Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/65ahf5r6xKbeZ8AGsp6YsLsmAZE.roa
File:                     65ahf5r6xKbeZ8AGsp6YsLsmAZE.roa (raw, json)
Hash identifier:          Sj/V9VHJ8TFvtffvUCl874DjTHZKJVL+voddh2kr3I4=
Subject key identifier:   EB:96:A1:7F:9A:FA:C4:A6:DE:67:C0:06:B2:9E:98:B0:BB:26:01:91
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019713405DB571AE6C597083DC86541A88CE
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/65ahf5r6xKbeZ8AGsp6YsLsmAZE.roa
Signing time:             Tue 27 May 2025 19:37:54 +0000
ROA not before:           Tue 27 May 2025 19:37:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        78.143.236.0/22 maxlen: 22
                          89.46.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:13:40:5d:b5:71:ae:6c:59:70:83:dc:86:54:1a:88:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: May 27 19:37:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb96a17f9afac4a6de67c006b29e98b0bb260191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a1:77:d8:92:41:28:6c:94:ab:58:42:ee:6e:
                    6e:d6:27:85:db:d5:61:7d:5b:65:ec:a1:74:d9:80:
                    54:a7:2f:eb:55:a6:15:5f:1c:56:bb:81:3b:a9:3b:
                    86:d8:07:65:b7:e3:ee:7c:e3:0e:66:11:96:62:20:
                    bd:45:13:ad:77:c9:62:b5:f5:dc:e2:c2:c8:b5:b3:
                    bc:23:a1:61:ab:96:99:56:56:e1:69:80:32:d2:ea:
                    48:e6:0d:e2:47:2e:b3:ab:e6:fa:4b:44:dd:61:6a:
                    28:81:b4:aa:73:51:ad:ba:40:0e:86:d8:84:08:87:
                    69:eb:4d:21:fd:d4:9b:4a:62:86:b2:46:62:07:d4:
                    25:b7:3f:42:84:f4:ba:c1:08:be:34:c4:02:ab:3a:
                    b0:47:b3:14:0e:f1:46:3c:f4:ba:57:c0:aa:f3:c3:
                    50:0f:0d:28:c5:03:bf:69:f0:c7:3e:05:da:57:42:
                    0c:d3:47:24:c1:a1:5f:31:2a:b0:d2:08:50:07:52:
                    9d:19:90:b1:1a:1d:31:ad:74:ca:bd:45:ce:4c:18:
                    60:82:ee:09:4c:f1:54:44:03:12:79:ba:22:e5:1c:
                    73:5f:1c:d3:e1:1e:ef:42:73:7f:f5:fd:48:85:e7:
                    32:33:07:65:38:65:69:11:15:3f:2c:f7:40:d5:9e:
                    91:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:96:A1:7F:9A:FA:C4:A6:DE:67:C0:06:B2:9E:98:B0:BB:26:01:91
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/65ahf5r6xKbeZ8AGsp6YsLsmAZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.236.0/22
                  89.46.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:5a:9a:18:31:01:69:e2:b2:ed:5a:a9:06:e8:b7:2b:70:f7:
         02:d5:d4:6a:dc:51:8b:2e:10:f6:ae:09:01:a1:85:7e:d9:44:
         28:44:ae:1c:80:fc:e8:14:b6:a1:d7:16:30:a5:16:92:10:b0:
         cf:78:95:07:d2:0b:74:ba:78:d3:11:88:96:11:67:71:ab:36:
         ff:b4:64:6f:9b:51:d5:d6:2a:95:43:5a:57:d3:fc:9f:06:d1:
         e7:3e:bd:fe:1e:87:a5:6f:c1:ed:69:70:45:3a:1d:f0:15:16:
         0d:bf:75:e1:ee:39:76:f4:68:f4:04:26:85:fb:9f:68:ad:a3:
         af:c9:07:f8:3f:10:f2:1e:db:b1:fd:6e:17:5e:fc:94:00:78:
         41:f9:6e:c6:a3:8c:58:58:cf:8b:89:07:e7:6a:26:00:a6:e7:
         44:d3:4c:87:0f:62:9b:ff:99:80:1b:96:0b:5f:9f:ce:25:0f:
         4e:55:53:f9:7e:1a:c9:8d:2d:c9:d2:d2:3d:62:c3:6e:c4:e0:
         a7:46:d9:08:04:03:2e:c1:35:fe:54:5f:e7:fb:ba:cb:7a:06:
         db:ed:57:d2:5a:0e:69:02:56:31:8c:07:b3:a8:3d:91:e0:4b:
         e0:32:73:96:77:b1:2b:19:46:99:d4:d0:aa:04:8f:91:b0:f5:
         a8:dd:f2:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcTQF21ca5sWXCD3IZUGojOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwNTI3MTkzNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjk2YTE3ZjlhZmFjNGE2ZGU2N2MwMDZiMjllOThiMGJiMjYwMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqF32JJBKGyUq1hC7m5u1ieF29Vh
fVtl7KF02YBUpy/rVaYVXxxWu4E7qTuG2Adlt+PufOMOZhGWYiC9RROtd8litfXc
4sLItbO8I6Fhq5aZVlbhaYAy0upI5g3iRy6zq+b6S0TdYWoogbSqc1GtukAOhtiE
CIdp600h/dSbSmKGskZiB9Qltz9ChPS6wQi+NMQCqzqwR7MUDvFGPPS6V8Cq88NQ
Dw0oxQO/afDHPgXaV0IM00ckwaFfMSqw0ghQB1KdGZCxGh0xrXTKvUXOTBhggu4J
TPFURAMSeboi5RxzXxzT4R7vQnN/9f1IhecyMwdlOGVpERU/LPdA1Z6R/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOuWoX+a+sSm3mfABrKemLC7JgGRMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvNjVhaGY1cjZ4S2JlWjhBR3NwNllzTHNtQVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTo/sAwQC
WS6wMA0GCSqGSIb3DQEBCwUAA4IBAQB5WpoYMQFp4rLtWqkG6LcrcPcC1dRq3FGL
LhD2rgkBoYV+2UQoRK4cgPzoFLah1xYwpRaSELDPeJUH0gt0unjTEYiWEWdxqzb/
tGRvm1HV1iqVQ1pX0/yfBtHnPr3+Hoelb8HtaXBFOh3wFRYNv3Xh7jl29Gj0BCaF
+59oraOvyQf4PxDyHtux/W4XXvyUAHhB+W7Go4xYWM+LiQfnaiYApudE00yHD2Kb
/5mAG5YLX5/OJQ9OVVP5fhrJjS3J0tI9YsNuxOCnRtkIBAMuwTX+VF/n+7rLegbb
7VfSWg5pAlYxjAezqD2R4EvgMnOWd7ErGUaZ1NCqBI+RsPWo3fJI
-----END CERTIFICATE-----