Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/d6d625-dda2-4f2f-b8cf-92c7d46ddb89/1/6S1fN0Slf3Y95btQEfpy__y_tiw.roa
File:                     6S1fN0Slf3Y95btQEfpy__y_tiw.roa (raw, json)
Hash identifier:          5FWi2gr8yiM3yt2DtW3oiI0p1G9KyA1KVfzD3/JWlJI=
Subject key identifier:   E9:2D:5F:37:44:A5:7F:76:3D:E5:BB:50:11:FA:72:FF:FC:BF:B6:2C
Certificate issuer:       /CN=74a47e3a67160ae4662e0ebcced7a9233ce47abf
Certificate serial:       019423D7E77810F1683DEA8706A2D68F6823
Authority key identifier: 74:A4:7E:3A:67:16:0A:E4:66:2E:0E:BC:CE:D7:A9:23:3C:E4:7A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dKR-OmcWCuRmLg68ztepIzzker8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/d6d625-dda2-4f2f-b8cf-92c7d46ddb89/1/6S1fN0Slf3Y95btQEfpy__y_tiw.roa
Signing time:             Wed 01 Jan 2025 21:48:59 +0000
ROA not before:           Wed 01 Jan 2025 21:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44945
IP address blocks:        78.108.16.0/20 maxlen: 20
                          185.43.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/d6d625-dda2-4f2f-b8cf-92c7d46ddb89/1/dKR-OmcWCuRmLg68ztepIzzker8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/d6d625-dda2-4f2f-b8cf-92c7d46ddb89/1/dKR-OmcWCuRmLg68ztepIzzker8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dKR-OmcWCuRmLg68ztepIzzker8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e7:78:10:f1:68:3d:ea:87:06:a2:d6:8f:68:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74a47e3a67160ae4662e0ebcced7a9233ce47abf
        Validity
            Not Before: Jan  1 21:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e92d5f3744a57f763de5bb5011fa72fffcbfb62c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a2:10:73:81:fc:cd:15:bf:00:ef:71:ce:36:
                    51:a4:bc:ee:37:75:28:1f:a8:90:04:65:13:7b:01:
                    25:e7:6d:23:b4:39:24:a8:88:de:91:a7:72:7f:31:
                    1d:bf:d0:5c:03:61:75:35:45:8b:e8:e0:45:9b:35:
                    d3:82:a4:fd:8e:17:60:be:62:5d:d9:0b:17:db:28:
                    90:bc:23:47:52:5f:0b:0b:3b:af:b6:94:55:d1:34:
                    c0:d1:db:98:ed:d4:61:81:cb:84:98:d7:c5:16:e3:
                    7c:75:c9:8f:b0:87:bd:cf:2b:b2:3e:ee:c8:02:a8:
                    6e:4f:0a:14:44:f2:02:06:03:a2:7e:e4:af:ff:e9:
                    2c:32:ef:b0:c8:23:5e:fc:ff:a7:f8:fe:f3:71:37:
                    62:3f:90:bf:d7:0b:56:29:2f:56:35:40:91:99:ed:
                    8c:2b:e1:c9:22:74:40:00:90:03:27:d7:0e:2e:c5:
                    30:0b:c1:f1:60:a0:d8:91:19:cd:29:4a:17:f8:a3:
                    83:83:27:e6:c0:c2:cc:76:3a:55:9a:4e:ad:a8:5d:
                    84:05:b9:18:4e:65:3d:05:42:7d:c8:21:08:19:8c:
                    41:ce:9a:5c:c2:e7:c7:1b:9d:cc:3f:77:96:23:33:
                    ee:a4:1f:1c:cb:68:c7:87:4e:88:21:54:ac:ef:26:
                    5c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:2D:5F:37:44:A5:7F:76:3D:E5:BB:50:11:FA:72:FF:FC:BF:B6:2C
            X509v3 Authority Key Identifier:
