Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/tCjXyqFlakOJKQogp8h2votSD1A.roa
File:                     tCjXyqFlakOJKQogp8h2votSD1A.roa (raw, json)
Hash identifier:          m/O4S6Sl2dQY6fRE2qRWrRG8qwZhPhRAmDPSjwX0exE=
Subject key identifier:   B4:28:D7:CA:A1:65:6A:43:89:29:0A:20:A7:C8:76:BE:8B:52:0F:50
Certificate issuer:       /CN=e37e5ff123ea7d2e83ce27520c987d037e649d03
Certificate serial:       019425FCCE4A8311F686B527ED4B80B0FF31
Authority key identifier: E3:7E:5F:F1:23:EA:7D:2E:83:CE:27:52:0C:98:7D:03:7E:64:9D:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/435f8SPqfS6DzidSDJh9A35knQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/tCjXyqFlakOJKQogp8h2votSD1A.roa
Signing time:             Thu 02 Jan 2025 07:48:32 +0000
ROA not before:           Thu 02 Jan 2025 07:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48927
IP address blocks:        178.215.228.0/22 maxlen: 24
                          2a0d:5440::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/435f8SPqfS6DzidSDJh9A35knQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/435f8SPqfS6DzidSDJh9A35knQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/435f8SPqfS6DzidSDJh9A35knQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:ce:4a:83:11:f6:86:b5:27:ed:4b:80:b0:ff:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37e5ff123ea7d2e83ce27520c987d037e649d03
        Validity
            Not Before: Jan  2 07:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b428d7caa1656a4389290a20a7c876be8b520f50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5a:61:e8:b4:f3:40:1d:23:36:c7:77:d7:33:
                    c8:5d:84:e3:7e:be:47:5f:5b:65:23:d0:27:1d:18:
                    2d:7e:3e:fb:6a:fb:f5:72:79:26:e7:6a:80:62:bf:
                    1d:0a:35:f6:70:8b:30:9b:f3:c7:82:52:c7:c9:a2:
                    3b:be:62:da:63:a0:7c:33:83:32:a8:76:3e:e7:73:
                    ed:85:ff:3f:a4:d7:12:b3:84:fb:85:f8:b3:eb:3d:
                    49:3c:e3:5a:c1:65:75:fc:fa:5d:03:63:36:9e:ae:
                    a0:9a:b9:48:2f:1a:5b:77:0b:a1:1e:41:43:cb:58:
                    c2:a2:66:be:21:8a:0c:01:cd:0d:23:18:40:97:83:
                    59:85:6d:b4:b3:58:10:89:8d:41:d3:10:f1:ad:29:
                    bf:2e:70:af:32:ef:5d:01:2d:ec:5e:f3:a4:6e:72:
                    b0:28:a2:3f:3b:a5:2a:a5:6f:ec:9a:dc:43:67:cf:
                    69:3b:83:d6:ef:39:80:2d:5f:61:d3:d1:a8:0e:c9:
                    c2:eb:41:40:6a:f7:2d:d4:be:35:d7:90:06:64:45:
                    e1:0c:13:62:6d:d2:00:08:28:a8:f5:43:bf:dd:fa:
                    22:47:15:00:56:b2:e9:c7:88:d0:43:35:fc:38:73:
                    94:a2:b5:50:a0:33:bc:61:20:f2:e6:35:40:2e:a9:
                    3e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:28:D7:CA:A1:65:6A:43:89:29:0A:20:A7:C8:76:BE:8B:52:0F:50
            X509v3 Authority Key Identifier:
                keyid:E3:7E:5F:F1:23:EA:7D:2E:83:CE:27:52:0C:98:7D:03:7E:64:9D:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/435f8SPqfS6DzidSDJh9A35knQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/tCjXyqFlakOJKQogp8h2votSD1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/435f8SPqfS6DzidSDJh9A35knQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.215.228.0/22
                IPv6:
                  2a0d:5440::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:ab:aa:71:8c:7d:b0:bb:b2:c3:6c:bc:4e:3d:12:19:32:20:
         93:c7:f6:8e:f9:85:0b:82:7d:26:1a:0e:d4:16:22:6e:9a:fa:
         db:80:eb:da:77:bf:44:f2:c7:8b:65:78:af:2f:1e:7b:d5:40:
         e7:37:77:1b:d4:3a:9d:fe:00:55:c2:88:05:7b:27:69:59:03:
         de:d1:a8:37:27:c6:b7:cd:76:46:7b:82:1d:da:bf:3d:1a:38:
         ae:11:8b:6e:9a:9f:c8:0c:7d:ef:8a:07:9b:54:01:58:62:c1:
         88:67:6d:77:f1:bd:28:0b:e5:8d:56:eb:c4:01:3b:8d:be:77:
         02:dc:65:57:35:b8:b8:76:1f:c4:57:ca:ec:33:2c:3e:f4:dc:
         24:14:11:6a:1e:64:7b:08:1d:44:be:d6:dc:2e:3a:58:ef:15:
         fa:02:47:24:31:10:0c:9e:ec:c5:30:5d:ec:79:94:ba:0a:88:
         b2:e4:a0:40:7a:28:bd:0f:45:39:34:b1:aa:33:b6:08:de:0f:
         19:3a:95:bf:d1:43:e0:fb:37:ab:10:c9:c0:3d:a8:e0:4a:12:
         99:45:9e:25:2b:da:1d:a7:9a:55:19:3f:04:e5:36:e8:3f:56:
         c9:ac:60:97:70:46:00:a3:f8:3c:a1:7b:5c:ea:b3:25:4d:53:
         26:44:55:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/M5KgxH2hrUn7UuAsP8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2U1ZmYxMjNlYTdkMmU4M2NlMjc1MjBjOTg3ZDAzN2U2
NDlkMDMwHhcNMjUwMTAyMDc0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDI4ZDdjYWExNjU2YTQzODkyOTBhMjBhN2M4NzZiZThiNTIwZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFph6LTzQB0jNsd31zPIXYTjfr5H
X1tlI9AnHRgtfj77avv1cnkm52qAYr8dCjX2cIswm/PHglLHyaI7vmLaY6B8M4My
qHY+53Pthf8/pNcSs4T7hfiz6z1JPONawWV1/PpdA2M2nq6gmrlILxpbdwuhHkFD
y1jComa+IYoMAc0NIxhAl4NZhW20s1gQiY1B0xDxrSm/LnCvMu9dAS3sXvOkbnKw
KKI/O6UqpW/smtxDZ89pO4PW7zmALV9h09GoDsnC60FAavct1L4115AGZEXhDBNi
bdIACCio9UO/3foiRxUAVrLpx4jQQzX8OHOUorVQoDO8YSDy5jVALqk+HQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLQo18qhZWpDiSkKIKfIdr6LUg9QMB8GA1UdIwQY
MBaAFON+X/Ej6n0ug84nUgyYfQN+ZJ0DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM1ZjhTUHFmUzZEemlkU0RKaDlBMzVrblFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9kZmMxMGMtZjg4OS00NTVhLTgyYTAt
YjMwNDA4OTQ4Y2NlLzEvdENqWHlxRmxha09KS1FvZ3A4aDJ2b3RTRDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9kZmMxMGMtZjg4OS00NTVhLTgyYTAtYjMwNDA4OTQ4Y2Nl
LzEvNDM1ZjhTUHFmUzZEemlkU0RKaDlBMzVrblFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCstfkMA0E
AgACMAcDBQMqDVRAMA0GCSqGSIb3DQEBCwUAA4IBAQAiq6pxjH2wu7LDbLxOPRIZ
MiCTx/aO+YULgn0mGg7UFiJumvrbgOvad79E8seLZXivLx571UDnN3cb1Dqd/gBV
wogFeydpWQPe0ag3J8a3zXZGe4Id2r89GjiuEYtump/IDH3vigebVAFYYsGIZ213
8b0oC+WNVuvEATuNvncC3GVXNbi4dh/EV8rsMyw+9NwkFBFqHmR7CB1EvtbcLjpY
7xX6AkckMRAMnuzFMF3seZS6Coiy5KBAeii9D0U5NLGqM7YI3g8ZOpW/0UPg+zer
EMnAPajgShKZRZ4lK9odp5pVGT8E5TboP1bJrGCXcEYAo/g8oXtc6rMlTVMmRFUJ
-----END CERTIFICATE-----