Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/ePDnHbOXTUlVTt6WhrgofDAybdQ.roa
File:                     ePDnHbOXTUlVTt6WhrgofDAybdQ.roa (raw, json)
Hash identifier:          dBzcW1+wZxIMYW+MPmPSO2MTLadbHEVw8y5qmE2KY9E=
Subject key identifier:   78:F0:E7:1D:B3:97:4D:49:55:4E:DE:96:86:B8:28:7C:30:32:6D:D4
Certificate issuer:       /CN=107807c2518915138f555123605c0133dfdbb4fa
Certificate serial:       019421B20CA327AB7F25E9428616157E7342
Authority key identifier: 10:78:07:C2:51:89:15:13:8F:55:51:23:60:5C:01:33:DF:DB:B4:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/ePDnHbOXTUlVTt6WhrgofDAybdQ.roa
Signing time:             Wed 01 Jan 2025 11:48:24 +0000
ROA not before:           Wed 01 Jan 2025 11:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35280
IP address blocks:        132.70.0.0/16 maxlen: 16
                          132.71.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:0c:a3:27:ab:7f:25:e9:42:86:16:15:7e:73:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=107807c2518915138f555123605c0133dfdbb4fa
        Validity
            Not Before: Jan  1 11:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78f0e71db3974d49554ede9686b8287c30326dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b9:ec:aa:ff:68:a4:2e:87:84:2d:2b:64:57:
                    23:ad:a9:4f:9e:aa:84:96:39:d9:e8:a7:52:bc:b2:
                    45:10:eb:91:cb:71:63:92:6d:09:39:87:50:b0:88:
                    48:9a:bf:aa:d9:69:d6:0d:1a:2f:93:fd:6a:41:57:
                    5d:41:19:54:07:b3:4e:48:5b:9d:9c:e3:c5:d9:c7:
                    f3:2f:87:48:f9:94:15:50:16:0f:12:e8:48:08:09:
                    50:5f:fa:a5:41:a0:44:0c:b7:97:e8:c3:a1:67:4f:
                    2c:28:44:3d:c6:13:e7:3d:3f:41:90:96:ee:a4:40:
                    5a:5b:a9:eb:5e:97:34:69:65:3b:25:59:1c:f6:20:
                    ad:65:c1:d9:00:04:50:61:ee:de:26:6c:73:5a:d4:
                    f2:da:6c:20:d3:2d:94:db:ca:c6:99:79:4d:97:50:
                    f6:e8:6a:77:15:6a:f2:d2:4e:3b:9c:fe:01:c1:a4:
                    78:be:78:c7:ff:22:80:e2:88:9f:62:73:c4:fc:b0:
                    21:60:8f:a1:a8:43:af:0b:a8:a5:09:42:36:2e:f8:
                    01:06:59:27:55:04:5b:0f:e9:08:56:40:f6:ab:b0:
                    c6:54:2c:24:a6:24:63:7e:3a:8a:bc:ac:9c:3e:6f:
                    3a:dd:40:77:b4:32:34:56:a3:f1:88:71:4d:d6:ae:
                    09:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:F0:E7:1D:B3:97:4D:49:55:4E:DE:96:86:B8:28:7C:30:32:6D:D4
            X509v3 Authority Key Identifier:
                keyid:10:78:07:C2:51:89:15:13:8F:55:51:23:60:5C:01:33:DF:DB:B4:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/ePDnHbOXTUlVTt6WhrgofDAybdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.70.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         83:30:d6:45:40:a5:bd:69:bd:46:42:b2:f5:69:e2:f3:8f:1c:
         5c:f5:5b:9d:1e:33:1e:e0:cb:95:a9:00:7d:4f:aa:8c:f7:a2:
         de:5e:70:8c:85:4e:0f:d2:eb:00:54:fc:b7:c7:ad:47:9f:02:
         87:5c:cf:75:72:d9:13:cc:8f:ed:9a:ea:c2:a6:19:f1:f5:2c:
         1f:0f:cd:c5:19:08:c3:a0:b5:16:60:e8:5b:f9:02:17:e0:84:
         34:2d:54:d9:5c:c3:b5:f9:4f:5c:17:49:03:6c:1b:22:49:f3:
         2c:5e:91:66:50:fd:1d:22:42:ff:b8:43:05:31:47:f2:7b:01:
         28:dc:2f:95:87:dd:6d:e6:6b:59:8f:34:7f:2b:f1:98:6d:43:
         d1:fd:6c:c9:65:bc:04:af:90:1e:c7:6e:76:aa:2a:34:1f:b6:
         8c:b7:6a:94:17:25:e2:ef:dd:e5:0d:0c:f7:98:9a:c2:64:8e:
         c0:46:a8:22:3c:78:0d:c7:66:a1:c7:5c:f2:b9:bf:84:b3:8a:
         03:34:d7:ff:c4:94:a5:c4:cd:4b:56:dc:ad:99:e6:47:bc:19:
         3b:54:9e:97:7f:f4:28:bc:9f:6f:d1:01:36:57:28:51:41:84:
         60:ca:34:77:c0:51:17:f4:72:cc:b3:0d:7d:19:59:aa:76:f9:
         76:41:f5:5e
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQhsgyjJ6t/JelChhYVfnNCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzgwN2MyNTE4OTE1MTM4ZjU1NTEyMzYwNWMwMTMzZGZk
YmI0ZmEwHhcNMjUwMTAxMTE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGYwZTcxZGIzOTc0ZDQ5NTU0ZWRlOTY4NmI4Mjg3YzMwMzI2ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7nsqv9opC6HhC0rZFcjralPnqqE
ljnZ6KdSvLJFEOuRy3Fjkm0JOYdQsIhImr+q2WnWDRovk/1qQVddQRlUB7NOSFud
nOPF2cfzL4dI+ZQVUBYPEuhICAlQX/qlQaBEDLeX6MOhZ08sKEQ9xhPnPT9BkJbu
pEBaW6nrXpc0aWU7JVkc9iCtZcHZAARQYe7eJmxzWtTy2mwg0y2U28rGmXlNl1D2
6Gp3FWry0k47nP4BwaR4vnjH/yKA4oifYnPE/LAhYI+hqEOvC6ilCUI2LvgBBlkn
VQRbD+kIVkD2q7DGVCwkpiRjfjqKvKycPm863UB3tDI0VqPxiHFN1q4JaQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHjw5x2zl01JVU7eloa4KHwwMm3UMB8GA1UdIwQY
MBaAFBB4B8JRiRUTj1VRI2BcATPf27T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhnSHdsR0pGUk9QVlZFallGd0JNOV9idFBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yODYwYTQtM2I5NC00Mjc0LWEzYTIt
ZjlhYzE1ZTY2Mzg2LzEvZVBEbkhiT1hUVWxWVHQ2V2hyZ29mREF5YmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yODYwYTQtM2I5NC00Mjc0LWEzYTItZjlhYzE1ZTY2Mzg2
LzEvRUhnSHdsR0pGUk9QVlZFallGd0JNOV9idFBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEYwDQYJ
KoZIhvcNAQELBQADggEBAIMw1kVApb1pvUZCsvVp4vOPHFz1W50eMx7gy5WpAH1P
qoz3ot5ecIyFTg/S6wBU/LfHrUefAodcz3Vy2RPMj+2a6sKmGfH1LB8PzcUZCMOg
tRZg6Fv5AhfghDQtVNlcw7X5T1wXSQNsGyJJ8yxekWZQ/R0iQv+4QwUxR/J7ASjc
L5WH3W3ma1mPNH8r8ZhtQ9H9bMllvASvkB7HbnaqKjQftoy3apQXJeLv3eUNDPeY
msJkjsBGqCI8eA3HZqHHXPK5v4SzigM01//ElKXEzUtW3K2Z5ke8GTtUnpd/9Ci8
n2/RATZXKFFBhGDKNHfAURf0csyzDX0ZWap2+XZB9V4=
-----END CERTIFICATE-----