Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/316HUHVaTURv6QAbNKnjijxsrWc.roa
File:                     316HUHVaTURv6QAbNKnjijxsrWc.roa (raw, json)
Hash identifier:          HxDnqH4jBx7TcLDFfZMb8hD49uNoY7/Hc2rLkshPS+w=
Subject key identifier:   DF:5E:87:50:75:5A:4D:44:6F:E9:00:1B:34:A9:E3:8A:3C:6C:AD:67
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       0194266BA46895FC5027A35F62C77C464B9A
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/316HUHVaTURv6QAbNKnjijxsrWc.roa
Signing time:             Thu 02 Jan 2025 09:49:36 +0000
ROA not before:           Thu 02 Jan 2025 09:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214440
IP address blocks:        78.136.71.0/24 maxlen: 24
                          95.178.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 09:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:a4:68:95:fc:50:27:a3:5f:62:c7:7c:46:4b:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 09:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df5e8750755a4d446fe9001b34a9e38a3c6cad67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:05:29:de:17:57:e5:9e:47:38:b9:7b:46:6e:
                    3a:17:15:a0:02:98:02:1e:70:bc:b2:e8:c7:af:09:
                    de:2c:12:7d:35:04:18:31:a1:9f:58:12:18:d1:80:
                    4d:16:11:8b:f2:7f:1a:71:41:b8:da:7f:24:d7:d9:
                    98:af:79:a5:d0:57:64:0d:b8:04:05:d3:83:4e:2e:
                    e4:a9:df:6d:12:6b:e3:00:b7:ec:f2:37:22:a4:f0:
                    bd:ea:fb:7b:08:b4:ca:6e:76:27:74:64:47:1e:c5:
                    fc:b5:44:a5:92:ee:87:a6:75:11:91:64:32:43:07:
                    f4:ff:7e:1a:aa:1a:dc:ab:03:75:96:61:3e:94:ef:
                    c0:ac:a9:70:b1:44:22:65:18:31:25:99:78:5a:4c:
                    87:b4:8e:49:1e:d9:0d:bd:d7:cc:f9:74:78:c6:42:
                    73:e2:b2:b7:69:b9:d3:0c:4e:da:fe:e6:0e:d8:ac:
                    21:ff:8b:5a:79:67:bc:36:ed:41:93:28:f1:f2:25:
                    c3:b7:66:b1:ca:bc:fd:93:59:c0:09:b3:17:11:1d:
                    9c:6b:49:10:71:05:58:57:88:c6:67:8f:82:9d:58:
                    14:61:a3:42:6f:95:cd:91:f2:ed:b2:a4:85:8a:4b:
                    64:a0:a5:68:cf:17:49:a6:35:e8:a3:f7:94:9a:5c:
                    af:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:5E:87:50:75:5A:4D:44:6F:E9:00:1B:34:A9:E3:8A:3C:6C:AD:67
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/316HUHVaTURv6QAbNKnjijxsrWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.136.71.0/24
                  95.178.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:d9:48:00:91:d6:45:dc:10:83:79:c2:be:0e:ab:cd:83:e8:
         2b:3f:c8:20:99:d9:5c:c6:0c:43:4f:53:ec:81:27:79:99:e8:
         8f:c9:a3:17:37:9d:0c:8a:bc:fc:10:66:97:3f:7b:d4:7c:ba:
         ef:e2:27:d2:73:57:6f:cb:67:de:4f:c7:f7:7d:55:11:ef:90:
         10:90:64:71:6e:ab:eb:e7:f7:8f:fe:d2:51:4c:7d:8c:be:ed:
         4d:78:a1:6b:9c:92:74:57:4b:d6:97:95:5e:25:21:e8:90:85:
         96:11:20:85:4e:c8:7c:7f:d3:3e:94:08:5d:24:aa:cf:d4:f1:
         d4:30:22:42:4c:3e:d3:8a:0c:d8:37:c0:fb:5b:9f:2f:4d:84:
         07:15:c0:ea:94:2b:11:b3:8d:68:c2:72:86:41:3b:f4:8d:9c:
         e1:69:6b:99:b7:ef:46:81:0f:8c:5b:e8:ff:8f:6f:94:ec:06:
         98:f9:14:b9:63:b9:71:22:c9:52:cf:77:d7:3c:c6:9a:d6:c1:
         e2:23:87:97:e9:fe:8f:0f:13:6e:98:14:22:f6:cd:d7:3e:00:
         2e:09:5a:27:86:e0:c7:ee:2b:73:63:96:bd:b7:7a:29:83:79:
         f8:16:fa:e5:72:ed:da:db:91:a2:21:05:2e:94:32:1f:e8:57:
         2a:48:a5:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma6RolfxQJ6NfYsd8RkuaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjUwMTAyMDk0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjVlODc1MDc1NWE0ZDQ0NmZlOTAwMWIzNGE5ZTM4YTNjNmNhZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAUp3hdX5Z5HOLl7Rm46FxWgApgC
HnC8sujHrwneLBJ9NQQYMaGfWBIY0YBNFhGL8n8acUG42n8k19mYr3ml0FdkDbgE
BdODTi7kqd9tEmvjALfs8jcipPC96vt7CLTKbnYndGRHHsX8tUSlku6HpnURkWQy
Qwf0/34aqhrcqwN1lmE+lO/ArKlwsUQiZRgxJZl4WkyHtI5JHtkNvdfM+XR4xkJz
4rK3abnTDE7a/uYO2Kwh/4taeWe8Nu1Bkyjx8iXDt2axyrz9k1nACbMXER2ca0kQ
cQVYV4jGZ4+CnVgUYaNCb5XNkfLtsqSFiktkoKVozxdJpjXoo/eUmlyvCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN9eh1B1Wk1Eb+kAGzSp44o8bK1nMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvMzE2SFVIVmFUVVJ2NlFBYk5LbmppanhzcldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATohHAwQC
X7J0MA0GCSqGSIb3DQEBCwUAA4IBAQCe2UgAkdZF3BCDecK+DqvNg+grP8ggmdlc
xgxDT1PsgSd5meiPyaMXN50Mirz8EGaXP3vUfLrv4ifSc1dvy2feT8f3fVUR75AQ
kGRxbqvr5/eP/tJRTH2Mvu1NeKFrnJJ0V0vWl5VeJSHokIWWESCFTsh8f9M+lAhd
JKrP1PHUMCJCTD7TigzYN8D7W58vTYQHFcDqlCsRs41ownKGQTv0jZzhaWuZt+9G
gQ+MW+j/j2+U7AaY+RS5Y7lxIslSz3fXPMaa1sHiI4eX6f6PDxNumBQi9s3XPgAu
CVonhuDH7itzY5a9t3opg3n4Fvrlcu3a25GiIQUulDIf6FcqSKUL
-----END CERTIFICATE-----