Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/McHJ886VjpsZ5kf48C_pp-6RKSY.roa
File:                     McHJ886VjpsZ5kf48C_pp-6RKSY.roa (raw, json)
Hash identifier:          rePccFsBDrMeJ40QCyHdT4a/H297MjndhBdjgNtQmE8=
Subject key identifier:   31:C1:C9:F3:CE:95:8E:9B:19:E6:47:F8:F0:2F:E9:A7:EE:91:29:26
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01942746B3AD11C949E1C67D8D01768DE99E
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/McHJ886VjpsZ5kf48C_pp-6RKSY.roa
Signing time:             Thu 02 Jan 2025 13:48:52 +0000
ROA not before:           Thu 02 Jan 2025 13:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210388
IP address blocks:        78.135.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:b3:ad:11:c9:49:e1:c6:7d:8d:01:76:8d:e9:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 13:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31c1c9f3ce958e9b19e647f8f02fe9a7ee912926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:5d:64:6c:11:e5:22:b9:b5:8a:8f:de:f5:35:
                    72:64:2e:72:c8:1e:7a:f1:2a:53:3d:66:09:53:d5:
                    9c:fa:55:89:36:9e:70:3f:79:33:ed:f5:cf:96:53:
                    4a:aa:29:70:dd:bd:6a:0e:1f:0d:b2:f1:b7:a7:8b:
                    2c:25:b9:c6:34:78:02:8e:63:e1:16:a6:04:b0:84:
                    c3:c9:92:0c:8f:f4:41:2e:4a:a2:40:b1:36:01:e7:
                    f7:d8:76:4b:c1:6f:0b:47:d6:e0:2e:89:fc:37:14:
                    0f:8a:03:84:43:ba:f7:85:fa:b3:60:97:20:30:95:
                    de:25:d6:ef:21:35:e1:ba:1b:9c:e4:44:1a:8a:25:
                    99:dd:04:1e:c1:b9:d2:09:ea:b5:f0:33:42:dd:b6:
                    42:25:d1:b1:8d:05:96:37:f0:b0:7e:25:10:5f:a1:
                    4b:f5:63:e6:67:cf:14:13:93:cf:99:85:cc:43:da:
                    f1:20:e2:23:b1:4a:b8:7b:58:4a:b6:aa:61:c5:ae:
                    2d:ab:a3:88:c6:72:da:b0:52:4e:08:f0:61:a2:8e:
                    01:f8:53:be:8e:48:c0:f2:e4:d5:05:c0:8c:0a:f7:
                    67:c1:54:23:04:89:7e:86:a2:b9:30:c0:be:82:61:
                    da:33:5e:34:9a:3c:58:a6:11:34:63:18:c6:db:7c:
                    83:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C1:C9:F3:CE:95:8E:9B:19:E6:47:F8:F0:2F:E9:A7:EE:91:29:26
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/McHJ886VjpsZ5kf48C_pp-6RKSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:6e:81:2d:af:a2:3d:8b:8c:de:35:60:cb:4e:93:f8:4e:cc:
         86:13:e5:e3:36:1f:d7:8c:e0:f8:a7:7f:3e:ef:21:7e:40:1a:
         05:b3:96:67:57:6a:fd:52:c6:af:4d:d7:e9:6c:fd:d5:ee:e5:
         e7:7a:30:ef:cd:03:17:78:79:e2:16:2c:a7:2c:6e:9d:a9:4a:
         f4:6a:64:3c:b2:c0:55:59:ee:89:48:4e:39:b5:ee:6a:80:9a:
         a0:e0:5f:48:30:3b:58:d0:7c:b6:33:f9:3a:8f:de:e3:d9:36:
         48:cf:51:41:a9:71:00:b3:c7:b2:b4:b6:93:9a:a1:4b:50:d5:
         14:a1:ee:42:3b:d2:2d:9d:a6:b1:13:fb:5e:a7:1d:85:c3:32:
         34:83:8c:ed:28:df:98:5b:87:f0:5d:03:4a:f7:c7:21:33:86:
         81:e7:c4:23:c3:ff:45:f8:11:21:6e:51:66:d9:78:4f:6e:b9:
         a4:02:ce:a4:65:a1:e5:a5:78:d1:bd:d8:b8:12:ce:6f:9a:26:
         68:3c:31:c4:01:87:e0:ec:eb:12:29:fe:90:04:97:6a:42:d5:
         38:96:36:39:58:4b:35:0c:2c:fc:5c:80:85:e6:dc:36:5f:a4:
         75:6f:9b:2a:91:2f:3f:d1:6d:44:ba:18:24:b2:f5:98:73:88:
         fb:62:0c:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRrOtEclJ4cZ9jQF2jemeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMTAyMTM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWMxYzlmM2NlOTU4ZTliMTllNjQ3ZjhmMDJmZTlhN2VlOTEyOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6F1kbBHlIrm1io/e9TVyZC5yyB56
8SpTPWYJU9Wc+lWJNp5wP3kz7fXPllNKqilw3b1qDh8NsvG3p4ssJbnGNHgCjmPh
FqYEsITDyZIMj/RBLkqiQLE2Aef32HZLwW8LR9bgLon8NxQPigOEQ7r3hfqzYJcg
MJXeJdbvITXhuhuc5EQaiiWZ3QQewbnSCeq18DNC3bZCJdGxjQWWN/CwfiUQX6FL
9WPmZ88UE5PPmYXMQ9rxIOIjsUq4e1hKtqphxa4tq6OIxnLasFJOCPBhoo4B+FO+
jkjA8uTVBcCMCvdnwVQjBIl+hqK5MMC+gmHaM140mjxYphE0YxjG23yDhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHByfPOlY6bGeZH+PAv6afukSkmMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvTWNISjg4NlZqcHNaNWtmNDhDX3BwLTZSS1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATodpMA0G
CSqGSIb3DQEBCwUAA4IBAQCbboEtr6I9i4zeNWDLTpP4TsyGE+XjNh/XjOD4p38+
7yF+QBoFs5ZnV2r9UsavTdfpbP3V7uXnejDvzQMXeHniFiynLG6dqUr0amQ8ssBV
We6JSE45te5qgJqg4F9IMDtY0Hy2M/k6j97j2TZIz1FBqXEAs8eytLaTmqFLUNUU
oe5CO9ItnaaxE/tepx2FwzI0g4ztKN+YW4fwXQNK98chM4aB58Qjw/9F+BEhblFm
2XhPbrmkAs6kZaHlpXjRvdi4Es5vmiZoPDHEAYfg7OsSKf6QBJdqQtU4ljY5WEs1
DCz8XICF5tw2X6R1b5sqkS8/0W1EuhgksvWYc4j7YgwX
-----END CERTIFICATE-----