Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/oUmcMUtuhcKckFSDBz0rnVgX6VA.roa
File:                     oUmcMUtuhcKckFSDBz0rnVgX6VA.roa (raw, json)
Hash identifier:          Vo1x7fFdPLf+gNr5ngsvEsgyymKQ4J3ELs7j3lA2QcI=
Subject key identifier:   A1:49:9C:31:4B:6E:85:C2:9C:90:54:83:07:3D:2B:9D:58:17:E9:50
Certificate issuer:       /CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
Certificate serial:       0194214451936951E9148791D4205E2F3F85
Authority key identifier: 5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/oUmcMUtuhcKckFSDBz0rnVgX6VA.roa
Signing time:             Wed 01 Jan 2025 09:48:32 +0000
ROA not before:           Wed 01 Jan 2025 09:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207691
IP address blocks:        147.78.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:51:93:69:51:e9:14:87:91:d4:20:5e:2f:3f:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
        Validity
            Not Before: Jan  1 09:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1499c314b6e85c29c905483073d2b9d5817e950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:57:cc:a0:27:56:82:8e:d6:15:ca:f8:1d:46:
                    c4:db:11:83:42:b7:cb:3f:df:f6:dc:aa:fb:a5:79:
                    4b:af:39:45:a7:e6:cb:3e:5f:a0:a7:f6:59:9e:b6:
                    fe:45:98:23:f2:1e:e8:bb:06:32:82:c4:46:e2:50:
                    0a:01:52:dc:1d:1f:35:66:a8:e2:ce:76:a6:6f:b3:
                    80:1d:c9:46:37:82:fc:e6:ce:cc:f3:c6:f5:61:e6:
                    ac:62:9c:80:e3:64:d3:36:e5:3e:ed:9e:36:a2:b5:
                    32:92:44:27:3f:bd:81:06:91:1a:ea:ca:d6:28:39:
                    79:3a:28:5e:00:e4:a8:21:1d:70:ac:31:41:b9:57:
                    4c:9b:b7:1b:11:ad:0c:40:5e:3a:27:30:85:b6:fd:
                    a5:ec:3c:ff:d1:7e:90:2c:5c:ef:7b:66:44:9f:16:
                    55:14:aa:09:a5:5b:04:7d:58:bf:b3:c0:00:c3:94:
                    5d:1d:ad:4e:7a:1a:1b:38:96:61:d8:2a:95:60:87:
                    17:88:a6:5b:d4:07:24:21:46:8e:0e:c2:18:f7:83:
                    7b:73:b2:1e:c4:ab:03:eb:15:aa:03:f1:8e:9c:dc:
                    29:b8:10:fa:9c:33:a0:a9:47:f8:40:6a:20:b6:c3:
                    bf:64:b4:a1:27:31:cf:91:b1:d6:fa:c5:99:4e:ab:
                    8a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:49:9C:31:4B:6E:85:C2:9C:90:54:83:07:3D:2B:9D:58:17:E9:50
            X509v3 Authority Key Identifier:
                keyid:5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/oUmcMUtuhcKckFSDBz0rnVgX6VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:39:d4:54:c1:38:a7:4e:27:d4:e8:c2:25:65:8d:63:2c:52:
         d1:09:9e:ba:3f:f0:0a:d7:f3:06:15:69:94:7c:6b:a7:c5:4a:
         c1:b8:4d:42:d1:f0:c5:1d:81:bb:e9:dc:a9:d1:7b:38:a2:9e:
         28:30:a7:34:7c:ea:77:5c:24:a1:9a:ff:1a:75:ae:0e:4d:bf:
         e3:d1:30:39:74:ee:4a:89:33:1e:26:50:ed:f1:c9:06:f3:f1:
         d9:45:33:a5:9c:2e:a3:00:7d:3e:5e:83:13:52:42:09:c8:15:
         ad:9e:63:57:ff:95:67:70:76:2e:45:bc:ef:31:ad:ce:0e:2f:
         35:94:c5:6e:9b:01:3f:17:d2:0b:f6:85:20:68:4e:38:7a:fd:
         40:49:3b:06:d4:66:7d:12:59:76:b2:31:e9:ed:39:f3:37:e7:
         58:ea:8b:03:dd:f5:57:2d:47:e4:77:c1:c5:90:f6:76:1c:b8:
         69:4b:3b:b2:98:2d:6e:e5:e8:2a:69:41:ac:7e:2c:cf:1f:4e:
         76:da:b0:1e:75:ea:4c:38:4c:0c:11:b8:10:16:d8:d0:e0:28:
         28:5e:d4:56:01:2f:e3:b2:a2:2d:f9:14:1f:8c:f9:42:1d:85:
         5b:9d:2d:26:14:2b:0a:ab:cc:75:95:86:f8:60:77:a1:65:6b:
         9c:99:02:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRFGTaVHpFIeR1CBeLz+FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDY5ZDlmNzQ5NjMwZjAyNTZjZjBjZWFiNTg4MzZiNDkx
YTU4ZjYwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQ5OWMzMTRiNmU4NWMyOWM5MDU0ODMwNzNkMmI5ZDU4MTdlOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1fMoCdWgo7WFcr4HUbE2xGDQrfL
P9/23Kr7pXlLrzlFp+bLPl+gp/ZZnrb+RZgj8h7ouwYygsRG4lAKAVLcHR81Zqji
znamb7OAHclGN4L85s7M88b1YeasYpyA42TTNuU+7Z42orUykkQnP72BBpEa6srW
KDl5OiheAOSoIR1wrDFBuVdMm7cbEa0MQF46JzCFtv2l7Dz/0X6QLFzve2ZEnxZV
FKoJpVsEfVi/s8AAw5RdHa1OehobOJZh2CqVYIcXiKZb1AckIUaODsIY94N7c7Ie
xKsD6xWqA/GOnNwpuBD6nDOgqUf4QGogtsO/ZLShJzHPkbHW+sWZTquKBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFJnDFLboXCnJBUgwc9K51YF+lQMB8GA1UdIwQY
MBaAFF3WnZ90ljDwJWzwzqtYg2tJGlj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWIt
ZjNmZDY0MzMxNzA5LzEvb1VtY01VdHVoY0tja0ZTREJ6MHJuVmdYNlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWItZjNmZDY0MzMxNzA5
LzEvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk06OMA0G
CSqGSIb3DQEBCwUAA4IBAQCcOdRUwTinTifU6MIlZY1jLFLRCZ66P/AK1/MGFWmU
fGunxUrBuE1C0fDFHYG76dyp0Xs4op4oMKc0fOp3XCShmv8ada4OTb/j0TA5dO5K
iTMeJlDt8ckG8/HZRTOlnC6jAH0+XoMTUkIJyBWtnmNX/5VncHYuRbzvMa3ODi81
lMVumwE/F9IL9oUgaE44ev1ASTsG1GZ9Ell2sjHp7TnzN+dY6osD3fVXLUfkd8HF
kPZ2HLhpSzuymC1u5egqaUGsfizPH0522rAedepMOEwMEbgQFtjQ4CgoXtRWAS/j
sqIt+RQfjPlCHYVbnS0mFCsKq8x1lYb4YHehZWucmQLm
-----END CERTIFICATE-----