                keyid:74:A4:7E:3A:67:16:0A:E4:66:2E:0E:BC:CE:D7:A9:23:3C:E4:7A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dKR-OmcWCuRmLg68ztepIzzker8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/d6d625-dda2-4f2f-b8cf-92c7d46ddb89/1/6S1fN0Slf3Y95btQEfpy__y_tiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/d6d625-dda2-4f2f-b8cf-92c7d46ddb89/1/dKR-OmcWCuRmLg68ztepIzzker8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.16.0/20
                  185.43.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:0e:04:a8:50:8e:93:5f:f5:8f:8d:a1:62:4c:2e:77:2b:ed:
         fb:34:5f:b2:ba:cd:b0:f0:3d:fa:60:77:3b:cc:28:44:12:01:
         94:dc:2f:89:96:53:d8:56:94:f4:15:07:c6:b9:d8:6c:37:63:
         7f:47:01:0f:c9:12:5d:d4:fd:a1:1a:e3:28:33:8d:f4:3e:4f:
         dc:9b:c6:97:ea:23:23:35:9c:2e:26:74:e8:64:14:71:5b:be:
         42:59:11:17:10:f4:19:c5:53:3d:82:9a:24:38:d3:df:34:ac:
         75:1d:23:3d:ad:18:d8:91:c2:d7:83:7d:5b:54:19:b0:a0:0c:
         df:bd:ba:af:73:4c:00:8f:02:c1:7f:43:51:62:f1:60:d2:86:
         d8:ad:9a:f7:61:cd:50:74:04:7a:17:4e:ab:38:cf:ba:7d:3c:
         34:38:3f:04:65:ad:74:1a:49:19:f4:0f:76:1e:b4:c1:15:d7:
         0f:bc:2e:1e:8a:ac:f9:52:6a:de:7b:26:60:0f:9a:1b:a2:34:
         4d:d4:c4:fb:0e:56:2b:10:cc:4c:9e:e9:2b:6c:d0:08:db:6b:
         b6:7e:53:b0:ec:95:a6:65:d4:78:d7:5b:75:88:c6:7f:ca:32:
         f4:09:77:7a:64:bf:8f:b3:3e:5e:c1:f9:bc:fe:d7:12:1d:12:
         b5:2f:0b:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1+d4EPFoPeqHBqLWj2gjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YTQ3ZTNhNjcxNjBhZTQ2NjJlMGViY2NlZDdhOTIzM2Nl
NDdhYmYwHhcNMjUwMTAxMjE0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTJkNWYzNzQ0YTU3Zjc2M2RlNWJiNTAxMWZhNzJmZmZjYmZiNjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6IQc4H8zRW/AO9xzjZRpLzuN3Uo
H6iQBGUTewEl520jtDkkqIjekadyfzEdv9BcA2F1NUWL6OBFmzXTgqT9jhdgvmJd
2QsX2yiQvCNHUl8LCzuvtpRV0TTA0duY7dRhgcuEmNfFFuN8dcmPsIe9zyuyPu7I
AqhuTwoURPICBgOifuSv/+ksMu+wyCNe/P+n+P7zcTdiP5C/1wtWKS9WNUCRme2M
K+HJInRAAJADJ9cOLsUwC8HxYKDYkRnNKUoX+KODgyfmwMLMdjpVmk6tqF2EBbkY
TmU9BUJ9yCEIGYxBzppcwufHG53MP3eWIzPupB8cy2jHh06IIVSs7yZchQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOktXzdEpX92PeW7UBH6cv/8v7YsMB8GA1UdIwQY
MBaAFHSkfjpnFgrkZi4OvM7XqSM85Hq/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEtSLU9tY1dDdVJtTGc2OHp0ZXBJenprZXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9kNmQ2MjUtZGRhMi00ZjJmLWI4Y2Yt
OTJjN2Q0NmRkYjg5LzEvNlMxZk4wU2xmM1k5NWJ0UUVmcHlfX3lfdGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9kNmQ2MjUtZGRhMi00ZjJmLWI4Y2YtOTJjN2Q0NmRkYjg5
LzEvZEtSLU9tY1dDdVJtTGc2OHp0ZXBJenprZXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQETmwQAwQC
uSusMA0GCSqGSIb3DQEBCwUAA4IBAQCLDgSoUI6TX/WPjaFiTC53K+37NF+yus2w
8D36YHc7zChEEgGU3C+JllPYVpT0FQfGudhsN2N/RwEPyRJd1P2hGuMoM430Pk/c
m8aX6iMjNZwuJnToZBRxW75CWREXEPQZxVM9gpokONPfNKx1HSM9rRjYkcLXg31b
VBmwoAzfvbqvc0wAjwLBf0NRYvFg0obYrZr3Yc1QdAR6F06rOM+6fTw0OD8EZa10
GkkZ9A92HrTBFdcPvC4eiqz5UmreeyZgD5obojRN1MT7DlYrEMxMnukrbNAI22u2
flOw7JWmZdR411t1iMZ/yjL0CXd6ZL+Psz5ewfm8/tcSHRK1Lwul
-----END CERTIFICATE-----