Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/xQD3ozzYcFEJH2TwlbG3W9maG1Q.roa
File:                     xQD3ozzYcFEJH2TwlbG3W9maG1Q.roa (raw, json)
Hash identifier:          EUt627i/o8C0qoS4hWHpVhelvxk+7zjyGqoxL47Ej2M=
Subject key identifier:   C5:00:F7:A3:3C:D8:70:51:09:1F:64:F0:95:B1:B7:5B:D9:9A:1B:54
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019596B88548F906E2A618A129B6A40A40DD
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/xQD3ozzYcFEJH2TwlbG3W9maG1Q.roa
Signing time:             Fri 14 Mar 2025 22:13:49 +0000
ROA not before:           Fri 14 Mar 2025 22:13:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61135
IP address blocks:        78.135.73.0/24 maxlen: 24
                          185.17.136.0/24 maxlen: 24
                          212.68.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:96:b8:85:48:f9:06:e2:a6:18:a1:29:b6:a4:0a:40:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Mar 14 22:13:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c500f7a33cd87051091f64f095b1b75bd99a1b54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:cd:6b:f8:d0:d1:f0:e1:29:59:90:52:cf:35:
                    e1:92:65:6b:11:56:d7:3c:08:92:3b:48:69:13:75:
                    f5:74:9e:a2:94:c5:2e:75:0b:1a:4d:1f:1b:5e:ef:
                    03:7d:bb:0b:bf:6b:a4:90:cf:fd:44:98:f9:69:b5:
                    81:a2:7d:79:2c:cf:db:82:6b:d9:60:89:2b:62:98:
                    bc:f0:e3:21:8f:07:54:75:73:ae:b4:de:d2:34:31:
                    10:41:e4:4c:48:9d:38:c1:6a:b7:cf:ea:75:49:aa:
                    d3:4f:49:77:ba:7d:8a:5e:70:3e:32:88:01:56:b0:
                    f6:82:f1:b5:84:0c:1c:20:8e:9b:84:0c:b9:9c:59:
                    d8:b4:50:e1:6c:8a:36:48:3e:bf:5e:82:78:91:8c:
                    8f:c4:1f:7b:50:f5:ca:d0:76:86:7e:b6:ef:6c:99:
                    41:a3:11:a9:c6:2e:b7:46:fd:bd:84:81:b5:09:2b:
                    e0:43:c3:d1:10:fe:b0:14:55:7c:96:ee:90:c5:fd:
                    69:79:79:4c:0d:fa:82:b4:fd:7a:52:59:47:18:0b:
                    83:2c:e9:71:27:f0:e2:21:f7:29:ef:77:84:c5:0a:
                    23:99:ed:0c:e6:4b:d8:28:c9:ca:7a:e7:dd:d4:35:
                    41:cd:bb:ba:ee:8a:ef:ec:72:c8:d6:d3:57:c0:9b:
                    02:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:00:F7:A3:3C:D8:70:51:09:1F:64:F0:95:B1:B7:5B:D9:9A:1B:54
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/xQD3ozzYcFEJH2TwlbG3W9maG1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.73.0/24
                  185.17.136.0/24
                  212.68.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:eb:51:27:83:5b:aa:25:0f:a5:cf:22:8c:2b:e2:c7:4e:56:
         65:12:20:51:1c:d0:70:fd:1b:a8:6f:3b:0b:4e:da:42:71:83:
         81:cf:9b:1a:cd:c8:de:eb:72:0e:11:6c:e7:7c:e4:20:a2:09:
         6e:fc:c6:e9:2f:1f:89:d1:d1:92:67:88:a4:99:59:62:59:bb:
         6f:8b:51:e3:2a:75:40:92:7d:a3:38:c0:bd:bc:49:dd:49:5d:
         e7:49:bc:51:e2:78:ca:81:00:38:be:f8:9f:0b:32:8f:28:f1:
         7d:b4:de:6c:79:ec:93:39:29:14:3a:57:e3:e6:f9:aa:2e:66:
         45:b8:01:f9:d3:53:dd:1c:68:88:03:98:1f:11:c3:65:16:70:
         1c:2a:ab:8f:e1:90:3c:0f:96:9f:52:57:71:34:4f:c8:83:5d:
         22:7f:66:39:99:da:4a:bf:da:98:da:7c:d7:1a:c0:6a:30:87:
         83:70:c5:d4:26:10:0f:43:97:1e:ba:e9:06:58:fc:84:9d:63:
         6c:b5:4d:00:78:1a:c0:73:3a:55:b2:23:ff:df:d4:04:a5:33:
         32:b6:58:3d:5b:71:74:c0:3b:73:f3:b8:5a:01:25:45:ce:10:
         32:c5:4d:0d:59:1f:24:aa:fd:cd:9b:f4:94:4d:5e:37:d8:29:
         58:40:91:32
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWWuIVI+QbiphihKbakCkDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMzE0MjIxMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTAwZjdhMzNjZDg3MDUxMDkxZjY0ZjA5NWIxYjc1YmQ5OWExYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns1r+NDR8OEpWZBSzzXhkmVrEVbX
PAiSO0hpE3X1dJ6ilMUudQsaTR8bXu8DfbsLv2ukkM/9RJj5abWBon15LM/bgmvZ
YIkrYpi88OMhjwdUdXOutN7SNDEQQeRMSJ04wWq3z+p1SarTT0l3un2KXnA+MogB
VrD2gvG1hAwcII6bhAy5nFnYtFDhbIo2SD6/XoJ4kYyPxB97UPXK0HaGfrbvbJlB
oxGpxi63Rv29hIG1CSvgQ8PREP6wFFV8lu6Qxf1peXlMDfqCtP16UllHGAuDLOlx
J/DiIfcp73eExQojme0M5kvYKMnKeufd1DVBzbu67orv7HLI1tNXwJsC8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMUA96M82HBRCR9k8JWxt1vZmhtUMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEveFFEM296elljRkVKSDJUd2xiRzNXOW1hRzFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATodJAwQA
uRGIAwQA1EQjMA0GCSqGSIb3DQEBCwUAA4IBAQAk61Eng1uqJQ+lzyKMK+LHTlZl
EiBRHNBw/RuobzsLTtpCcYOBz5sazcje63IOEWznfOQgoglu/MbpLx+J0dGSZ4ik
mVliWbtvi1HjKnVAkn2jOMC9vEndSV3nSbxR4njKgQA4vvifCzKPKPF9tN5seeyT
OSkUOlfj5vmqLmZFuAH501PdHGiIA5gfEcNlFnAcKquP4ZA8D5afUldxNE/Ig10i
f2Y5mdpKv9qY2nzXGsBqMIeDcMXUJhAPQ5ceuukGWPyEnWNstU0AeBrAczpVsiP/
39QEpTMytlg9W3F0wDtz87haASVFzhAyxU0NWR8kqv3Nm/SUTV432ClYQJEy
-----END CERTIFICATE-----