Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/a9R4a72Ce3HtrFyUZj2Jrpn9DLE.roa
File:                     a9R4a72Ce3HtrFyUZj2Jrpn9DLE.roa (raw, json)
Hash identifier:          lEQCssDpqykyZtTNm3b2/t+M2Xlx2R2hbaDbanTEKE4=
Subject key identifier:   6B:D4:78:6B:BD:82:7B:71:ED:AC:5C:94:66:3D:89:AE:99:FD:0C:B1
Certificate issuer:       /CN=535ef40faf483433b3e33698e4d1ee95f3c94bec
Certificate serial:       0194274845616D9C28E0BFC48828AEA3D45B
Authority key identifier: 53:5E:F4:0F:AF:48:34:33:B3:E3:36:98:E4:D1:EE:95:F3:C9:4B:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U170D69INDOz4zaY5NHulfPJS-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/a9R4a72Ce3HtrFyUZj2Jrpn9DLE.roa
Signing time:             Thu 02 Jan 2025 13:50:35 +0000
ROA not before:           Thu 02 Jan 2025 13:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209966
IP address blocks:        78.41.52.0/24 maxlen: 24
                          78.41.53.0/24 maxlen: 24
                          78.41.54.0/24 maxlen: 24
                          78.41.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/U170D69INDOz4zaY5NHulfPJS-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/U170D69INDOz4zaY5NHulfPJS-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U170D69INDOz4zaY5NHulfPJS-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:45:61:6d:9c:28:e0:bf:c4:88:28:ae:a3:d4:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=535ef40faf483433b3e33698e4d1ee95f3c94bec
        Validity
            Not Before: Jan  2 13:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6bd4786bbd827b71edac5c94663d89ae99fd0cb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:15:61:25:c3:d7:fc:0e:0c:da:8a:9f:84:5f:
                    99:89:a4:50:53:c2:c6:62:e3:88:fb:17:45:f2:4a:
                    c6:9b:da:4c:c2:a6:24:dd:77:16:b1:eb:c5:13:18:
                    b8:03:57:74:d0:ff:dd:84:e5:55:76:52:12:e0:19:
                    7c:b6:43:be:69:5a:7f:c2:96:5b:e9:e9:96:c0:79:
                    34:3d:e3:8b:2c:64:e1:4f:34:a2:d9:a9:76:6a:8c:
                    9e:0f:53:1a:db:9b:ce:3b:69:a5:45:e7:ad:ad:71:
                    27:bf:69:cc:44:d5:06:38:6a:d7:1d:6b:c0:e6:76:
                    32:9f:fd:24:3a:1a:74:8a:cc:54:b6:52:9c:65:d6:
                    d5:c5:fc:bf:e1:29:13:0d:98:e4:aa:f1:02:fb:71:
                    1c:af:f8:d9:9f:cb:7c:a7:da:ac:3b:b6:a8:fd:ef:
                    93:79:2b:3d:32:5d:63:4f:43:a4:a0:47:c1:2b:ec:
                    c4:11:66:98:d1:71:b1:b8:67:3f:d5:e8:01:53:be:
                    b1:9f:a3:1c:59:b1:b2:69:f7:6d:c3:6d:f8:51:ba:
                    8e:3c:74:97:56:b2:62:47:09:dc:fb:6f:d5:0a:aa:
                    a3:c0:2e:22:54:b5:18:eb:ce:a4:01:00:89:f5:b8:
                    1f:02:62:84:f6:ea:7b:dd:10:1f:72:c9:7c:27:2e:
                    72:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D4:78:6B:BD:82:7B:71:ED:AC:5C:94:66:3D:89:AE:99:FD:0C:B1
            X509v3 Authority Key Identifier:
