Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/Gb0UHBAB0Dc0hCzGDJbXXC0YxPA.roa
File:                     Gb0UHBAB0Dc0hCzGDJbXXC0YxPA.roa (raw, json)
Hash identifier:          7raBqAGSGU7xoGR3vt8m25hhNoG1Gw7C5q3QDR2lkQw=
Subject key identifier:   19:BD:14:1C:10:01:D0:37:34:84:2C:C6:0C:96:D7:5C:2D:18:C4:F0
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019716E28B001AC0E88AFD93903692404207
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/Gb0UHBAB0Dc0hCzGDJbXXC0YxPA.roa
Signing time:             Wed 28 May 2025 12:33:54 +0000
ROA not before:           Wed 28 May 2025 12:33:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39521
IP address blocks:        78.143.232.0/22 maxlen: 22
                          82.163.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:e2:8b:00:1a:c0:e8:8a:fd:93:90:36:92:40:42:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: May 28 12:33:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19bd141c1001d03734842cc60c96d75c2d18c4f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ff:f6:cb:4b:93:a3:16:c9:f6:15:d3:47:2a:
                    31:31:b8:0d:66:10:29:4e:33:85:30:0d:9c:c1:48:
                    d0:94:e4:ae:4e:06:76:05:da:20:aa:eb:5d:18:b2:
                    9a:6e:a6:db:a4:c7:55:30:0a:0a:5c:d4:55:b9:67:
                    ec:72:07:ef:6c:2f:c3:d9:03:32:b2:b0:77:69:17:
                    67:f2:39:43:35:59:11:81:52:25:31:31:00:72:42:
                    86:ab:ed:09:dd:7d:b7:f5:d1:a2:fb:06:37:34:ae:
                    cd:4d:d9:f9:bc:62:72:9f:63:7c:8f:4f:ad:15:0f:
                    a9:f5:aa:e8:62:c2:d9:8f:ee:c0:32:5b:27:25:df:
                    20:85:0f:1d:aa:bb:c7:29:c7:96:e9:7a:3a:a9:21:
                    bd:b8:f0:5c:ad:d6:ad:0c:a5:b2:95:21:bb:12:22:
                    7e:a5:70:cb:5f:39:69:ae:8d:ae:b5:d5:03:4b:d0:
                    e8:4c:bd:f5:e2:80:9a:39:45:58:07:c7:62:c0:c2:
                    69:a1:7b:64:57:1b:f3:ac:00:28:92:35:75:0b:72:
                    b3:fb:b6:56:c6:57:2f:51:d5:97:28:53:34:a1:87:
                    53:f5:11:6e:80:79:75:6f:5b:c9:bf:de:fe:ac:b9:
                    db:3f:d0:80:5b:35:b8:d6:2e:00:d2:af:7b:e1:39:
                    c6:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:BD:14:1C:10:01:D0:37:34:84:2C:C6:0C:96:D7:5C:2D:18:C4:F0
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/Gb0UHBAB0Dc0hCzGDJbXXC0YxPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.232.0/22
                  82.163.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:05:ea:f5:c5:5b:8c:b9:a3:60:21:e4:da:fc:c6:fa:73:07:
         b6:39:19:19:38:5e:55:43:30:a3:69:50:05:fb:24:e0:f9:4f:
         23:f4:7f:4a:ab:45:19:a1:87:1f:fb:af:26:0f:59:c3:26:e6:
         7d:5e:c1:93:62:d5:70:aa:bc:cc:28:0f:aa:6b:37:89:67:23:
         73:b9:50:6e:22:b2:21:47:05:59:08:f3:4f:cc:79:4a:ad:b5:
         c7:d9:a1:83:1c:f6:39:5c:d2:ba:f9:6c:25:55:74:dc:5d:ee:
         b6:54:8f:76:80:42:ca:98:b9:18:10:d5:4b:22:95:86:af:36:
         a2:e5:cb:a3:e7:c4:11:1f:14:1e:de:98:88:c9:91:43:0a:33:
         48:47:39:dd:c2:75:b0:08:a9:f1:a5:6d:bf:30:11:7c:05:01:
         52:c9:0c:65:6b:db:e2:0c:ca:08:da:04:76:b4:b0:23:13:ad:
         10:0c:e0:9a:b2:3a:d2:cb:d2:bd:26:23:a8:cd:4a:d0:47:22:
         42:bc:4d:5a:16:96:2f:87:75:42:19:7c:44:2d:b7:ce:00:90:
         7d:5c:7c:0d:4c:4e:86:ac:c9:b1:3b:05:97:89:25:47:00:fa:
         fc:79:f9:69:18:32:0f:92:4e:96:ac:e0:26:8a:6a:8b:9c:ae:
         e7:e5:82:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcW4osAGsDoiv2TkDaSQEIHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwNTI4MTIzMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWJkMTQxYzEwMDFkMDM3MzQ4NDJjYzYwYzk2ZDc1YzJkMThjNGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnv/2y0uToxbJ9hXTRyoxMbgNZhAp
TjOFMA2cwUjQlOSuTgZ2BdogqutdGLKabqbbpMdVMAoKXNRVuWfscgfvbC/D2QMy
srB3aRdn8jlDNVkRgVIlMTEAckKGq+0J3X239dGi+wY3NK7NTdn5vGJyn2N8j0+t
FQ+p9aroYsLZj+7AMlsnJd8ghQ8dqrvHKceW6Xo6qSG9uPBcrdatDKWylSG7EiJ+
pXDLXzlpro2utdUDS9DoTL314oCaOUVYB8diwMJpoXtkVxvzrAAokjV1C3Kz+7ZW
xlcvUdWXKFM0oYdT9RFugHl1b1vJv97+rLnbP9CAWzW41i4A0q974TnGOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBm9FBwQAdA3NIQsxgyW11wtGMTwMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvR2IwVUhCQUIwRGMwaEN6R0RKYlhYQzBZeFBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTo/oAwQC
UqNAMA0GCSqGSIb3DQEBCwUAA4IBAQB1Ber1xVuMuaNgIeTa/Mb6cwe2ORkZOF5V
QzCjaVAF+yTg+U8j9H9Kq0UZoYcf+68mD1nDJuZ9XsGTYtVwqrzMKA+qazeJZyNz
uVBuIrIhRwVZCPNPzHlKrbXH2aGDHPY5XNK6+WwlVXTcXe62VI92gELKmLkYENVL
IpWGrzai5cuj58QRHxQe3piIyZFDCjNIRzndwnWwCKnxpW2/MBF8BQFSyQxla9vi
DMoI2gR2tLAjE60QDOCasjrSy9K9JiOozUrQRyJCvE1aFpYvh3VCGXxELbfOAJB9
XHwNTE6GrMmxOwWXiSVHAPr8eflpGDIPkk6WrOAmimqLnK7n5YKC
-----END CERTIFICATE-----