Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/7Hysv3h3cIK_WddtBkhV4eeOKec.roa
File:                     7Hysv3h3cIK_WddtBkhV4eeOKec.roa (raw, json)
Hash identifier:          vqkbaBvGL81dJNu1I/whqip6EIOAqXAyhwvf9zKaCBc=
Subject key identifier:   EC:7C:AC:BF:78:77:70:82:BF:59:D7:6D:06:48:55:E1:E7:8E:29:E7
Certificate issuer:       /CN=5525775a706ac00c82fa29339e22e43108099e79
Certificate serial:       019427B50E7EE3AFA07B14F3A3683187CB2D
Authority key identifier: 55:25:77:5A:70:6A:C0:0C:82:FA:29:33:9E:22:E4:31:08:09:9E:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSV3WnBqwAyC-ikzniLkMQgJnnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/7Hysv3h3cIK_WddtBkhV4eeOKec.roa
Signing time:             Thu 02 Jan 2025 15:49:24 +0000
ROA not before:           Thu 02 Jan 2025 15:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212694
IP address blocks:        109.233.40.0/21 maxlen: 21
                          178.17.212.0/22 maxlen: 22
                          2a04:c040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/VSV3WnBqwAyC-ikzniLkMQgJnnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/VSV3WnBqwAyC-ikzniLkMQgJnnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSV3WnBqwAyC-ikzniLkMQgJnnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:0e:7e:e3:af:a0:7b:14:f3:a3:68:31:87:cb:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5525775a706ac00c82fa29339e22e43108099e79
        Validity
            Not Before: Jan  2 15:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec7cacbf78777082bf59d76d064855e1e78e29e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:49:9e:a5:67:c8:a3:dc:1c:44:5d:73:6e:3d:
                    3a:14:9a:5d:d2:88:b9:22:67:21:5e:a3:63:53:92:
                    e9:14:e0:a7:42:11:e1:43:3c:56:f9:1c:4a:58:97:
                    d8:03:ee:37:b4:a2:bc:90:91:6a:3d:2e:00:b8:71:
                    23:94:86:8c:58:40:7b:66:4c:6f:74:70:30:c0:36:
                    b3:3f:20:f2:b5:2f:7e:20:14:f2:f7:f2:e2:1d:40:
                    1c:6c:a7:62:20:6b:a3:41:d8:ec:54:1f:87:6c:85:
                    65:32:9e:29:fe:0e:57:f9:b9:ea:e0:b8:15:66:63:
                    7b:7d:dd:ee:54:33:3e:b3:42:04:27:a4:57:e8:c5:
                    2b:cb:58:30:2c:30:66:5a:f4:e0:66:b4:88:ae:f9:
                    ba:2e:40:32:0b:94:5c:0b:37:ba:35:6a:43:39:13:
                    00:bd:08:a7:0b:31:01:a1:f6:82:68:a1:1e:e5:9a:
                    31:d5:bf:fb:57:dc:c6:04:ad:47:6a:61:da:7d:f3:
                    9c:ee:b9:db:76:fd:96:a5:62:59:c5:86:a0:47:f3:
                    6e:a0:22:92:2b:61:39:9c:af:09:75:c5:d4:63:a0:
                    c6:88:d4:01:13:ac:59:5d:67:3b:e2:98:7a:67:3f:
                    c0:20:d7:00:aa:c8:ba:35:e9:57:3b:59:eb:40:bd:
                    dc:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:7C:AC:BF:78:77:70:82:BF:59:D7:6D:06:48:55:E1:E7:8E:29:E7
            X509v3 Authority Key Identifier:
