Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/r_pXvYOMh3gSQPYuo_0x5LIDY1s.roa
File:                     r_pXvYOMh3gSQPYuo_0x5LIDY1s.roa (raw, json)
Hash identifier:          bQrJT1cr1jHVeYHOeCbVvQ+uUO5ecYBMkZwEAtD6RHk=
Subject key identifier:   AF:FA:57:BD:83:8C:87:78:12:40:F6:2E:A3:FD:31:E4:B2:03:63:5B
Certificate issuer:       /CN=779d815db3226b7a848961262ad74ffc15557fa1
Certificate serial:       01941F8C1203A5BE9025701948C721D9B51F
Authority key identifier: 77:9D:81:5D:B3:22:6B:7A:84:89:61:26:2A:D7:4F:FC:15:55:7F:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d52BXbMia3qEiWEmKtdP_BVVf6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/r_pXvYOMh3gSQPYuo_0x5LIDY1s.roa
Signing time:             Wed 01 Jan 2025 01:47:40 +0000
ROA not before:           Wed 01 Jan 2025 01:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51210
IP address blocks:        178.217.240.0/21 maxlen: 21
                          2001:67c:48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/d52BXbMia3qEiWEmKtdP_BVVf6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/d52BXbMia3qEiWEmKtdP_BVVf6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d52BXbMia3qEiWEmKtdP_BVVf6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 22:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:12:03:a5:be:90:25:70:19:48:c7:21:d9:b5:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=779d815db3226b7a848961262ad74ffc15557fa1
        Validity
            Not Before: Jan  1 01:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=affa57bd838c87781240f62ea3fd31e4b203635b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:84:8e:c0:95:17:16:e9:df:34:ca:18:17:03:
                    7c:f2:55:4f:90:f1:fc:b9:28:ac:ab:91:9a:67:62:
                    1f:85:c0:86:67:37:c6:79:c1:82:20:63:20:53:70:
                    50:ce:ad:58:3f:e2:cf:cd:b2:40:51:9a:eb:df:20:
                    44:60:7c:be:c6:42:a1:d0:5c:e5:b1:d1:60:ae:cd:
                    a7:d3:37:b9:6c:a3:f5:55:b2:98:07:85:aa:3d:04:
                    30:0e:48:89:12:9b:48:c7:d8:7a:01:3f:99:ff:b0:
                    de:6b:e4:f3:b6:f3:55:46:66:f6:28:20:af:1a:28:
                    76:a7:b9:57:96:59:37:42:ed:bd:0c:78:0e:73:81:
                    b3:3d:52:33:bb:2c:9e:93:fd:db:f6:50:62:bd:20:
                    74:85:e1:6f:64:c2:23:3d:d5:39:23:09:4b:05:26:
                    05:d9:dd:68:3d:bb:2d:72:be:f0:7d:f0:0d:5e:c0:
                    0b:fb:db:07:23:1d:0b:ed:c8:13:63:c0:05:75:7f:
                    70:43:46:e0:a2:22:bc:4b:f4:a8:e3:f9:8c:fe:c7:
                    25:ec:c2:04:25:20:02:c9:9a:48:f3:b7:be:e2:46:
                    42:5a:ca:89:ec:d4:ed:78:e6:f7:61:a3:8d:c9:f6:
                    b7:8d:aa:27:ed:5c:02:81:52:db:df:16:a5:fc:98:
                    9d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:FA:57:BD:83:8C:87:78:12:40:F6:2E:A3:FD:31:E4:B2:03:63:5B
            X509v3 Authority Key Identifier:
                keyid:77:9D:81:5D:B3:22:6B:7A:84:89:61:26:2A:D7:4F:FC:15:55:7F:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d52BXbMia3qEiWEmKtdP_BVVf6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/r_pXvYOMh3gSQPYuo_0x5LIDY1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/791a4e-1be9-4976-bd95-6561c849057f/1/d52BXbMia3qEiWEmKtdP_BVVf6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.217.240.0/21
                IPv6:
                  2001:67c:48::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:d0:37:cf:6e:de:a8:1f:f0:35:c8:36:c6:89:0b:ba:d1:4c:
         29:c5:ca:96:75:27:e9:d0:28:70:41:57:dc:68:71:ac:5d:73:
         b5:a7:b0:47:49:ba:de:07:da:23:2e:5c:76:5e:36:9e:c9:37:
         dd:6a:5d:a9:c8:1e:ee:83:6a:b7:a0:d4:43:1a:b5:5a:96:64:
         13:de:51:22:b2:58:4b:94:15:0a:eb:17:c8:e7:bf:33:36:1f:
         61:7e:13:4f:2d:88:c6:2f:6c:1a:62:b9:58:1e:4e:69:82:85:
         25:8f:40:85:69:2c:54:e3:06:00:43:ba:9d:8e:7f:d9:fc:0b:
         1f:ee:04:8d:dd:66:44:8e:fe:e0:ed:0c:03:85:3d:cc:2a:03:
         58:6d:04:02:75:50:59:e3:fe:94:5c:f4:ee:7b:b8:af:0e:22:
         07:86:66:ef:b9:4a:9c:6e:6e:97:06:89:f7:62:6e:22:69:83:
         ec:84:5f:35:2c:0a:6f:b0:d8:68:58:d6:fd:53:d4:86:c0:08:
         06:a1:64:f8:3e:f2:13:0f:75:3c:d9:f1:8f:37:e3:9d:f5:17:
         bb:dc:3c:bf:c7:c5:17:a7:46:a3:dc:5e:29:73:8a:b1:f2:d2:
         10:6b:20:a2:77:e6:80:df:6c:99:de:a7:29:74:39:fd:e6:38:
         a7:a2:0d:43
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjBIDpb6QJXAZSMch2bUfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3OWQ4MTVkYjMyMjZiN2E4NDg5NjEyNjJhZDc0ZmZjMTU1
NTdmYTEwHhcNMjUwMTAxMDE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmZhNTdiZDgzOGM4Nzc4MTI0MGY2MmVhM2ZkMzFlNGIyMDM2MzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4SOwJUXFunfNMoYFwN88lVPkPH8
uSisq5GaZ2IfhcCGZzfGecGCIGMgU3BQzq1YP+LPzbJAUZrr3yBEYHy+xkKh0Fzl
sdFgrs2n0ze5bKP1VbKYB4WqPQQwDkiJEptIx9h6AT+Z/7Dea+TztvNVRmb2KCCv
Gih2p7lXllk3Qu29DHgOc4GzPVIzuyyek/3b9lBivSB0heFvZMIjPdU5IwlLBSYF
2d1oPbstcr7wffANXsAL+9sHIx0L7cgTY8AFdX9wQ0bgoiK8S/So4/mM/scl7MIE
JSACyZpI87e+4kZCWsqJ7NTteOb3YaONyfa3jaon7VwCgVLb3xal/Jid9wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK/6V72DjId4EkD2LqP9MeSyA2NbMB8GA1UdIwQY
MBaAFHedgV2zImt6hIlhJirXT/wVVX+hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDUyQlhiTWlhM3FFaVdFbUt0ZFBfQlZWZjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy83OTFhNGUtMWJlOS00OTc2LWJkOTUt
NjU2MWM4NDkwNTdmLzEvcl9wWHZZT01oM2dTUVBZdW9fMHg1TElEWTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy83OTFhNGUtMWJlOS00OTc2LWJkOTUtNjU2MWM4NDkwNTdm
LzEvZDUyQlhiTWlhM3FFaVdFbUt0ZFBfQlZWZjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDstnwMA8E
AgACMAkDBwAgAQZ8AEgwDQYJKoZIhvcNAQELBQADggEBAATQN89u3qgf8DXINsaJ
C7rRTCnFypZ1J+nQKHBBV9xocaxdc7WnsEdJut4H2iMuXHZeNp7JN91qXanIHu6D
areg1EMatVqWZBPeUSKyWEuUFQrrF8jnvzM2H2F+E08tiMYvbBpiuVgeTmmChSWP
QIVpLFTjBgBDup2Of9n8Cx/uBI3dZkSO/uDtDAOFPcwqA1htBAJ1UFnj/pRc9O57
uK8OIgeGZu+5SpxubpcGifdibiJpg+yEXzUsCm+w2GhY1v1T1IbACAahZPg+8hMP
dTzZ8Y834531F7vcPL/HxRenRqPcXilzirHy0hBrIKJ35oDfbJnepyl0Of3mOKei
DUM=
-----END CERTIFICATE-----