Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/ihZ66_FRP1ZEi9NozSdwfCGel-M.roa
File:                     ihZ66_FRP1ZEi9NozSdwfCGel-M.roa (raw, json)
Hash identifier:          wFOQHVX1zMY4YtBKixW4VOsy+9ZxuzYcQZi+JYB6nWA=
Subject key identifier:   8A:16:7A:EB:F1:51:3F:56:44:8B:D3:68:CD:27:70:7C:21:9E:97:E3
Certificate issuer:       /CN=0c7887582d83d3f087682af8780a324a353ce782
Certificate serial:       0194ADD10E39B67F4C4793B92DB0FBE89805
Authority key identifier: 0C:78:87:58:2D:83:D3:F0:87:68:2A:F8:78:0A:32:4A:35:3C:E7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/ihZ66_FRP1ZEi9NozSdwfCGel-M.roa
Signing time:             Tue 28 Jan 2025 16:49:06 +0000
ROA not before:           Tue 28 Jan 2025 16:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60175
IP address blocks:        213.179.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ad:d1:0e:39:b6:7f:4c:47:93:b9:2d:b0:fb:e8:98:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c7887582d83d3f087682af8780a324a353ce782
        Validity
            Not Before: Jan 28 16:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a167aebf1513f56448bd368cd27707c219e97e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:83:38:b8:82:1c:f3:6d:19:9b:75:55:ea:41:
                    0a:59:4e:3b:99:90:90:87:ac:0c:66:fa:1e:04:db:
                    62:a5:82:6b:f9:d2:25:de:44:5d:ce:8c:1f:06:04:
                    b6:47:46:ff:9d:ce:cc:b2:71:2f:18:2d:8a:8b:d7:
                    67:d4:47:b2:6a:13:c3:76:93:ef:7e:dc:be:e0:ea:
                    52:14:6e:9c:78:8f:87:18:e7:c5:50:08:28:95:cf:
                    72:0f:6d:b1:2b:13:29:c8:ef:0b:df:92:bb:6a:d9:
                    1e:e5:fd:73:cc:0d:1e:7c:f8:27:f9:f4:a0:f9:93:
                    3a:9d:4f:12:e0:0d:1e:a6:43:85:51:21:c6:d5:12:
                    88:4a:a9:46:6b:36:59:28:5d:bc:03:30:38:38:04:
                    a1:bd:47:09:76:90:4e:ee:9c:93:99:c5:f4:a0:3c:
                    e6:60:61:36:54:fd:04:be:8d:05:36:0f:75:dc:e9:
                    8f:d1:24:b9:83:2b:d4:ec:2a:bb:91:5d:05:08:e2:
                    d1:ef:e4:ba:27:e6:d6:f6:22:ae:90:31:8f:c3:dd:
                    2b:5e:f8:dd:47:5a:1d:fb:f8:3d:d2:93:96:65:5a:
                    9c:a2:3a:26:de:66:59:6e:b2:aa:a1:b5:7d:c7:9c:
                    c4:65:34:66:14:3c:da:f6:a3:55:da:ab:73:21:e1:
                    98:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:16:7A:EB:F1:51:3F:56:44:8B:D3:68:CD:27:70:7C:21:9E:97:E3
            X509v3 Authority Key Identifier:
                keyid:0C:78:87:58:2D:83:D3:F0:87:68:2A:F8:78:0A:32:4A:35:3C:E7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DHiHWC2D0_CHaCr4eAoySjU854I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/ihZ66_FRP1ZEi9NozSdwfCGel-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/bff48f-0a30-478d-b2db-ad4a1da393a1/1/DHiHWC2D0_CHaCr4eAoySjU854I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.179.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:92:f4:15:c2:5e:5e:dd:db:6f:16:8f:a0:b0:37:bc:b0:31:
         f8:35:38:5b:31:bd:7b:1c:78:79:1f:81:66:72:3a:9b:d6:4d:
         6d:8a:75:f3:cb:bb:85:93:0b:da:d4:4f:d9:ed:f5:16:4f:87:
         37:7d:8f:09:91:4e:a6:a0:56:d4:6c:11:47:44:80:6a:a6:ea:
         2a:6d:3f:6a:67:34:78:e5:98:05:89:43:7d:30:ba:80:0c:dc:
         5b:ae:a2:a5:b4:59:f6:df:54:55:24:60:95:23:e5:23:79:35:
         90:89:fe:a1:8b:ba:a3:3f:18:31:27:6a:2d:56:e0:85:49:bb:
         0e:60:db:b6:3f:b8:97:cc:a5:30:2f:f8:75:a7:23:71:16:a2:
         1c:66:cb:a6:d4:05:f0:36:17:f6:7a:06:9a:f3:b8:ef:79:89:
         44:05:b8:55:96:a5:0e:97:62:55:59:e6:e8:18:40:67:a1:1d:
         e4:16:95:86:2a:51:bc:fd:4c:d4:c8:27:f6:a1:df:ba:3c:1a:
         49:22:84:96:b0:31:e1:f6:0e:05:a2:32:b2:50:f8:da:ed:3e:
         8a:44:ab:6e:0f:bd:7a:b4:22:ed:1d:ba:ae:24:e1:26:4a:6f:
         28:a6:2b:17:6f:32:0d:bc:a7:a5:d3:68:76:c9:2d:da:c2:3e:
         fa:86:a3:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSt0Q45tn9MR5O5LbD76JgFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNzg4NzU4MmQ4M2QzZjA4NzY4MmFmODc4MGEzMjRhMzUz
Y2U3ODIwHhcNMjUwMTI4MTY0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTE2N2FlYmYxNTEzZjU2NDQ4YmQzNjhjZDI3NzA3YzIxOWU5N2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4M4uIIc820Zm3VV6kEKWU47mZCQ
h6wMZvoeBNtipYJr+dIl3kRdzowfBgS2R0b/nc7MsnEvGC2Ki9dn1EeyahPDdpPv
fty+4OpSFG6ceI+HGOfFUAgolc9yD22xKxMpyO8L35K7atke5f1zzA0efPgn+fSg
+ZM6nU8S4A0epkOFUSHG1RKISqlGazZZKF28AzA4OAShvUcJdpBO7pyTmcX0oDzm
YGE2VP0Evo0FNg913OmP0SS5gyvU7Cq7kV0FCOLR7+S6J+bW9iKukDGPw90rXvjd
R1od+/g90pOWZVqcojom3mZZbrKqobV9x5zEZTRmFDza9qNV2qtzIeGY1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoWeuvxUT9WRIvTaM0ncHwhnpfjMB8GA1UdIwQY
MBaAFAx4h1gtg9Pwh2gq+HgKMko1POeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREhpSFdDMkQwX0NIYUNyNGVBb3lTalU4NTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iZmY0OGYtMGEzMC00NzhkLWIyZGIt
YWQ0YTFkYTM5M2ExLzEvaWhaNjZfRlJQMVpFaTlOb3pTZHdmQ0dlbC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iZmY0OGYtMGEzMC00NzhkLWIyZGItYWQ0YTFkYTM5M2Ex
LzEvREhpSFdDMkQwX0NIYUNyNGVBb3lTalU4NTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bNHMA0G
CSqGSIb3DQEBCwUAA4IBAQBhkvQVwl5e3dtvFo+gsDe8sDH4NThbMb17HHh5H4Fm
cjqb1k1tinXzy7uFkwva1E/Z7fUWT4c3fY8JkU6moFbUbBFHRIBqpuoqbT9qZzR4
5ZgFiUN9MLqADNxbrqKltFn231RVJGCVI+UjeTWQif6hi7qjPxgxJ2otVuCFSbsO
YNu2P7iXzKUwL/h1pyNxFqIcZsum1AXwNhf2egaa87jveYlEBbhVlqUOl2JVWebo
GEBnoR3kFpWGKlG8/UzUyCf2od+6PBpJIoSWsDHh9g4FojKyUPja7T6KRKtuD716
tCLtHbquJOEmSm8opisXbzINvKel02h2yS3awj76hqOb
-----END CERTIFICATE-----