                keyid:55:25:77:5A:70:6A:C0:0C:82:FA:29:33:9E:22:E4:31:08:09:9E:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSV3WnBqwAyC-ikzniLkMQgJnnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/7Hysv3h3cIK_WddtBkhV4eeOKec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f46d4e-ac33-4fd1-9e69-7954ed38c8ba/1/VSV3WnBqwAyC-ikzniLkMQgJnnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.40.0/21
                  178.17.212.0/22
                IPv6:
                  2a04:c040::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:40:4c:11:cc:19:61:e3:c0:4c:1a:9d:40:cf:95:85:cd:74:
         e2:96:29:b5:2d:b5:00:8c:c2:b0:46:25:d0:97:de:91:33:35:
         31:ad:f1:69:2d:cc:61:89:73:84:03:b5:f7:f9:77:2b:43:25:
         a2:7b:bc:4a:16:b2:c5:6c:1b:05:a2:df:15:02:a4:fc:87:25:
         9e:e9:06:97:96:40:55:4e:dc:b0:97:c8:a4:d4:84:3e:f3:7a:
         92:b6:59:8e:4d:ab:26:a3:e6:8f:17:3f:03:90:49:5e:d4:fa:
         0e:69:52:4a:eb:dc:e7:7a:7c:c4:96:b8:76:8f:cc:b2:16:9c:
         01:12:01:9b:70:02:ea:71:3b:92:3c:3b:c8:00:ac:a6:e3:8e:
         27:af:db:8d:aa:e0:77:17:94:c9:75:07:0d:99:ff:e0:94:c4:
         e7:b9:62:25:9a:b7:49:c9:dd:c5:36:26:5e:68:58:3a:cd:22:
         4c:5a:16:f2:bc:57:8d:31:50:04:b6:af:a0:2b:fe:5e:3e:4b:
         35:dd:ee:cb:cd:90:5e:bb:15:31:77:3e:56:40:4d:7e:9e:67:
         0b:e1:8d:63:1d:18:da:d2:cd:78:d8:e8:a1:ff:d0:54:fd:9c:
         ab:bd:c3:14:d8:20:63:52:1a:1f:11:a6:61:ef:aa:0e:49:3c:
         e5:65:d1:ac
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQntQ5+46+gexTzo2gxh8stMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjU3NzVhNzA2YWMwMGM4MmZhMjkzMzllMjJlNDMxMDgw
OTllNzkwHhcNMjUwMTAyMTU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzdjYWNiZjc4Nzc3MDgyYmY1OWQ3NmQwNjQ4NTVlMWU3OGUyOWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00mepWfIo9wcRF1zbj06FJpd0oi5
ImchXqNjU5LpFOCnQhHhQzxW+RxKWJfYA+43tKK8kJFqPS4AuHEjlIaMWEB7Zkxv
dHAwwDazPyDytS9+IBTy9/LiHUAcbKdiIGujQdjsVB+HbIVlMp4p/g5X+bnq4LgV
ZmN7fd3uVDM+s0IEJ6RX6MUry1gwLDBmWvTgZrSIrvm6LkAyC5RcCze6NWpDORMA
vQinCzEBofaCaKEe5Zox1b/7V9zGBK1HamHaffOc7rnbdv2WpWJZxYagR/NuoCKS
K2E5nK8JdcXUY6DGiNQBE6xZXWc74ph6Zz/AINcAqsi6NelXO1nrQL3cqQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOx8rL94d3CCv1nXbQZIVeHnjinnMB8GA1UdIwQY
MBaAFFUld1pwasAMgvopM54i5DEICZ55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNWM1duQnF3QXlDLWlrem5pTGtNUWdKbm5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9mNDZkNGUtYWMzMy00ZmQxLTllNjkt
Nzk1NGVkMzhjOGJhLzEvN0h5c3YzaDNjSUtfV2RkdEJraFY0ZWVPS2VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9mNDZkNGUtYWMzMy00ZmQxLTllNjktNzk1NGVkMzhjOGJh
LzEvVlNWM1duQnF3QXlDLWlrem5pTGtNUWdKbm5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekoAwQC
shHUMA0EAgACMAcDBQMqBMBAMA0GCSqGSIb3DQEBCwUAA4IBAQA4QEwRzBlh48BM
Gp1Az5WFzXTilim1LbUAjMKwRiXQl96RMzUxrfFpLcxhiXOEA7X3+XcrQyWie7xK
FrLFbBsFot8VAqT8hyWe6QaXlkBVTtywl8ik1IQ+83qStlmOTasmo+aPFz8DkEle
1PoOaVJK69znenzElrh2j8yyFpwBEgGbcALqcTuSPDvIAKym444nr9uNquB3F5TJ
dQcNmf/glMTnuWIlmrdJyd3FNiZeaFg6zSJMWhbyvFeNMVAEtq+gK/5ePks13e7L
zZBeuxUxdz5WQE1+nmcL4Y1jHRja0s142Oih/9BU/ZyrvcMU2CBjUhofEaZh76oO
STzlZdGs
-----END CERTIFICATE-----