Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/XAkX5rregKOAZ6goJ5wx9HQsoXA.roa
File:                     XAkX5rregKOAZ6goJ5wx9HQsoXA.roa (raw, json)
Hash identifier:          2tvW+4GQcYwWdY3d9omkAom+BcKhq65s61hMNNvk19g=
Subject key identifier:   5C:09:17:E6:BA:DE:80:A3:80:67:A8:28:27:9C:31:F4:74:2C:A1:70
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0194282410ED7A0664CF0D6D4BDEE8791A0E
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/XAkX5rregKOAZ6goJ5wx9HQsoXA.roa
Signing time:             Thu 02 Jan 2025 17:50:39 +0000
ROA not before:           Thu 02 Jan 2025 17:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        78.143.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:10:ed:7a:06:64:cf:0d:6d:4b:de:e8:79:1a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 17:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c0917e6bade80a38067a828279c31f4742ca170
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:f9:51:7c:ee:2a:d1:42:52:e5:12:2a:fd:ee:
                    30:9c:e2:8e:f9:0c:36:f0:83:ed:f3:12:67:84:5f:
                    23:59:34:fd:7b:77:27:0b:da:f9:be:cc:06:0b:9b:
                    c0:d5:3d:d8:6e:c2:43:9f:0b:fc:0c:05:ac:38:36:
                    9d:80:59:b7:54:c4:a0:33:81:c3:ef:e8:ae:86:d2:
                    0f:77:c5:7c:80:0c:aa:77:c3:ff:39:aa:fa:5e:3f:
                    81:8f:73:a6:cc:df:ad:ee:54:d0:0d:f3:24:cd:af:
                    37:13:44:3e:ce:2c:f8:d0:0d:b4:26:ce:75:23:1f:
                    66:c4:e0:ae:d5:6a:84:3a:ec:8c:86:71:84:4a:1c:
                    6e:be:26:79:5b:ae:9d:56:e5:f6:90:ca:fb:4a:06:
                    36:23:5d:87:d9:06:b9:74:36:e8:fb:d3:cb:f5:31:
                    a1:db:cb:a0:2a:72:8d:e4:87:ad:2d:62:68:91:7f:
                    d7:db:ae:90:a8:ed:25:ba:b3:2d:30:58:88:2d:e2:
                    c5:c0:6d:2f:10:2e:85:a6:88:b3:5b:2f:3f:e2:de:
                    c9:b4:eb:8a:e4:d0:bd:12:ec:c7:41:0b:36:da:c5:
                    f8:ff:9a:35:3b:0d:74:e9:fa:ad:7b:f7:37:19:e4:
                    14:fe:d4:9a:67:a4:bd:aa:63:e1:5e:32:4d:07:ce:
                    a4:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:09:17:E6:BA:DE:80:A3:80:67:A8:28:27:9C:31:F4:74:2C:A1:70
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/XAkX5rregKOAZ6goJ5wx9HQsoXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:29:24:b1:70:3b:49:ae:22:11:d1:4a:8a:0d:fb:82:0d:70:
         a6:91:56:f5:49:f9:7c:b3:87:b7:ae:3f:3d:70:bc:29:1e:e1:
         f1:88:67:28:bd:cc:51:1a:22:d9:f1:0a:d7:22:fc:ac:a5:b8:
         08:62:4d:5b:32:7f:ee:79:f1:fd:14:25:a5:f0:65:fb:3d:6f:
         74:fc:13:13:eb:c6:de:7c:04:ef:15:4d:da:b8:bb:e5:e7:31:
         13:a6:a9:0a:8e:bd:10:13:b7:c8:4c:76:b3:59:95:64:d4:93:
         8f:7a:68:22:8c:4b:d2:fe:bf:ee:d8:20:7a:81:d7:ed:ae:2e:
         08:8a:82:2f:8b:70:51:c5:2a:0e:9c:77:eb:8a:e2:03:5b:0a:
         6e:f5:87:ea:9e:ff:36:b2:fc:e4:84:cc:3a:a8:2c:3e:4f:aa:
         d0:ba:65:5f:01:6d:4d:d3:61:57:b2:5b:9e:7c:94:63:c9:6f:
         a4:e0:a3:a8:40:aa:28:4a:03:f7:ef:34:9f:dd:38:9a:47:bc:
         ca:df:f3:18:f9:0f:2f:b3:44:a9:b8:09:6f:c2:0c:48:79:30:
         4b:6e:ee:91:cb:c5:c3:ed:13:c7:d8:62:cb:46:65:85:ac:f5:
         2b:fe:7f:75:a5:72:69:d3:77:d2:02:e7:1c:73:0c:8e:76:91:
         99:b9:ac:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJBDtegZkzw1tS97oeRoOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTAyMTc1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzA5MTdlNmJhZGU4MGEzODA2N2E4MjgyNzljMzFmNDc0MmNhMTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7PlRfO4q0UJS5RIq/e4wnOKO+Qw2
8IPt8xJnhF8jWTT9e3cnC9r5vswGC5vA1T3YbsJDnwv8DAWsODadgFm3VMSgM4HD
7+iuhtIPd8V8gAyqd8P/Oar6Xj+Bj3OmzN+t7lTQDfMkza83E0Q+ziz40A20Js51
Ix9mxOCu1WqEOuyMhnGEShxuviZ5W66dVuX2kMr7SgY2I12H2Qa5dDbo+9PL9TGh
28ugKnKN5IetLWJokX/X266QqO0lurMtMFiILeLFwG0vEC6FpoizWy8/4t7JtOuK
5NC9EuzHQQs22sX4/5o1Ow106fqte/c3GeQU/tSaZ6S9qmPhXjJNB86kLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwJF+a63oCjgGeoKCecMfR0LKFwMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvWEFrWDVycmVnS09BWjZnb0o1d3g5SFFzb1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTo/gMA0G
CSqGSIb3DQEBCwUAA4IBAQAJKSSxcDtJriIR0UqKDfuCDXCmkVb1Sfl8s4e3rj89
cLwpHuHxiGcovcxRGiLZ8QrXIvyspbgIYk1bMn/uefH9FCWl8GX7PW90/BMT68be
fATvFU3auLvl5zETpqkKjr0QE7fITHazWZVk1JOPemgijEvS/r/u2CB6gdftri4I
ioIvi3BRxSoOnHfriuIDWwpu9Yfqnv82svzkhMw6qCw+T6rQumVfAW1N02FXslue
fJRjyW+k4KOoQKooSgP37zSf3TiaR7zK3/MY+Q8vs0SpuAlvwgxIeTBLbu6Ry8XD
7RPH2GLLRmWFrPUr/n91pXJp03fSAucccwyOdpGZuaws
-----END CERTIFICATE-----