Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/nnoaPN-OYd_qiRbP_dRSxUA6eZQ.roa
File:                     nnoaPN-OYd_qiRbP_dRSxUA6eZQ.roa (raw, json)
Hash identifier:          hsrbIqQnOS5LY5vInhXjpRRhJq3H8ciT8lDkheQdF5o=
Subject key identifier:   9E:7A:1A:3C:DF:8E:61:DF:EA:89:16:CF:FD:D4:52:C5:40:3A:79:94
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01956B8C00B77AFE1723F868072B2BF5C8F3
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/nnoaPN-OYd_qiRbP_dRSxUA6eZQ.roa
Signing time:             Thu 06 Mar 2025 13:01:32 +0000
ROA not before:           Thu 06 Mar 2025 13:01:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211819
IP address blocks:        78.135.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6b:8c:00:b7:7a:fe:17:23:f8:68:07:2b:2b:f5:c8:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Mar  6 13:01:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e7a1a3cdf8e61dfea8916cffdd452c5403a7994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d4:5f:80:91:d1:2f:b2:f1:7b:62:a5:a8:9a:
                    77:c1:ec:85:d5:e5:74:14:dd:81:71:c1:c9:1f:c3:
                    d8:bb:b1:5b:e8:dc:48:93:bf:39:4a:d4:07:86:2c:
                    87:ea:51:d3:f7:51:88:b6:66:38:23:64:c3:14:0a:
                    8a:09:83:2d:ba:eb:8e:a8:3c:af:7a:f0:a1:6e:67:
                    46:c6:78:c2:35:d7:fc:5b:81:86:51:7e:b2:f7:5a:
                    a2:5c:ca:af:9d:6f:ac:53:26:da:dd:78:1c:97:b5:
                    d2:86:8d:8d:2b:70:0c:63:59:05:1f:bd:6a:f7:62:
                    2d:ba:e0:11:61:b2:a8:7a:62:16:28:ba:11:28:17:
                    44:2a:69:7b:8b:99:12:33:77:50:69:5e:92:dd:86:
                    e3:89:11:4f:d9:81:57:ca:04:3a:9a:d8:35:e9:ef:
                    b8:b9:c2:85:a8:be:bf:9e:61:6c:5a:bc:80:4f:c8:
                    b2:53:2c:5c:19:06:06:6f:09:fa:9b:fb:15:81:9e:
                    4e:06:11:31:eb:c1:56:f9:b9:22:9e:d9:1f:7b:2b:
                    14:3c:39:29:0d:7a:af:2e:02:37:b3:a8:32:5d:de:
                    fa:82:6e:a2:f2:cb:f3:9c:11:c2:4a:5a:04:24:61:
                    27:1b:f3:66:67:a7:3f:3e:f2:ee:ff:ab:c2:5e:ca:
                    db:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:7A:1A:3C:DF:8E:61:DF:EA:89:16:CF:FD:D4:52:C5:40:3A:79:94
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/nnoaPN-OYd_qiRbP_dRSxUA6eZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:02:81:33:39:2f:ff:e1:cc:dc:ca:6d:fa:dd:be:01:76:ad:
         9b:27:13:5e:81:32:ad:c4:03:78:52:fd:7d:35:59:70:9c:46:
         1b:94:cd:de:88:dc:e1:0d:22:73:82:25:7a:09:f7:a6:ba:b8:
         f0:8a:c4:b0:b5:ce:d5:95:f8:27:31:58:8c:99:73:64:77:92:
         2d:d7:42:62:55:f7:3b:6d:83:f0:e9:9d:39:aa:21:d2:7b:4a:
         d8:19:04:97:00:0b:db:b0:3f:07:80:90:49:66:5b:87:77:f1:
         ef:54:6b:40:99:ea:79:fe:30:a4:ae:2f:01:6e:8b:d1:c1:42:
         f6:d9:fe:ac:b6:c0:13:23:4e:41:6a:8c:a1:4f:33:22:a8:c1:
         8b:69:e2:51:14:1d:76:5b:46:07:b3:2a:18:32:24:51:0e:de:
         51:95:17:62:1a:33:52:19:6b:68:2f:35:27:ea:75:17:e1:70:
         d0:a0:81:0c:d6:d4:96:94:5e:f0:66:6b:a8:7d:3b:b2:3c:4b:
         74:ac:67:37:cb:a4:8b:7d:cd:93:d1:0f:0a:50:c2:e3:aa:b1:
         53:d8:94:89:bb:f1:de:a5:63:e4:fd:4b:b1:72:45:47:aa:b5:
         6b:d3:9f:45:16:76:58:01:1d:29:06:0f:40:70:15:63:79:4f:
         02:aa:0b:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVrjAC3ev4XI/hoBysr9cjzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMzA2MTMwMTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTdhMWEzY2RmOGU2MWRmZWE4OTE2Y2ZmZGQ0NTJjNTQwM2E3OTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNRfgJHRL7Lxe2KlqJp3weyF1eV0
FN2BccHJH8PYu7Fb6NxIk785StQHhiyH6lHT91GItmY4I2TDFAqKCYMtuuuOqDyv
evChbmdGxnjCNdf8W4GGUX6y91qiXMqvnW+sUyba3Xgcl7XSho2NK3AMY1kFH71q
92ItuuARYbKoemIWKLoRKBdEKml7i5kSM3dQaV6S3YbjiRFP2YFXygQ6mtg16e+4
ucKFqL6/nmFsWryAT8iyUyxcGQYGbwn6m/sVgZ5OBhEx68FW+bkintkfeysUPDkp
DXqvLgI3s6gyXd76gm6i8svznBHCSloEJGEnG/NmZ6c/PvLu/6vCXsrbnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ56GjzfjmHf6okWz/3UUsVAOnmUMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvbm5vYVBOLU9ZZF9xaVJiUF9kUlN4VUE2ZVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATodhMA0G
CSqGSIb3DQEBCwUAA4IBAQB7AoEzOS//4czcym363b4Bdq2bJxNegTKtxAN4Uv19
NVlwnEYblM3eiNzhDSJzgiV6CfemurjwisSwtc7VlfgnMViMmXNkd5It10JiVfc7
bYPw6Z05qiHSe0rYGQSXAAvbsD8HgJBJZluHd/HvVGtAmep5/jCkri8BbovRwUL2
2f6stsATI05BaoyhTzMiqMGLaeJRFB12W0YHsyoYMiRRDt5RlRdiGjNSGWtoLzUn
6nUX4XDQoIEM1tSWlF7wZmuofTuyPEt0rGc3y6SLfc2T0Q8KUMLjqrFT2JSJu/He
pWPk/UuxckVHqrVr059FFnZYAR0pBg9AcBVjeU8Cqgv7
-----END CERTIFICATE-----