Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/hV-qNyT8ttunpu_f6R8IO_bNvNw.roa
File:                     hV-qNyT8ttunpu_f6R8IO_bNvNw.roa (raw, json)
Hash identifier:          VGRn/MmvlR8cKE/rXsWSxATXTgYDFISD7K7nqqWj5gA=
Subject key identifier:   85:5F:AA:37:24:FC:B6:DB:A7:A6:EF:DF:E9:1F:08:3B:F6:CD:BC:DC
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       01942220031D1D2673C8BD919C1F6CDF5FBB
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/hV-qNyT8ttunpu_f6R8IO_bNvNw.roa
Signing time:             Wed 01 Jan 2025 13:48:30 +0000
ROA not before:           Wed 01 Jan 2025 13:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201671
IP address blocks:        185.78.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:03:1d:1d:26:73:c8:bd:91:9c:1f:6c:df:5f:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  1 13:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=855faa3724fcb6dba7a6efdfe91f083bf6cdbcdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0f:13:fd:00:b5:0c:a3:e5:cc:37:b4:88:85:
                    4a:7a:9e:1d:56:cd:7d:81:1a:7d:81:42:3a:89:79:
                    01:9d:be:b3:64:29:15:79:ce:8b:8b:ac:31:63:6d:
                    e3:2b:55:17:61:bb:4c:95:f8:e3:ad:1c:f9:a7:39:
                    ce:95:78:09:b5:f3:88:2b:ae:bd:f3:89:71:43:ee:
                    bd:e0:e2:74:56:9a:90:45:e4:09:bd:8c:9e:11:73:
                    81:b3:54:70:99:12:72:44:fd:cf:f9:63:79:73:0e:
                    5e:3f:a0:2a:f2:25:b2:4b:12:62:77:44:63:b6:4c:
                    1e:72:55:08:79:ee:e1:42:f1:17:75:09:54:b1:77:
                    62:23:c1:18:34:e1:aa:9b:ca:af:aa:36:37:7c:1f:
                    65:94:f0:4f:e2:34:38:3a:96:7e:64:86:36:97:ba:
                    13:89:fa:f8:10:52:22:f1:15:a6:a3:e1:94:32:e2:
                    11:df:3b:f8:da:f7:b4:b1:02:a2:14:69:f7:8c:25:
                    4e:be:dc:7e:25:13:b3:7f:33:c3:f3:82:c1:0f:9e:
                    46:23:dd:44:f3:92:f2:1f:0d:60:55:75:44:cd:b2:
                    c5:3c:9a:a7:2f:80:00:86:6a:ee:ca:bc:ba:ea:dc:
                    0a:80:6a:70:47:3f:07:4d:29:bb:17:01:f0:d5:72:
                    d0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:5F:AA:37:24:FC:B6:DB:A7:A6:EF:DF:E9:1F:08:3B:F6:CD:BC:DC
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/hV-qNyT8ttunpu_f6R8IO_bNvNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:c6:5c:14:77:4a:0b:33:11:f2:57:c2:e1:d0:aa:fc:d2:6f:
         3a:0b:ec:78:a8:cf:4f:53:38:1a:85:cc:5f:62:f3:74:90:0d:
         8a:a2:c2:17:1e:a4:48:4c:fe:83:d5:0d:fd:7e:9e:4b:c5:67:
         c9:38:86:35:3b:27:55:9b:d7:99:20:95:7b:e9:c6:58:b9:6b:
         dc:dd:9f:49:91:df:cf:d4:fe:33:db:30:15:bd:d6:ee:01:07:
         a6:25:c3:a7:59:8e:0b:d5:69:3a:a8:0f:56:6e:88:3b:19:d2:
         7e:8b:af:e1:dc:b5:cd:03:0b:21:59:3b:17:c6:08:52:f7:3b:
         2b:07:3d:44:b6:99:90:d0:a1:46:81:28:e4:34:79:df:9e:f3:
         c3:e6:79:1d:0b:d6:89:42:bf:ea:56:a5:b5:b3:29:93:3b:66:
         9d:35:43:d6:a0:dd:f5:8f:6b:48:ed:27:85:52:c2:9c:76:f7:
         57:4d:44:7b:7e:14:c2:3c:01:a9:56:0e:80:bc:2c:40:7a:2c:
         38:e3:90:f3:e6:0b:f6:22:21:f2:22:37:77:fc:ed:62:db:e3:
         a3:66:ee:58:ed:0f:fb:b1:65:d4:ef:ce:3d:f3:7b:db:ee:14:
         42:29:67:27:1e:96:25:35:a7:06:09:4d:43:8c:78:a8:ec:59:
         06:dc:30:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAMdHSZzyL2RnB9s31+7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwMTAxMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTVmYWEzNzI0ZmNiNmRiYTdhNmVmZGZlOTFmMDgzYmY2Y2RiY2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug8T/QC1DKPlzDe0iIVKep4dVs19
gRp9gUI6iXkBnb6zZCkVec6Li6wxY23jK1UXYbtMlfjjrRz5pznOlXgJtfOIK669
84lxQ+694OJ0VpqQReQJvYyeEXOBs1RwmRJyRP3P+WN5cw5eP6Aq8iWySxJid0Rj
tkweclUIee7hQvEXdQlUsXdiI8EYNOGqm8qvqjY3fB9llPBP4jQ4OpZ+ZIY2l7oT
ifr4EFIi8RWmo+GUMuIR3zv42ve0sQKiFGn3jCVOvtx+JROzfzPD84LBD55GI91E
85LyHw1gVXVEzbLFPJqnL4AAhmruyry66twKgGpwRz8HTSm7FwHw1XLQOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVfqjck/Lbbp6bv3+kfCDv2zbzcMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvaFYtcU55VDh0dHVucHVfZjZSOElPX2JOdk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU5MMA0G
CSqGSIb3DQEBCwUAA4IBAQAPxlwUd0oLMxHyV8Lh0Kr80m86C+x4qM9PUzgahcxf
YvN0kA2KosIXHqRITP6D1Q39fp5LxWfJOIY1OydVm9eZIJV76cZYuWvc3Z9Jkd/P
1P4z2zAVvdbuAQemJcOnWY4L1Wk6qA9Wbog7GdJ+i6/h3LXNAwshWTsXxghS9zsr
Bz1EtpmQ0KFGgSjkNHnfnvPD5nkdC9aJQr/qVqW1symTO2adNUPWoN31j2tI7SeF
UsKcdvdXTUR7fhTCPAGpVg6AvCxAeiw445Dz5gv2IiHyIjd3/O1i2+OjZu5Y7Q/7
sWXU784983vb7hRCKWcnHpYlNacGCU1DjHio7FkG3DCf
-----END CERTIFICATE-----