                keyid:53:5E:F4:0F:AF:48:34:33:B3:E3:36:98:E4:D1:EE:95:F3:C9:4B:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U170D69INDOz4zaY5NHulfPJS-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/a9R4a72Ce3HtrFyUZj2Jrpn9DLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/77a9f1-f1fb-485f-923f-7c3789405bd6/1/U170D69INDOz4zaY5NHulfPJS-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:63:58:86:d0:89:b3:5a:e2:31:b9:cf:c0:95:68:84:66:c3:
         70:9b:71:c9:bc:65:e1:15:22:19:51:54:b6:fb:2e:4b:b6:2f:
         08:c0:94:65:71:8e:2f:9e:32:36:ba:b3:43:3c:5b:fe:f4:d9:
         3c:36:52:9d:47:39:6b:9e:7b:8d:31:34:8e:bd:f6:25:b6:b3:
         43:3e:7e:19:1e:95:33:21:37:c1:e8:0a:3a:2d:82:eb:02:4a:
         f1:80:90:7d:2f:19:77:11:7d:66:20:ba:97:74:87:84:1b:71:
         0c:87:f4:e9:4c:01:b6:1e:d8:3e:7e:47:4f:94:de:b0:e6:7b:
         4b:cd:f2:e7:ea:56:96:16:c0:54:d3:57:7e:e6:22:05:c0:e7:
         8f:10:af:e9:59:ca:9a:c6:51:9d:bb:6b:d8:d3:08:96:02:ab:
         77:b0:fd:fc:63:33:b6:55:05:bb:c0:88:38:cb:13:e4:0f:13:
         fa:78:ea:21:a2:11:a3:ea:37:d0:8a:3a:97:85:dc:4a:86:a4:
         b6:f5:d5:d3:e9:9b:c4:79:57:d2:09:d9:77:0a:d3:5d:75:ba:
         d4:d4:45:3f:40:37:b0:ed:dc:36:51:a0:30:62:7d:d0:d3:69:
         a1:88:ec:23:44:f2:8c:e6:66:f9:90:56:c8:db:61:a4:eb:76:
         8d:fa:45:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEVhbZwo4L/EiCiuo9RbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNWVmNDBmYWY0ODM0MzNiM2UzMzY5OGU0ZDFlZTk1ZjNj
OTRiZWMwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmQ0Nzg2YmJkODI3YjcxZWRhYzVjOTQ2NjNkODlhZTk5ZmQwY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hVhJcPX/A4M2oqfhF+ZiaRQU8LG
YuOI+xdF8krGm9pMwqYk3XcWsevFExi4A1d00P/dhOVVdlIS4Bl8tkO+aVp/wpZb
6emWwHk0PeOLLGThTzSi2al2aoyeD1Ma25vOO2mlReetrXEnv2nMRNUGOGrXHWvA
5nYyn/0kOhp0isxUtlKcZdbVxfy/4SkTDZjkqvEC+3Ecr/jZn8t8p9qsO7ao/e+T
eSs9Ml1jT0OkoEfBK+zEEWaY0XGxuGc/1egBU76xn6McWbGyafdtw234UbqOPHSX
VrJiRwnc+2/VCqqjwC4iVLUY686kAQCJ9bgfAmKE9up73RAfcsl8Jy5yXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvUeGu9gntx7axclGY9ia6Z/QyxMB8GA1UdIwQY
MBaAFFNe9A+vSDQzs+M2mOTR7pXzyUvsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTE3MEQ2OUlORE96NHphWTVOSHVsZlBKUy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy83N2E5ZjEtZjFmYi00ODVmLTkyM2Yt
N2MzNzg5NDA1YmQ2LzEvYTlSNGE3MkNlM0h0ckZ5VVpqMkpycG45RExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy83N2E5ZjEtZjFmYi00ODVmLTkyM2YtN2MzNzg5NDA1YmQ2
LzEvVTE3MEQ2OUlORE96NHphWTVOSHVsZlBKUy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTik0MA0G
CSqGSIb3DQEBCwUAA4IBAQBWY1iG0ImzWuIxuc/AlWiEZsNwm3HJvGXhFSIZUVS2
+y5Lti8IwJRlcY4vnjI2urNDPFv+9Nk8NlKdRzlrnnuNMTSOvfYltrNDPn4ZHpUz
ITfB6Ao6LYLrAkrxgJB9Lxl3EX1mILqXdIeEG3EMh/TpTAG2Htg+fkdPlN6w5ntL
zfLn6laWFsBU01d+5iIFwOePEK/pWcqaxlGdu2vY0wiWAqt3sP38YzO2VQW7wIg4
yxPkDxP6eOohohGj6jfQijqXhdxKhqS29dXT6ZvEeVfSCdl3CtNddbrU1EU/QDew
7dw2UaAwYn3Q02mhiOwjRPKM5mb5kFbI22Gk63aN+kXs
-----END CERTIFICATE-----