Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/QWuyhxRaDaeKKmxQ-8kWJljb0so.roa
File:                     QWuyhxRaDaeKKmxQ-8kWJljb0so.roa (raw, json)
Hash identifier:          m7DfbfEA5JnylW2bBXcT9BDVNApamZZOs373N/tosiA=
Subject key identifier:   41:6B:B2:87:14:5A:0D:A7:8A:2A:6C:50:FB:C9:16:26:58:DB:D2:CA
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747ED4717DFC81E12E9CE0BBC928C3E
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/QWuyhxRaDaeKKmxQ-8kWJljb0so.roa
Signing time:             Thu 02 Jan 2025 13:50:12 +0000
ROA not before:           Thu 02 Jan 2025 13:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211936
IP address blocks:        78.108.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ed:47:17:df:c8:1e:12:e9:ce:0b:bc:92:8c:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=416bb287145a0da78a2a6c50fbc9162658dbd2ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fa:b1:6d:c3:50:7c:df:af:66:b2:c5:46:d4:
                    fb:6a:a2:be:18:9d:64:a9:5c:a2:16:9a:dd:8c:1b:
                    9c:e3:14:4f:f0:75:6e:d6:01:0d:80:6b:8c:f4:d1:
                    06:9b:8f:7f:ed:85:d5:ec:c5:33:cf:24:2b:e5:d5:
                    14:a1:57:b3:bd:80:d0:d3:18:38:c6:df:3c:02:94:
                    74:ab:b2:7c:28:88:44:e0:4a:f4:fe:9b:2a:a6:e4:
                    26:a1:b0:b9:65:d6:8e:76:41:d1:bd:c6:db:b5:ee:
                    24:c4:f7:26:51:17:ef:ee:b7:84:55:c3:09:31:7a:
                    2f:09:78:75:21:ab:e7:e4:a7:13:98:58:ab:ea:6b:
                    c8:46:05:e7:a8:88:5c:d3:00:d3:74:bc:ea:6d:d8:
                    cf:c1:c4:e9:33:f4:f9:a6:d4:65:08:22:a4:b5:59:
                    66:fa:0d:b9:00:37:b0:0c:54:f6:26:7b:ef:98:4f:
                    11:5f:bd:de:f7:d6:66:39:c6:be:0e:bf:c5:41:08:
                    86:74:4e:34:84:82:a6:5e:5c:74:71:59:93:84:3f:
                    7e:53:ae:1e:73:49:5b:a3:1a:57:03:4f:52:f3:1a:
                    3c:fd:38:0c:70:ae:39:db:c0:db:4a:f1:fd:d7:58:
                    bd:5b:e4:a0:8f:c8:61:17:14:ce:1a:f8:ad:84:13:
                    05:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:6B:B2:87:14:5A:0D:A7:8A:2A:6C:50:FB:C9:16:26:58:DB:D2:CA
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/QWuyhxRaDaeKKmxQ-8kWJljb0so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:82:5b:7f:73:79:fc:18:c0:96:72:bf:c5:0c:b1:b7:a8:47:
         b6:ea:41:44:8a:9b:3a:37:44:25:2f:f9:4a:80:3b:1d:fe:ed:
         33:21:2f:31:01:78:09:3d:14:af:c1:84:e3:8e:e9:c3:09:22:
         39:3c:ab:dc:19:c1:92:07:4a:4b:ec:5c:60:7c:20:c9:ee:3a:
         67:2d:49:75:7d:c2:65:d1:e5:81:72:1b:53:9a:52:31:7d:14:
         a9:34:df:c2:b7:f2:51:3b:e6:80:80:46:15:fa:a6:9e:62:18:
         94:bd:6b:d6:d0:01:c5:48:57:2d:cb:e8:b7:5f:be:0a:24:cb:
         71:f0:c5:a4:83:c8:00:9b:dc:2a:1c:78:70:8c:98:a1:61:9f:
         a3:b5:79:d5:1b:08:b5:3c:e5:db:b8:b4:2b:38:4f:28:1a:db:
         6e:6c:4c:37:a1:dd:c0:20:7a:3e:8c:dc:8d:91:2c:be:63:8b:
         fc:85:7d:f1:85:b7:5a:0f:25:48:72:1f:4f:ea:85:7b:bd:c5:
         c5:33:89:75:d1:5b:25:54:90:c4:06:8a:80:93:71:8e:9a:87:
         7a:34:2a:f3:c4:d5:de:69:5d:05:0b:1d:46:c2:a6:4d:9d:0c:
         97:c8:d2:e7:12:ac:fd:85:5d:e2:ba:d2:23:2b:f7:ae:96:c6:
         30:32:13:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+1HF9/IHhLpzgu8kow+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTZiYjI4NzE0NWEwZGE3OGEyYTZjNTBmYmM5MTYyNjU4ZGJkMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/qxbcNQfN+vZrLFRtT7aqK+GJ1k
qVyiFprdjBuc4xRP8HVu1gENgGuM9NEGm49/7YXV7MUzzyQr5dUUoVezvYDQ0xg4
xt88ApR0q7J8KIhE4Er0/psqpuQmobC5ZdaOdkHRvcbbte4kxPcmURfv7reEVcMJ
MXovCXh1Iavn5KcTmFir6mvIRgXnqIhc0wDTdLzqbdjPwcTpM/T5ptRlCCKktVlm
+g25ADewDFT2JnvvmE8RX73e99ZmOca+Dr/FQQiGdE40hIKmXlx0cVmThD9+U64e
c0lboxpXA09S8xo8/TgMcK4528DbSvH911i9W+Sgj8hhFxTOGvithBMFzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFrsocUWg2niipsUPvJFiZY29LKMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUVd1eWh4UmFEYWVLS214US04a1dKbGpiMHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmzbMA0G
CSqGSIb3DQEBCwUAA4IBAQCGglt/c3n8GMCWcr/FDLG3qEe26kFEips6N0QlL/lK
gDsd/u0zIS8xAXgJPRSvwYTjjunDCSI5PKvcGcGSB0pL7FxgfCDJ7jpnLUl1fcJl
0eWBchtTmlIxfRSpNN/Ct/JRO+aAgEYV+qaeYhiUvWvW0AHFSFcty+i3X74KJMtx
8MWkg8gAm9wqHHhwjJihYZ+jtXnVGwi1POXbuLQrOE8oGttubEw3od3AIHo+jNyN
kSy+Y4v8hX3xhbdaDyVIch9P6oV7vcXFM4l10VslVJDEBoqAk3GOmod6NCrzxNXe
aV0FCx1GwqZNnQyXyNLnEqz9hV3iutIjK/eulsYwMhOC
-----END CERTIFICATE-----