Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/pHrarVnk95oQe2hI0xpt7DgCX4I.roa
File:                     pHrarVnk95oQe2hI0xpt7DgCX4I.roa (raw, json)
Hash identifier:          sJ3eEhOn7jQjhfcoZ42EdbEeYJY/zzcWxgg/rji7kDE=
Subject key identifier:   A4:7A:DA:AD:59:E4:F7:9A:10:7B:68:48:D3:1A:6D:EC:38:02:5F:82
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       0195D1C15CA597E01F90E99255D338338859
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/pHrarVnk95oQe2hI0xpt7DgCX4I.roa
Signing time:             Wed 26 Mar 2025 09:21:05 +0000
ROA not before:           Wed 26 Mar 2025 09:21:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215279
IP address blocks:        78.40.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 08:24:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d1:c1:5c:a5:97:e0:1f:90:e9:92:55:d3:38:33:88:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Mar 26 09:21:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a47adaad59e4f79a107b6848d31a6dec38025f82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:99:28:b6:97:23:63:b7:dd:ce:36:65:59:e2:
                    54:a9:e5:be:a9:0a:36:57:e9:c5:26:3c:60:d1:55:
                    c4:a7:84:91:53:05:22:4d:84:54:e3:9f:00:a7:48:
                    af:91:f0:e3:fb:09:71:4c:bb:c8:23:8a:39:22:56:
                    f9:3b:db:63:1f:1b:89:46:b6:e1:a0:c6:2d:78:da:
                    9f:20:55:cb:80:22:5f:c3:ad:1c:d7:90:06:dd:b9:
                    21:ae:5c:81:b5:13:57:14:85:32:88:a0:87:a6:74:
                    40:80:47:cd:19:c6:59:a9:31:21:6c:86:31:e8:c1:
                    3f:4a:21:d8:d0:a8:78:24:41:d8:26:f8:d2:43:30:
                    f4:1d:92:a6:c4:71:3d:ab:b8:06:82:75:5e:ac:8b:
                    7b:a3:2a:01:ec:17:ba:c4:01:6b:ca:19:5c:37:08:
                    9c:e4:cd:e1:f2:e7:0b:a9:99:cc:54:8f:91:09:b1:
                    dc:06:40:cb:50:17:18:c9:f7:30:68:ee:3a:1e:b5:
                    3b:d9:eb:ca:7a:3a:a4:1d:57:e9:e3:38:4e:68:52:
                    81:1b:db:ad:32:47:2c:c0:cc:7d:a4:f6:e0:c8:2e:
                    2c:ce:4c:28:08:f0:5d:c9:0d:9c:ab:7c:d8:a3:15:
                    c8:50:b6:32:cb:1e:4e:af:3e:50:ee:1d:c0:69:6f:
                    4f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:7A:DA:AD:59:E4:F7:9A:10:7B:68:48:D3:1A:6D:EC:38:02:5F:82
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/pHrarVnk95oQe2hI0xpt7DgCX4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:12:88:55:e0:e2:4e:89:34:2d:9b:3c:2b:8b:ef:28:da:59:
         97:ed:4e:dc:e5:97:c8:e8:23:03:05:4e:30:2c:53:3e:08:4d:
         cc:f0:04:f0:dd:20:3a:cf:3a:67:ab:29:38:6f:af:c5:7c:f6:
         c8:b2:a3:9b:24:a1:67:62:12:6c:c9:15:3b:9e:8a:8b:9e:3b:
         1d:21:50:0b:0e:ec:75:09:62:26:5d:05:5a:0e:e8:70:d3:c8:
         7d:d0:c9:22:95:24:c9:d0:85:2b:f5:75:f2:54:0c:ea:e1:0c:
         60:8c:bb:5f:6f:19:dd:8d:91:3d:db:a9:2d:3d:d4:20:85:6d:
         6e:d8:b1:a1:f5:bf:da:16:6c:ff:5c:22:11:85:11:66:7c:2f:
         6b:81:06:ee:9f:98:fa:00:d1:ae:1f:6e:f9:6b:a7:d6:19:22:
         a4:03:94:43:ab:a6:ec:2c:6d:e4:c8:5a:64:9d:04:1d:60:cc:
         11:8f:c6:01:3f:81:3b:bb:16:c4:68:93:b7:28:37:e0:14:62:
         39:42:05:86:12:54:a5:52:98:83:c7:6a:a0:71:e9:1e:d1:13:
         40:1b:c5:29:aa:70:5c:6b:51:7e:d4:02:bb:45:bd:d6:69:c0:
         9d:14:15:17:67:54:55:f3:42:0c:2a:88:d5:c1:9a:0f:af:4e:
         1b:11:cf:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXRwVyll+AfkOmSVdM4M4hZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwMzI2MDkyMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDdhZGFhZDU5ZTRmNzlhMTA3YjY4NDhkMzFhNmRlYzM4MDI1ZjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5kotpcjY7fdzjZlWeJUqeW+qQo2
V+nFJjxg0VXEp4SRUwUiTYRU458Ap0ivkfDj+wlxTLvII4o5Ilb5O9tjHxuJRrbh
oMYteNqfIFXLgCJfw60c15AG3bkhrlyBtRNXFIUyiKCHpnRAgEfNGcZZqTEhbIYx
6ME/SiHY0Kh4JEHYJvjSQzD0HZKmxHE9q7gGgnVerIt7oyoB7Be6xAFryhlcNwic
5M3h8ucLqZnMVI+RCbHcBkDLUBcYyfcwaO46HrU72evKejqkHVfp4zhOaFKBG9ut
MkcswMx9pPbgyC4szkwoCPBdyQ2cq3zYoxXIULYyyx5Orz5Q7h3AaW9PawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKR62q1Z5PeaEHtoSNMabew4Al+CMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvcEhyYXJWbms5NW9RZTJoSTB4cHQ3RGdDWDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATih2MA0G
CSqGSIb3DQEBCwUAA4IBAQCYEohV4OJOiTQtmzwri+8o2lmX7U7c5ZfI6CMDBU4w
LFM+CE3M8ATw3SA6zzpnqyk4b6/FfPbIsqObJKFnYhJsyRU7noqLnjsdIVALDux1
CWImXQVaDuhw08h90MkilSTJ0IUr9XXyVAzq4QxgjLtfbxndjZE926ktPdQghW1u
2LGh9b/aFmz/XCIRhRFmfC9rgQbun5j6ANGuH275a6fWGSKkA5RDq6bsLG3kyFpk
nQQdYMwRj8YBP4E7uxbEaJO3KDfgFGI5QgWGElSlUpiDx2qgceke0RNAG8UpqnBc
a1F+1AK7Rb3WacCdFBUXZ1RV80IMKojVwZoPr04bEc/Y
-----END CERTIFICATE-----