Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/V9zsk3L9XIXZCur0J3Y0GPeRA2A.roa
File:                     V9zsk3L9XIXZCur0J3Y0GPeRA2A.roa (raw, json)
Hash identifier:          tf7Ub3wjkKqiL0umPzcGNgX7/weYHByXtjgDRXIkq9Q=
Subject key identifier:   57:DC:EC:93:72:FD:5C:85:D9:0A:EA:F4:27:76:34:18:F7:91:03:60
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01942748483A2BC14E048FD7C47C7BDF5C60
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/V9zsk3L9XIXZCur0J3Y0GPeRA2A.roa
Signing time:             Thu 02 Jan 2025 13:50:35 +0000
ROA not before:           Thu 02 Jan 2025 13:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205775
IP address blocks:        178.19.34.0/24 maxlen: 24
                          178.19.35.0/24 maxlen: 24
                          178.19.45.0/24 maxlen: 24
                          178.19.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:48:3a:2b:c1:4e:04:8f:d7:c4:7c:7b:df:5c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57dcec9372fd5c85d90aeaf427763418f7910360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f2:45:d7:77:85:2e:9b:b7:df:f1:1b:d2:d5:
                    fb:9e:3e:9b:16:e8:0f:ce:d3:d3:8a:23:86:61:ef:
                    30:56:0b:ee:8d:fe:b9:f0:6f:4f:9e:33:1c:80:b5:
                    5d:ad:5a:48:dd:53:ab:69:02:09:f4:76:ad:d7:ac:
                    34:f8:63:a2:2a:bd:4e:75:47:e1:fb:e7:63:b5:06:
                    be:92:9e:e0:21:2e:89:fa:a0:b9:74:50:60:e7:cd:
                    2a:25:8e:06:49:82:26:f0:c2:5d:47:b0:59:5d:de:
                    55:0e:e2:5b:24:9d:9e:24:80:7e:ea:e9:4e:2f:ca:
                    a0:a3:1d:f7:24:1c:d0:3c:eb:c5:ae:20:00:3b:1b:
                    96:d2:1f:52:b6:97:e5:a7:24:32:bf:43:0e:6b:19:
                    6b:fb:2c:6e:bb:23:a4:c0:91:ba:fc:6e:77:9e:bd:
                    ae:bf:00:01:f5:d5:19:05:40:3d:0d:9e:9f:7c:79:
                    03:53:a5:bc:bc:0f:d1:1d:09:67:5b:cb:b7:82:0d:
                    67:96:25:7d:15:4f:84:0c:63:58:c9:e3:33:ef:31:
                    ad:13:76:e7:19:b3:1a:93:98:53:b6:38:b6:00:0c:
                    1d:d5:fd:76:b6:5f:cb:2f:6d:35:57:50:6e:1e:1e:
                    7b:c5:4c:cf:49:6b:b5:1f:92:19:60:3d:81:40:d2:
                    2b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:DC:EC:93:72:FD:5C:85:D9:0A:EA:F4:27:76:34:18:F7:91:03:60
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/V9zsk3L9XIXZCur0J3Y0GPeRA2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.19.34.0/23
                  178.19.45.0-178.19.46.255

    Signature Algorithm: sha256WithRSAEncryption
         60:3a:00:f7:b4:5d:f7:c9:56:d8:10:f4:13:fe:2f:1c:03:a8:
         fe:c9:aa:0b:b6:5b:f3:f0:bc:bb:03:d5:8b:15:83:28:8e:79:
         63:57:fd:f9:ca:6b:60:aa:ca:5a:e4:53:55:5e:a5:bf:19:e9:
         f4:79:ad:e3:65:fd:4e:1d:a1:fc:1b:bc:cb:79:9f:cd:c3:32:
         9f:8a:e2:c1:6f:dd:8b:64:a1:07:55:bd:16:c1:4c:0f:15:e9:
         ba:92:dc:bd:fd:4f:85:93:08:11:8a:c1:ce:79:43:c0:bf:6b:
         49:4a:52:6b:81:e3:2c:f4:b1:c5:34:46:f6:fe:be:94:01:b8:
         48:9e:c8:5b:d6:fb:a9:d0:b9:c8:02:41:47:02:33:70:ae:9c:
         40:8e:92:3c:d5:f9:75:f0:a0:66:6f:eb:6a:36:85:4b:9d:29:
         69:68:94:a0:43:c6:e7:92:03:65:3b:64:98:75:ed:da:13:a5:
         e9:4a:d8:21:da:57:b8:05:9f:66:f7:33:fc:58:ff:73:17:9f:
         e1:48:df:70:2c:9f:b8:a4:05:73:61:6a:d0:88:8e:04:c3:d6:
         bc:b4:34:6d:d7:22:5a:2f:9e:ae:8d:fc:61:7d:08:e9:bf:c0:
         33:cd:d0:7b:85:dc:5e:df:e5:bd:61:9f:19:61:a9:24:0b:d4:
         72:a8:30:af
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQnSEg6K8FOBI/XxHx731xgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2RjZWM5MzcyZmQ1Yzg1ZDkwYWVhZjQyNzc2MzQxOGY3OTEwMzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/JF13eFLpu33/Eb0tX7nj6bFugP
ztPTiiOGYe8wVgvujf658G9PnjMcgLVdrVpI3VOraQIJ9Hat16w0+GOiKr1OdUfh
++djtQa+kp7gIS6J+qC5dFBg580qJY4GSYIm8MJdR7BZXd5VDuJbJJ2eJIB+6ulO
L8qgox33JBzQPOvFriAAOxuW0h9StpflpyQyv0MOaxlr+yxuuyOkwJG6/G53nr2u
vwAB9dUZBUA9DZ6ffHkDU6W8vA/RHQlnW8u3gg1nliV9FU+EDGNYyeMz7zGtE3bn
GbMak5hTtji2AAwd1f12tl/LL201V1BuHh57xUzPSWu1H5IZYD2BQNIrgQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFfc7JNy/VyF2Qrq9Cd2NBj3kQNgMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvVjl6c2szTDlYSVhaQ3VyMEozWTBHUGVSQTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBshMiMAwD
BACyEy0DBACyEy4wDQYJKoZIhvcNAQELBQADggEBAGA6APe0XffJVtgQ9BP+LxwD
qP7Jqgu2W/PwvLsD1YsVgyiOeWNX/fnKa2CqylrkU1Vepb8Z6fR5reNl/U4dofwb
vMt5n83DMp+K4sFv3YtkoQdVvRbBTA8V6bqS3L39T4WTCBGKwc55Q8C/a0lKUmuB
4yz0scU0Rvb+vpQBuEieyFvW+6nQucgCQUcCM3CunECOkjzV+XXwoGZv62o2hUud
KWlolKBDxueSA2U7ZJh17doTpelK2CHaV7gFn2b3M/xY/3MXn+FI33Asn7ikBXNh
atCIjgTD1ry0NG3XIlovnq6N/GF9COm/wDPN0HuF3F7f5b1hnxlhqSQL1HKoMK8=
-----END CERTIFICATE-----