Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/7aUz8499DPhigJrtymvFDvH_yp8.roa
File:                     7aUz8499DPhigJrtymvFDvH_yp8.roa (raw, json)
Hash identifier:          XTyGxDVpkkql4iOBZC2KvGPinizfN4vZAGbc34EqO8o=
Subject key identifier:   ED:A5:33:F3:8F:7D:0C:F8:62:80:9A:ED:CA:6B:C5:0E:F1:FF:CA:9F
Certificate issuer:       /CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
Certificate serial:       019421444BE3D81F394F6ED7AE9F8C5A9157
Authority key identifier: 1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/7aUz8499DPhigJrtymvFDvH_yp8.roa
Signing time:             Wed 01 Jan 2025 09:48:31 +0000
ROA not before:           Wed 01 Jan 2025 09:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212317
IP address blocks:        5.78.0.0/16 maxlen: 24
                          2a01:4ff:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:4b:e3:d8:1f:39:4f:6e:d7:ae:9f:8c:5a:91:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
        Validity
            Not Before: Jan  1 09:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eda533f38f7d0cf862809aedca6bc50ef1ffca9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:c5:2a:58:5c:ce:36:d7:09:b8:44:ec:66:2d:
                    20:c1:c2:98:c6:b3:bb:2c:61:db:4d:53:3f:18:0c:
                    65:4d:2e:63:ef:d6:96:61:67:91:f2:1a:81:be:5a:
                    ec:96:fb:e0:e4:1b:d4:5a:d4:9b:a7:73:42:6d:0b:
                    b6:9f:90:98:18:93:60:5e:de:a5:6e:ad:0e:4a:1f:
                    ad:f1:d2:e7:7d:2a:24:2c:32:c0:23:34:28:8b:21:
                    b7:c1:eb:15:e4:8f:62:cd:05:6f:ae:95:01:79:68:
                    d4:bc:e7:5a:23:2e:98:70:cd:c7:65:07:a5:aa:cc:
                    b5:9a:09:af:5f:9e:32:bc:05:64:85:8b:82:85:72:
                    27:dc:68:2e:76:95:a1:cc:b0:bf:85:9e:e9:b3:aa:
                    cc:78:58:7b:f3:5a:a0:4a:8e:9b:67:de:c1:4a:55:
                    8a:92:49:bb:90:3d:8f:47:15:fb:9f:46:5c:1a:4c:
                    35:f8:8b:2b:a9:07:4f:b2:7b:bd:ea:6d:93:d1:02:
                    5c:81:bb:49:77:39:56:ba:21:a2:e3:e3:af:72:a6:
                    9f:8e:65:1d:21:69:2f:cc:f1:a5:46:72:9f:28:77:
                    cd:35:20:5a:0e:58:84:7a:0e:ae:69:b6:a1:89:ce:
                    66:39:6c:18:ed:e6:1d:bc:1b:47:aa:2c:08:f4:10:
                    9c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:A5:33:F3:8F:7D:0C:F8:62:80:9A:ED:CA:6B:C5:0E:F1:FF:CA:9F
            X509v3 Authority Key Identifier:
                keyid:1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/7aUz8499DPhigJrtymvFDvH_yp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.78.0.0/16
                IPv6:
