:d3:d2:fd:07:a1:97:
         39:e9:3f:25:31:9b:3a:98:d5:87:a3:2e:0b:8c:4b:67:03:c2:
         73:0e:7f:62:e2:d8:42:e0:3e:cd:1e:d1:0d:e4:e4:37:99:a2:
         1c:57:ab:c8:84:58:d7:ea:1e:eb:37:94:94:41:17:cb:4e:d1:
         0d:54:57:e5:a8:74:18:7e:0d:38:9f:d2:29:89:53:51:a2:6f:
         b8:01:a8:3c:c4:24:b8:0d:f6:81:3a:4f:78:d7:f8:40:49:28:
         93:b8:e4:45:2f:94:bd:c5:34:2f:de:59:fe:a3:b4:0a:8f:ab:
         f0:1a:47:93:b5:69:8b:04:8f:9a:c0:d2:56:a5:d2:93:a4:8f:
         0c:3d:d9:20:ed:9d:e1:e0:ad:a8:e9:a4:6a:46:b7:81:15:c9:
         10:cc:c0:fe:37:f5:5c:fc:bf:6c:02:24:a5:fc:0e:76:24:e8:
         4a:c8:32:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXb2MFgs98MeuWyHSiGHLkwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzI4MDgyMjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTgxMDgyOGE4OGExYjMzZjVlYmIyNTdlMjhmMTdiZDRjYTRhZmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOg9XVReAwMv47eqArmD9TmiZbe3
ARe2msJdLYBiDYQKlfRf1Cwno7j/hjlHmaRDhVstUMZOIZziPk2O+kQPpDpLopOY
LBaBklQuSMrcI4c9hySTcYX/9PRldUAtXIkOYXBXSIFZmJrHh7CfU3px6aFA9c5I
rp6pawfvjoe5H9HqraiOB6fs89ftRY2uPPxh7YmMtlt23NWxgGhSEeAmDyDvuIrW
kwMCisfOLbv8cTsBhD4p75HSq59Pl8gaS1hOJUq0EX3udz8vjVCdsHRt+NAQDHa+
l2sDUOzmuLnO3ulDZMRgyPgqF1d3VSNm9DESW8scXHyPwf2Nm4t36nitoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6BCCioihsz9euyV+KPF71MpK/oMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZm9FSUtLaUtHelAxNjdKWDRvOFh2VXlrci1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk05mMA0G
CSqGSIb3DQEBCwUAA4IBAQCIqUIXesPSNIhPjDZW/x2ZJ/n5n70gk5LKFiywMmXB
vfRnGUvVZ5olKXC5Zqy/jTWAsDmykytVFF4MaLqkp7h9t1pLn37K35O9OvtYWZWG
OzejD1PT0v0HoZc56T8lMZs6mNWHoy4LjEtnA8JzDn9i4thC4D7NHtEN5OQ3maIc
V6vIhFjX6h7rN5SUQRfLTtENVFflqHQYfg04n9IpiVNRom+4Aag8xCS4DfaBOk94
1/hASSiTuORFL5S9xTQv3ln+o7QKj6vwGkeTtWmLBI+awNJWpdKTpI8MPdkg7Z3h
4K2o6aRqRreBFckQzMD+N/Vc/L9sAiSl/A52JOhKyDKm
-----END CERTIFICATE-----