Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/1GXRp3uT7hSMRzWjOxU0QktVRiY.roa
File:                     1GXRp3uT7hSMRzWjOxU0QktVRiY.roa (raw, json)
Hash identifier:          aqIqmb81zi2cD6sMblBWQoAdH8B6EoMHMa2iFTOnb0c=
Subject key identifier:   D4:65:D1:A7:7B:93:EE:14:8C:47:35:A3:3B:15:34:42:4B:55:46:26
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       0194258F6412FA777E1A8994AB1CCC62A170
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/1GXRp3uT7hSMRzWjOxU0QktVRiY.roa
Signing time:             Thu 02 Jan 2025 05:49:01 +0000
ROA not before:           Thu 02 Jan 2025 05:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209588
IP address blocks:        147.78.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:64:12:fa:77:7e:1a:89:94:ab:1c:cc:62:a1:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Jan  2 05:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d465d1a77b93ee148c4735a33b1534424b554626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:26:0e:87:a1:76:93:74:c2:95:0c:ed:a8:96:
                    fe:71:ea:25:61:dc:38:30:61:3b:c0:7f:33:a9:62:
                    56:bf:ab:8e:ae:f1:df:91:98:90:86:11:d9:4c:3a:
                    63:36:f5:4f:27:bc:12:98:8f:e5:8f:ee:d7:77:71:
                    16:7c:0c:b7:65:ef:cb:0c:34:9e:b7:ba:ae:26:98:
                    c5:71:08:5a:91:9f:38:11:49:b3:c4:53:47:8a:79:
                    93:5e:50:24:5a:93:51:56:7f:94:6b:87:1c:0d:b0:
                    a0:c3:e1:3b:bf:dd:e0:a3:70:87:9d:54:a0:ca:3f:
                    f5:92:27:9d:47:08:99:02:a4:ce:96:4b:84:35:ee:
                    06:3e:c3:a6:ed:c4:64:36:88:f6:ad:01:38:ee:a8:
                    e5:d6:2b:a3:77:44:18:f0:ea:d2:5a:b5:ce:b0:cf:
                    b3:d2:38:48:e1:68:7f:38:85:5d:4f:5e:92:51:a0:
                    a2:08:a3:9b:24:a4:e8:11:0b:95:37:08:d8:bb:2b:
                    59:0c:fa:6b:98:81:da:bc:ac:dd:74:00:41:05:4b:
                    7d:8a:ea:eb:63:3b:1f:b4:0e:7c:ab:cf:b7:4b:60:
                    d9:bc:3b:a9:5c:f8:d9:e9:82:61:e4:a0:4d:0f:d6:
                    79:a4:9f:61:1a:73:f7:18:48:7f:69:58:60:f7:4b:
                    83:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:65:D1:A7:7B:93:EE:14:8C:47:35:A3:3B:15:34:42:4B:55:46:26
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/1GXRp3uT7hSMRzWjOxU0QktVRiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:ea:b7:2e:02:50:63:9f:5d:43:0c:d4:ac:41:cf:31:70:9f:
         3d:9f:19:d2:cc:0a:9f:e5:60:be:e7:e5:6a:ab:08:bd:8e:6c:
         c2:62:03:35:70:02:93:38:51:92:53:e6:3e:6a:f9:c9:1e:31:
         2b:bf:22:f2:29:ff:58:b7:85:c3:58:70:ce:e5:12:f0:3d:ed:
         72:44:34:6c:3a:65:74:49:cc:2e:2e:87:63:5b:2d:e3:c5:a8:
         d4:87:3c:cb:46:f2:5d:8b:fc:c0:4b:fe:36:1a:ad:76:4d:df:
         c4:ee:57:3b:be:26:61:3d:e3:bc:94:1e:89:dc:9e:44:63:69:
         11:1f:fa:43:1c:e1:e2:06:b4:6c:57:93:53:ea:ef:2c:3c:3f:
         28:77:3b:f7:68:8e:ef:40:a8:d0:47:fa:64:47:af:2b:24:f1:
         ab:78:76:8e:4d:3e:8d:75:11:96:57:92:76:03:6e:c9:bc:55:
         c8:47:d3:24:0e:0f:fe:e2:5c:bb:7c:d4:bd:36:c1:d4:6e:ac:
         f0:b9:b0:d0:ac:cf:02:64:f4:52:70:db:31:33:b2:75:74:e5:
         70:86:87:21:ee:17:e2:86:3d:7e:51:b5:aa:89:18:13:9c:67:
         77:cf:df:bc:73:6c:cf:62:e8:b2:7c:9b:0c:91:1d:8b:31:f6:
         2c:0d:14:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj2QS+nd+GomUqxzMYqFwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjUwMTAyMDU0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDY1ZDFhNzdiOTNlZTE0OGM0NzM1YTMzYjE1MzQ0MjRiNTU0NjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiYOh6F2k3TClQztqJb+ceolYdw4
MGE7wH8zqWJWv6uOrvHfkZiQhhHZTDpjNvVPJ7wSmI/lj+7Xd3EWfAy3Ze/LDDSe
t7quJpjFcQhakZ84EUmzxFNHinmTXlAkWpNRVn+Ua4ccDbCgw+E7v93go3CHnVSg
yj/1kiedRwiZAqTOlkuENe4GPsOm7cRkNoj2rQE47qjl1iujd0QY8OrSWrXOsM+z
0jhI4Wh/OIVdT16SUaCiCKObJKToEQuVNwjYuytZDPprmIHavKzddABBBUt9iurr
YzsftA58q8+3S2DZvDupXPjZ6YJh5KBND9Z5pJ9hGnP3GEh/aVhg90uDqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRl0ad7k+4UjEc1ozsVNEJLVUYmMB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvMUdYUnAzdVQ3aFNNUnpXak94VTBRa3RWUmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk04vMA0G
CSqGSIb3DQEBCwUAA4IBAQBh6rcuAlBjn11DDNSsQc8xcJ89nxnSzAqf5WC+5+Vq
qwi9jmzCYgM1cAKTOFGSU+Y+avnJHjErvyLyKf9Yt4XDWHDO5RLwPe1yRDRsOmV0
ScwuLodjWy3jxajUhzzLRvJdi/zAS/42Gq12Td/E7lc7viZhPeO8lB6J3J5EY2kR
H/pDHOHiBrRsV5NT6u8sPD8odzv3aI7vQKjQR/pkR68rJPGreHaOTT6NdRGWV5J2
A27JvFXIR9MkDg/+4ly7fNS9NsHUbqzwubDQrM8CZPRScNsxM7J1dOVwhoch7hfi
hj1+UbWqiRgTnGd3z9+8c2zPYuiyfJsMkR2LMfYsDRTI
-----END CERTIFICATE-----