Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/kDyvOnLZQzeKWmaZeleSC7tsL8w.roa
File:                     kDyvOnLZQzeKWmaZeleSC7tsL8w.roa (raw, json)
Hash identifier:          GbNFAnU0pItUjpzB6Y7UDRf6GIn6EyzF7Cux5iLe9bY=
Subject key identifier:   90:3C:AF:3A:72:D9:43:37:8A:5A:66:99:7A:57:92:0B:BB:6C:2F:CC
Certificate issuer:       /CN=ed6da82dbc7d7e2818f96680b66efcedb1087947
Certificate serial:       019421B1EF3DE8D37DF060C4F7D31ACEE938
Authority key identifier: ED:6D:A8:2D:BC:7D:7E:28:18:F9:66:80:B6:6E:FC:ED:B1:08:79:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/kDyvOnLZQzeKWmaZeleSC7tsL8w.roa
Signing time:             Wed 01 Jan 2025 11:48:16 +0000
ROA not before:           Wed 01 Jan 2025 11:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197297
IP address blocks:        178.19.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ef:3d:e8:d3:7d:f0:60:c4:f7:d3:1a:ce:e9:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da82dbc7d7e2818f96680b66efcedb1087947
        Validity
            Not Before: Jan  1 11:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=903caf3a72d943378a5a66997a57920bbb6c2fcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0f:69:b8:ac:6e:7b:88:82:bd:d2:2f:27:19:
                    aa:d2:9e:03:9b:39:4b:40:1d:72:a9:24:62:59:8c:
                    62:e9:8f:c1:6e:0b:f7:28:8b:aa:9e:73:15:d6:e8:
                    68:ca:e7:4b:75:7b:e2:11:d6:5f:63:a6:5b:03:66:
                    e7:96:97:ea:ab:c4:06:5e:17:55:e2:ef:68:7c:c0:
                    83:97:ce:3e:c8:ac:83:e5:fc:fd:dc:5c:f8:dd:6b:
                    94:72:e6:f2:98:6a:08:60:10:97:c8:0f:ce:a9:1a:
                    5a:9d:d8:b5:89:82:cf:18:8d:fb:c9:13:3f:d4:73:
                    0e:d3:00:4e:cf:23:04:b7:b2:81:f2:a8:34:ee:63:
                    8f:30:da:66:5a:5c:b2:61:66:9c:3c:2e:dd:26:a9:
                    ec:32:b7:18:da:da:e0:e9:2c:d5:fc:10:06:6c:10:
                    c1:05:0d:c7:14:d1:0b:94:96:68:7e:20:61:04:80:
                    af:1b:fc:7c:ab:ce:e1:cd:af:5d:31:89:bf:eb:6e:
                    9d:7f:04:f5:69:f7:a0:44:e9:b4:67:5b:7c:e3:bd:
                    1b:9b:cd:83:59:c3:1b:91:b9:f1:19:90:6e:40:51:
                    0b:fd:a1:6c:97:72:9c:d7:d1:e6:29:8f:a2:17:85:
                    3d:d1:20:c4:76:84:dd:54:eb:b0:01:b3:ae:64:d2:
                    08:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3C:AF:3A:72:D9:43:37:8A:5A:66:99:7A:57:92:0B:BB:6C:2F:CC
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A8:2D:BC:7D:7E:28:18:F9:66:80:B6:6E:FC:ED:B1:08:79:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/kDyvOnLZQzeKWmaZeleSC7tsL8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.19.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:ed:0e:c5:f2:bd:75:3a:d4:d6:e4:6c:66:df:ac:0a:be:bd:
         ea:07:68:e1:77:9e:d2:cb:3a:b7:47:65:a4:5e:b9:02:08:57:
         a5:70:c3:b0:a2:7b:a4:7b:0d:c1:2a:8f:4c:a4:46:18:d5:c7:
         a3:e8:5c:c9:16:72:44:b3:6e:c9:07:45:2d:f6:65:79:3c:5d:
         7b:aa:c2:37:ca:fb:1a:f8:be:b2:10:d3:46:5c:46:99:6c:9d:
         d7:88:3d:4f:87:30:d5:37:58:78:9c:19:56:5e:9c:cf:7f:3e:
         0a:75:bc:39:55:6a:25:cd:d5:18:03:3f:69:02:fb:78:2d:3f:
         94:e7:cd:ab:bb:08:51:da:a7:26:de:a9:ef:bd:a6:dc:fa:84:
         69:66:67:b6:b9:6d:5f:d1:e9:54:15:70:09:22:63:02:1b:e2:
         39:83:5f:6a:76:ec:7b:c8:58:3b:06:cb:6f:f5:e1:f3:28:74:
         1d:bd:ca:8c:d2:da:2c:b4:d5:8c:de:67:78:eb:9d:22:e8:d8:
         28:cd:39:ab:f6:d1:94:9c:06:8f:cf:5b:41:2f:cd:5b:ed:22:
         4d:6b:c5:75:55:21:50:a4:c1:fd:f1:fc:e8:c2:0f:85:02:28:
         bf:43:10:35:58:74:2e:ca:f4:f5:53:86:5a:d7:08:bd:22:d3:
         ef:ce:80:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhse896NN98GDE99Mazuk4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhODJkYmM3ZDdlMjgxOGY5NjY4MGI2NmVmY2VkYjEw
ODc5NDcwHhcNMjUwMTAxMTE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDNjYWYzYTcyZDk0MzM3OGE1YTY2OTk3YTU3OTIwYmJiNmMyZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoA9puKxue4iCvdIvJxmq0p4DmzlL
QB1yqSRiWYxi6Y/Bbgv3KIuqnnMV1uhoyudLdXviEdZfY6ZbA2bnlpfqq8QGXhdV
4u9ofMCDl84+yKyD5fz93Fz43WuUcubymGoIYBCXyA/OqRpandi1iYLPGI37yRM/
1HMO0wBOzyMEt7KB8qg07mOPMNpmWlyyYWacPC7dJqnsMrcY2trg6SzV/BAGbBDB
BQ3HFNELlJZofiBhBICvG/x8q87hza9dMYm/626dfwT1afegROm0Z1t8470bm82D
WcMbkbnxGZBuQFEL/aFsl3Kc19HmKY+iF4U90SDEdoTdVOuwAbOuZNII4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA8rzpy2UM3ilpmmXpXkgu7bC/MMB8GA1UdIwQY
MBaAFO1tqC28fX4oGPlmgLZu/O2xCHlHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cyb0xieDlmaWdZLVdhQXRtNzg3YkVJZVVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zNTQ5ZmItZTNhMy00MTI0LWIzYjAt
NTk5NTc3ODdiMDE1LzEva0R5dk9uTFpRemVLV21hWmVsZVNDN3RzTDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zNTQ5ZmItZTNhMy00MTI0LWIzYjAtNTk5NTc3ODdiMDE1
LzEvN1cyb0xieDlmaWdZLVdhQXRtNzg3YkVJZVVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshNJMA0G
CSqGSIb3DQEBCwUAA4IBAQBn7Q7F8r11OtTW5Gxm36wKvr3qB2jhd57Syzq3R2Wk
XrkCCFelcMOwonukew3BKo9MpEYY1cej6FzJFnJEs27JB0Ut9mV5PF17qsI3yvsa
+L6yENNGXEaZbJ3XiD1PhzDVN1h4nBlWXpzPfz4Kdbw5VWolzdUYAz9pAvt4LT+U
582ruwhR2qcm3qnvvabc+oRpZme2uW1f0elUFXAJImMCG+I5g19qdux7yFg7Bstv
9eHzKHQdvcqM0tostNWM3md4650i6NgozTmr9tGUnAaPz1tBL81b7SJNa8V1VSFQ
pMH98fzowg+FAii/QxA1WHQuyvT1U4Za1wi9ItPvzoDc
-----END CERTIFICATE-----