Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/IaeTEwJtU2EKstOhMSF78ATUCXM.roa
File:                     IaeTEwJtU2EKstOhMSF78ATUCXM.roa (raw, json)
Hash identifier:          DXtwHkKmOCisIkHvbgh1YerTYxT5FkGSDRKk1ziQyBY=
Subject key identifier:   21:A7:93:13:02:6D:53:61:0A:B2:D3:A1:31:21:7B:F0:04:D4:09:73
Certificate issuer:       /CN=77eda8f726a69b504de994943b0a5f2308c2a96b
Certificate serial:       019589FFFF591837F5D2465ED8BF4B5A5C78
Authority key identifier: 77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/IaeTEwJtU2EKstOhMSF78ATUCXM.roa
Signing time:             Wed 12 Mar 2025 10:56:50 +0000
ROA not before:           Wed 12 Mar 2025 10:56:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        194.45.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 13:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:89:ff:ff:59:18:37:f5:d2:46:5e:d8:bf:4b:5a:5c:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77eda8f726a69b504de994943b0a5f2308c2a96b
        Validity
            Not Before: Mar 12 10:56:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21a79313026d53610ab2d3a131217bf004d40973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:40:cc:29:15:ad:b9:23:35:5d:ae:ca:22:09:
                    af:96:e9:1b:20:c4:49:bb:69:fa:85:80:01:a1:8d:
                    e8:5e:c1:8b:b8:4a:d4:4f:3e:d4:b6:62:b1:bd:3a:
                    dc:1f:21:fa:2f:bd:01:2a:27:d4:27:bd:30:b3:43:
                    4b:17:b5:4e:6c:d3:33:a2:57:a5:85:e3:d8:a3:1d:
                    7f:04:6e:85:63:ff:36:d3:30:ed:bc:a5:9d:c5:19:
                    1c:ff:8e:e1:e4:5b:ac:3e:b7:f4:c9:94:59:7d:0c:
                    cf:4f:71:fd:2c:87:00:ab:73:e4:0c:83:c6:73:dc:
                    b6:30:04:36:69:97:73:ce:1a:4f:f3:08:bf:28:22:
                    79:d8:43:a6:d3:9e:82:0f:c6:0b:12:4a:fb:27:42:
                    75:24:2f:ef:69:72:97:49:98:d9:03:56:78:cb:f2:
                    86:09:6b:e1:48:7e:c8:6d:a7:df:8b:37:f5:e3:c1:
                    19:86:8f:2b:7d:3b:9b:46:1f:67:69:48:bb:fa:1b:
                    53:5d:99:09:fe:1f:8b:4a:ec:1a:43:ee:64:e4:44:
                    2d:2f:61:c4:c0:32:26:df:ae:b6:f8:6b:66:6a:8a:
                    b7:dd:02:bc:ad:f2:0c:ed:d4:8f:bf:d4:6d:c9:4f:
                    b8:51:c4:80:23:da:76:a3:c8:08:37:38:bd:3c:39:
                    a4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A7:93:13:02:6D:53:61:0A:B2:D3:A1:31:21:7B:F0:04:D4:09:73
            X509v3 Authority Key Identifier:
                keyid:77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/IaeTEwJtU2EKstOhMSF78ATUCXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.45.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:89:d3:f3:07:d9:ca:dc:f7:1e:57:c4:54:7b:c9:d8:f7:9d:
         99:8a:d8:93:4e:02:bf:e4:69:7e:c9:f6:b3:e1:45:c6:24:ad:
         70:a1:98:c4:1c:2c:c2:72:8a:35:f2:ab:d4:86:84:de:87:7a:
         d7:87:f9:4c:3b:8c:ad:09:aa:49:45:36:63:ba:2b:b7:6c:2d:
         28:a4:7f:4a:4a:55:6b:43:8f:d2:88:1a:34:d4:0f:54:95:41:
         c6:4b:79:eb:0a:e4:96:16:4d:2f:49:f4:6d:7b:4b:d0:9a:50:
         4e:af:9c:31:41:5c:82:17:d1:0c:89:69:8b:e2:9e:b1:ef:75:
         fc:88:80:e7:86:d6:76:6e:7e:01:35:bc:eb:59:94:f1:16:96:
         a0:a2:28:ff:7b:8c:67:31:96:7d:04:af:cc:f2:e5:c0:80:b1:
         13:b6:8a:47:93:2c:3b:48:28:2b:60:ce:6f:63:47:76:6b:65:
         7e:f4:39:ed:a3:f0:57:65:48:ec:e1:69:a8:99:57:cf:8b:c5:
         0a:b6:c2:44:4d:97:32:15:c0:75:68:38:ff:7e:09:bd:bf:f2:
         15:e4:4d:81:98:f9:f2:48:40:3f:a8:62:df:83:dd:f4:38:14:
         c3:ae:53:03:29:ae:66:37:bb:2b:25:e2:66:8b:c2:e7:ba:ba:
         21:6b:65:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWJ//9ZGDf10kZe2L9LWlx4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZWRhOGY3MjZhNjliNTA0ZGU5OTQ5NDNiMGE1ZjIzMDhj
MmE5NmIwHhcNMjUwMzEyMTA1NjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWE3OTMxMzAyNmQ1MzYxMGFiMmQzYTEzMTIxN2JmMDA0ZDQwOTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEDMKRWtuSM1Xa7KIgmvlukbIMRJ
u2n6hYABoY3oXsGLuErUTz7UtmKxvTrcHyH6L70BKifUJ70ws0NLF7VObNMzolel
hePYox1/BG6FY/820zDtvKWdxRkc/47h5FusPrf0yZRZfQzPT3H9LIcAq3PkDIPG
c9y2MAQ2aZdzzhpP8wi/KCJ52EOm056CD8YLEkr7J0J1JC/vaXKXSZjZA1Z4y/KG
CWvhSH7Ibaffizf148EZho8rfTubRh9naUi7+htTXZkJ/h+LSuwaQ+5k5EQtL2HE
wDIm3662+Gtmaoq33QK8rfIM7dSPv9RtyU+4UcSAI9p2o8gINzi9PDmk/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGnkxMCbVNhCrLToTEhe/AE1AlzMB8GA1UdIwQY
MBaAFHftqPcmpptQTemUlDsKXyMIwqlrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTkt
NjA4NGNmYzZlNGM0LzEvSWFlVEV3SnRVMkVLc3RPaE1TRjc4QVRVQ1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTktNjA4NGNmYzZlNGM0
LzEvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwi0AMA0G
CSqGSIb3DQEBCwUAA4IBAQAwidPzB9nK3PceV8RUe8nY952ZitiTTgK/5Gl+yfaz
4UXGJK1woZjEHCzCcoo18qvUhoTeh3rXh/lMO4ytCapJRTZjuiu3bC0opH9KSlVr
Q4/SiBo01A9UlUHGS3nrCuSWFk0vSfRte0vQmlBOr5wxQVyCF9EMiWmL4p6x73X8
iIDnhtZ2bn4BNbzrWZTxFpagoij/e4xnMZZ9BK/M8uXAgLETtopHkyw7SCgrYM5v
Y0d2a2V+9Dnto/BXZUjs4WmomVfPi8UKtsJETZcyFcB1aDj/fgm9v/IV5E2BmPny
SEA/qGLfg930OBTDrlMDKa5mN7srJeJmi8Lnuroha2Uj
-----END CERTIFICATE-----