Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/PeNM8VI6JOL1Sg2wpjae4nPxioU.roa
File:                     PeNM8VI6JOL1Sg2wpjae4nPxioU.roa (raw, json)
Hash identifier:          eM6K5s5Wd7PnzMTDLQjC5TJbvclqKxMZvGL4df9uEwg=
Subject key identifier:   3D:E3:4C:F1:52:3A:24:E2:F5:4A:0D:B0:A6:36:9E:E2:73:F1:8A:85
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01942746B4511244AFC9E615C110BC868F0F
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/PeNM8VI6JOL1Sg2wpjae4nPxioU.roa
Signing time:             Thu 02 Jan 2025 13:48:52 +0000
ROA not before:           Thu 02 Jan 2025 13:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210410
IP address blocks:        78.135.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:b4:51:12:44:af:c9:e6:15:c1:10:bc:86:8f:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 13:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3de34cf1523a24e2f54a0db0a6369ee273f18a85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0c:69:66:c4:09:45:87:09:ae:9e:d7:d5:02:
                    9d:c4:26:07:20:ff:54:f5:04:d2:6c:f1:a7:b8:0a:
                    82:53:f0:6f:95:37:94:b0:f5:06:9a:df:19:96:df:
                    f5:49:55:a0:31:1a:b3:35:ae:06:f3:9f:74:8d:41:
                    aa:71:be:6b:b7:f2:50:a2:9a:6f:1e:a3:f1:cc:2d:
                    ce:c5:b1:94:22:9c:79:16:95:cd:76:82:2f:18:f1:
                    f9:88:6d:25:54:41:5a:7c:4e:c4:d7:63:f2:ad:c4:
                    77:2f:51:05:6f:bd:af:a4:eb:6b:38:ca:c6:fd:46:
                    21:75:36:cf:b4:f9:68:43:89:66:15:b2:5a:ae:fb:
                    25:97:39:67:9f:4d:16:96:6b:4d:38:da:ff:ab:86:
                    92:80:ba:df:8e:5c:19:0f:e9:b4:e8:93:b9:f4:33:
                    16:f7:39:5e:9b:7e:7c:dc:5f:05:ec:4f:71:3f:21:
                    a2:23:6d:d3:04:e7:6e:3f:0f:19:7d:f0:7e:dd:73:
                    f8:49:f6:5d:64:30:cf:b6:7a:6d:f2:bd:a7:2d:ba:
                    54:04:6e:9d:4b:5f:c5:49:39:34:d7:44:d7:8f:d2:
                    c3:f4:a1:50:9d:a8:5c:09:c3:40:02:f0:e7:13:65:
                    2e:65:ce:d9:3c:b0:04:25:d7:91:1f:55:42:c2:04:
                    e0:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E3:4C:F1:52:3A:24:E2:F5:4A:0D:B0:A6:36:9E:E2:73:F1:8A:85
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/PeNM8VI6JOL1Sg2wpjae4nPxioU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:ce:43:02:9f:0f:e0:5e:69:c5:7f:fb:a0:8c:f6:b8:20:57:
         19:a7:8c:ba:91:fd:9b:67:ed:1c:0d:d6:33:93:8d:a1:d2:1c:
         3a:92:11:bf:fb:e5:ef:8c:71:1c:e6:38:96:b2:66:35:67:6d:
         53:2c:b6:5d:36:fd:16:83:52:1a:27:40:1c:35:16:bf:0c:91:
         92:ee:95:4c:ec:97:81:3e:31:b4:b4:8c:3d:9e:4c:48:c3:70:
         ed:7b:40:5e:a4:23:ef:15:78:3d:df:bd:33:15:0f:f1:6d:52:
         ba:3b:b1:9a:21:9d:fc:50:fa:11:32:2e:8c:3e:17:4e:31:be:
         cf:5b:aa:36:b9:41:59:9a:c0:b4:d8:a8:29:29:50:cd:80:67:
         91:50:7c:4d:38:4c:35:ea:2f:d5:e7:37:ac:4e:98:17:d5:81:
         86:93:4d:66:73:fb:ac:66:76:61:67:87:64:4b:6f:7d:92:16:
         06:5a:29:a1:5b:0f:f4:17:c8:fa:ab:6f:be:38:04:d9:83:d3:
         1e:8b:c9:11:93:9d:fd:12:ce:91:1a:0e:e1:18:7f:c9:da:40:
         91:d9:14:47:06:b6:6f:51:fa:26:d8:d1:ca:2d:c7:9a:ad:b1:
         11:3f:c4:a8:0c:a2:4e:31:a1:3d:a4:e6:82:f6:ae:1c:cf:50:
         44:4f:0f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRrRREkSvyeYVwRC8ho8PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMTAyMTM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGUzNGNmMTUyM2EyNGUyZjU0YTBkYjBhNjM2OWVlMjczZjE4YTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogxpZsQJRYcJrp7X1QKdxCYHIP9U
9QTSbPGnuAqCU/BvlTeUsPUGmt8Zlt/1SVWgMRqzNa4G8590jUGqcb5rt/JQoppv
HqPxzC3OxbGUIpx5FpXNdoIvGPH5iG0lVEFafE7E12PyrcR3L1EFb72vpOtrOMrG
/UYhdTbPtPloQ4lmFbJarvsllzlnn00WlmtNONr/q4aSgLrfjlwZD+m06JO59DMW
9zlem3583F8F7E9xPyGiI23TBOduPw8ZffB+3XP4SfZdZDDPtnpt8r2nLbpUBG6d
S1/FSTk010TXj9LD9KFQnahcCcNAAvDnE2UuZc7ZPLAEJdeRH1VCwgTgJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3jTPFSOiTi9UoNsKY2nuJz8YqFMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvUGVOTThWSTZKT0wxU2cyd3BqYWU0blB4aW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATodEMA0G
CSqGSIb3DQEBCwUAA4IBAQBjzkMCnw/gXmnFf/ugjPa4IFcZp4y6kf2bZ+0cDdYz
k42h0hw6khG/++XvjHEc5jiWsmY1Z21TLLZdNv0Wg1IaJ0AcNRa/DJGS7pVM7JeB
PjG0tIw9nkxIw3Dte0BepCPvFXg9370zFQ/xbVK6O7GaIZ38UPoRMi6MPhdOMb7P
W6o2uUFZmsC02KgpKVDNgGeRUHxNOEw16i/V5zesTpgX1YGGk01mc/usZnZhZ4dk
S299khYGWimhWw/0F8j6q2++OATZg9Mei8kRk539Es6RGg7hGH/J2kCR2RRHBrZv
Ufom2NHKLcearbERP8SoDKJOMaE9pOaC9q4cz1BETw+w
-----END CERTIFICATE-----