                  2a01:4ff:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         1c:a3:3a:42:8e:65:fa:09:12:90:fa:43:d1:d9:bd:2e:3d:3d:
         bc:0a:62:39:19:8f:d2:5e:a7:c8:ad:fe:bc:2c:54:36:39:35:
         a0:d2:4f:ae:c3:17:ae:f6:1d:3f:95:24:67:5d:fa:5f:4e:9d:
         fe:2c:f0:6e:35:ae:38:8c:af:e3:d0:dd:2b:82:38:d2:02:91:
         77:7b:34:fd:6a:7e:09:46:ce:83:19:52:b7:16:b6:75:70:9d:
         51:77:8a:4e:07:c6:6f:39:93:14:ec:3a:05:06:f8:77:45:2b:
         38:01:02:8a:92:9a:c4:d9:61:16:46:38:a5:39:ce:bb:ef:00:
         a1:29:d1:2f:5e:34:86:81:e0:06:74:6b:ca:75:e3:93:25:44:
         aa:b1:e2:36:1e:33:c9:9e:95:4d:1c:4b:25:4a:27:9d:5b:ae:
         5c:d7:88:f2:6d:77:ba:1d:dc:74:34:43:58:9c:27:6a:7a:a2:
         16:8f:e1:fd:db:bb:99:a5:9e:fb:0a:f0:14:ab:f6:15:75:84:
         4b:6c:80:a2:77:11:49:ae:f1:bf:23:dd:e3:22:5b:68:00:36:
         33:17:c9:d0:db:61:9b:de:a4:f1:6b:7b:7f:d9:14:25:a1:62:
         0a:5e:bb:91:ef:63:e0:5e:1e:3e:03:77:42:0b:6e:bb:8c:2b:
         b5:b8:a2:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhREvj2B85T27Xrp+MWpFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDZmNTc3MzVhNGU2M2RiZWY4NDhlZTBkOWQxOTllMjE1
ZjgzMDQwHhcNMjUwMTAxMDk0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGE1MzNmMzhmN2QwY2Y4NjI4MDlhZWRjYTZiYzUwZWYxZmZjYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68UqWFzONtcJuETsZi0gwcKYxrO7
LGHbTVM/GAxlTS5j79aWYWeR8hqBvlrslvvg5BvUWtSbp3NCbQu2n5CYGJNgXt6l
bq0OSh+t8dLnfSokLDLAIzQoiyG3wesV5I9izQVvrpUBeWjUvOdaIy6YcM3HZQel
qsy1mgmvX54yvAVkhYuChXIn3GgudpWhzLC/hZ7ps6rMeFh781qgSo6bZ97BSlWK
kkm7kD2PRxX7n0ZcGkw1+IsrqQdPsnu96m2T0QJcgbtJdzlWuiGi4+OvcqafjmUd
IWkvzPGlRnKfKHfNNSBaDliEeg6uabahic5mOWwY7eYdvBtHqiwI9BCcmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO2lM/OPfQz4YoCa7cprxQ7x/8qfMB8GA1UdIwQY
MBaAFB9G9Xc1pOY9vvhI7g2dGZ4hX4MEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBiMWR6V2s1ajItLUVqdURaMFpuaUZmZ3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8xMDcyNjYtYWI1MS00NjJiLTlmYzIt
YTdjOTg5OGVlY2JjLzEvN2FVejg0OTlEUGhpZ0pydHltdkZEdkhfeXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8xMDcyNjYtYWI1MS00NjJiLTlmYzItYTdjOTg5OGVlY2Jj
LzEvSDBiMWR6V2s1ajItLUVqdURaMFpuaUZmZ3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTALBAIAATAFAwMABU4wDgQC
AAIwCAMGACoBBP8BMA0GCSqGSIb3DQEBCwUAA4IBAQAcozpCjmX6CRKQ+kPR2b0u
PT28CmI5GY/SXqfIrf68LFQ2OTWg0k+uwxeu9h0/lSRnXfpfTp3+LPBuNa44jK/j
0N0rgjjSApF3ezT9an4JRs6DGVK3FrZ1cJ1Rd4pOB8ZvOZMU7DoFBvh3RSs4AQKK
kprE2WEWRjilOc677wChKdEvXjSGgeAGdGvKdeOTJUSqseI2HjPJnpVNHEslSied
W65c14jybXe6Hdx0NENYnCdqeqIWj+H927uZpZ77CvAUq/YVdYRLbICidxFJrvG/
I93jIltoADYzF8nQ22Gb3qTxa3t/2RQloWIKXruR72PgXh4+A3dCC267jCu1uKIF
-----END CERTIFICATE-----