Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/Yhx7BXYzTzzS5t_9FaN3gvqDvvU.roa
File:                     Yhx7BXYzTzzS5t_9FaN3gvqDvvU.roa (raw, json)
Hash identifier:          6o6oe2/9E1nYEVGVicr/zo6Y4uqUD4D2A8TAd6evSwY=
Subject key identifier:   62:1C:7B:05:76:33:4F:3C:D2:E6:DF:FD:15:A3:77:82:FA:83:BE:F5
Certificate issuer:       /CN=844582ca704717eb0c94be4d89413f4bc2d8b8e5
Certificate serial:       019421B1B7FE84CC04EB5FD0338737EE09B7
Authority key identifier: 84:45:82:CA:70:47:17:EB:0C:94:BE:4D:89:41:3F:4B:C2:D8:B8:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEWCynBHF-sMlL5NiUE_S8LYuOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/Yhx7BXYzTzzS5t_9FaN3gvqDvvU.roa
Signing time:             Wed 01 Jan 2025 11:48:02 +0000
ROA not before:           Wed 01 Jan 2025 11:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56335
IP address blocks:        147.78.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/hEWCynBHF-sMlL5NiUE_S8LYuOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/hEWCynBHF-sMlL5NiUE_S8LYuOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEWCynBHF-sMlL5NiUE_S8LYuOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b7:fe:84:cc:04:eb:5f:d0:33:87:37:ee:09:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844582ca704717eb0c94be4d89413f4bc2d8b8e5
        Validity
            Not Before: Jan  1 11:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=621c7b0576334f3cd2e6dffd15a37782fa83bef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a6:8d:76:cd:ce:5b:aa:0d:49:17:1c:30:b4:
                    bc:9d:e7:c6:57:3d:88:39:db:05:04:4e:d8:db:44:
                    a7:4d:34:f4:50:8a:a0:bf:ca:51:4e:60:bd:64:f9:
                    5c:39:ef:b3:4d:b2:78:71:18:d2:b3:c4:06:7f:59:
                    9f:29:2b:4c:c8:f4:98:f9:a0:95:97:ed:3d:68:cc:
                    d4:5f:1f:24:ca:a2:2b:1d:74:e1:0a:28:b7:2a:50:
                    b0:6e:39:aa:4d:40:fc:ab:cb:f5:48:c2:2a:6a:af:
                    d9:bd:48:e6:3a:42:6a:40:a2:09:6a:ad:89:71:d5:
                    ea:8b:ba:71:36:cd:db:52:39:80:70:d2:1c:e2:6e:
                    43:3d:9a:85:72:d3:42:a7:a5:c2:54:95:e0:03:66:
                    8d:71:1b:5f:1c:63:d1:b6:f0:5c:0b:6f:a0:17:b9:
                    84:d0:cb:a9:5a:02:a9:c4:06:c3:04:3b:2b:f2:9c:
                    e4:48:76:81:fc:5e:6b:cd:26:cf:6f:87:23:eb:60:
                    18:6f:4a:cc:11:b3:94:95:0d:9a:a3:3f:82:67:8f:
                    7e:fb:7b:66:44:53:3f:3c:ae:43:de:bf:60:30:03:
                    76:2d:d5:b9:a6:d9:4d:fc:be:6a:d8:75:95:bb:6f:
                    87:c3:dd:2f:d7:42:aa:46:70:c8:a9:c4:cf:d7:ab:
                    d0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:1C:7B:05:76:33:4F:3C:D2:E6:DF:FD:15:A3:77:82:FA:83:BE:F5
            X509v3 Authority Key Identifier:
