Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/3UXfxzBUjpd2dvq5bafsNogmKlM.roa
File:                     3UXfxzBUjpd2dvq5bafsNogmKlM.roa (raw, json)
Hash identifier:          bA7f58jlZlzveYNtUmlKVRtEpQ5Dv4hyfzeaC10VHb8=
Subject key identifier:   DD:45:DF:C7:30:54:8E:97:76:76:FA:B9:6D:A7:EC:36:88:26:2A:53
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       01942521C0C958BF452EDFD971E01628A17F
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/3UXfxzBUjpd2dvq5bafsNogmKlM.roa
Signing time:             Thu 02 Jan 2025 03:49:16 +0000
ROA not before:           Thu 02 Jan 2025 03:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8352
IP address blocks:        78.153.250.0/24 maxlen: 24
                          95.143.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c0:c9:58:bf:45:2e:df:d9:71:e0:16:28:a1:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  2 03:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd45dfc730548e977676fab96da7ec3688262a53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:5f:cd:b6:31:21:f7:f2:fd:d1:be:18:3d:c7:
                    0f:71:78:48:7a:54:ea:55:5d:f1:1e:ab:07:3c:73:
                    a1:cb:d4:c4:24:db:14:db:2d:85:cf:d7:f2:70:66:
                    8f:82:e8:69:78:e3:e1:84:f9:46:f3:db:8b:8a:2f:
                    25:8b:ae:24:81:90:af:d7:c0:86:a4:ec:41:4c:ab:
                    76:a9:21:8f:fa:d7:35:11:b7:46:95:1a:8a:9e:55:
                    8c:a2:27:85:bc:a6:d2:97:18:7b:9e:2e:0b:7d:91:
                    20:5a:ad:7c:ee:ce:bb:bb:83:b1:88:b3:4e:0b:86:
                    df:bf:45:59:c3:3b:21:98:44:7c:a5:3b:14:09:e1:
                    04:1d:f6:7e:5e:ea:cf:c8:d1:0f:26:7c:03:8c:95:
                    bd:a7:96:a5:d4:6c:77:f9:e6:5f:86:42:64:83:be:
                    2b:85:f0:f9:04:90:78:29:61:ca:29:c1:97:1f:43:
                    41:9c:85:a7:0b:ce:44:db:e8:b4:ec:6b:b6:cc:f6:
                    1a:47:a5:1b:34:ba:82:8f:19:bc:08:e3:15:3c:5d:
                    38:00:4a:91:16:10:4b:0a:b4:ff:0b:85:83:f3:bc:
                    df:19:39:df:cb:20:35:29:1b:4b:cc:9e:1e:35:6c:
                    98:64:d1:87:10:e3:b7:b9:27:ee:e5:2a:74:bc:0c:
                    ba:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:45:DF:C7:30:54:8E:97:76:76:FA:B9:6D:A7:EC:36:88:26:2A:53
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/3UXfxzBUjpd2dvq5bafsNogmKlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.250.0/24
                  95.143.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:8b:63:60:c9:95:5d:3e:a9:0f:df:ff:cd:7f:33:27:34:16:
         29:86:88:eb:a6:0d:dc:0e:6a:ef:61:c8:d0:33:83:c0:6c:58:
         a6:2f:dc:cf:79:8f:c4:a9:02:b8:38:b9:95:d2:b0:04:9a:79:
         9c:2f:fc:4d:19:48:c1:1c:95:51:0e:3a:73:16:cd:4c:64:ac:
         39:47:82:04:fb:75:eb:6c:7b:9c:99:e3:96:56:a5:ee:50:77:
         af:28:c1:57:13:1f:55:15:6c:d0:ad:65:fc:61:e6:16:b9:4d:
         71:c2:e9:e3:d0:dd:ed:33:94:f4:78:b1:ef:2b:e1:27:65:7f:
         68:03:41:73:5f:79:71:99:3e:0b:71:c8:f7:ea:ea:d8:52:4c:
         07:36:c5:8a:2e:bf:9d:5b:96:71:d2:de:6a:8a:ea:93:27:24:
         a7:8e:b5:db:70:f2:e1:6e:db:7b:18:d2:c4:33:61:bb:9a:b4:
         b9:66:06:de:8d:49:08:24:3b:b4:e4:f9:94:21:a3:36:33:c7:
         e4:e6:93:2f:d4:76:38:94:18:f9:69:40:e2:21:5e:3b:8b:88:
         b1:ed:54:bf:ba:af:e4:84:9d:54:ee:b9:fc:c0:b7:28:ac:fd:
         de:31:fa:9e:d9:5f:da:8f:85:01:ec:40:dd:21:66:1d:95:79:
         31:d2:ca:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIcDJWL9FLt/ZceAWKKF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjUwMTAyMDM0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQ1ZGZjNzMwNTQ4ZTk3NzY3NmZhYjk2ZGE3ZWMzNjg4MjYyYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31/NtjEh9/L90b4YPccPcXhIelTq
VV3xHqsHPHOhy9TEJNsU2y2Fz9fycGaPguhpeOPhhPlG89uLii8li64kgZCv18CG
pOxBTKt2qSGP+tc1EbdGlRqKnlWMoieFvKbSlxh7ni4LfZEgWq187s67u4OxiLNO
C4bfv0VZwzshmER8pTsUCeEEHfZ+XurPyNEPJnwDjJW9p5al1Gx3+eZfhkJkg74r
hfD5BJB4KWHKKcGXH0NBnIWnC85E2+i07Gu2zPYaR6UbNLqCjxm8COMVPF04AEqR
FhBLCrT/C4WD87zfGTnfyyA1KRtLzJ4eNWyYZNGHEOO3uSfu5Sp0vAy6vwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN1F38cwVI6Xdnb6uW2n7DaIJipTMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvM1VYZnh6QlVqcGQyZHZxNWJhZnNOb2dtS2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATpn6AwQA
X49LMA0GCSqGSIb3DQEBCwUAA4IBAQCki2NgyZVdPqkP3//NfzMnNBYphojrpg3c
DmrvYcjQM4PAbFimL9zPeY/EqQK4OLmV0rAEmnmcL/xNGUjBHJVRDjpzFs1MZKw5
R4IE+3XrbHucmeOWVqXuUHevKMFXEx9VFWzQrWX8YeYWuU1xwunj0N3tM5T0eLHv
K+EnZX9oA0FzX3lxmT4Lccj36urYUkwHNsWKLr+dW5Zx0t5qiuqTJySnjrXbcPLh
btt7GNLEM2G7mrS5ZgbejUkIJDu05PmUIaM2M8fk5pMv1HY4lBj5aUDiIV47i4ix
7VS/uq/khJ1U7rn8wLcorP3eMfqe2V/aj4UB7EDdIWYdlXkx0srK
-----END CERTIFICATE-----