Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/k94_YS0wqPGUh9Li10sS34dlvmM.roa
File:                     k94_YS0wqPGUh9Li10sS34dlvmM.roa (raw, json)
Hash identifier:          BUjj7NfQhPbheGokvO6j0wOKq8xKD5UoEM8obUQTSDg=
Subject key identifier:   93:DE:3F:61:2D:30:A8:F1:94:87:D2:E2:D7:4B:12:DF:87:65:BE:63
Certificate issuer:       /CN=a6b789b32e16e9dd2f70513119dc77ea61ff1e09
Certificate serial:       019426D977C3AD250FE1276F6C8F84C7D697
Authority key identifier: A6:B7:89:B3:2E:16:E9:DD:2F:70:51:31:19:DC:77:EA:61:FF:1E:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/preJsy4W6d0vcFExGdx36mH_Hgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/k94_YS0wqPGUh9Li10sS34dlvmM.roa
Signing time:             Thu 02 Jan 2025 11:49:33 +0000
ROA not before:           Thu 02 Jan 2025 11:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213159
IP address blocks:        147.78.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/preJsy4W6d0vcFExGdx36mH_Hgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/preJsy4W6d0vcFExGdx36mH_Hgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/preJsy4W6d0vcFExGdx36mH_Hgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:77:c3:ad:25:0f:e1:27:6f:6c:8f:84:c7:d6:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6b789b32e16e9dd2f70513119dc77ea61ff1e09
        Validity
            Not Before: Jan  2 11:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93de3f612d30a8f19487d2e2d74b12df8765be63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:3a:81:4f:a5:38:30:ea:01:62:03:32:63:fb:
                    bf:54:23:17:03:c3:70:e2:ed:43:29:ac:a2:84:eb:
                    35:dc:10:0d:90:16:05:7e:49:29:8e:f0:9e:cb:55:
                    b3:14:5f:ec:66:97:ae:22:ab:7c:04:c7:cd:33:32:
                    3f:6d:e6:f0:bb:85:d4:55:b8:92:dd:be:0c:92:4e:
                    ce:f8:69:aa:7a:2b:e9:68:35:29:eb:d0:b2:3e:ab:
                    08:bb:df:2b:e7:ed:b4:55:86:d0:43:ae:44:99:0b:
                    b2:b6:79:f2:bf:4b:ec:64:45:b4:8b:2a:91:84:fa:
                    6b:1d:8e:6e:3c:7e:a5:02:13:c9:73:08:81:de:ee:
                    9c:39:89:6d:e2:ea:a7:18:aa:cd:3f:b5:8e:c2:29:
                    6c:12:42:5b:d5:c9:61:df:b6:73:51:19:5a:39:4a:
                    0e:88:d9:33:1f:57:11:df:1d:c4:3d:2e:a0:61:b9:
                    fb:c6:28:77:7c:5b:9d:5c:71:44:1f:5b:e2:25:8e:
                    88:ed:f6:1d:d5:29:64:e4:08:dc:b1:1d:5f:fe:c6:
                    fb:3d:76:84:1a:f4:f6:ff:f7:d9:a6:90:d4:40:15:
                    31:fc:08:86:86:47:c1:d3:8d:3b:9b:e5:df:3a:3b:
                    a6:1d:00:0b:87:7f:b4:57:a5:e1:a7:18:fa:f9:c4:
                    75:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:DE:3F:61:2D:30:A8:F1:94:87:D2:E2:D7:4B:12:DF:87:65:BE:63
            X509v3 Authority Key Identifier:
                keyid:A6:B7:89:B3:2E:16:E9:DD:2F:70:51:31:19:DC:77:EA:61:FF:1E:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/preJsy4W6d0vcFExGdx36mH_Hgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/k94_YS0wqPGUh9Li10sS34dlvmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/preJsy4W6d0vcFExGdx36mH_Hgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:75:76:7d:9a:a5:55:b3:e7:e7:e7:b7:d0:90:c5:f1:8a:ac:
         9b:6c:42:06:55:4d:e8:be:8b:f3:3c:1b:f6:6f:1e:6f:df:55:
         6b:26:95:0d:f0:4d:64:bb:17:82:b5:a8:9d:cb:be:7b:e7:33:
         57:55:54:24:8c:92:9d:39:7a:25:b4:96:41:d7:f0:9b:75:49:
         eb:b6:4b:b3:3a:d3:b3:36:13:34:23:aa:e5:cd:b5:65:f7:e3:
         46:f2:5f:93:3a:7c:a1:6d:1c:fb:74:50:f8:d7:0e:59:a6:4f:
         e4:7c:ae:f7:78:7d:fe:a7:49:58:4e:89:87:dc:e3:f0:37:30:
         70:0b:74:fa:8f:58:00:05:cb:ef:9b:53:b7:ee:87:41:6b:53:
         03:44:9f:41:a5:44:da:dd:e7:f0:6b:58:be:e9:e2:81:0d:91:
         bf:0d:80:9a:6a:26:31:a6:35:95:a2:ff:8a:bd:75:8f:30:1c:
         8f:0a:3f:19:04:05:f2:b1:d1:96:5f:3d:d5:22:85:0b:67:b7:
         49:2d:f4:72:30:78:53:40:29:b2:9a:f2:89:84:8f:92:c4:81:
         a8:e8:dd:48:43:45:3a:e3:f8:0b:ee:8a:fc:30:d7:d0:db:22:
         74:6f:81:7a:5d:9b:92:02:41:f1:fb:87:88:b9:0b:22:7a:d1:
         ad:c1:3a:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2XfDrSUP4SdvbI+Ex9aXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Yjc4OWIzMmUxNmU5ZGQyZjcwNTEzMTE5ZGM3N2VhNjFm
ZjFlMDkwHhcNMjUwMTAyMTE0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2RlM2Y2MTJkMzBhOGYxOTQ4N2QyZTJkNzRiMTJkZjg3NjViZTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jqBT6U4MOoBYgMyY/u/VCMXA8Nw
4u1DKayihOs13BANkBYFfkkpjvCey1WzFF/sZpeuIqt8BMfNMzI/bebwu4XUVbiS
3b4Mkk7O+GmqeivpaDUp69CyPqsIu98r5+20VYbQQ65EmQuytnnyv0vsZEW0iyqR
hPprHY5uPH6lAhPJcwiB3u6cOYlt4uqnGKrNP7WOwilsEkJb1clh37ZzURlaOUoO
iNkzH1cR3x3EPS6gYbn7xih3fFudXHFEH1viJY6I7fYd1Slk5AjcsR1f/sb7PXaE
GvT2//fZppDUQBUx/AiGhkfB0407m+XfOjumHQALh3+0V6Xhpxj6+cR1fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPeP2EtMKjxlIfS4tdLEt+HZb5jMB8GA1UdIwQY
MBaAFKa3ibMuFundL3BRMRncd+ph/x4JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHJlSnN5NFc2ZDB2Y0ZFeEdkeDM2bUhfSGdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lNzY4YmQtZjUxMi00YjhhLTkzNmEt
MDZjOTI5NmYwOGEyLzEvazk0X1lTMHdxUEdVaDlMaTEwc1MzNGRsdm1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lNzY4YmQtZjUxMi00YjhhLTkzNmEtMDZjOTI5NmYwOGEy
LzEvcHJlSnN5NFc2ZDB2Y0ZFeEdkeDM2bUhfSGdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk053MA0G
CSqGSIb3DQEBCwUAA4IBAQCPdXZ9mqVVs+fn57fQkMXxiqybbEIGVU3ovovzPBv2
bx5v31VrJpUN8E1kuxeCtaidy7575zNXVVQkjJKdOXoltJZB1/CbdUnrtkuzOtOz
NhM0I6rlzbVl9+NG8l+TOnyhbRz7dFD41w5Zpk/kfK73eH3+p0lYTomH3OPwNzBw
C3T6j1gABcvvm1O37odBa1MDRJ9BpUTa3efwa1i+6eKBDZG/DYCaaiYxpjWVov+K
vXWPMByPCj8ZBAXysdGWXz3VIoULZ7dJLfRyMHhTQCmymvKJhI+SxIGo6N1IQ0U6
4/gL7or8MNfQ2yJ0b4F6XZuSAkHx+4eIuQsietGtwTps
-----END CERTIFICATE-----