                keyid:84:45:82:CA:70:47:17:EB:0C:94:BE:4D:89:41:3F:4B:C2:D8:B8:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEWCynBHF-sMlL5NiUE_S8LYuOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/Yhx7BXYzTzzS5t_9FaN3gvqDvvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/hEWCynBHF-sMlL5NiUE_S8LYuOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:35:08:fd:74:4a:ea:cd:cd:c2:55:fa:be:41:97:e6:5e:35:
         af:63:07:16:c3:dc:2a:d7:55:74:7d:fd:ad:6a:ec:e8:2e:be:
         10:03:02:69:4a:10:9f:86:53:e7:fa:7a:80:5a:ba:43:8f:4e:
         aa:ea:e3:86:ab:8c:0a:88:0a:81:ef:0c:23:12:20:b1:22:f8:
         21:bc:01:f2:ca:97:b8:e4:03:30:14:d2:9b:58:5f:a9:3d:51:
         04:43:8c:52:8c:bb:fc:c0:44:29:07:84:10:c0:b6:1b:12:26:
         ba:74:df:05:d5:15:c6:d8:3f:d4:64:d9:34:c7:d3:6d:97:eb:
         db:9f:dd:60:87:91:aa:c8:43:4d:ce:db:82:43:67:5f:fe:ff:
         3b:75:be:63:b0:a0:d4:d6:ec:c3:f2:0b:30:20:79:23:e6:22:
         92:20:67:51:0e:6c:17:f8:21:d3:86:d0:a0:be:f2:27:0f:38:
         b8:87:9b:20:6e:46:e1:87:09:76:70:6e:cf:77:a5:86:f8:c9:
         02:ce:e3:8a:fd:78:cb:6d:db:fe:1b:7e:4b:82:49:18:5b:6f:
         58:02:55:b9:03:9a:f9:f5:0d:8c:34:02:12:8e:50:b3:ac:51:
         61:e7:d5:9d:8a:7d:98:14:1b:05:e5:ae:d9:db:c1:e2:c8:29:
         12:37:43:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbf+hMwE61/QM4c37gm3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDU4MmNhNzA0NzE3ZWIwYzk0YmU0ZDg5NDEzZjRiYzJk
OGI4ZTUwHhcNMjUwMTAxMTE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjFjN2IwNTc2MzM0ZjNjZDJlNmRmZmQxNWEzNzc4MmZhODNiZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KaNds3OW6oNSRccMLS8nefGVz2I
OdsFBE7Y20SnTTT0UIqgv8pRTmC9ZPlcOe+zTbJ4cRjSs8QGf1mfKStMyPSY+aCV
l+09aMzUXx8kyqIrHXThCii3KlCwbjmqTUD8q8v1SMIqaq/ZvUjmOkJqQKIJaq2J
cdXqi7pxNs3bUjmAcNIc4m5DPZqFctNCp6XCVJXgA2aNcRtfHGPRtvBcC2+gF7mE
0MupWgKpxAbDBDsr8pzkSHaB/F5rzSbPb4cj62AYb0rMEbOUlQ2aoz+CZ49++3tm
RFM/PK5D3r9gMAN2LdW5ptlN/L5q2HWVu2+Hw90v10KqRnDIqcTP16vQ+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIcewV2M0880ubf/RWjd4L6g771MB8GA1UdIwQY
MBaAFIRFgspwRxfrDJS+TYlBP0vC2LjlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVXQ3luQkhGLXNNbEw1TmlVRV9TOExZdU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83MzVlNDItYzYwOC00NmI2LThmNzAt
ZjIzZjY2ZjhkMjQyLzEvWWh4N0JYWXpUenpTNXRfOUZhTjNndnFEdnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83MzVlNDItYzYwOC00NmI2LThmNzAtZjIzZjY2ZjhkMjQy
LzEvaEVXQ3luQkhGLXNNbEw1TmlVRV9TOExZdU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk04HMA0G
CSqGSIb3DQEBCwUAA4IBAQBgNQj9dErqzc3CVfq+QZfmXjWvYwcWw9wq11V0ff2t
auzoLr4QAwJpShCfhlPn+nqAWrpDj06q6uOGq4wKiAqB7wwjEiCxIvghvAHyype4
5AMwFNKbWF+pPVEEQ4xSjLv8wEQpB4QQwLYbEia6dN8F1RXG2D/UZNk0x9Ntl+vb
n91gh5GqyENNztuCQ2df/v87db5jsKDU1uzD8gswIHkj5iKSIGdRDmwX+CHThtCg
vvInDzi4h5sgbkbhhwl2cG7Pd6WG+MkCzuOK/XjLbdv+G35LgkkYW29YAlW5A5r5
9Q2MNAISjlCzrFFh59Wdin2YFBsF5a7Z28HiyCkSN0Pl
-----END CERTIFICATE-----